Secure transport and post-quantum Zero Trust VPN for regulated communications.
AegisWire is a purpose-built secure transport and enterprise VPN platform with mandatory hybrid post-quantum cryptography from the first packet — combining a classical key exchange with ML-KEM-768 to resist harvest-now-decrypt-later attacks. Transport core, control plane, gateway fabric, and trust operations run as one integrated, memory-safe (Rust) system built to the hybrid post-quantum approach NSA CNSA 2.0 and UK NCSC recommend for migrating to quantum-resistant encryption.
Never described as "quantum-proof" or "unbreakable." Hardware appliance is on the roadmap, not available now.
What AegisWire does
The working surface — what the engine produces, controls and proves in practice.
Mandatory hybrid post-quantum key exchange (packet 0)
Every session establishes a hybrid secret combining a classical ECDH exchange with the ML-KEM-768 (Kyber768) post-quantum KEM — there is no classical-only downgrade path. The Noise-rooted private handshake (XX-class when server trust is not yet held, IK-class when it is) carries all negotiation inside HPKE-sealed handshake objects, so cipher suite, KEM set, and trust selection are transcript-bound and downgrade-resistant. Designed to resist harvest-now-decrypt-later; not 'quantum-proof.'
Stream-scoped post-compromise security (PCS)
Per-stream forward-secure key evolution ratchets automatically: senders emit a KEY_EPOCH_ADVANCE every 8 packets (EPOCH_STRIDE) with an epoch commitment, so a compromised key only exposes material derived inside a bounded healing window and the blast radius is contained at the stream level. Epoch commitments are wire-visible and replay/rollback-checked (KEY_EPOCH_ERROR on mismatch).
Purpose-built UDP transport with roaming and multipath
A first-principles UDP secure transport — not a tunnelled TCP stack — with stream-multiplexed sessions, Connection-ID-based migration that survives Wi-Fi/cellular/wired handoff without reconnection, multipath with per-path crypto isolation, anti-replay (packet-number windows), and anti-amplification via stateless retry cookies before resource commitment. Structured frames (STREAM, ACK, PADDING, PING, PATH_CHALLENGE/RESPONSE, CONNECTION_ID, KEY_UPDATE, KEY_EPOCH_ADVANCE, CONNECTION_CLOSE, DATAGRAM) follow deterministic wire discipline.
Packet-level metadata privacy from the first byte
The ClientHello-equivalent is HPKE-sealed to a selected server public config, so no readable negotiation, retry, or hybrid-KEX fields appear on the wire (only spc_id as HPKE context selection, which is also transcript-bound inside the sealed object). Header protection treats early-session metadata as part of the security problem, before higher-level controls can compensate.
Six authentication / trust lanes
Mode A token/PSK binder; Mode B certificate (classical signatures); Mode C certificate with PQ signatures; Mode D TOFU / pinned-static with explicit policy guardrails; Mode E out-of-band provisioned trust object; Mode F AuthKEM/KEMTLS-style. Policy sets a minimum and an allow-list of modes per tenant or group, so trust is matched to the environment rather than assumed.
Full enterprise VPN with policy-driven routing
Full and split tunnel (IPv4/IPv6) with tunnel mode set by signed policy, not user choice; secure in-tunnel DNS with leak prevention enforced at the OS network stack; OS-level kill switch with MTU discovery and clamping; NAT traversal via UDP hole punching with relay and port fallback; gateway pool selection with CID-affinity load balancing, controlled failover, and draining. Clients ship for Windows (WinTun), macOS (Network Extension), Linux (systemd/container), iOS/iPadOS (Packet Tunnel Provider), Android (VPN Service, MDM-ready), and headless servers/CI.
Dedicated per-customer control plane with built-in identity
A Go control plane gives every customer a 1:1 dedicated instance — no shared multi-tenant control plane — with its own database, credentials, and policies. Built-in user management works standalone (full lifecycle, password policies, TOTP MFA, RBAC, groups, session management, rate limiting and lockout) and optionally federates to Azure Entra ID, AWS Identity Center, Okta, Keycloak, or any OIDC/SAML provider (RS256/ES256/HS256 JWT validation, fail-closed). Full REST and gRPC APIs cover every management function.
