Sidecar Vision

AI operation for systems with no API.

Sidecar Vision lets AI operate computers through the same interface humans use: screen output and human-equivalent input. It works where software cannot be modified, APIs do not exist, operating systems are locked down, and credentials must not be exposed to the AI.

If a human can see it and operate it, Sidecar can become the AI operator layer.
View the mechanismRequest private discussion

See

Reads screens, terminals, forms, menus, command lines, and visible system state.

Act

Sends human-equivalent input through keyboard, mouse, accessibility, terminal, hardware, or device-level control paths.

Protect

Passes secrets through a secure bridge without exposing passwords, tokens, or keys to the AI.

AI is trapped inside cooperative software.

Most AI automation works only when software exposes an API, plugin, browser interface, agent framework, or vendor-approved automation layer.

But much of the world's valuable computing work happens inside systems that are old, locked down, air-gapped, custom, regulated, terminal-based, or unsupported.

These systems are still operated by humans because the human interface is often the only reliable interface left.

Modern AI Automation

  • APIs and webhooks
  • Browser extensions and plugins
  • Agent frameworks
  • App integrations

Unreached Systems

  • Terminals and mainframes
  • Air-gapped machines
  • Locked enterprise apps
  • Custom operating systems
Sidecar bridges the gap
Sidecar does not wait for every system to become AI-ready. It uses the interface that already exists.

Sidecar turns the human interface into an AI interface.

Sidecar observes the target system, interprets what a human operator would see, plans safe next actions, and sends input through control channels the target system already accepts.

It does not require the target software to be rewritten.It does not require a clean API.It does not require vendor permission.It does not require the AI to see protected credentials.
1

Observe

Sidecar captures or receives the target system's visible state: screen, terminal text, interface layout, cursor location, system responses, or other human-readable output.

2

Decide

An AI operator interprets the state, follows task instructions, applies policy limits, and selects the next permitted action.

3

Execute

Sidecar sends input to the target system using the most appropriate channel: keyboard, mouse, accessibility pathway, terminal commands, hardware input emulation, or other human-equivalent control.

No API required.No target modification required.No secret exposure required.

A simple example: AI operates a legacy terminal.

Imagine a locked-down enterprise terminal with no API, no modern integration layer, and no AI support. A human operator normally logs in, searches a record, updates a field, and submits the change. Sidecar allows an AI operator to assist with that same workflow.

Task

Update a customer record in a legacy terminal system.

System

No API. No plugin. No software modification. Terminal-style human interface only.

Flow

AI receives task instruction
Sidecar captures the terminal screen
AI reads the visible fields and menu state
Sidecar sends keyboard-style input
Login or protected field appears
Secure credential bridge passes the password directly to the target system
AI never sees the password
AI completes the workflow
Sidecar creates an audit log of actions and outcomes

Operation Flow

Task instruction
AI operator
reads visible state
Sidecar vision layer
sends permitted actions
Target terminal
Workflow completed
Audit log created

Credential Flow

Credential requested
Secure credential bridge
Secret passed directly to target
AI sees only: success / failure / approval required

AI can operate the system without seeing the secrets.

Full AI computer control has a fatal enterprise problem: the AI may see passwords, recovery phrases, banking codes, admin tokens, identity credentials, one-time codes, or private keys.

Sidecar separates operation from authority. The AI can navigate the workflow. The secure bridge handles the secret. The human, device, organisation, or policy engine controls approval.

AI Operator

Sees tasks, screens, states, and permitted actions.

Secure Bridge

Handles passwords, tokens, keys, one-time codes, and other sensitive secrets.

Policy Authority

Defines when a secret can be used, by whom, for which system, and under what conditions.

The AI does not need to know the secret to complete the task.

Architecture

AI operator
Sidecar policy layer
Target system screen + input
Credential request detected
Credential vault / human approval / device trust
Secret passed directly to target system
AI receives only outcome state

Security Features

  • Blind credential pass-through
  • Human approval option
  • Policy-controlled release
  • Audit trail
  • Least-privilege access
  • No plain-text credential exposure to AI
  • Optional air-gapped or local-only deployment model

External AI operation through human-observable output and human-equivalent input.

Sidecar is an external control layer. It can operate beside the target system rather than inside it. This makes it suitable for environments where changing the target system is expensive, impossible, risky, or forbidden.

User / Organisation Policy
Task Instruction
AI Planner / Operator
Sidecar Policy & Safety Layer
Vision Interpreter
screen, video, terminal
Action Engine
keyboard, mouse, HID
Target System
Trusted Credential Path
Credential Vault
Human approval / Secure device
Blind Credential Pass-through
Target System

AI path and credential path remain separate

Vision Interpreter

Reads the state of the target system from what a human would see.

