Frequently Asked Questions

KEV Watch tracks known exploited vulnerabilities with filters, deltas, and exports. Exposure Match compares your SBOM or inventory to active KEVs with confidence scores and hints. The Enterprise KEV API supports high-volume, secure ingestion for automated pipelines.

The Dashboard summarizes daily risk posture across AI, KEV, EPSS, and ATT&CK hints—great for execs. The Heatmap drives operational prioritization with owners, SLAs, playbooks, and framework tags—great for remediation leads.

Yes. You can configure email/webhook digests with CVSS + EPSS context. Deltas show what changed in the last day/week for board-ready status.

Yes. In the private Heatmap, you can create tickets from selected rows and see live state updates (when connected). We support webhooks; deeper integrations can be enabled during onboarding.

We aggregate reputable sources and research signals to identify near-term AI attack themes. The page shows a short daily narrative, a trend chart, and category breakdowns. The public view is aggregated; signed-in customers can see richer context.

We provide mappings to NIST SP 800-53 Rev.5 (Moderate), controls designed to meet SOC 2 TSC, and NIST-recommended cryptography details. Security and privacy documentation is available under NDA. We avoid making certification claims unless evidence is available.

Our Trust Center shows current status, a 30-day uptime sparkline, and a JSON endpoint you can monitor.

No. Upload evidence; we analyze touchlessly. Our platform operates without agents, sensors, or connectors. You upload artifacts and analysis runs entirely in our environment. We never connect to your systems.

We support a wide range of artifacts including:

• Model weights (.pt, .bin, .safetensors)
• Configuration files (.json, .yaml, .yml)
• Logs and prompts (.log, .txt)
• Policy documents (.pdf, .docx)
• Vendor PDFs and documentation
• SBOMs (CycloneDX, SPDX format)
• TLS certificates (.pem, .p7b)
• Code archives (.zip)
• Data files (.csv, .json)

We use a unified index blending multiple security dimensions:

• PQC Posture: Post-quantum cryptography readiness
• AI Runtime Exposure: Simulated vulnerability to AI attacks
• Threat Forecasts: Predictive risk modeling
• Governance Maturity: Policy and control framework assessments

See our Scoring & Index documentation for detailed methodology.

We propose fixes and provide simulations in our sandbox environment; customer executes changes. This touchless approach means we provide expert recommendations and proof-of-concept validations without requiring access to your production systems.

KEV (Known Exploited Vulnerabilities) monitoring tracks vulnerabilities that are actively being exploited by threat actors in the wild.

CISA maintains the KEV catalog - a database of vulnerabilities with confirmed active exploitation. This is different from general CVE databases because it focuses specifically on threats that attackers are using right now.

Why it matters:

• Prioritize patches: Focus on vulnerabilities with confirmed active exploitation first
• Real threat intelligence: Know what attackers are actually using, not just theoretical risks
• Regulatory compliance: Meet requirements for monitoring actively exploited threats
• Asset protection: Identify which of your systems are exposed to active attacks

Our KEV Watch dashboard provides real-time updates with 1,400+ actively exploited vulnerabilities, filtering by your technology stack, and direct links to remediation guidance.

KEV Exposure Matching analyzes your software inventory files to identify components that match actively exploited vulnerabilities.

Process:

1. Upload inventory: SBOM files (CycloneDX, SPDX), CSV exports, or Nmap XML scans
2. Component parsing: Extract vendor, product, and version information
3. KEV matching: Compare against 1,400+ known exploited vulnerabilities
4. Confidence scoring: Direct matches, probable matches, and unknown matches
5. Results delivery: Detailed findings with remediation guidance

Supported formats: CycloneDX SBOM, SPDX SBOM, endpoint software CSV, network device CSV, SaaS vendor CSV, container package CSV, and Nmap XML files (max 10MB).

Results include confidence levels, vendor/product matching details, required actions from CISA, and exportable reports for your security team.

The Enterprise KEV API provides programmatic access for automated vulnerability analysis, bulk SBOM processing, and continuous monitoring workflows.

