Sample Assessment Report (EDA)

TekCapitol · Kyklos360 Assessment · Sample Deliverable · Confidential

AI Agent Risk &
Readiness Report

Prepared for NovaChip Semiconductor · DRC Triage Agent
Sample Kyklos360 Assessment deliverable — semiconductor / EDA workflow · complimentary 1st per org.
Self-serve: tekcapitol.com/kyklos/ · B2B sample: sample-assessment-report.html

Production Readiness*44 / 100 — FAIR

Audit & Compliance Readiness**52 / 100 — FAIR

Production-Ready Steps2 of 7

Leadership VerdictRemediate before enterprise deployment

Report DateMay 2026

Systems in ScopeCustom / Proprietary · Cadence Virtuoso, Calibre, Innovus, Genus, internal tape-out tracker

Journey StagePiloting

Prepared ByTekCapitol, Inc. · tekcapitol.com

About this deliverable
This EDA sample uses the same Kyklos360 deliverable format — first full report complimentary per org (work-email verify), then $5K/workflow for additional workflows. Implement with your chip team or TekCapitol. Tailored to a DRC triage agent across Virtuoso, Calibre, Innovus, and internal tape-out systems.

Executive Summary

Section 01

Leadership recommendation

Remediate before enterprise deployment

The workflow may run in pilot, but production readiness is 36 points below threshold and audit/compliance posture would fail most enterprise security reviews. Complete Phase 1 blocking items before customer-facing production.

Full remediation projects 79/100 production readiness.

Bottom line

NovaChip Semiconductor's DRC Triage Agent: remediate before enterprise deployment. Primary blocker — cell_name in Virtuoso DRC export does not reliably map to block_name in Innovus or tape-out tracker — entity resolution required before automated routing.

Production Readiness* / 100

Audit & Compliance Readiness** / 100

High-Severity Risks

* Production Readiness Score. Composite 0–100 score from the Diagnose phase. Measures whether this agent workflow is technically ready for production — data, entity resolution, business rules, connectivity, and governance across every decomposed step. 80+ is the production deployment threshold.

** Audit & Compliance Readiness. Separate 0–100 score from the Govern phase. Estimates preparedness for external scrutiny — SOC 2 audits, GDPR reviews, and enterprise AI security questionnaires — based on permissions, audit trails, kill-switch documentation, and encoded controls. Not a certification; an estimate of how defensible this agent would be in audit.

NovaChip Semiconductor has decomposed a DRC Triage Agent workflow into 7 steps. 2 of 7 steps meet production-ready thresholds. Overall readiness is 44/100 (FAIR). Primary gaps are in entity resolution and source of truth — not necessarily in the AI models themselves. Overall governance risk: HIGH.

⚠ Critical Finding 1

cell_name in Virtuoso DRC export does not reliably map to block_name in Innovus or tape-out tracker — entity resolution required before automated routing.

⚡ Critical Finding 2

Entity resolution: Virtuoso cell_name ↔ Innovus block_name ↔ tape-out tracker ID

⚡ Critical Finding 3

Preserve violation_id lineage across Calibre reruns in export schema

⚡ Critical Finding 4

Encode TAPEOUT_M3 HITL rules from governance PDF into versioned routing config

✓ Strength

Strongest dimensions: Governance (avg 72/100). Build remediation on this foundation.

Kyklos360 Readiness Scores

Section 02

Each dimension scored 0–100 across all workflow steps. 80+ is production-ready; 70+ on audit & compliance readiness supports enterprise security reviews. Scores reflect uploaded artifacts and workflow context — platform-agnostic.

Entity Resolution

cell_name ↔ block_name ↔ tracker ID map missing for ~18% of blocks.

Poor

Source of Truth

Genus design_revision may lag Virtuoso library revision by 1–2 ECOs.

Fair

Semantic Clarity

cell_name vs block_name semantics differ across Virtuoso and Innovus.

Fair

Connectivity

No validated API between DRC export and internal tape-out tracker.

Fair

Data Availability

DRC and timing exports exist; cross-tool block IDs incomplete.

Fair

Business Rules

tapeout_agent_governance.pdf defines HITL but routing rules not encoded.

Fair

Governance

Governance PDF confirms read-only tool access and architect HITL gates.

Good

Overall Readiness
Overall readiness: 44/100. Weakest dimensions: Entity Resolution (32), Source of Truth (45).

Agent Risk Register

Section 03

Agent risk register for DRC Triage Agent. Risk rated High / Medium / Low per dimension.