AI Planner / Operator

Decides the next safe action based on the task and observed state.

Policy and Safety Layer

Limits what the AI may do, when it must stop, and when human approval is required.

Action Engine

Sends human-equivalent input to the target system.

Secure Credential Bridge

Passes secrets directly to the target device or application without exposing them to the AI.

One architecture. Many unreachable systems.

Legacy Enterprise Systems

Operate workflows where no modern API exists and replacement would be expensive or risky.

Mainframes and Terminals

Bring AI assistance to green-screen, command-line, and old iron systems still running critical business processes.

Air-Gapped Machines

Assist secure systems without turning them into cloud-connected AI endpoints.

Industrial and Embedded Systems

Operate minimal, custom, or device-specific operating systems through the existing human interface.

Locked-Down Enterprise Apps

Automate repetitive workflows without modifying the core system or breaching change-control rules.

Government and Regulated Systems

Support human operators in environments where auditability, policy control, and credential isolation matter.

Consumer Productivity

Give users AI help across apps, websites, files, settings, and workflows — not only where Apple, Microsoft, Google, or an app vendor allows it.

Accessibility-First Wedge

Use accessibility-style operation as the fastest way to learn, deploy, and prove value — while preserving the broader architecture.

Accessibility is the first adoption and learning wedge. The invention is not limited to accessibility. Sidecar is a general AI operator layer for human-operated computing systems.

Why existing automation does not reach this territory.

API Automation

Works: Modern software with exposed APIs
Limitation: Useless where no API exists
Sidecar: Operates through the human interface

Browser Agents

Works: Web workflows
Limitation: Weak outside browser contexts
Sidecar: Works across devices, apps, terminals, and operating systems

Robotic Process Automation

Works: Structured enterprise workflows
Limitation: Fragile, app-specific, and often brittle when screens change
Sidecar: Vision/state-driven AI operator model

Accessibility Tools

Works: Human-assistive computer access
Limitation: Designed for people, not autonomous AI operation
Sidecar: Uses accessibility as one control path inside a broader AI control architecture

Remote Desktop

Works: Human remote control
Limitation: Still requires a human operator
Sidecar: AI operates with policy limits and credential separation

OS-Native AI Assistants

Works: Supported operating systems and approved integrations
Limitation: Vendor-controlled and platform-limited
Sidecar: User-controlled, cross-system, and external

App-Specific Copilots

Works: One vendor's app
Limitation: Cannot operate the user's full computing environment
Sidecar: Operates across systems through the interface layer

Accessibility is the ramp, not the ceiling.

Accessibility pathways are valuable because they expose real interface structure, permission models, input methods, and user workflows.

That makes accessibility an ideal first wedge for learning and adoption.

But Sidecar's core idea is broader: any system a human can operate can potentially become AI-operable through visible output, human-equivalent input, and policy-controlled secret handling.

Accessibility teaches Sidecar how humans operate computers. The market is every system still operated by humans.

From apps to operators.

The first wave of AI software answered questions. The next wave will operate computers.

Most companies are trying to make AI work inside their own applications, browsers, or operating systems.

Sidecar takes a different path: it turns the existing human interface into the operating layer for AI.

Android opened mobile computing beyond one device maker and one closed stack. Sidecar aims at the next opening: AI operation beyond one app, one browser, one operating system, or one vendor-controlled automation layer.

This is not another AI app. It is a control layer for the software and machines that AI cannot otherwise reach.

Status

Prototype Direction

Sidecar Runtime and Sidecar Dot demonstrate the direction of an external AI control layer.

Current Wedge

Accessibility-style operation is the fastest practical learning and adoption path.

Expansion Field

The same architecture extends toward legacy enterprise systems, mainframes, terminals, air-gapped environments, command-line systems, custom operating systems, and consumer productivity.

IP Focus

The intellectual property focus is external AI operation of target systems through human-observable output, human-equivalent input, and secure blind credential pass-through.

Near-Term Proof

The next proof point is a short working demonstration of Sidecar operating a system with no API while keeping credentials hidden from the AI.

The Ask

We are looking for one strategic validator who understands platform shifts, human-computer interfaces, AI operation, and the commercial path from wedge use case to operating layer.

The goal is to pressure-test:

  • The architecture
  • The first enterprise wedge
  • The security model
  • The demonstration path
  • The most natural licensing, funding, or platform partnership route
The right validator does not need to buy the product. They need to understand whether this is a real platform opening.
Request private Sidecar Vision briefing

Sidecar Vision

AI operation for systems with no API.

If a human can see it and operate it, Sidecar can become the AI operator layer — with secure credential pass-through to keep secrets out of the AI's view.

Contact

Ric Richardson

ricrichardson.comRequest private discussion

Sidecar Vision