Summary4 min read

Podcast Summary: "Berk Yilmaz: AI for Mission-Critical Software"

The Digital Executive | Ep 1259
Host: Brian, Coruzant Technologies
Guest: Birk Yilmaz, CTO & Co-Founder, NOA Labs
Date: June 2, 2026
Duration (content): ~00:55–13:10

Episode Overview

In this episode, Brian interviews Birk Yilmaz, CTO and co-founder of NOA Labs, focusing on how NOA Labs is revolutionizing mission-critical software development. The conversation centers on their flagship product, Sentinel—an AI-native IDE engineered for secure, regulated, and high-stakes environments like aerospace and defense. Through examining legacy code modernization, AI-assisted pipelines, compliance automation, and deployment in strict environments, Birk shares insights into the unique challenges and innovative solutions driving the next generation of reliable software for critical applications.

Key Discussion Points & Insights

1. Birk Yilmaz’s Pathway to Mission-Critical Software

Timestamp: 02:13–04:33

Throughline in Career:
Birk describes his journey through electrical engineering and computer science (NJIT & Istanbul Technical University), research at Columbia, and NASA—highlighting the repeated theme of working in domains where "software failure wasn’t an option and the tooling never matched the stakes" (02:53).
Bridging Worlds:
Exposure to both hardware and software made Birk think of software with the rigor of hardware engineering:

“You don’t ship a circuit board and hope it actually works. You verify it, you prove it. And that mindset actually stuck with me...” (03:07)
Problem in the Industry:
He noticed high-stakes software being built with "low-stake tools," leading to his vision for Sentinel as a secure, verifiable development environment.

2. Legacy Code Modernization in Regulated Environments

Timestamp: 04:33–07:01

Challenge Defined:
Massive amounts of still-operational, mission-critical code in languages like COBOL, Fortran, and C present:
- A generational knowledge gap—current engineers may not sufficiently understand source languages.
- Verification hurdles—proof of correctness, not just compiling, is mandatory.
  
  “A migration isn’t finished when the new code compiles... It’s finished when an external reviewer can be pursued that the new code is equivalent.” (05:38)
NOA Labs Approach with Sentinel:
- AI-driven translation engine is paired with formal verification and deterministic audit trails.
- Every action, model prompt, and response is recorded for full reproducibility.
- Differential testing: Old and new codebases are tested side-by-side on identical inputs.
- Formal verification is applied for mathematical equivalence.
- All LLM calls are cached deterministically for replay and auditing.
“The AI changes the speed. But the verification and audit trail change whether the results are actually usable for these regulated customers.” (06:45)

3. AI Tooling: Sparsity, Efficiency, and Edge Deployment

Timestamp: 07:01–09:26

Philosophy:
Birk critiques the trend of "send everything to the biggest available model in the cloud," noting this simply does not work for hardened, air-gapped environments where every watt counts:

“Our approach is you don’t use AI where we don’t need to.” (08:05)
Determinism & Compliance:
- Compliance checking is done with rule engines, not LLMs; regulators demand the same answer every time.
- Smaller, purpose-built models are used locally for orchestration, with large models invoked only when necessary.
Efficiency as Requirement:

“Efficiency isn’t a performance optimization for us, it’s a deployment requirement. If it doesn’t run on custom hardware behind the locked door, it doesn’t ship.” (09:18)

4. The Future: AI-Native Dev Environments & Built-In Compliance

Timestamp: 09:26–12:20

Old vs. New Paradigm:
Traditionally, compliance is bolted on after software is written—"painful and disconnected."

