How a trust-proportional authority layer prevents an autonomous vehicle from running a stop sign it can't correctly recognize, and does so fast enough to meet ISO 26262 ASIL-D safety targets.
A Level 4 autonomous vehicle is approaching a four-way intersection at 35 mph. Its camera-based perception stack sees a rectangular sign with a pattern that, due to a carefully placed adversarial patch (the Berkeley sticker attack is well-documented), classifies as a speed-limit sign instead of a stop sign. Confidence: 89%.
The radar sees a sign, but can't classify shape. The LiDAR confirms a vertical pole and rectangular reflector at standard stop-sign dimensions. The map database says "stop sign at this intersection."
The perception system doesn't weight these together. It trusts its primary camera classifier. It's about to proceed through the intersection at 35 mph.
Today's autonomous systems face this situation with binary tools: either full autonomy or a kill switch. Neither is safe here.
AUTHREX sits between the autonomy software and the physical actuators. When something goes wrong, each layer does its job in milliseconds, without waiting for human review at every step, but also without letting the system take irreversible action on corrupted data.
SATA compares camera classification (speed limit, 89%) against LiDAR geometry (stop-sign dimensions, 97%), radar position (sign at map-predicted location, 100%), and map database (stop sign at this intersection, 100%). Four out of four non-camera signals say stop sign. One says speed limit. The trust score for the camera classification drops to 0.22.
ADARA analyzes the camera feature activations. A normal stop sign produces a specific pattern of internal activations. An adversarial patch produces an unusual pattern, even when classification confidence is high. ADARA flags the input as likely adversarial (probability 0.73).
At high sensor trust and no adversarial flag, HMAA authorizes "interpret sign and act accordingly" (Authority Level A3). At trust 0.22 and adversarial probability 0.73, HMAA drops to A1: "assume most conservative interpretation among disagreeing sensors." Four sensors say stop, one says speed limit. Most conservative: stop.
CARA executes a deterministic braking profile: -3.2 m/s² deceleration (below ISO 2631 passenger discomfort threshold), hazard lights at full stop, log event to onboard data recorder for regulator review. Every step is formally verified: no unsafe state is reachable from this state machine.
What the passenger sees: The car comes to a complete stop at the intersection, just like it should. A notification on the display: "Traffic sign anomaly detected. Stopped conservatively. Data logged for review."
What the manufacturer sees: A flagged event in the fleet telemetry showing an adversarial-patch attempt. The image is forwarded to the perception training team for model hardening. Every vehicle in the fleet gets the updated defense.
What the regulator sees: A governance trace showing sensor trust, authority level, and the deterministic decision path, all cryptographically signed. This is the kind of evidence ISO 26262 ASIL-D audits require but current probabilistic systems cannot provide.
What doesn't happen: No missed stop sign. No collision. No black-box decision that can't be explained in court.
Every plain-English description above has a formal mathematical specification behind it. Patents, simulations, hardware BOMs, and code are all open.
The mathematics, the FPGA implementation, the formal verification proofs, and the experimental validation are all documented.
AUTHREX is domain-agnostic. The same governance pipeline works across drones, vehicles, ships, and ground robots.