Robo8 Pilot one-pager
Industry brief · Consumer goods & manufacturing

When the line stops, the loss is measured in £/hour.

FMCG runs on uptime across many sites, a deep supplier and logistics network, and a widening IT↔OT seam — defended by lean, stretched security teams. A single ransomware event can idle production and empty shelves. Robo8 adds an explainable, sovereign detection and triage layer on top of what each site already runs, so an intrusion is caught and reasoned about before it reaches the plant floor.

The pressure

  • Ransomware downtime priced in lost production and spoiled stock.
  • IT/OT convergence — office compromise becomes a factory problem.
  • Many sites, thin coverage; alerts outpace the team.
  • Retail/e-commerce card data (PCI) and recipe/IP to protect.

Where Robo8 fits

  • Correlates IT signals to flag lateral movement toward OT early.
  • Known-exploited-first scanning across sprawling, often-legacy software.
  • One explainable incident per entity — not a wall of per-site alerts.
  • Self-hosted; plant and customer data never leave your estate.

A scenario

A phishing click on a corporate laptop is followed by credential use probing a segment that borders the plant network. Robo8 fuses the endpoint and network signals into one high-confidence incident, cites the technique, and — in dry-run — recommends isolating the host before it pivots into OT. The SOC acts on one decision, with the evidence attached.

Maps to

DriverHow Robo8 supports it
NIS2 (essential/important entities)Continuous monitoring, incident detection & auditable response
IEC 62443 (OT security)Visibility at the IT/OT seam; explainable, human-gated response
PCI DSS (retail/e-comm)Known-exploited vulnerability scanning + tracked remediation

Robo8 supports these objectives; it is not a substitute for your compliance programme or a qualified assessor.

Industry brief · Automotive

Audit-grade cyber, from the plant to the supply chain.

Automotive carries every manufacturing risk plus a regulated vehicle-cybersecurity regime, a vast Tier-1/2/3 supply chain, and connected-vehicle/dealer estates. WP.29 R155 and ISO/SAE 21434 now require a demonstrable cybersecurity management system — monitoring and incident response you can prove. Robo8's glass-box verdicts and tamper-evident audit are built for exactly that.

The pressure

  • R155 / ISO 21434 demand evidenced monitoring & incident response (a CSMS).
  • Plant ransomware halts lines; supplier intrusions cascade.
  • Deep supply chain (TISAX) + dealer networks widen the attack surface.
  • High-value design IP and connected-vehicle telematics to defend.

Where Robo8 fits

  • Every verdict cites technique + evidence — the audit trail a CSMS needs.
  • Cross-source correlation across plant, supplier and dealer signals.
  • Exploitability-ranked vulnerability tracking with deadlines.
  • Sovereign & on-prem — fits OEM and supplier data boundaries.

A scenario

An alert from a Tier-1 supplier's connection and an anomaly on a plant jump-host point at the same campaign. Robo8 correlates them into one incident with a cited verdict and a recommended, human-gated containment — and writes the whole chain to an audit trail you can hand to an R155 assessor.

Maps to

DriverHow Robo8 supports it
UNECE WP.29 R155 (CSMS)Demonstrable monitoring, detection & incident response with audit evidence
ISO/SAE 21434Explainable, traceable handling of cyber events through the lifecycle
TISAX / NIS2Supply-chain visibility, access control, tamper-evident logging

Robo8 supports these objectives; certification remains your programme's responsibility with a qualified assessor.

Industry brief · Financial services

An AI SOC analyst your examiner will actually trust.

Banks, credit unions and fintechs face exam pressure, operational-resilience rules and strict data-residency — with lean teams and a stack they've already had audited. Robo8 is the explainable, self-hosted layer that triages alerts and shows the reasoning behind every call, on top of what you run today.

The pressure

  • Examiners ask "why did the tool decide that?" — black boxes can't answer.
  • DORA / operational-resilience: provable detection & response.
  • Customer data can't leave the building.
  • Lean teams, relentless alert volume.

Where Robo8 fits

  • Every verdict cites technique, evidence & confidence; all audited.
  • Known-exploited-first vuln scanning mapped to your SOC 2 evidence.
  • Self-hosted with local models — data stays on your infrastructure.
  • Rides on Wazuh / your SIEM / EDR — no rip-and-replace.

A scenario

Impossible-travel in the cloud and Kerberos errors on the endpoint fuse into one identity incident with a cited ATT&CK verdict. The reversible step (revoke tokens) is staged for one-click approval; the destructive one waits for a human. The morning report writes itself from the audit trail.

Maps to

DriverHow Robo8 supports it
FFIEC CAT / examiner reviewExplainable verdicts + tamper-evident audit of every action
DORA / operational resilienceContinuous detection, incident response & evidence
GLBA · PCI DSS · SOC 2 / ISO 27001Access control, monitoring, KEV-driven remediation, AI-governance pack

Robo8 supports these objectives; it is not a substitute for your compliance programme or a qualified assessor. See the financial-services page.