“You write the code then bolt on compliance at the end... and it’s all manual and very painful.” (10:21)
AI-Native Shift:
Compliance, verification, and audit are embedded in the development cycle, producing artifacts (audit trail, all prompts/outputs, vulnerability mappings) automatically.
- Vulnerability scans directly align with regulatory frameworks (NIST, FedRAMP, etc).
- The “AOT package” (authority to operate) is generated by the platform as you develop.
Competitive Edge:
Organizations adopting this continuous, AI-assisted model will leap ahead, seeing improvements in security, modernization speed, and procurement timelines.
NOA Labs Positioning:
- Sentinel runs entirely on customer hardware, within their security boundaries.
- No data leaves the facility—unlike cloud-first competitors.
- “We made [on-premises, secure-by-design] on day one. And the government and defense community ask for a tool that feeds their constraints as features, not limitations. And we’re just the ones who building it.” (12:12)

Notable Quotes & Moments

Hardware SW Mindset:

“You don’t ship a circuit board and hope it actually works. You verify it, you prove it.”
— Birk Yilmaz [03:07]
On Migration Verification:

“A migration isn’t finished when the new code compiles, it’s finished when an external reviewer can be pursued that the new code is equivalent.”
— Birk Yilmaz [05:38]
Efficiency Requirement:

“Efficiency isn’t a performance optimization for us, it’s a deployment requirement.”
— Birk Yilmaz [09:18]
Platform Philosophy:

“No data leaving the building… And the government and the defense community ask for a tool that feeds their constraints as features, not limitations. And we’re just the ones who building it.”
— Birk Yilmaz [12:12]

Important Timestamps

Guest Introduction & Background: 00:55–04:33
Challenges & Solutions in Legacy Modernization: 04:33–07:01
AI Model Usage & Edge Requirements: 07:01–09:26
Vision for AI-Native Compliance & Development: 09:26–12:20
Closing Thoughts: 12:20–13:10

Episode Tone

Conversational, sharply technical yet relatable, aimed at technologists and leaders handling mission-critical digital transformation.

This episode offers deep, actionable insights for any organization modernizing regulated systems, and uniquely outlines why deterministic, locally-deployable AI tools, built with rigorous auditability, are essential for the future of mission- and safety-critical software.