Key Features:

• Bulk processing: Inventory ingest, SBOM analysis, and staged file processing
• Enterprise security: AES-256-GCM encryption, 90-day retention, rate limiting
• Multi-tenant architecture: Isolated data storage with Bearer token authentication
• API endpoints: 5 REST endpoints for inventory, SBOM, staged files, results, and health checks

Usage Example:

curl -X POST "https://your-domain/api/v1/kev/ingest/inventory" \
  -H "Authorization: Bearer your-api-key" \
  -H "X-Tenant-ID: your-tenant" \
  -H "Content-Type: application/json" \
  -d '{"source": "production", "assets": [...]}'

Rate limits: 100/hr for inventory, 50/hr for SBOM, 20/hr for staged files per IP. Contact support for API keys, tenant configuration, and higher limits for enterprise deployments.

KEV data is synchronized daily from CISA's official catalog, with automatic updates and real-time availability in our platform.

Update schedule:

• Daily sync: Automatic updates from CISA's KEV catalog every 24 hours
• Real-time processing: New vulnerabilities available within minutes of sync
• Manual refresh: Force immediate sync via KEV Watch dashboard
• Historical data: Full archive of vulnerability additions and changes

Data sources: Official CISA Known Exploited Vulnerabilities catalog, NVD vulnerability details, and vendor-specific threat intelligence feeds.

Our system maintains 1,400+ actively exploited vulnerabilities with metadata including due dates, required actions, vendor information, and remediation links. The KEV Watch dashboard shows last update timestamps and can trigger manual syncs for immediate updates.

Tier 1 is an add-on to AI PQ that extends beyond KEV Watch, Exposure Match, and the Enterprise KEV API.

It delivers prioritized vulnerability intelligence (KEV + CVSS + EPSS), delta tracking, executive reports, and enterprise workflow integrations.

Key capabilities:

• Prioritization Engine: Combines KEV status, CVSS severity, and EPSS exploit probability into a single confidence-ranked list
• Delta Tracking: Shows exactly what changed since last week: new, removed, or modified CVEs
• Executive Reports: Board-ready HTML/CSV briefs automatically generated
• Workflow Integrations: Pushes prioritized alerts into Jira, ServiceNow, Slack, and Splunk

CVSS measures severity; EPSS predicts likelihood of exploitation.

Tier 1 combines both (plus KEV status) to show you which vulnerabilities are both dangerous and likely to be used in real-world attacks.

The difference:

• CVSS (Common Vulnerability Scoring System): Measures how bad a vulnerability is if exploited (severity score 0-10)
• EPSS (Exploit Prediction Scoring System): Predicts the probability that a vulnerability will be exploited in the wild (0.0-1.0)
• KEV Status: Confirms the vulnerability is already being actively exploited by threat actors

A CVSS 10.0 vulnerability with EPSS 0.001 (0.1% probability) is less urgent than a CVSS 7.5 with EPSS 0.8 (80% probability) and KEV status. Tier 1 helps you focus on the right risks.

Instead of re-reading huge lists, you see "what changed" this week.

That makes board reporting effortless and reduces analyst fatigue.

Delta tracking shows:

• Added vulnerabilities: New CVEs that appeared since last refresh
• Removed vulnerabilities: CVEs that were resolved or de-prioritized
• Modified vulnerabilities: CVEs with updated CVSS scores, EPSS probabilities, or KEV status

Executive reports include weekly delta summaries with counts and priority changes, making it easy to communicate threat landscape evolution to leadership.

No. Tier 1 runs entirely in your AI PQ platform and pushes alerts into your existing systems.

Supported integrations:

• Jira: Auto-create tickets for prioritized vulnerabilities
• ServiceNow: Generate incidents with priority mapping
• Slack: Send real-time alerts to security channels
• Splunk HEC: Stream vulnerability data to your SIEM

No additional agents, scanners, or infrastructure required. Configure your integration endpoints once, and Tier 1 automatically pushes prioritized intelligence to your existing workflow tools.

Asset Threat Comparison is a tool that takes your uploaded asset inventory and shows you which devices are exposed to real-world threats, by cross-referencing against KEV, CVSS, and EPSS data.

It bridges the gap between global threat intelligence and your specific environment, helping you understand which of your systems are actually at risk.

