Whitepaper | How Electric Era builds trustworthy AI
How Electric Era builds trustworthy AI
A technical whitepaper on response correctness, customer data security, and abuse prevention for HaloAI, the digital assistant built into Electric Era EV charging stations
Public-facing AI carries brand risk for the operator hosting it. A confidently wrong answer, a leaked piece of data, or a successful jailbreak doesn't just affect the AI vendor—it affects the storefront where the kiosk sits.
This paper describes the architecture behind HaloAI, the voice assistant embedded in Electric Era's charging kiosks, across three properties that matter to operators: response correctness, customer data security, and abuse prevention.
On correctness: Halo does not draw on parametric knowledge for facts. It reads from a shared event bus that supplies real-time session, vehicle, and charger state, and reasons only within the bounds of the active skill. Outputs are validated by an independent parallel classifier that runs alongside the primary model—not as a self-check, but as a separate system with separate failure modes.
On data security: driver interaction data is ephemeral by design. Cardholder data is isolated at the application boundary—not policy-gated, but architecturally unreachable by the model. No prompt injection or jailbreak can expose data that is categorically outside the model's context.
On abuse prevention: Halo's capability surface is narrow by design. A successfully jailbroken Halo still cannot stop a session or charge a card, because the action surface to do so is not exposed to the model.
The paper details each component, cites the industry benchmarks the architecture is designed against, and describes the five-gate evaluation pipeline that governs every change before fleet deployment.
How Electric Era builds trustworthy AI
A technical whitepaper on response correctness, customer data security, and abuse prevention for HaloAI, the digital assistant built into Electric Era EV charging stations
Public-facing AI carries brand risk for the operator hosting it. A confidently wrong answer, a leaked piece of data, or a successful jailbreak doesn't just affect the AI vendor—it affects the storefront where the kiosk sits.
This paper describes the architecture behind HaloAI, the voice assistant embedded in Electric Era's charging kiosks, across three properties that matter to operators: response correctness, customer data security, and abuse prevention.
On correctness: Halo does not draw on parametric knowledge for facts. It reads from a shared event bus that supplies real-time session, vehicle, and charger state, and reasons only within the bounds of the active skill. Outputs are validated by an independent parallel classifier that runs alongside the primary model—not as a self-check, but as a separate system with separate failure modes.
On data security: driver interaction data is ephemeral by design. Cardholder data is isolated at the application boundary—not policy-gated, but architecturally unreachable by the model. No prompt injection or jailbreak can expose data that is categorically outside the model's context.
On abuse prevention: Halo's capability surface is narrow by design. A successfully jailbroken Halo still cannot stop a session or charge a card, because the action surface to do so is not exposed to the model.
The paper details each component, cites the industry benchmarks the architecture is designed against, and describes the five-gate evaluation pipeline that governs every change before fleet deployment.