Risk Dimension

Finding

Rating

Access Risk

Ingest DRC violation export; Human gate for tape-out blockers — excessive access: Layout database write, Calibre interactive edit, Auto-close TAPEOUT_M3 blockers without architect approval. Read-only SKILL export per tapeout_agent_governance.pdf

🔴 High

Action Risk

Enforce architect HITL for error DRC and negative slack per governance PDF

🔴 High

Assessment Risk

Step 7: log Violation routing decision, run_id lineage, model confidence, architect approval ref (36 months, AU-3). Step 5: log Routing config version, block_owner assigned, cross-tool enrichment sources used (36 months, AU-12)

🔴 High

Recovery Risk

Hard kill: Immediate stop — no new DRC triage runs, in-flight terminated. Soft kill: Agent pauses — violations queued, no auto-routing. Resume: Root cause documented in tape-out incident log; mapping_block_identity freshness validated by CAD; Architect sign-off on routing config version in use.

🟡 Medium

Cost / Ops Risk

Agent routing tape-out blockers to wrong team — immediate hard kill

🟡 Medium

Approval Risk

mapping_block_identity table not yet in production HITL rules exist in PDF only, not encoded in tape-out tracker violation_id lineage not standardized across Calibre reruns

🔴 High

Overall Risk Assessment
4 of 6 dimensions rated High Risk. Tape-out decisions affect IP release and mask cost — cross-tool DRC routing requires architect HITL and read-only EDA tool access.

Prioritized Implementation Roadmap

Section 04

Recommendations prioritized by enterprise deal impact and production readiness lift. Effort: S (1–2 weeks) / M (2–4 weeks) / L (4–8 weeks).

Investment at a glance
Estimated 12-16 weeks calendar timeline · 2.3 FTE-months scoped work · projects 44→79 production readiness.

BLOCKING

Cross-tool block identity mapping

cell_name in DRC export does not map to Innovus block_name or tracker ID

High Impact

BLOCKING

Tape-out HITL gates from governance PDF

TAPEOUT_M3 error DRC and negative slack approval exists only in PDF

High Impact

SIGNIFICANT

violation_id lineage across DRC reruns

Calibre and Virtuoso exports use different violation keys on rerun

Medium Impact

SIGNIFICANT

Genus run_id ↔ design_revision link

Simulation results not reliably tied to Virtuoso library revision

Medium Impact

MINOR

Assessment trail to tape-out tracker

Agent routing rationale not written with run_id and config version

Medium Impact

Weeks to production-ready

44→79

Score after remediation

Critical gaps to close

Implementation Work Scope

Section 05

What work is required and which roles typically own it. If you have these skills in-house, staff it internally — every item in this report can be executed by your team. TekCapitol is optional delivery support if you want help implementing.

Your team leads — TekCapitol optional on Phase 1

Delivery Model

~0.6 FTE-month focused SOW

Fixed-scope estimate

0% / 73%

Typical your team vs TekCapitol

EDA remediation stays with your chip team — CAD, PV, and analog expertise must remain in-house. Your team can run block-identity mapping and governance-as-config (Phase 1) internally; TekCapitol is optional if you want help on those pieces, not a replacement for Virtuoso/Calibre practitioners.

Where TekCapitol can help (optional)

Signoff Engineering (governance encoding)
Platform Engineering (assessment lake)

Your team owns

CAD / Data Engineering
Physical Verification
Analog CAD

Staffing is your choice: in-house employees, contractors, or TekCapitol. Percentages below are a typical split when teams ask for implementation help — not a requirement to use outside resources.

Skill Gaps Identified

Signoff Engineering

May need hire or contractor · ~6 person-days · Staff in-house — or TekCapitol can help

Platform Engineering

May need hire or contractor · ~6 person-days · Staff in-house — or TekCapitol can help

Not a 0.6 FTE hire — a focused Phase 1 SOW (~12 person-days) for governance encoding and assessment-lake setup while your CAD/PV teams own tool exports.

Staffing feasibility: Significant augmentation likely for data layer only

Effort & Estimation

Section 06

Effort in FTE-months and person-days — fixed-scope deliverables, not a fractional hire recommendation.

2.3

Total FTE-months

Person-days

12-16 weeks

Calendar timeline

Readiness projection: 44/100 → 79/100 after full remediation (12-16 weeks)

2.3 FTE-months ≈ 46 person-days across five work packages. EDA tool expertise (Virtuoso, Calibre, Genus) dominates the skill mix. At ~0.6 blended concurrent capacity, expect roughly 12–16 weeks — highly dependent on your CAD/PV team availability.

Internal concurrency (if staffed in-house): ~0.6 blended FTE. ~0.6 blended FTE reflects your internal CAD + signoff teams working in parallel over 12–16 weeks. TekCapitol assistance, if requested, is a separate fixed deliverable.

Estimation Assumptions

• 45 person-days total — EDA integrations are more bespoke than B2B SaaS stacks.

• 2.3 FTE-months = 45 ÷ 20; calendar 12–16 weeks at ~0.6 blended FTE across CAD and signoff.