No — you upload once. The same file can be used to run AI audit, PQ audit, and Threat comparison.

Your asset inventory is stored securely and can be reused across different assessment types without re-uploading.

We prioritize precise matches using CPE or PURL fields. If those are missing, we attempt best-effort vendor/product matches, clearly labeled so you know where manual validation is needed.

Results include confidence levels for each match, helping you understand which findings require immediate action versus further investigation.

Yes. Tier 1 generates concise HTML and CSV reports, plus optional AI-generated business impact briefs.

Executive reporting includes:

• Executive Brief (HTML): Visual dashboard with priority charts, delta summaries, and top threats
• Top CSV Export: Spreadsheet-ready data for board presentations
• AI Business Impact Summaries: Plain-English explanations of technical vulnerabilities and business risk
• Weekly Delta Highlights: "What changed" summaries for leadership updates

Reports are designed for CISO-to-board communication, with clear metrics, priority indicators, and actionable insights that non-technical executives can understand.

It's a ranked vulnerability view that blends KEV (known exploited), CVSS (severity), and EPSS (likelihood of exploitation) with MITRE ATT&CK hints, alerts, and weekly delta reports.

Prioritized Threats cuts through CVE noise to show you which vulnerabilities actually matter—those that are both dangerous and likely to be used in real attacks.

Instead of handing you thousands of CVEs, Prioritized Threats highlights the small set that are both dangerous and likely to be used in real attacks. That's where remediation time should go first.

Normal CVE lists show everything. Prioritized Threats shows what matters—combining KEV status (already exploited), CVSS severity (how bad), and EPSS probability (how likely) into one actionable ranked list.

They're heuristic hints derived from CWE and text cues to guide triage. Use them to orient quickly, then validate with your internal intel sources for authoritative mapping.

The MITRE ATT&CK hints help security analysts understand which tactics and techniques a vulnerability might enable, speeding up initial triage and response planning.

No agents required. Alerts deliver via email and webhooks today; Jira/ServiceNow/Splunk integrations follow.

Prioritized Threats runs entirely within the AI PQ platform and pushes intelligence to your existing systems—no additional infrastructure needed.

Yes—weekly Board Briefs summarize deltas and the top priorities in clear, non-technical language.

Reports include visual dashboards, priority charts, and plain-English summaries designed for CISO-to-board communication with clear metrics and actionable insights.

Traditional audits look backward. AI PQC Audit is predictive—showing how AI and quantum threats will evolve against your assets, not just where you stand today.

Key differences:

• Forward-looking: We forecast which vulnerabilities are most likely to be exploited by AI-augmented attackers or quantum-capable adversaries
• Dual-threat intelligence: Combines AI threat forecasting with quantum cryptography foresight in one platform
• Future attack simulations: Multi-vector scenarios showing how threats evolve, not just current vulnerabilities
• Predictive timeline modeling: Shows when and how threats will likely impact your specific assets

Traditional assessments tell you what's broken today. We tell you what attackers will target tomorrow.

No. We don't just list vulnerabilities—we forecast which are most likely to be exploited by AI-augmented attackers or quantum-capable adversaries.

Unlike traditional vulnerability scanners that provide static lists, our platform delivers:

• Predictive vulnerability mapping: Ranks exposures by future likelihood of exploitation
• AI exploit forecasting: Models how generative AI may evolve novel attack techniques
• Quantum readiness guidance: Anticipates cryptographic risks and transition planning
• Adaptive intelligence: Continuous updates from threat intelligence feeds and quantum research

We provide predictive intelligence, not just vulnerability inventory.

After your predictive assessment, you receive comprehensive future-focused intelligence:

• Risk forecast of AI + Quantum threats showing evolution timelines and impact probabilities
• Q-Day + AI dashboard for ongoing monitoring of immediate risks and long-horizon disruption
• Actionable roadmap prioritized by future risk with specific timeline recommendations
• CISO-ready predictive reports with evidence-first findings for board-level presentations
• Future attack simulations showing "what-if" scenarios across both threat domains
• Adaptive intelligence updates as threat landscapes evolve

You get a complete predictive defense plan, not just a snapshot of current vulnerabilities.

