Crossing the Boundary: Announcing Epsilon3 Connect
Epsilon3 Connect is here. The same execution record your team trusts inside your walls now reaches every organization a program depends on, with the same controls, the same audit trail, and the same compliance posture, all within one platform.
A few days ago we wrote about where Epsilon3 is going: one platform for the full life of complex hardware, anchored by four build pillars, with connectivity at the center of the next chapter.
Today we're shipping the first set of capabilities in Epsilon3 Connect, the solution we've been building toward to take the execution record past the organizational boundary.
The org boundary is where the thread breaks
In January 2024, a door plug blew out of an Alaska Airlines 737 MAX at sixteen thousand feet. The aircraft was nineteen weeks old. The fuselage had been built by a subcontractor and shipped out for final assembly. In the final assembly, the door plug had been removed by employees working on rivet repairs and then reinstalled, without the four bolts that were supposed to hold it in place. There was no record of the removal.
The NTSB's final report in June 2025 concluded that the manufacturer had failed to provide adequate training, guidance, and oversight necessary to ensure that manufacturing personnel could consistently and correctly comply with its parts removal process.
That's the cost of a documentation handoff that didn't make it across an organizational boundary. A single missing record. One commercial aircraft involuntarily descending. The point is not that one missing document caused all of it. The point is that the missing document is exactly the kind of thing that happens, often, at the seam where two organizations meet — and almost nobody has built a system that lives inside that seam.
The macro numbers say the same thing. The GAO's 2025 Weapon Systems Annual Assessment found that the combined cost estimates for thirty Major Defense Acquisition Programs grew $49.3 billion in a single year. The average time for an MDAP to deliver initial capability is now nearly twelve years from program start, and the programs that have delivered did so on average in eleven years versus an original eight. Three years of slip, repeated across thirty programs, against a portfolio approaching $2.4 trillion. McKinsey, working with the Aerospace Industries Association, has estimated that advancing digital maturity in the aerospace and defense value stream could unlock $20 billion in annual EBITDA, with supply chain showing the largest value-creation potential of any segment.
There’s a clear pattern emerging across programs in both the public and private sectors, jeopardizing our national security and public safety, in addition to our global competitiveness. For example:
Sentinel ICBM. 81% above its original cost estimate by mid-2024. The Air Force's chief buyer, Andrew Hunter, publicly characterized the overrun as a "collective failure" of the government and contractors.
Columbia-class submarines. The lead boat is now 12 to 16 months late. The program runs across more than 3,000 suppliers. Among the documented root causes: defective welds on missile tubes that originated in the supplier base.
Artemis/SLS. Per NASA's Office of the Inspector General, the Defense Contract Management Agency issued 71 Corrective Action Requests between September 2021 and September 2023. NASA OIG called the number "a high number of CARs for a space flight system at this stage in development" and tied it to "a recurring and degraded state of product quality control."
F-35. Of the 110 aircraft delivered in 2024, every one arrived late: an average of 238 days late, up from 61 the year before. All 123 engines delivered in the same window were also late.
KC-46. The manufacturer’s cumulative losses on the program now exceed $8 billion, including a $565 million charge in Q4 2025 alone, driven in part by subcontractor and supply-chain coordination issues documented across multiple GAO reports.
Each of these is a different program, a different prime, a different proximate cause. What they have in common is a structural reality: in must-work industries, the work itself crosses organizational boundaries, and the systems that hold the work do not. The platform-level engineering issues get diagnosed and fixed. The boundary-level coordination issues, the lost handoffs, the re-keyed data, the records that don't survive the trip from one organization to the next, get absorbed as cost and schedule overruns.
It is not a small layer to leave un-modernized. CSIS finds that defense specialists now account for 61% of DoD's major programs by value, up from just 6% in 1989. The industrial base has consolidated around firms that don't share infrastructure, then asked them to coordinate at unprecedented depth. The cost of poor quality in complex manufacturing runs 5-35% of sales, per the American Society for Quality, clustering around 15%, and the highest end of that range sits exactly where multi-organization supply chains operate.
