M45
Engineering AI Built for Safety-Critical Development

The living record of system intent

M45 links intent to requirements to design to verification. And keeps that link current. Drift gets caught early, not at certification.

See it in action
Intent Without Enforcement
Severity: High

Inferred Intent

“System shall not initiate automatic recovery while pilot maintains active stick input”

Linked Requirements

SYS-1247Auto-recovery initiates when TAWS alerts persist >2.5s
SYS-1251Pilot stick input >5 lbf disengages autopilot

Gap

No requirement governs interaction between active pilot input and auto-recovery trigger.

Found before certification review

“A shocking amount comes from PowerPoint. PowerPoint engineering has become a bad habit.”

Systems engineer, aircraft OEM

“At a certain point, it was about 80% just paperwork and 20% really progress.”

Systems engineer, defense aerospace

Tools hold artifacts.
Nobody holds the thread.

Requirements in one place. Design in another. Decisions somewhere else. The connections break quietly as the system evolves. Misalignment costs 10× more at every stage it escapes.

Intent / Concept

What the system is supposed to achieve

10×
Requirements

Formal requirements and architecture

100×
Implementation

Code, hardware, test infrastructure

1000×
Operations

Validation, certification, in use

Cost to fix misalignment at each stage

What M45 does

M45 reads your artifacts and infers structure: functions, components, modes, scenarios. It maps how they connect. When something changes, it shows what else is affected.

You validate. You decide. M45 remembers the reasoning.

Intent view

Your system at a glance. Functions, components, modes, scenarios. Structured and connected. Click any element to trace back to source.

  • Built from your existing artifacts
  • Functions, components, modes, scenarios in one view
  • Every inference traceable to source
Intent View
Ready for review
Functions4 mapped
GNSS spoofing detectionNavigation fusionIntegrity monitoringCrew alerting
Components5 mapped
GNSS receiverInertial navigation unitBaro altitude sensorAir data computerSpoofing detection engine
Scenarios2 of 7

GNSS Spoofing Suspected

System monitors GNSS signal authenticity and flags anomalies indicating potential spoofing.

Protected Mode Activation

When spoofing suspected, device enters protected mode limiting GNSS reliance.

Document View
Inferred

System Profile

1

This appears to be a system for providing reliable navigation and altitude information for aircraft. Its main responsibilities are assessing GNSS authenticity and fusing GNSS with onboard sensor data.

2

The system includes a GNSS receiver, an inertial navigation unit, a barometric altitude sensor, and an air data computer. A dedicated spoofing detection engine monitors signal authenticity.

3

It operates in GNSS, navigation, altitude, protected, and alert modes. It outputs fused position, velocity, and altitude data.

In plain language

Generates a plain-language summary of the system. What it does. How it works. In paragraphs, not spreadsheets.

  • New team members ramp faster
  • Reviewers see the system, not just the spec
  • Fewer "what does this even do?" conversations

Finds the noise

Flags requirements that are ambiguous, duplicated, or say two things at once. Before they reach review.

Issues found7
HLR-002HLR-003LLR-001-2LLR-001-3LLR-002-1LLR-002-2LLR-002-3
HLR-002Mixed-intent

Combines fusing GNSS with other sensors and the constraint of a configurable time window in one sentence.

Runs in our cloud or yours. Self-hosted available for regulated programs.

The M45 Platform

Two input modes feed a shared context graph. Workflows query it. Engineers approve every output.

Currently in use with early design partners.

● Live

Pull

Engineer-initiated ingestion

Word / PDF / PPTExcelStandardsReqIF

Monitor

Event-driven detection

DOORSPLMCATIASharePointTest Tools
● Live

Engineering Context Graph

Persistent shared state connecting all layers

How it works →
ArtifactsRequirementsTraceability LinksSafety ArgumentsRationaleChange History

Workflows

Every workflow is human-gated. Nothing ships without engineer approval.

● Live

Intent Review

Requirements decompose through multiple tiers, from aircraft functions down to component specs. Intent Review surfaces where engineering intent got lost or distorted in that translation.

Learn more →

Requirements Decomposition

Starting from system-level intent, this workflow helps you author lower-tier requirements while preserving traceability and safety context. Intent Review audits existing specs; this one creates new ones.

Compliance Scout

Certification frameworks like DO-178C and ARP4754A define hundreds of objectives. Compliance Scout maps your engineering artifacts against those objectives and surfaces gaps before formal review.

Safety Case Assembly

A safety case connects STPA analyses, requirements, and structured arguments into a coherent whole. This workflow builds those connections systematically instead of manually chasing links across documents.

Context Bridge

Every buyer has their own format conventions, attribute schemas, and structural expectations. Suppliers must adapt to each one; buyers must interpret what arrives. Context Bridge handles that mapping on both sides.

Regulatory Change Impact

When a standard or regulation changes, impact ripples through requirements, arguments, and tests. This workflow traces that impact across programs so nothing gets missed.

Workflow outputs

ReqIFSysML v2CAE Safety CasesMOC TablesCompliance Packages

For early partners

We're partnering with systems engineering teams to shape the roadmap. Early access, direct input.

Book a callDocumentation

Building the wrong thing perfectly is the most expensive mistake.