Signed policy distribution and trust-anchor lifecycle
Versioned, cryptographically signed policy artifacts (SPC bundles) are published and enforced at the gateway with a default-deny posture; trust-anchor rotation and revocation propagate through the trust chain without service interruption. Distribution supports both control-plane publication and DNS SVCB/HTTPS service-binding records for adoption outside SaaS.
Privacy-safe observability and evidence-backed releases
Operational visibility uses metadata-only telemetry by default — no content inspection, no payload logging. Releases ship with SBOM generation, signed artifacts (Sigstore cosign / Docker Content Trust), and reproducible builds; audit logs are tamper-evident and retained per your own policy. The cryptography is built to NSA CNSA 2.0 and UK NCSC post-quantum migration guidance.
A controlled, evidence-led flow
Enroll device and bind trust
A device is enrolled against the dedicated control plane, binding device identity to the user and policy relationships. Enrollment returns device credentials, trust anchors, and signed SPC/policy bundles. Connectivity then requires verified enrollment — not just valid credentials.
Establish a private, hybrid-PQ session
The client opens a UDP session with an HPKE-sealed, Noise-rooted handshake. The server may issue a stateless retry cookie to prevent amplification; the session derives a hybrid secret from classical ECDH plus ML-KEM-768, with metadata private from packet 0 and all parameters transcript-bound.
Enforce signed policy at the gateway
The gateway validates the trust anchor and applies the signed policy artifact under a default-deny posture — split-tunnel rules, DNS behaviour, kill-switch mode, and allowed auth modes all reflect administrative intent rather than device-local heuristics.
Run with PCS, roaming, and privacy-safe telemetry
During the session, per-stream key ratcheting (KEY_EPOCH_ADVANCE every 8 packets) maintains post-compromise security, CID-based migration keeps the session alive across network changes, and only metadata-level telemetry is emitted — no content inspection.
What it's used for
Financial services
Hybrid post-quantum transport, signed policy enforcement, and fleet lifecycle management for trading-system interconnects, interbank communications, and customer-facing infrastructure where long-term confidentiality and regulatory posture both matter.
Healthcare and life sciences
Long-horizon confidentiality for patient records and EHR interconnects, secure telehealth, and medical-device network segments — with metadata-only telemetry enforced by default so monitoring never inspects clinical content.
Government, defence, and sovereign workloads
Self-hosted and air-gap-compatible deployment, CNSA 2.0-aligned cryptographic profile, hardware-rooted trust-anchor governance, SBOM and signed releases, and change-controlled rollout for high-assurance and sovereign environments.
Critical infrastructure / OT-IT convergence
Deterministic wire discipline, anti-amplification, and default-deny signed configuration distribution for OT/IT boundaries and remote monitoring, where predictable protocol behaviour and operational reliability are non-negotiable.
Global enterprise / distributed workforce
Regional gateway fabric with policy-aware routing and roaming continuity across networks, multi-platform and headless clients, and centralized fleet lifecycle management with instant fleet-wide lockdown during incidents.
Multi-cloud and data-center interconnect
Hybrid post-quantum transport for inter-datacenter and multi-cloud links, stream-scoped PCS for east-west traffic, and privacy-safe observability with no payload logging across AWS, Azure, GCP, and customer infrastructure.
What you can buy or evaluate
Each offer carries an honest availability label.
What you receive — and how it's proven
Every job ships with an evidence record, not just an output.
