EdgeGate is a hardware-in-the-loop CI/CD platform that runs automated regression tests on real Snapdragon devices through Qualcomm AI Hub. It provides deterministic CI gating with signed evidence bundles for edge AI deployments.

How does EdgeGate test on real devices?

EdgeGate orchestrates test runs on physical Snapdragon chipsets via Qualcomm AI Hub. Your model is compiled and profiled on real hardware, capturing actual latency, accuracy, and thermal behavior that emulators cannot reproduce.

What CI/CD systems does EdgeGate integrate with?

EdgeGate integrates with GitHub Actions and any CI/CD system that supports webhooks. A single YAML file configures the integration, and results appear as PR checks that can block merges on regression.

What are signed evidence bundles?

Every EdgeGate test run produces a cryptographically signed evidence bundle containing SHA-256 hashes and Ed25519 signatures. This provides an auditable proof that your AI model was validated on real hardware — useful for team reviews and regulatory compliance.

Is EdgeGate free to use?

Yes. The Playground plan is free and includes 10 runs per month on real Snapdragon devices. Paid plans (Pro at $49/month, Team at $149/month) offer more runs, additional features like flake detection, RBAC, and API access.

Do I need my own Qualcomm AI Hub API key?

The free Playground plan includes hosted device access. All paid plans require your own Qualcomm AI Hub API key, which gives you access to the full fleet of 50+ Snapdragon devices.

ISO 26262 Evidence for On-Device AI

TL;DR

ISO 26262 does not tell you how to test an AI model, but Part 6 (software verification) and Part 8 (supporting processes) tell you what the evidence must look like: configuration-controlled, change-managed, verified, traceable, and documented. A signed on-device evidence bundle maps cleanly onto those clauses. It does not certify your system — that is the assessor's job, and tool qualification under clause 11 stays your responsibility — but it produces the material the assessment runs on.

Start with the boundary

Before any mapping, the honest part. EdgeGate is a verification evidence tool. It is not a qualified software tool, it does not certify a system or an item, and it does not replace a functional-safety assessor. What it does is produce signed, reproducible, requirement-traceable evidence that an ISO 26262 assessment depends on. Tool confidence level (TCL) evaluation under ISO 26262-8 clause 11 remains the responsibility of the organization deploying the tool. Any vendor who tells you their tool “makes you ISO 26262 compliant” is selling you a problem, not a solution.

With that boundary set, the clauses where on-device evidence actually helps are concentrated in Part 8 (supporting processes) and Part 6 (software-level verification). Here is the practical mapping.

The clause-by-clause mapping

Clause	Requirement	On-device evidence
Part 8 · cl. 7	Configuration management	Run pinned to model SHA-256, eval-set SHA-256, exact device, and SDK/driver version
Part 8 · cl. 8	Change management	Per-pull-request gate — every model change is re-verified before it can merge
Part 6 · cl. 9–10	Software unit / integration verification	Pass/fail gate on real-silicon metrics plus on-device LLM safety behavior
Part 8 · cl. 9	Verification	Signed verdict with per-check requirement_id and ASIL traceability
Part 8 · cl. 10	Documentation	Ed25519-signed bundle with SHA-256 manifest; assessor-ready report
Part 8 · cl. 11	Confidence in the use of software tools	Your responsibility — the evidence tool supports, but does not perform, TCL evaluation

Configuration management (Part 8, cl. 7)

Configuration management asks a deceptively hard question: can you identify, unambiguously, exactly what was verified? For an AI model that has been quantized and compiled, “the latest build” is not an answer. The evidence has to pin the artifact by content hash, not by a movable label.

A signed bundle records the model SHA-256, the evaluation-set SHA-256, the target device, and the SDK and driver versions in effect at run time. Six months later, anyone can confirm that the binary in the field hashes to the same value that appears in the verification record. That is configuration control that survives an audit, not a wiki page that drifts.

Change management (Part 8, cl. 8)

Change management requires that every change be evaluated for its safety impact and re-verified. In a modern ML workflow, “a change” is a pull request that swaps a model artifact. The natural place to enforce re-verification is therefore the PR gate: no model change merges until it has been re-run on real hardware and the gate has passed. The version-control history becomes the change record, and the gate becomes the enforcement point. There is no separate, manual ceremony to forget.

Verification (Part 6, cl. 9–10 and Part 8, cl. 9)

This is the heart of it. Part 6 covers verification at the software unit and integration level; Part 8 clause 9 covers the verification process and its records. For on-device AI, verification has to happen on the actual silicon, because that is where quantization and operator-fallback behavior actually lives. An emulator result verifies a different thing.

The piece that turns a test result into ISO 26262 verification evidence is traceability: each check has to map back to the requirement it satisfies, carrying its ASIL. A latency number floating in a dashboard is not evidence. The same number, bound to a safety requirement and its integrity level and signed, is.

Here is what that looks like for an in-cabin LLM safety gate — a real signed verdict from an on-device run on a Snapdragon 8 Gen 2:

edgegate · run a9029b59 · Snapdragon 8 Gen 2 (real hardware)

verdict: PASS · 3/3 checks · requirements_traced = TRUE

forbidden_action PASS | req SR-CABIN-014 · ASIL D

safety_probe_pass_rate PASS | req SR-CABIN-021 · ASIL D

task_success_delta PASS | req SR-CABIN-007 · ASIL B

integrity: Ed25519-signed · SHA-256 manifest

Each line is a verification claim an assessor can place directly into a safety case: the on-device model refused unsafe requests (SR-CABIN-014, ASIL D), held its safety-probe pass rate (SR-CABIN-021, ASIL D), and did not regress task success versus the full-precision reference (SR-CABIN-007, ASIL B). The behavior was measured on the real chip, and the result is signed so it cannot be quietly edited afterward.

Documentation (Part 8, cl. 10)

Documentation in ISO 26262 is not a formatting exercise — it is the requirement that work products be recorded, identifiable, and available for assessment. A signed evidence bundle satisfies this by construction: the Ed25519 signature and SHA-256 manifest make the record tamper-evident, and a one-click report renders the same evidence in a form a human assessor reads. The documentation is not produced after the fact from memory; it is the by-product of the verification run itself.

What this does not do

It is worth repeating the boundary, because it is where credibility is won or lost with safety teams. A signed bundle does not certify the item, does not discharge the safety case, and does not perform tool qualification. SOTIF (ISO 21448) considerations for the AI's intended-function behavior, the broader safety argument, and the TCL evaluation under clause 11 all remain the program's work. What the evidence removes is the worst part of that work: the scramble to reconstruct, late in a program, what was actually tested and whether it can be trusted. That material now exists, signed, from the moment the gate ran.

In-vehicle LLMs, ISO 26262, SOTIF, and the EU AI Act are all converging on the same demand: prove, with reproducible evidence, what the AI does on the device it runs on. The teams that wire that evidence into CI now will spend their assessment cycles defending a safety argument, not rebuilding a paper trail.

ISO 26262-traceable evidence for every model build

EdgeGate gates your models on real Snapdragon hardware and signs an ISO 26262-traceable evidence bundle — per-requirement, per-ASIL, one click from the run. Talk to us about the automotive evidence preset.

Talk to the team

A Passing Test Is Not Evidence: The Silent Regression Problem in On-Device AI

Why a green checkmark cannot carry the weight an assessor puts on it.

Evidence Bundles: Software Release Rigor for ML

What goes into a signed, auditable evidence bundle and why it matters.

Deterministic Testing for Non-Deterministic Models

How median-of-N gating brings statistical rigor to hardware testing.

ISO 26262 Evidence for On-Device AI: A Practical Clause-by-Clause Mapping