One cryptographic core. Three products.
Everything ships from the same Rust platform: a desktop vault you can download today, a conditional-release API, and hardware-bound protection for AI model weights.
SCSA Vault
Hardware-bound file encryption for the desktop.
Drag-and-drop sealing that binds files to the silicon of the machine: CPU, GPU, or both. Sealed files are cryptographically useless anywhere else.
- Tiered CPU binding: Intel TDX / AMD SEV-SNP → TPM2 → machine fingerprint
- NVIDIA GPU binding with attestation measurement
- Optional second-factor passphrase on top of hardware binding
- Built-in remote GPU: rent an H100 on-demand, seal on it, terminate
- Signed auto-updates · macOS (Apple Silicon + Intel) and Windows
Vault API
Conditional release as a service.
A REST API for sealing data that opens only when conditions are met: a sequential time-lock matures, or a t-of-n quorum approves. Every access lands in a hash-chained, tamper-evident audit log.
- POST /v1/seal: fragment, encrypt, time-lock or quorum-lock
- Sealed-bid auctions: bids provably cannot open before the deadline
- Time-lock vaults: embargoes, wills, dead-man switches
- Evidence custody: multi-party approval before release
- Hash-chained audit trail with Merkle commitments
Model Weight Protection
AI models that only run on licensed silicon.
Seal model weights to specific GPU hardware. Weights decrypt directly into VRAM, never touching disk or system memory in plaintext. Exfiltrated files are noise.
- Merkle commitment tree over every tensor, publisher-signed
- Attestation-locked encryption: wrong hardware, no key
- In-VRAM decryption pipeline: plaintext never leaves the GPU
- Delta proofs for fine-tuning supply-chain provenance
- Append-only, hash-chained access audit log