This is what we kept hearing from customers, too. Over 30% of our customers asked us by name to extend their workspace past the boundary and to solve exactly these issues: duplicate work between MES, custom ERPs, and quality tools. Antiquated all-paper manual methods to meet AS9100 and customer traceability. Test workflows held together by Python scripts and Excel because the internal MES couldn't reach the test stand. Primes who needed visibility into a supplier's build, and suppliers who needed the prime's requirements without re-keying them.
We heard the same pain again and again, just below the surface of explicit feature requests.
Epsilon3 Connect is our answer.
What's available today
Epsilon3 Connect, as of today, gives you the capabilities below, every one of them working under the same permissions, audit, and compliance model your team already trusts internally.
Cross-org procedure sharing. Share a procedure from your workspace to another organization with its attachments, Build Content Blocks, custom fields, lists, and Source Team Settings intact. The recipient works against the same procedure record. You keep control of the source. When you update the procedure, the recipient sees the update.
Real-time collaboration on shared runs. When two organizations need to execute against the same run; a prime and a sub on the same test, a customer witnessing a procedure live, an integrator and a supplier coordinating an install, both sides can view the same live run record, in real time, scoped by role. No screen-share. No PDF after the fact. No reconciling two copies of what happened. One run, both organizations, the same record updating live for everyone with permission to see it.
Cross-org file and folder sharing, with magic links. Send a file, or an entire folder, to a user in another organization, or to someone not yet in any organization, under the same admin permissions that govern internal access. The magic-link sharing you've used for files and documents continues to work, and now inherits the same permissions scheme as the rest of Connect so the way you grant access to a one-off file is the same way you grant access to a procedure, a run, or a folder.
View-only access for cross-customer collaboration. When two Epsilon3 customers need to work together, and one side only needs to see what's happening rather than act on it, view-only users let you grant lightweight, read-scoped access without provisioning a full seat. A customer auditing a vendor's work, a program office watching a contractor execute, an integrator monitoring a supplier's progress: each gets exactly the visibility they need, nothing more.
Explicit user licensing. Users invited across organizations are not double-billed. Licensing works the way paid seats already work inside a workspace: explicit, auditable, and scoped to where the license is held. If your supplier is already a paid Epsilon3 user, they don't pay again.
Admin permission controls, full audit trail, instant revocation. Sharing is opt-in at the admin level and scoped to role and entity. Nothing crosses the boundary without a grant from an authorized admin. Every access grant, every action taken on a shared asset, and every revocation is logged with the same fidelity as internal activity, protecting data classification, security, and IP ownership. Users can pull a share at any time, and deactivated users automatically lose access to anything previously shared with them.
What Connect looks like in practice
A prime and a subcontractor on the same integrated test. Before Connect, the prime ran its portion of the test in its own Epsilon3 workspace, exported the as-run to PDF, and emailed it to the subcontractor responsible for the next stage. The sub re-keyed the relevant steps into their own system, ran their portion, and emailed a PDF back three days later. If there was a discrepancy, the record lived in someone's inbox. With Connect, the prime shares the procedure to the sub. The sub picks up where the prime left off, in the same procedure record, with the same content blocks, custom fields, and dependencies. The handoff is a permission grant, not a translation exercise. When run-level work is required across both sides (say the sub needs to witness the prime's final calibration before taking custody) both teams act inside the same live run, in real time, scoped to their role. One record. Both organizations. Audit-ready by default.
A government customer witnessing an acceptance test. Before Connect, the vendor staged a screen-share, walked the customer through a PDF of the test procedure, and emailed the as-run data package the next morning. The customer's sign-off lived outside the vendor's execution record. With Connect, the vendor shares the test procedure into the customer's Epsilon3 workspace. The customer reviews in their own environment, on their own time, with their own permissions and audit trail. When the test runs, the customer watches the live run as it happens and signs off against the same record the vendor ran. There is no second copy and no second source of truth.
