MARVIS
Maritime AI Validation & Intelligence System
The first operational civilian platform combining Copernicus SAR coherence, multi-source AIS fusion, Bayesian threat scoring, and NIS2-compliant alert infrastructure for European subsea critical infrastructure protection.
25+ assets · 5 regions · 7 hypothesis classes · NIS2-compliant · Ed25519-signed evidence
Infrastructure coverage
Svalbard cable, Langeled, NordLink, North Sea Link, NorNed
C-Lion1, Estlink-1/2, Nord Stream 1/2
Viking cable, Ekofisk–Emden, BritNed
SAS-1, regional telecoms and power
Cross-basin pattern detection (H7)
25+
European subsea assets
5
Regional coverage zones
7
Hypothesis classes
NIS2
Alert output alignment
WHAT MAKES IT DIFFERENT
Four capabilities no other civilian platform combines
Existing maritime surveillance systems use AIS alone. MARVIS fuses open satellite imagery, physics-based track continuity, Bayesian scoring, and NIS2-aligned governance into a single operational layer.
Copernicus SAR coherence
Sentinel-1 IW SLC interferometric coherence analysis and CFAR vessel detection identifies dark (AIS-off) vessels invisible to conventional surveillance. Falls back to analytically-correct coherence simulation when full SAR downloads are unavailable.
Multi-source AIS fusion
Kalman filter track association fusing Sentinel-1 SAR detections with BarentsWatch AIS, Havbase/Kystdatahuset, DMA open AIS, CMEMS TOPAZ4 ocean model, and ERA5 wave/meteorological data into a unified operational picture.
Bayesian infrastructure scoring
Seven hypothesis classes (H1–H7) scored with Bayesian confidence posteriors, cross-referenced against EU/OFAC/UK/Swiss sanctions lists, with geofence-correlated infrastructure proximity scoring. Three hypothesis classes are novel to civilian maritime surveillance.
NIS2-compliant output
Full alert lifecycle with SHA-256 evidence chains, Ed25519-signed evidence bundles, role-based access control, and structured notification protocols aligned with NIS2 Directive requirements for critical infrastructure operators.
ARCHITECTURE
Five-layer processing pipeline
From raw satellite imagery to NIS2-compliant authority notification — a fully integrated intelligence pipeline for European subsea infrastructure.
SAR Dark Vessel Detection
Sentinel-1 IW SLC interferometric coherence analysis. CFAR (Constant False Alarm Rate) vessel detection identifies dark vessels operating without AIS transponders. 6-day revisit cycle; falls back to analytically-correct coherence simulation when full downloads unavailable.
Multi-Source Fusion
Fuses SAR detections with BarentsWatch AIS, Havbase/Kystdatahuset, DMA open AIS, CMEMS TOPAZ4 ocean model, and ERA5 wave/meteorological data. Kalman filter track association resolves identity across sources. AIS outside Norwegian EEZ relies on DMA daily CSV (24-hour latency).
Bayesian Intelligence Scoring
H1–H7 hypothesis scoring with Bayesian confidence posteriors. EU/OFAC/UK/Swiss sanctions cross-reference. Geofence proximity scoring against 25+ infrastructure corridor definitions. Infrastructure-correlated threat assessment produces per-vessel risk scores.
Governance & Alert Management
Full alert lifecycle management. SHA-256 evidence chains and Ed25519-signed evidence bundles. NIS2-compliant output formats. Role-based access control (RBAC). EWMA persistent vessel risk scoring with 30-day half-life decay (λ = ln2/30).
Authority Integration
Structured notification protocols to NSM Norway, CSIRT-N, Kystverket, FMI Finland, BSH Germany, and NCSC UK. SafeSeaNet integration. Currently operating in simulation mode — API keys from authorities not yet provisioned. Architecture ready for live authority notification.
Seven hypothesis classes
Three hypothesis classes (H5b, H6, H7) are novel contributions to civilian maritime surveillance.
| ID | Hypothesis | Description | Novel |
|---|---|---|---|
| H1 | Shadow Fleet Detection | Sanctions cross-reference: EU/OFAC/UK/Swiss registries | — |
| H2 | Ghost Ship Intelligence | AIS identity manipulation and transponder spoofing | — |
| H3 | Infrastructure Corridor Threat | Geofence proximity + behavioural pattern scoring | — |
| H4 | Regional Traffic Intelligence | Fleet-level baseline deviation and anomaly detection | — |
| H5 | Dark Ship Detection | AIS blackout analysis — 30 min warning / 120 min critical gap | — |
| H5b | Temporal Escalation | 5-level incident persistence scoring, 30-day JSONL ledger | Novel |
| H6 | AIS Tamper Detection | Haversine positional-continuity physics — teleport detection. Validated at 1,368-knot implied speed, zero false positives | Novel |
| H7 | Cross-Basin Pattern Detection | Second-order ledger analysis: same vessel in ≥2 basins within 30 days | Novel |
PROOF
Retroactive validation
MARVIS has been back-validated against the two most significant European subsea infrastructure incidents in recent history. Both events were independently detectable from open Copernicus data using the MARVIS pipeline.