AI PQC Audit is a dual-threat predictive intelligence platform that helps enterprises defend against evolving AI and quantum threats. From audit to anticipation - we show how attacks will evolve against your assets. Our platform specializes in:

• AI Exploit Forecasting (Primary): Predictive analysis across 23 AI attack vectors - modeling how adversarial attacks, prompt injection, and AI system exploitation will target your specific assets
• Quantum Cryptography Foresight (Bonus): Forward-looking assessment tracking risks from the coming cryptographic shift across 13 critical domains

Our adaptive multi-AI intelligence engines evolve as adversaries do, providing predictive defense planning rather than traditional backward-looking audits.

1. Create an account: Sign up and verify your email address
2. Choose audit types: Select which types of audits you want to run
3. Upload data: Provide domains, documents, or files for analysis (maximum 50 items per scan)
4. Start the audit: The platform will automatically process your data
5. Review results: Get detailed findings and recommendations
6. Download reports: Export comprehensive PDF reports

Most audits complete within 1-2 minutes, depending on the amount of data being analyzed.

The platform supports multiple file formats:

• Documents: PDF, DOCX, TXT
• Data Files: CSV, JSON, XML
• Code Archives: ZIP files containing source code
• Network Configurations: JSON, CSV format inventories

Maximum file size is 50MB per upload. For larger files, please contact support for assistance.

Yes, there is a maximum of 50 items per scan for optimal performance and cost control.

What counts as an "item":

• Network/Device/IoT scans: Each row in your CSV file (excluding header)
• Software/Mobile/Cloud scans: Each application, service, or system in your JSON file
• Code scans: Each source file in a ZIP archive or major code modules
• PKI scans: Each certificate in the bundle
• Document/Email scans: Each document counts as one item

Why this limit exists:

• Ensures fast processing times (typically 1-2 minutes for most audits)
• Maintains consistent AI analysis quality across all 4 engines
• Controls processing costs to keep the platform affordable
• Provides more focused, actionable results

Need to scan more than 50 items? Simply break your data into smaller files and run multiple scans. Each scan provides detailed analysis that you can combine for comprehensive coverage.

We implement enterprise-grade security measures to protect your data:

• Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
• Access Control: Multi-factor authentication and role-based permissions
• Data Isolation: Complete separation between organizations
• Zero Sharing: We never share your data with third parties
• Compliance: SOC 2 Type II, GDPR, and Features and documentation to help customers meet CCPA/CPRA obligations
• Location: All data processing occurs within the United States

Your uploaded files are automatically deleted after 14 days, or you can delete them immediately after audit completion.

Our AI Security Audit provides comprehensive protection against 23 AI attack vectors:

• Prompt Engineering Attacks: Prompt injection, jailbreaking, and manipulation
• Model Poisoning: Training data contamination and model corruption
• Adversarial Attacks: Input manipulation to fool AI systems
• Data Privacy Breaches: Unauthorized data extraction and inference
• Supply Chain Attacks: Compromised AI models and dependencies
• Evasion Attacks: Bypassing AI security controls

Each audit provides specific recommendations and remediation strategies tailored to your organization's AI usage.

AI Security Audit addresses unique vulnerabilities that traditional security tools miss:

• AI-Specific Threats: Focuses on attacks targeting AI systems, models, and data
• Behavioral Analysis: Examines how AI systems can be manipulated or deceived
• Model Vulnerability Assessment: Tests for weaknesses in AI decision-making processes
• Data Pipeline Security: Analyzes AI training and inference data flows
• Emerging Threat Detection: Identifies cutting-edge AI attack techniques

While traditional security focuses on infrastructure, our AI audit protects your intelligent systems and automated processes.

No, we do not access your documents beyond automated processing. Here's how we protect your data:

• Documents are processed by our AI systems without human review
• Our staff cannot access your uploaded files or analysis results
• All processing is automated and logged for audit purposes
• Data is encrypted both in transit and at rest
• You maintain full control over data deletion and retention

For additional security, consider redacting sensitive information before upload if it's not relevant to the cryptographic analysis.