Loading summary

Transcript15 lines

[00:00]
Windows 11 College Deal Announcer
Study and play come together on a Windows 11 PC and for a limited time, college students get the best of both worlds. Get the Unreal College Deal Everything you need to study and play with select Windows 11 PCs. Eligible students get a year of Microsoft 365 Premium and a year of Xbox Game Pass ultimate with a custom color Xbox wireless controller. Learn more@windows.com studentoffer while supplies last ends June 30th terms at aka mscollegepc
[00:32]
Red Bull Summer All Day Play Announcer
ready to soundtrack your summer with Red Bull Summer All Day Play? You choose a playlist that fits your summer vibe the best. Are you a festival fanatic, a deep end dj, a road dog, or a trail mixer? Just add a song to your chosen playlist and put your summer on track. Red Bull Summer All Day Play Red Bull gives you wings. Visit red bull.com brightsummerahead to learn more. See you this summer.
[00:56]
Brian (Podcast Host)
Foreign. Welcome to Coruscant Technologies, home of the Digital Executive Podcast. Do you work in emerging tech? Working on something innovative? Maybe an entrepreneur? Apply to be a guest at www.corazon.com brand welcome to the Digital Executive. Today's guest is Birk Eelmas. Burk Eilmaz is the co founder and Chief Technology Officer of NOAA Labs where he's building Sentinel, an AI native IDE design for secure regulated aircraft and mission critical software environments. His work sits at the intersection of agentix software engineering, legacy code modernization, AI systems, formal verification, compliance tooling and aerospace grade software reliability. At NOAA Labs, BEERC leads product and engineering architecture for a secure development platform that includes AI assisted migration pipelines, deterministic audit trails, agent runtimes, compliance automation, formal verification integrations and cross platform desktop deployment. Well, good afternoon Bert. Welcome to the show.
[02:11]
Birk Eilmas (Guest, CTO of NOAA Labs)
Thank you. Glad to be here Brian.
[02:13]
Brian (Podcast Host)
Absolutely my friend. I appreciate it. Really do I know you are in the San Jose, California area. I'm in Kansas City. Appreciate you hopping a couple time zones and several calendars to get here today. That's just so special to me when people take the time out of their day to do this. So thank you and Burke, if you could, let's jump into your first question. Your path runs from dual undergraduate degrees at New Jersey Institute of Technology and Istanbul Technology University, through electrical engineering at Columbia and into NASA supported space research before co founding NOAA Labs. What throughline connects those experiences and led you to be Building Sentinel?
[02:54]
Birk Eilmas (Guest, CTO of NOAA Labs)
Of course. And first of all, thank you. I'm glad to be here Brian. And you know looking back, the thread was actually pretty simple. I kept up ending in places where Software failure wasn't an option and the tooling actually never matched the stakes. For example, at NGIT and Istanbul Technical University I was splitting time between electrical engineering and computer sciences, which sounds a little scattering, but it gave me something that is important. I learned to think about the software the way hardware engineers do. You don't ship circuit board and hope it actually works. You verify it, you prove it. And that mindset actually stuck with me through my whole university life and Columbia actually depended that. And then NASA's NASA research really finalized this pushback. And when you're working on systems that might end up in space where you can just push the hotfixes, you learn the fast that the gap between that it compiles and it's actually correct, it's just enormous. And most developer tools just don't care about this gap. And thus that's what led to Sentinel. At NOAA Labs we're building the development environment for engineers who work on software where the consequences of getting wrong is actually real defense systems, critical infrastructures, Eurospace, the kind of code where you need approvable audit, trial and just not a green check mark in CI. So the through the line is I kept seeing high stakes software built with low stake tools and Sentinel is the tool that I wished existed at every step along the way.
[04:33]
Brian (Podcast Host)
That's amazing and I appreciate that. The backstory here essentially and, and you know, looking at your resume, it looks like a lot. You had to juggle both electrical engineering, computer science and school. But that actually brought everything together for you, which I think's awesome. And it has definitely gave you that line or that path to what you're building today at NOAA Labs. So I really, really appreciate that. Bert NOAA Labs legacy code modernization is central to Noah's Labs pitch to defense and federal teams. What makes modernization decades old regulated code bases so difficult and how do AI assisted migration pipelines change that equation?
[05:11]
Birk Eilmas (Guest, CTO of NOAA Labs)
Great question. So let me paint the picture. There's an enormous amount of critical critical software out there. It's in defense, aerospace, in the financial tech sector. That was written in C, in cobol, in Fortran decades ago and it actually works. These decades of operational use have have shaken out the bugs that actually matters. But the engineers who wrote it in many cases retired. And engineers inheriting the code often don't know the source language well enough to verify that rewrite is the correct thing. So that's the first problem, a generational knowledge gap on the both sides of the migration. But the harder problem is for these customers, a migration isn't finished. When the new code compiles, it's finished. Then external reviewer can be pursued that the new code is equivalent. That means that a paper trial every prompt, every model response, every input, every proof certificate. If you can produce that trial, the migration doesn't count legally and no one have the good code it is. So what Sentinel does is we pair an AI translation engine with formal verifications and a deterministic audit bundle. We break the code base into translation units and translate each one to verify it through the differential testing. We literally put the old program and the new program against the same inputs and compare the outputs. When very applicable, we dispatch formal obligations to check mathematical equivalence. And every large language model call is cached deterministically. So any run can be replayed byte by byte. So the AI changes the speed. And we know that. But the verification and audit trial change whether the results are actually usable for these regulated customers. And that's the equation actually we're solving at Sentinel.