A multi-organization test campaign. A propulsion subsystem is being qualified across four organizations: the OEM that built the engine, the integrator who installed it, the test facility that runs the hot-fires, and the program office that owns the milestone. Before Connect, each organization ran its own overlapping procedures, coordinated by weekly meetings and status decks. With Connect, the OEM publishes the canonical procedure. The integrator, test facility, and program office each receive scoped access to the parts of the procedure and runs they own. Procedural updates flow from the OEM's source automatically. Admins on every side see exactly who has what access. The weekly status meeting becomes a review of the shared record, not a reconciliation of four versions of it.
How Connect is designed
Connect was built to extend Epsilon3 past the boundary without weakening the controls that make Epsilon3 trustworthy inside the boundary. Five principles govern the design:
Opt-in by design. Nothing crosses the boundary by default. Every share is an explicit, admin-authorized grant of scoped access. Workspace-level controls remain in the hands of the source organization.
Scoped to role and entity. Recipients see only what they were granted. A shared procedure does not expose adjacent procedures. A shared folder does not expose the workspace. A shared run scopes by role on both sides.
One audit trail. Cross-organization activity is logged with the same fidelity as internal activity. Both sides see the same record of access, action, and revocation. The compliance posture of Epsilon3 - FedRAMP High, ITAR, CMMC Level 2 alignment - extends across the boundary.
Instantly revocable. A sharer can pull a share at any time. Deactivated users lose access automatically. There are no orphaned grants and no parallel permission sets to clean up later.
No duplicate billing. Users licensed in one Epsilon3 workspace are not re-billed when they receive a share from another. The commercial model aligns with the way programs actually staff themselves: people work across organizations, and the platform shouldn't tax the boundary.
Where Connect goes next
Epsilon3 Connect ships in phases. What's available today is the foundation: procedures, runs, files, folders, licensing, permissions, audit, and view-only access for cross-customer collaboration. The direction from here is about extending reach in two dimensions — more of the execution record crossing the boundary, and more of the people on the other side of it being able to participate.
More Epsilon3 data, crossing the boundary. Today, procedures and runs cross the org wall, with their attached files and folders. Next: the rest of the execution record. Inventory. Parts. Builds. The entities a supplier needs to receive when you ship them a component, the entities an integrator needs to see when a build hands off, the entities a customer needs to verify against the as-built. Each one will travel across the boundary under the same permissions model, so the shared record matches the source record without compromise.
Extending real-team collaboration. Today, runs are limited to viewing. But soon, runs and other actions with Epsilon3 will extend to shared actions, including commenting, signoffs, and more. Imagine real-time active collaboration at the click of the button.
A vendor portal. Not every supplier is an Epsilon3 customer and many of them shouldn't have to be just to participate in a handful of handoffs. The vendor portal is a lightweight, scoped surface for non-Epsilon3 vendors to receive, act on, and return work to your team without the supplier needing to provision a full Epsilon3 workspace, and without you losing the audit trail. The supplier sees only what you grant. You see exactly what they did.
A customer portal. The mirror image. A scoped surface for your customers — government, prime, or end user — to receive, review, witness, and sign off on the work you're delivering. The customer doesn't need to be on Epsilon3. The record stays on Epsilon3, with the same audit trail, the same compliance posture, and the same controls. The acceptance packet becomes the handoff. The handoff becomes the signature.
That's the shape of the next set of releases. As with everything we've built, we'll talk about each one as it ships.
Epsilon3 Connect is rolling out to all Epsilon3 customers as an opt-in program. Talk to your Customer Success Manager about turning it on for your workspace, or reach our team at sales@epsilon3.io. Admin documentation and walkthroughs are in the Help Center.
If you're operating across organizational boundaries and want to talk about what this looks like for your program, we'd like to hear from you. Connect with us at sales@epsilon3.io.
We’ll be hosting a webinar on June 18th at 11:30 a.m. PT/2:30 p.m. ET digging into Epsilon3 2.0 and our new major features. Register here.