Enterprise Data Security Policy - Automatic File Purging

Automatic File Deletion (14-Day Policy):

• All uploaded files are automatically deleted after 14 days for security and liability reduction
• This includes documents, code files, network inventories, device lists, and all other uploaded content
• File deletion is automatic and cannot be extended - no exceptions
• You will receive email notifications before files are purged

What Remains After File Deletion:

• Audit results are preserved indefinitely for compliance and historical reference
• Risk scores, AI analysis, and recommendations remain accessible
• Executive summaries and compliance mappings stay available
• PDF and text reports can still be downloaded

Manual Deletion Options:

• Delete Files Only: Remove your confidential files immediately while keeping audit results
• Delete Files + Results: Completely remove all data including audit results and analysis
• Access deletion options via the trash icon next to each audit in your dashboard

Recommendation: Download your reports immediately after completion if you need long-term file access. We prioritize data security and minimize storage liability.

Confidence levels are explicitly requested from our AI engines and represent their self-assessed certainty in their analysis.

How Confidence Levels Are Generated:

• Direct Request: Our proprietary multi-AI orchestration engine is specifically asked to provide a confidence score between 0.0 and 1.0
• Self-Assessment: The AI analyzes the quality and completeness of available data, then estimates its own certainty
• Data Quality Factors: Higher confidence for clear, structured data; lower confidence for incomplete or ambiguous information
• Analysis Complexity: Simple patterns get higher confidence; complex multi-factor assessments get lower confidence

What Confidence Levels Mean:

• 90-100%: High confidence - Clear patterns, complete data, established best practices
• 70-89%: Moderate confidence - Good data quality with some interpretation required
• 50-69%: Lower confidence - Limited data or complex analysis requiring additional verification
• Below 50%: Low confidence - Incomplete data or highly uncertain analysis

Multi-AI Consensus:

When multiple AI engines analyze the same data, we aggregate their confidence scores to provide a consensus view. Higher agreement between engines typically increases overall confidence.

Important: Confidence levels represent AI self-assessment, not guaranteed accuracy. Always validate critical findings with your security team, especially for low-confidence results.

Our platform performs automated daily quantum intelligence updates using our proprietary multi-AI orchestration engine to ensure the most current threat assessments.

Daily Intelligence Process:

• Multi-AI Analysis: Every day at 2:30 AM, our proprietary multi-AI orchestration engine conducts comprehensive analysis
• Quantum Research Monitoring: The engines analyze the latest quantum computing developments, research breakthroughs, and industry announcements
• Threat Timeline Updates: Risk assessments and Q-Day estimates are updated based on new developments
• Intelligence Aggregation: Results from all engines are combined to provide consensus-based threat intelligence

What Gets Updated:

• Q-Day Risk Dashboard: Quantum threat timelines and algorithm vulnerability assessments
• Threat Estimates: Updated probabilities and confidence levels for quantum breakthrough scenarios
• Industry Intelligence: Latest developments from quantum computing companies and research institutions
• Compliance Standards: Changes to NIST and international post-quantum cryptography standards

Cost Optimization: This automated process ensures our intelligence stays current without requiring manual updates, which helps control AI processing costs while maintaining accuracy.

You can view the last update timestamp on the Q-Day Risk Dashboard, along with detailed information about our daily analysis process.

AI PQC Audit meets the highest federal security standards and is ready for government deployment.

🏛️ Complete Federal Compliance Implementation:

• FedRAMP Ready: Architecture aligned with FedRAMP Moderate baseline using 37+ NIST SP 800-53 security controls
• FIPS 140-2 Ready: Cryptographic implementation using FIPS-approved algorithms (AES-256-GCM, SHA-256+, RSA-2048+)
• FISMA Ready: Architecture supports MODERATE impact categorization with monitoring and audit logging
• NIST SP 800-53 Rev 5: Complete security control implementation across all families (AC, AU, CM, IA, SC, SI)

🔐 Government-Grade Security Features:

• Federal Audit Logging: FISMA-compliant audit record generation with comprehensive event tracking
• Automated Control Validation: Continuous security control testing and compliance monitoring
• Executive Compliance Dashboard: Real-time compliance score monitoring (currently 95%+)
• Evidence Generation: Automated compliance documentation for government authorization processes

📊 Compliance Dashboard Access:

View our real-time federal compliance status at /compliance/dashboard with detailed metrics for all implemented security frameworks.