[07:01]
Brian (Podcast Host)
That's awesome. Appreciate that. And Burke, just so you know, I worked as started my career as a developer but I looking back I had a lot of exposure to Fortran, Cobalt C, mostly C. But you know, that stuff's been around since the 60s, 70s, 80s and it's hard to believe that it's still being used especially in the critical areas of like Department of Defense. But I like what you're all doing. You're obviously translating those old code bases where it can be verified by by to make sure that the testing and the translation and then the testing that you're doing is 100% accurate, which is so important in these critical areas. So again, thank you. And Bert, you written about moving away from the assumption that AI must process everything all the time, pointing toward sparsity and energy efficiency for edge and space applications. How does that philosophy influence your approach to building developer tooling?
[07:55]
Birk Eilmas (Guest, CTO of NOAA Labs)
Yeah, this is something I think about a lot. And it directly shapes how we architect the Sentinel. The dominant approach was in AI tooling right now the biggest available model send it everything all the time. And that works fine if you're in the cloud or and latency is nice to have. It completely falls apart when your customers operating an SIC fee or an air gapped facility where the model runs on a local hardware and every watt matters now. So our approach is you don't use AI where we don't need to. Our compliance checking for example is entirely deterministic and no large language models involved. We map the findings to control frameworks. You using a rule engine not A language model because a regulator doesn't want to hear your compliance assessments was probably right. Right. It needs to be the same answer every time. So for this we have to get a deterministic approach on the model side you're designing for right sizing, using smaller, faster models for orchestration and routing and larger model only when the task actually demands it. The goal is that the system gets more efficient as it matures and not less. The more you use it, more of the pipeline hits the cache, the fewer expensive models calls you need. And efficiency isn't the performance optimization for us, it's a deployment requirement. If it doesn't run on custom hardware behind the locked door, it doesn't ship. Basically.
[09:27]
Brian (Podcast Host)
Wow, amazing. Really is and you're absolutely right. Everything nowadays is connected, Internet connected, cloud based. You talked about AI tooling and that just doesn't work for, you know, your customer base, which works in very sensitive, top secret environments in a lot of cases. And what's great about your platform is you everything works local, especially in those air gapped environments we talked about. But you do use those smaller faster models that do improve over time and of course get more efficient and you use the large language models, you know, when needed, of course. But really appreciate those insights. And Burke, last question of the day. As we look ahead, how do you see AI native development environments reshaping how regulated and national security software gets built over the next five years? And where does NOAA labs aim to lead that shift?
[10:19]
Birk Eilmas (Guest, CTO of NOAA Labs)
I think we are at real inflation point right now. The way regulated software gets built is basically you write the code then bolt on a compliance at the end you write the software, then you spend months assembling authority to operate package your system security plans, your security assessment reports, your SPOM or checklist files, and the list goes on. And it's all manual and it's very painful. And it's basically disconnected from the actual development cycle. What AI native environments make it possible is flipping that entirely. Compliance becomes a byproduct of the development process and it's not a separate work scheme anymore. When Sentinel translates the code, the audit bundle, every prompt, every model response, basically every test and every proof we generate automatically. So when you scan for vulnerabilities, the findings map directly to NAC controls, STI fedramp baselines. And the AOT package isn't something you assemble after the fact, it's something that platform produces as you work over the next five years. I think the organizations that adopt this model where security, verification and compliance are built in the developer's daily workflow rather than the layered on top are going to be moved more dramatically faster than the other ones that do not use these. And the gap is going to be visible in the procurement timelines in the time to AOTO and how fast you can modernize legacy systems and actually get into the production. And where does this NoLabs lead? You're building the platform that runs entirely customers hardware behind the security boundary with no data leaving the building. And that's not a feature actually, that's an orchestration decision that most of our competitors structurally cannot make it because they are cloud first and we made it on day one. And the government and the defense community ask for a tool that feeds their constraints as a features, not limitations. And we're just the ones who building it.
[12:20]
Brian (Podcast Host)
That's awesome. And you know, the platform itself, Sentinel, you know, works directly with the customer's hardware. I thought that was amazing because you're right, everything again we talked about that is Internet connected in some way. So I think that's phenomenal. And of course today regulated software is built and then you add the compliance part afterwards, right? It's always the afterthought and that doesn't work. And I like how your platform Sentinel, you've built in that compliance governance security from the ground up, which means that it is more robust and it has taken into account everything along the way when it comes to those really sensitive and highly regulated environments. So I appreciate your insights on that and you're welcome. Bert, it was such a pleasure having you on today and I look forward to speaking with you real soon.
[13:10]
Birk Eilmas (Guest, CTO of NOAA Labs)
Thank you so much.
[13:11]
Brian (Podcast Host)
Bye for now.