TekCapitol · Kyklos360 Methodology · 3-Week Consulting Deliverable · Confidential
AI Agent Risk &
Readiness Report
Readiness Report
Prepared for NovaChip Semiconductor · Advanced SoC Design · Tape-out Program
Sample EDA / semiconductor consulting deliverable. Client details are anonymized.
Live EDA demo: Kyklos360 Assessment at tekcapitol.com/kyklos/ (⚡ EDA DEMO) · B2B sample: sample-assessment-report.html
Sample EDA / semiconductor consulting deliverable. Client details are anonymized.
Live EDA demo: Kyklos360 Assessment at tekcapitol.com/kyklos/ (⚡ EDA DEMO) · B2B sample: sample-assessment-report.html
About this deliverable
This EDA / semiconductor sample uses the same Kyklos360 methodology as B2B SaaS engagements — only the systems change (Virtuoso vs Salesforce). Readiness is assessed from exports and data dictionaries, not live EDA tool integration. Kyklos360 Assessment supports Custom/Proprietary ingest for Virtuoso, Innovus, Genus, and file-based simulation outputs.
This EDA / semiconductor sample uses the same Kyklos360 methodology as B2B SaaS engagements — only the systems change (Virtuoso vs Salesforce). Readiness is assessed from exports and data dictionaries, not live EDA tool integration. Kyklos360 Assessment supports Custom/Proprietary ingest for Virtuoso, Innovus, Genus, and file-based simulation outputs.
Executive Summary
Section 01
9.5
Readiness Score / 24
2.0
Risk Score / 4.0
6
Critical Gaps Found
NovaChip is piloting a DRC Triage Agent to route Virtuoso/Calibre violations to layout and analog owners before TAPEOUT_M3. Prototype routing works on a single block in staging. It is not ready for chip-level tape-out automation. The primary gaps are entity resolution (cell_name vs block_name vs tracker ID), violation lineage across reruns, and architect HITL gates — not the LLM itself.
⚠ Critical Finding 1
cell_name in Virtuoso DRC exports does not map to block_name in Innovus timing reports or the internal tape-out tracker for ~18% of TAPEOUT_M3 blocks. Agent routes violations to wrong owners — same class of problem as CRM/SAP customer ID mismatch in B2B stacks.
⚠ Critical Finding 2
violation_id is not preserved across Calibre reruns. Agent cannot track resolution status or deduplicate violations between runs. Tape-out program manager still reconciles manually in spreadsheets.
⚡ Critical Finding 3
TAPEOUT_M3 HITL rules exist only in tapeout_agent_governance.pdf — not encoded in the tape-out tracker. Agent can auto-close error-severity DRC on failing timing blocks without architect sign-off.
⚡ Critical Finding 4
Genus simulation run_id does not reliably link to design_revision in Virtuoso library. Analog routing decisions use stale simulation metadata for 1 in 8 blocks in staging.
✓ Strength
Signoff team already exports structured DRC CSV, Innovus timing status, and Genus spectre summaries. Physical verification discipline is strong — Connect and Validate remediation builds on existing exports, not greenfield data collection.
Kyklos360 Readiness Scores
Section 02
Each dimension scored 0–4. 0 = not present. 4 = production-ready. Overall readiness of 18+ / 24 is our production-ready threshold. This engagement scoped proprietary EDA tools (Virtuoso, Calibre, Innovus, Genus) — Kyklos360 does not require standard SQL platforms.
Dimension
Score
Status
Rating
Assess
2.5
Fair
Connect
1.5
Critical
Validate
1.0
Critical
Transform
2.0
Poor
Orchestrate
1.5
Critical
Monitor
1.0
Critical
Overall Readiness: 9.5 / 24
Well below production-ready threshold. Connect and Validate are critical blockers for TAPEOUT_M3 automation. Building mapping_block_identity and violation_id lineage alone would raise the score to ~14/24 — enough for a limited pilot on non-blocker blocks only.
Note: Orchestrate and Monitor recommendations in Kyklos360 Assessment preview what AgentOps would enforce (kill switches, circuit breakers). This consulting report includes implementation roadmap; Assessment app outputs are advisory until AgentOps ships.
Agent Risk Register
Section 03
Risk register covers DRC Triage Agent and Tape-out Readiness Assistant. Risk rated High / Medium / Low per dimension.
Risk Dimension
Finding
Rating
Access Risk
DRC Triage prototype uses engineer personal Virtuoso credentials with layout library write capability. Governance PDF mandates read-only SKILL export path only. Any write to design database is an IP and tape-out risk.
🔴 High
Action Risk
Agent can mark TAPEOUT_M3 violations resolved and update tape-out tracker status without architect approval. Error-severity DRC on blocks with negative slack_ns can be auto-closed — violates signoff policy.
🔴 High
Assessment Risk
No immutable log linking violation_id, run_id, routed owner, and agent rationale. 36-month retention required per IP assessment policy — not implemented. Cannot reconstruct routing decisions for tape-out review.