What you receive
- Hybrid post-quantum-protected sessions (classical ECDH + ML-KEM-768) with stream-scoped PCS
- Signed, versioned policy artifacts (SPC bundles) with default-deny enforcement
- Device enrollment artifacts: device credentials, trust anchors, SPC and policy bundles
- Metadata-only operational telemetry and tamper-evident, exportable audit logs
- SBOM, signed release artifacts, and reproducible-build provenance for supply-chain evidence
- Per-tenant usage and entitlement reporting (users, devices, throughput, traffic) via REST/gRPC APIs
- Multi-platform and headless client agents (Windows, macOS, Linux, iOS/iPadOS, Android, servers/CI)
- Audit-ready evidence packages for compliance and assurance reviews
Evidence & proof
- Mandatory hybrid PQ from packet 0 using ML-KEM-768 / Kyber768 (PQ KEM identifier 0x0780); no classical-only downgrade mode permitted
- Reference implementation is memory-safe Rust with unsafe forbidden in the core transport
- Designed around six formal security claims: session confidentiality, integrity, mutual authentication, forward secrecy, post-compromise security, and metadata privacy
- Built to NSA CNSA 2.0 and UK NCSC guidance — hybrid post-quantum is the recommended path for migrating to quantum-resistant cryptography
- Stream-scoped PCS is deterministic and testable (KEY_EPOCH_ADVANCE every 8 packets) independent of RTT
- Supply-chain assurance: SBOM generation, signed releases (Sigstore cosign / Docker Content Trust), reproducible builds, tamper-evident audit logs
- Example proof point from sibling product RadMah AI: 95.69% on the public mostlyai-qa benchmark (Adult dataset, 24K rows, 200 epochs) — cited as an illustrative result, not a guarantee for AegisWire
Run it your way
Common questions
Is AegisWire 'quantum-proof' or 'unbreakable'?
No — and we deliberately avoid those words. AegisWire is hybrid post-quantum by design: it combines a well-understood classical key exchange with the standardized ML-KEM-768 post-quantum KEM so that if either is later found weak, the other still protects the session. It is designed to resist harvest-now-decrypt-later attacks, where traffic recorded today could be decrypted by a future quantum computer.
Which certifications does AegisWire hold?
None — and we won't pretend otherwise. AegisWire is built to be judged on the engineering: a memory-safe Rust core, hybrid post-quantum cryptography mandatory from packet zero, SBOM-backed signed reproducible builds, and tamper-evident audit logs you can verify yourself.
What cryptography does AegisWire actually use?
Sessions establish a hybrid secret from a classical ECDH exchange plus the ML-KEM-768 (Kyber768) KEM, mandatory from packet 0 with no classical-only fallback. The private handshake is Noise-rooted (XX/IK trust shapes) with the ClientHello-equivalent HPKE-sealed for packet-0 metadata privacy, and post-compromise security is provided by per-stream forward-secure key evolution.
How is AegisWire different from a consumer VPN or an overlay network tool?
It is a purpose-built transport rather than a repackaged tunnel. Trust is established at session start (not assumed after connection), routing follows signed policy (not device-local heuristics), anti-replay and anti-amplification are enforced at the protocol level, telemetry is metadata-only by default, and you can run it self-hosted or sovereign — not SaaS-only.
Can we run AegisWire on our own infrastructure or air-gapped?
Yes. Self-hosted / sovereign deployment is customer-operated under licence with full infrastructure control, data-residency alignment, and air-gap compatibility. The same trust architecture, signed-artifact pipeline, and policy enforcement operate identically across Managed SaaS, dedicated hosted, and self-hosted models.
Is the hardware appliance available now?
No. The hardware appliance — a pre-loaded gateway and control plane with hardware-rooted trust and license binding — is on the roadmap for air-gapped and high-assurance environments, but is not yet generally available. Managed SaaS, dedicated hosted, and self-hosted are the deployment models offered today.
How is AegisWire priced?
Through a hybrid model across four motions: Self (license-first, capacity-bounded), Managed (hosted, traffic-bounded with overage), Enterprise (reserved capacity plus governance/SLA, from roughly $100k/year), and GOV (dedicated, quote-led, from roughly $200k/year). Self and Managed offer bounded self-serve plans; Enterprise and GOV are sales-led. Pricing is set by capacity packs (reserved throughput), entitlement caps, support tier, and traffic where hosted.
How AegisWire relates to the rest of ITLOX
RadMah AI
Generates synthetic OT/security data for training and validation.
RadMah Sentinel
Policy and evidence workflows where applicable.
Next step