Bottom Line: Our platform is designed from the ground up to meet federal security requirements and is ready for government cloud deployment with full Authority to Operate (ATO) support.

AI PQC Audit uses FIPS 140-2 approved cryptographic algorithms for all security operations.

🔒 FIPS-Approved Cryptographic Implementation:

• Symmetric Encryption: AES-128, AES-192, AES-256 in GCM mode for authenticated encryption
• Hash Functions: SHA-224, SHA-256, SHA-384, SHA-512 for all cryptographic hash operations
• Asymmetric Encryption: RSA-2048, RSA-3072, RSA-4096 with OAEP padding
• Digital Signatures: RSA-PSS with SHA-256 for secure signature operations
• Key Derivation: PBKDF2 with SHA-256 and minimum 100,000 iterations

🛡️ Advanced Security Features:

• Secure Random Generation: FIPS-approved CSPRNG (Cryptographically Secure Pseudo-Random Number Generator)
• Key Management: Secure key generation, storage, and zeroization per FIPS requirements
• Timing Attack Protection: Constant-time comparisons for all cryptographic operations
• Memory Security: Secure zeroization of cryptographic material from memory

📋 Compliance Validation:

• Self-Tests: Automated cryptographic module validation testing
• Algorithm Verification: Only FIPS-approved algorithms are permitted
• Security Policy Enforcement: Strict adherence to FIPS 140-2 Level 1 requirements
• Continuous Monitoring: Real-time validation of cryptographic compliance

Government Assurance: Our cryptographic implementation meets the stringent requirements for federal systems and provides the security assurance needed for classified and sensitive government data processing.

AI PQC Audit implements 37+ NIST SP 800-53 security controls aligned with FedRAMP Moderate baseline requirements.

🔐 Access Control (AC) Family:

• AC-2 Account Management: Automated user lifecycle with role-based access control
• AC-3 Access Enforcement: Mandatory access controls with principle of least privilege
• AC-7 Unsuccessful Logon Attempts: Account lockout after failed authentication attempts
• AC-8 System Use Notification: Login banners and usage agreements

📋 Audit and Accountability (AU) Family:

• AU-2 Event Logging: Comprehensive audit event definition and implementation
• AU-3 Audit Content: Detailed audit record content including timestamps and user identification
• AU-6 Audit Review: Automated audit log analysis and review processes
• AU-12 Audit Generation: Automated audit record generation for all security events

🛠️ Configuration Management (CM) Family:

• CM-2 Baseline Configuration: Secure baseline configurations for all system components
• CM-6 Configuration Settings: Security configuration parameters and hardening
• CM-7 Least Functionality: Disabled unnecessary services and ports

🔑 Identification and Authentication (IA) Family:

• IA-2 User Identification: Multi-factor authentication with TOTP and SMS support
• IA-5 Authenticator Management: Secure password policies and MFA token management
• IA-8 Service Identification: Authentication for system-to-system communications

🌐 System and Communications Protection (SC) Family:

• SC-8 Transmission Confidentiality: TLS 1.3 encryption for all data transmission
• SC-12 Cryptographic Key Establishment: FIPS-approved key management
• SC-13 Cryptographic Protection: FIPS 140-2 approved algorithms implementation
• SC-23 Session Authenticity: Secure session management with binding

🔍 System and Information Integrity (SI) Family:

• SI-4 Information System Monitoring: Real-time security monitoring and alerting
• SI-7 Software Integrity: Digital signatures and integrity verification
• SI-10 Information Input Validation: Comprehensive input validation and sanitization

Continuous Monitoring: All controls are continuously monitored with automated validation testing and real-time compliance scoring available in our compliance dashboard.

Yes! AI PQC Audit practices what it preaches - our platform is built with quantum-resistant security from the ground up.