🔴 High
Recovery Risk
No documented kill switch for DRC triage agent. Soft/hard stop procedures exist in governance PDF only. Estimated 60+ minutes to halt agent and reconcile tracker manually after misroute event.
🔴 High
Export Control Risk
Agent prompts may include layout coordinates and unreleased block names from DRC exports. ITAR/EAR review not completed for LLM API data path. Design data must stay on approved engineering VLAN.
🟡 Medium
Approval Risk
Architect HITL for TAPEOUT_M3 blockers documented in PDF but not wired to tape-out tracker API. Signoff Director confirmed autonomous routing was not an approved production decision.
🔴 High
Overall Risk Assessment: High — 5 of 6 dimensions rated High Risk
DRC Triage Agent must not run unattended on TAPEOUT_M3 until Connect and Orchestrate gaps close. Misrouted tape-out blockers carry higher cost than B2B agent errors. Estimated 10–12 weeks to pilot-ready on limited block scope.
Prioritized Implementation Roadmap
Section 04
Recommendations prioritized by enterprise deal impact first, then readiness improvement. Effort rated S (1-2 weeks) / M (2-4 weeks) / L (4-8 weeks).
1
Immediate
Build mapping_block_identity (Virtuoso ↔ Innovus ↔ tracker)
Single source of truth for cell_name, block_name, and tape-out tracker ID. Validate block_owner against org chart. Unblocks automated routing — highest entity-resolution priority.
M · 3 weeks
High Impact
2
Week 2-3
Enforce read-only EDA export service accounts
Replace personal Virtuoso credentials with approved SKILL export and Innovus batch report paths per governance PDF. Resolves Access Risk immediately.
S · 1 week
High Impact
3
Week 3-5
Standardize violation_id lineage across Calibre reruns
Update Calibre batch export script. Add drc_violation_lineage table linking run_id to prior states. Enables deduplication and assessment reconstruction.
M · 2 weeks
High Impact
4
Week 5-7
Encode TAPEOUT_M3 HITL gates in tape-out tracker
Wire architect approval workflow for error DRC + negative slack_ns. Version signoff routing config. Install kill switch spec. Resolves Action and Approval Risk.
M · 2 weeks
High Impact
5
Week 7-10
Link Genus run_id to design_revision + assessment API
Require design_revision on spectre batch exports. Write agent routing decisions to immutable engineering assessment store with 36-month retention.
M · 3 weeks
Compliance
10
Weeks to pilot-ready
82%
Target mapping match rate
6
Critical gaps to close
Draft Enterprise Security Questionnaire Answers
Section 05
Draft answers to the 5 most common enterprise AI security questions — based on findings from this assessment. These answers reflect the state after implementing roadmap items 1-4. Review with legal before submitting to prospects.
Q1. What design data does your AI agent access, and how is access controlled?
Our DRC Triage Agent accesses read-only DRC violation summaries from Virtuoso/Calibre exports, Innovus timing closure status, and Genus spectre result metadata — scoped to TAPEOUT_M3 blocks only. Access is via dedicated read-only export service accounts on the engineering VLAN. The agent cannot write to layout libraries, Innovus databases, or netlists. Access follows tapeout_agent_governance.pdf.
Note: Valid after Roadmap Item 2 (read-only service accounts). Currently uses personal Virtuoso credentials — do not submit until complete.
Q2. Can your AI agent modify design databases or tape-out status?
The agent operates read-only against EDA exports. Any violation routing or tracker status change requires architect approval for TAPEOUT_M3 error-severity DRC or negative timing slack. The agent cannot autonomously mark tape-out blockers resolved or modify Virtuoso/Innovus design data.
Note: Valid after Roadmap Item 4 (HITL gates). Currently can update tracker without architect sign-off.
Q3. How do you assessment violation routing decisions?
Every routing decision is logged to an immutable engineering assessment store — violation_id, run_id lineage, routed owner, enrichment sources used, model confidence, and architect approval reference. Logs retained 36 months per IP assessment policy. Any decision reconstructable within minutes for tape-out review.
Note: Valid after Roadmap Item 5 (assessment API). Currently no violation routing audit trail.
Q4. What happens if the agent misroutes a tape-out blocker?
Governance framework includes soft kill (pause routing when mapping match rate < 80%), hard kill (terminate on misroute rate > 5% on error-severity violations), and scope limit (disable simulation-informed routing when design_revision mismatch > 10%). Signoff on-call follows documented resume checklist.
Note: Kill switch spec in governance PDF; enforcement requires Roadmap Items 4–5 and future Kyklos360 AgentOps.
Q5. How is export-controlled design data protected in LLM calls?
LLM inference runs on approved infrastructure with training opt-out DPAs. DRC exports sent to models exclude raw layout geometry where possible — metadata and violation summaries only. ITAR/EAR review completed for data path. Design data does not leave engineering VLAN without legal approval.
Note: Complete ITAR/EAR review with legal before external LLM use. Review with export compliance officer.