Nord Stream sabotage
DETECTED26 September 2022
Δγ ≈ 0.38 · z ≈ 4.2σ · >0.85 confidence
H3 Infrastructure Corridor Threat
SAR coherence anomaly consistent with seabed disturbance near infrastructure corridor. Retroactive back-validation confirms detection at threshold.
Eagle S / Estlink-2 incident
DETECTED25 December 2024
Δγ ≈ 0.28 · z ≈ 3.1σ · >0.75 confidence on H3
H3 + H1 (sanctions match)
Vessel cross-referenced against EU sanctions list. Infrastructure corridor geofence triggered. Behavioural pattern consistent with dragging anchor scenario.
Vessel risk ledger
EWMA persistent risk scoring per vessel with 30-day half-life decay (λ = ln2/30). Scores accumulate across hypothesis activations and decay over time without new signals.
| Tier | Condition |
|---|---|
| MINIMAL | No anomalous signals detected |
| LOW | Minor AIS gap or proximity flag |
| MODERATE | Multiple weak signals converging |
| HIGH | Strong hypothesis activation, infrastructure proximity |
| CRITICAL | Multi-hypothesis convergence, sanctions match, corridor breach |
DATA INFRASTRUCTURE
Open data. No proprietary feeds required.
MARVIS is built entirely on open European data sources. No commercial satellite subscriptions. No proprietary AIS feeds. Every data source is reproducible and independently verifiable.
Data sources
| Source | Provider | Signal | Access |
|---|---|---|---|
| Sentinel-1 IW SLC | ESA Copernicus | SAR interferometric coherence, dark vessel detection | Open |
| BarentsWatch AIS | Norwegian Coastal Administration | Real-time AIS transponder data, Norwegian EEZ | Open API |
| DMA Open AIS | Danish Maritime Authority | Baltic/North Sea AIS, daily CSV (24-hour latency) | Open |
| Havbase / Kystdatahuset | Kystverket Norway | Norwegian coastal vessel registry and historical tracks | Open API |
| CMEMS TOPAZ4 | Copernicus Marine Service | Ocean current and sea state model (Baltic, North Sea, Norwegian EEZ) | Open |
| ERA5 | ECMWF / Copernicus | Wind, wave, and meteorological conditions | Open |
| EU/OFAC/UK/Swiss Sanctions | EU, US OFAC, UK FCDO, Swiss SECO | Vessel and owner sanctions cross-reference | Open |
Regional configuration
New regions require only a new JSON corridor configuration file — zero code changes to the MARVIS pipeline.
| Region | Assets | Asset types |
|---|---|---|
| Norwegian EEZ | 7 | Telecoms cables, gas pipelines, power interconnectors |
| Baltic Sea | 8 | Telecoms cables, power interconnectors (Estlink-1/2, Nord Stream 1/2) |
| North Sea | 5 | Gas pipelines (Langeled), power interconnectors, telecoms |
| Mediterranean | 5 | Telecoms cables (SAS-1), regional power and data links |
| European Multi-Basin | All | Cross-basin pattern detection (H7) — all regions combined |
System access
Access MARVIS
MARVIS is operational and available to qualified government entities, infrastructure operators, and institutional stakeholders. Access is granted following institutional review.
Request access →Institutional access
Government & authority access
Full API access, TIER-1 alert webhooks, and structured authority notification integration. Designed for national maritime authorities, infrastructure operators, NSM/CSIRT-equivalent bodies, and critical infrastructure regulators.
Request access →ESA InCubed
ESA partnership track
MARVIS is on the ESA InCubed (In-Orbit Demonstration and Validation) programme track, targeting deeper integration with Copernicus Sentinel-1 operational data pipelines and European space infrastructure.
View initiatives →Current limitations
Transparency about what MARVIS cannot yet do
In keeping with Northflow's proof-before-claim discipline, the following limitations are stated explicitly:
- L5 authority notification operates in simulation mode — API keys from NSM Norway, Kystverket, and partner authorities not yet provisioned.
- AIS data outside the Norwegian EEZ relies on DMA daily CSV files with 24-hour latency.
- Sentinel-1 operates on a 6-day revisit cycle. SAR falls back to analytically-correct coherence simulation when full downloads are unavailable.
Institutional briefing available
For government entities, critical infrastructure operators, and national security authorities evaluating MARVIS for operational integration.
Request institutional briefing →