🚀 Post-Quantum Security Implementation:

• Current Security: FIPS 140-2 approved algorithms with readiness to adopt NIST FIPS 203/204/205 (ML-KEM, ML-DSA, SLH-DSA)
• AES-256-GCM: Symmetric encryption considered quantum-resistant with proper key sizes
• SHA-3: Quantum-resistant hash functions for internal security operations
• Future-Proof Architecture: Designed for easy migration to NIST-standardized post-quantum algorithms

🔐 Current Quantum-Safe Measures:

• Increased Key Sizes: All cryptographic keys use maximum recommended lengths
• Hybrid Cryptography: Combining classical and quantum-resistant algorithms where applicable
• Session Security: Enhanced session management with quantum-resistant token generation
• Data Protection: Multi-layered encryption with quantum-safe algorithms

📅 NIST Post-Quantum Standards Integration:

• CRYSTALS-Kyber: Ready for integration of NIST-standardized key encapsulation
• CRYSTALS-Dilithium: Prepared for quantum-safe digital signatures
• FALCON/SPHINCS+: Alternative signature algorithms under evaluation
• Automatic Updates: Architecture supports seamless quantum algorithm deployment

🛡️ Defense in Depth:

• Multiple Security Layers: Even if one layer is compromised by quantum computing, others remain secure
• Crypto Agility: Platform can rapidly adopt new quantum-safe algorithms as they become available
• Forward Secrecy: Session keys are regularly rotated to minimize quantum cryptanalysis exposure
• Zero-Knowledge Architecture: Minimal data exposure reduces quantum attack surface

Leading by Example: We don't just assess quantum readiness - we demonstrate it. Our platform serves as a real-world example of quantum-safe security implementation for our enterprise and government customers.

Q-Day refers to the moment when quantum computers become capable of breaking current cryptographic standards. Our platform provides real-time quantum threat monitoring and timeline assessment.

🕐 Q-Day Timeline Intelligence:

• Daily AI Analysis: Our adaptive audit core analyzes quantum computing developments daily
• Research Monitoring: Tracking IBM, Google, IonQ, and other quantum computing leaders
• Threat Assessment Updates: Real-time updates to Q-Day probability estimates
• Current Development Tracking: Monitor Google Willow breakthrough and industry milestones

🎯 Cryptographic Vulnerability Timeline:

• RSA/ECDSA Keys: Most vulnerable to quantum attacks (highest priority for migration)
• DH/ECDH: Key exchange protocols at risk (immediate attention required)
• AES Symmetric: Reduced security but still viable with increased key sizes
• Hash Functions: SHA-256+ relatively quantum-resistant with proper implementation

📊 Real-Time Monitoring Features:

• Q-Day Dashboard: Live probability estimates and confidence intervals
• Algorithm Risk Scoring: Individual vulnerability assessments for each cryptographic algorithm
• Industry Intelligence: Latest quantum computing milestones and breakthrough analysis
• Migration Timeline: Personalized recommendations for your organization's quantum transition

🚨 Early Warning System:

• Breakthrough Detection: Immediate alerts when significant quantum advances occur
• Risk Escalation: Automated notifications when Q-Day probability increases
• Compliance Alerts: Updates when NIST or international standards change
• Executive Briefings: CISO-level quantum threat summaries and action recommendations

Strategic Advantage: Don't wait for Q-Day to arrive unprepared. Our platform provides the intelligence and planning tools needed to stay ahead of the quantum threat timeline and ensure your organization's cryptographic security.

AI PQC Audit supports comprehensive compliance frameworks for enterprise and government customers:

🏛️ Federal/Government Standards:

• FedRAMP Ready: 37+ security controls aligned with FedRAMP Moderate baseline
• FIPS 140-2 Ready: Implementation using FIPS-approved algorithms
• FISMA: MODERATE impact categorization with continuous compliance monitoring
• NIST SP 800-53 Rev 5: Full security control framework implementation

🏢 Enterprise Standards:

• NIST Cybersecurity Framework: Post-quantum cryptography standards (SP 800-208, 800-57)
• SOC 2 Type II: Security controls and operational effectiveness
• ISO 27001: Information security management systems
• PCI DSS: Payment card industry cryptographic requirements

🌍 International Standards:

• Common Criteria: International security evaluation standards
• GDPR/CCPA: Privacy regulations for cryptographic implementations
• ENISA Guidelines: European quantum cryptography recommendations

Value-Add: Our reports include framework-specific control mappings, compliance gap analysis, and automated evidence generation for audit purposes. Real-time compliance monitoring available via our executive dashboard.