• Assumes read-only EDA exports already exist; no live Virtuoso API integration in this phase.

• Export-control / ITAR review for LLM data paths is out of scope for this effort estimate.

Skills & Work Packages

Section 07

Work packages with role, concrete skills, and effort. Each row is a deliverable — not a headcount slot.

Cross-tool block identity mapping (Virtuoso ↔ Innovus ↔ tracker)

BLOCKING

Data Engineer

0.75

PythonSQLVirtuoso exportsblock hierarchymapping tables

Tape-out HITL gates from governance PDF

BLOCKING

AI Engineer

0.3

LangGraphPythonHITL workflowspolicy-as-codetape-out API

violation_id lineage across DRC reruns

SIGNIFICANT

PV Engineer

0.5

Calibre DRCTclviolation taxonomybatch exports

Genus run_id ↔ design_revision link

SIGNIFICANT

CAD Engineer

0.4

Genus/spectrePythonrevision linkingPDK metadata

Assessment trail to tape-out tracker + engineering data lake

MINOR

Platform Engineer

0.25

PythonREST APIsassessment loggingdata lake ingestion

Role Mix & Staffing

CAD / Data Engineering

33% of effort

0.75

Virtuoso/Innovus exportsblock identity mappingPDK metadata

Your team owns

Signoff Engineering

13% of effort

0.3

tape-out HITLgovernance PDF → configarchitect approval

Shared delivery

Physical Verification

22% of effort

0.5

Calibre DRCviolation_id lineagererun deduplication

Your team owns

Analog CAD

18% of effort

0.4

Genus/spectre exportsdesign_revision linkingcorner metadata

Your team owns

Platform Engineering

13% of effort

0.3

tape-out tracker APIengineering assessment lakeIP retention

Shared delivery

Orchestration Plan

Section 08

Model routing, token estimates, and human-in-the-loop gates per workflow step. Generated from your decomposed agent workflow.

Est. daily runs

Trigger: Calibre or Virtuoso DRC batch completes — webhook fires DRC Triage Agent for TAPEOUT_M3

01. Ingest DRC violation export

Deterministic (no LLM)

—

Deterministic parse of CSV exports — no LLM required

02. Resolve block hierarchy and owner

Deterministic (no LLM)

—

Deterministic parse of CSV exports — no LLM required

03. Check Innovus timing closure status

Deterministic (no LLM)

—

Deterministic parse of CSV exports — no LLM required

04. Cross-check Genus simulation results

Deterministic (no LLM)

—

Deterministic parse of CSV exports — no LLM required

05. Classify and route violations

claude-sonnet-4-6

2800 / 350

Routing requires cross-tool context — DRC severity, timing, simulation, and governance policy

06. Human gate for tape-out blockers

Deterministic (no LLM)

—

Deterministic parse of CSV exports — no LLM required

07. Update tracker and audit log

Deterministic (no LLM)

—

Deterministic parse of CSV exports — no LLM required

Human-in-the-loop gates

Step 6

TAPEOUT_M3 milestone AND (DRC severity=error OR Innovus slack_ns < 0) — Governance policy requires architect sign-off before auto-close on tape-out blockers

Step 5

Genus pass_fail=FAIL on phase_margin for analog-owned block — Route to analog lead — not layout — per simulation cross-check

Architecture notes: Read-only Virtuoso SKILL export path — no layout database write per governance PDF Innovus timing pull via approved batch report — no ECO or netlist modification Cache block hierarchy mapping for 30 minutes to reduce tracker API load

Anti-patterns to avoid:

Hardcoding DRC routing rules in agent prompt instead of versioned signoff config
Letting agent write directly to Innovus or Virtuoso design databases
Routing by cell_name fuzzy match without mapping_block_identity table

Governance & Kill Switch

Section 09

Permission audit, compliance mapping, and kill-switch authority matrix — aligned to NIST AI RMF and SP 800-53.

high

Overall risk

Audit & Compliance Readiness** / 100

ITAR/EAR, SOC2, ISO 9001

Regulations apply

Tape-out decisions affect IP release and mask cost — cross-tool DRC routing requires architect HITL and read-only EDA tool access.

