Overview

Meshanics is a zero-trust platform for delivering over-the-air updates to fleets of industrial and edge-AI devices, and for managing those fleets day to day. It ships three kinds of payload — containers, machine-learning models and configuration — and it treats every one of them the same way: signed at the source, verified on the device, applied atomically, and rolled back automatically if a health check fails.

What it is for

The platform targets the messy reality of real device fleets: mixed hardware (NVIDIA Jetson, Raspberry Pi, generic x86-64), mixed connectivity (direct, behind NAT, or fully air-gapped), and a regulatory environment — the EU Cyber Resilience Act and its peers — that increasingly expects manufacturers to prove their update mechanism is secure and their vulnerability handling is documented.

Three ideas run through everything:

• Nothing unsigned is ever applied. There is no code path, not even in development, that installs an artifact the device has not cryptographically verified against a pinned trust anchor.
• Rollback is a feature, not error handling. Every update type defines a health check and a previous-version it can revert to. A bad update restores service on its own.
• Evidence is produced by construction. Every meaningful action — an artifact published, a rollout approved, a device updated, a rollback triggered — is an append-only, hash-chained audit record. Compliance reporting reads from that record; it is never bolted on afterward.

What it is not

Meshanics is not agentless. A small agent runs on each device — that is what verifies signatures, swaps artifacts atomically, runs health probes and reverts on failure. Honesty about this matters: the "zero-integration" promise applies to your application and model code, not to the operating system layer. Your payload rides, unmodified, on top of a signed, A/B, rollback-safe base that the agent manages. You do not rewrite your app to adopt the platform.

Where it fits

Meshanics builds on proven open-source engines rather than reinventing them: A/B operating-system updates, a framework for securing update metadata, and OCI artifacts for application and model delivery. The value it adds sits on top: orchestration of staged rollouts, a first-class lifecycle for AI models, continuously-computed compliance evidence, and management of genuinely heterogeneous fleets.

Next

• How it works — the signed base and how your payload rides on it.
• Zero-trust model — the trust boundaries in one page.
• Enroll a device — go hands-on in a few minutes.