Sentinel Automata

Owning the Stack: Why Defense Autonomy Can't Be Assembled

Sentinel Automata · · 7 min

Owning the Stack: Why Defense Autonomy Can’t Be Assembled

A comfortable assumption runs through a lot of robotics: that you can assemble a capable system from the best available parts. Buy the actuators from one supplier, the compute from another, bolt on whatever accessories the mission needs, and integrate your way to a product. For plenty of applications that assumption is correct and efficient. For trustworthy defense autonomy, we think it quietly breaks down. The reason it breaks down is itself an argument for owning more of the stack rather than assembling it.

This is a company-level argument made at the industry level. It names no specific system, customer, or program. The subject is how a robotics operating company should be built when the requirement is autonomy you can actually stand behind.

The assembly model has a provenance problem

Start with the question we keep coming back to: for every component inside an autonomous system, can you say where it came from? Provenance is a first-order design constraint once a system senses and acts without a human in the loop, because the trust you used to place in an operator now has to live in the hardware and software.

The assembly model makes that question hard to answer by construction. Every part sourced from an opaque global supply chain is a part whose origin you are taking on faith, and the deeper the chain runs, the more faith it demands. Certificates paper over the gap, but provenance bolted on at the end is only as good as the weakest undocumented hop upstream. Giving a straight answer, ITAR-clean and traceable, means designing for it, and designing for it pushes you toward owning the parts that matter most.

The three parts that matter most

Not everything in a robot is worth owning. But three layers are load-bearing for autonomy, and they’re exactly the three where the assembly model hurts most.

Actuation. Actuators are the hard part of robotics. Torque density, control, thermal behavior, and durability all collide there, and it is where a system’s real-world reliability is won or lost. Treating actuation as a commodity you buy means outsourcing the hardest engineering in the machine, along with its provenance.

Embedded compute. Autonomy runs on compute at the edge, inside the machine, under real constraints: power, heat, latency, and the security of what is actually executing. Compute you can’t fully account for is compute you can’t fully trust to make consequential decisions unattended. Owning this layer is what lets you reason about what the system is actually doing.

Open interoperability. The accessories and payloads a system carries shouldn’t lock it into one vendor’s closed interface. An open accessory-interop layer is the opposite of vertical lock-in. It’s the part you deliberately keep open so the ecosystem can build on it. Owning the standard and keeping it open is a different thing from owning a proprietary moat, and for defense autonomy it’s the more useful thing to control.

These three layers reinforce each other. When you control the actuation, you can trust the physical behavior it produces, and controlling the compute lets you reason about the decisions driving it. Keeping the interop layer open, meanwhile, is what keeps the system extensible without surrendering provenance. Assemble the same three from opaque suppliers and every guarantee you would like to make arrives with an asterisk.

“Own the stack” is not “build everything”

Owning the stack is easy to caricature as reflexive vertical integration: build every screw, trust no one. That is not the argument. Vertical integration carries real costs. It is slower and more capital-intensive, and it forfeits the efficiency of a specialized supplier. The discipline is in choosing which layers are load-bearing enough for trust that owning them is worth those costs, and being honest that everything else can and should be sourced.

For a consumer robot, almost nothing clears that bar, so assemble away. An autonomous system that has to operate in a contested environment and be vouched for is a different case: the actuation, the compute, and the interoperability layer clear it, and the rest doesn’t. That is the line a robotics operating company has to draw deliberately, instead of defaulting to assembly because assembly is easier.

Why an operating company, not a parts vendor

This is ultimately why the model matters. A parts vendor optimizes one component and sells it into everyone’s system. An operating company takes responsibility for the whole behaving system, which means caring about how the load-bearing layers fit together and whether it can stand behind the result. When the requirement is autonomy you can trust, that end-to-end ownership stops being a preference and becomes the point.

The choice here is really about responsibility. Owning the parts that carry the trust, and keeping the rest open and sourced, is more work than assembling a capable system nobody can fully vouch for. For defense autonomy, it’s the work worth doing, and it’s what we’re building toward.

Sentinel Automata is a U.S. robotics operating company.