Kill switch authority matrix · MANAGE · SI-17 · CP-10

Level

Trigger & effect

Authority

Hard kill

When: Error-severity misroute rate > 5% for 15 min OR any Virtuoso/Innovus write attempt detected
Effect: Immediate stop — no new DRC triage runs, in-flight terminated

Signoff Director + CAD Platform

Soft kill

When: Block identity mapping match rate < 80% for 30 minutes
Effect: Agent pauses — violations queued, no auto-routing

Physical Verification Lead

Scope limit

When: Genus design_revision mismatch > 10% of analog blocks
Effect: Disable simulation-informed routing; DRC + timing only

Tape-out Program Manager

Resume requirements:

Root cause documented in tape-out incident log
mapping_block_identity freshness validated by CAD
Architect sign-off on routing config version in use

Audit trail spec: Log kill level, trigger, actor role, timestamp, affected violation count, and config version to immutable engineering assessment store

Priority access controls

Read-only Virtuoso and Innovus export service accounts per governance PDF AC

Versioned signoff routing config with architect approval before production deploy CM

Monitoring Plan

Section 10

Data quality alerts, LLM eval criteria, circuit breakers linked to kill-switch levels, ops runbook, and KPIs.

Stack: Datadog · Splunk · LangSmith · PagerDuty

Production KPIs

DRC triage automation rate

> 55% of violations auto-routed correctly

Tape-out tracker auto-routed vs total violations per run

Error-severity misroute rate

< 2%

Manual override count / error violations weekly

Mean time to enrich (DRC + timing + simulation)

< 15 seconds p95

Distributed trace from agent orchestrator

Circuit breakers → kill switch

Error-severity misroute rate

> 5% over 15 min — Agent routing tape-out blockers to wrong team — immediate hard kill

Unauthorized EDA write attempt

Any occurrence — Governance policy violation — terminate all agent runs

Ops runbook

Verify mapping_block_identity coverage for TAPEOUT_M3 blocks (daily, CAD on-call) — Page data engineering if match rate below 82%

Review LangSmith routing eval on error-severity violations (weekly, Signoff Engineering) — Open incident if misroute rate above threshold

Data quality alerts

Step 3

Blocks with slack_ns < 0 on TAPEOUT_M3 — threshold Any new failing block without open DRC ticket (critical)

Timing Signoff

Step 2

cell_name to block_name mapping rate — threshold < 82% match on TAPEOUT_M3 blocks (warning)

CAD / Data Engineering

Draft Enterprise Security Questionnaire Answers

Section 11

Draft answers to the 5 most common enterprise AI security questions — based on this assessment. Review with legal before submitting to prospects.

Q1. What data does your AI agent access, and how is access controlled?

Our DRC Triage Agent accesses workflow data across Custom / Proprietary · Cadence Virtuoso, Calibre, Innovus, Genus, internal tape-out tracker. Required access: Virtuoso DRC read export, Calibre report CSV read. Read-only SKILL export per tapeout_agent_governance.pdf. Excessive access flagged: Layout database write, Calibre interactive edit.

Note: Valid after completing Phase 1 (BLOCKING) remediation. Current readiness score 44/100 — do not submit until access controls are implemented.

Q2. Can your AI agent modify or delete customer data?

Excessive write access has been identified and must be removed. Agent actions at step 1 (Ingest DRC violation export) require: Read-only SKILL export per tapeout_agent_governance.pdf. Autonomous modifications require human approval where policy mandates HITL gates.

Note: Excessive access identified in permission assessment — remediate before submitting to enterprise prospects.

Q3. How do you assessment what your AI agent did and why?

Every agent action at step 7 is logged: Violation routing decision, run_id lineage, model confidence, architect approval ref. Retention: 36 months. Owner: Signoff Engineering. NIST control: AU-3. Logs enable decision reconstruction on demand.

Q4. What happens if your AI agent makes an error that affects our data?

Governance framework includes: hard kill (Immediate stop — no new DRC triage runs, in-flight terminated) triggered by Error-severity misroute rate > 5% for 15 min OR any Virtuoso/Innovus write attempt detected; soft kill (Agent pauses — violations queued, no auto-routing); scope limit (Disable simulation-informed routing; DRC + timing only). Agent routing tape-out blockers to wrong team — immediate hard kill Authority: Signoff Director + CAD Platform.

Review kill-switch runbook with operations before submitting.

Q5. How do you ensure your AI agent doesn't use our data to train future models?

Agents use inference-only API calls to third-party LLM providers with data processing agreements prohibiting use of customer data for model training. SOC2 access and assessment controls: Least-privilege EDA export accounts; 36-month violation_id retention per IP policy. Training opt-out parameters set on all LLM API calls.

Verify current API agreements with your LLM providers and review with legal counsel before submitting.

Recommended Next Steps

This assessment identified the gaps. NovaChip Semiconductor's team can implement the roadmap in-house if you have the skills — or TekCapitol can assist. Either path builds toward AI agent workflows your enterprise customers will trust. Request a scoping call at tekcapitol.com/book.html or run another assessment at tekcapitol.com/kyklos/.

BLOCKING

2 remediation items

Must complete before any agent work begins

SIGNIFICANT

2 remediation items

Fix before pilot on TAPEOUT_M3 blocks

MINOR

1 remediation items

Fix before full-chip production scale