Yes, our reports are designed to support compliance audits and include:

• Detailed methodology and scope documentation
• Control-by-control compliance assessment
• Evidence collection and documentation
• Gap analysis with remediation recommendations
• Executive summary for management review
• Technical appendices for auditor review

Many organizations use our reports as supporting documentation for SOC 2, ISO 27001, and FedRAMP audits.

We offer integrations with popular enterprise tools:

• SIEM Platforms: Splunk, QRadar, ArcSight, Azure Sentinel
• Ticketing Systems: Jira, ServiceNow, Remedy, Zendesk
• GRC Tools: Archer, MetricStream, LogicGate
• Cloud Security: AWS Security Hub, Azure Security Center
• Communication: Slack, Microsoft Teams, Email
• API Access: RESTful API for custom integrations

Integrations allow automatic export of findings, creation of remediation tickets, and real-time alerts.

Yes, we provide a comprehensive RESTful API that includes:

• Audit creation and management endpoints
• Real-time status and progress monitoring
• Results retrieval in JSON format
• Webhook notifications for audit completion
• User and organization management
• Rate limiting and authentication controls

API documentation is available in your account dashboard, and we provide client libraries for popular programming languages.

We offer flexible pricing plans to meet different organizational needs:

• Starter: $99/month - Up to 10 audits, basic features
• Professional: $299/month - Up to 50 audits, advanced analytics
• Enterprise: Custom pricing - Unlimited audits, dedicated support
• Government: Control mappings aligned to NIST SP 800-53 Rev. 5 to support enterprise ATO workflows pricing available

All plans include 24/7 support, standard integrations, and compliance reporting. Contact our sales team for volume discounts and custom enterprise features.

Yes, we offer a 14-day free trial that includes:

• 3 complete audit sessions
• Access to all audit types
• Full report generation
• Basic integration testing
• Email support

No credit card required to start your trial. You can upgrade to a paid plan at any time during or after the trial period.

Our AI analysis achieves high accuracy through:

• Continuous Training: Models updated with latest threat intelligence
• Multiple Validation: Cross-referencing findings across data sources
• Expert Review: Algorithms developed by cryptography experts
• False Positive Reduction: Advanced filtering to minimize noise
• Confidence Scoring: Each finding includes confidence levels

While our AI provides excellent guidance, we recommend expert review for critical security decisions.

Data retention follows these policies:

• Uploaded Files: Automatically deleted after 14 days
• Audit Results: Retained for 2 years for historical analysis
• Reports: Available for download indefinitely in your account
• Immediate Deletion: You can delete files immediately after audit completion
• Account Closure: All data permanently deleted within 30 days

We provide data export capabilities if you need to migrate your audit history to another system.

Our controls are designed to meet the SOC 2 Trust Services Criteria (Security, Availability, Confidentiality). We can share control descriptions and evidence snapshots under NDA. Formal reports and attestations are made available to customers upon completion.

We offer product features and documentation that help customers meet their obligations, including secure data handling, export/delete workflows, DPA availability, and transparent retention options. Please contact us to review your specific needs.

Data in transit uses TLS 1.2+ with modern cipher suites (e.g., AES-256-GCM, ECDHE). Data at rest is encrypted with AES-256. We follow NIST recommendations for cryptographic choices and key management.

We keep only what's required to provide the service. Retention is configurable by the customer and export artifacts (CSV/PDF/JSON) can be removed on a defined schedule or by request.

Please reach out via the Contact page with "Security" in the subject. Include steps to reproduce and any artifacts you can share. We support coordinated disclosure and will work with you on remediation timelines and acknowledgements.

Our enterprise assurance framework includes:

• Zero Third-Party Sharing: We never share customer data with any third parties
• Evidence-First Findings: Every finding includes exact file pointers to eliminate AI hallucinations
• 14-Day Auto-Purge: Uploaded files automatically deleted after 14 days
• Framework Mapping: Comprehensive coverage of CIS, NIST 800-53, MITRE ATLAS, CNSA 2.0
• Upload-Only Security: No live connections or agents required
• SIEM/SOAR Integration: Export schemas for enterprise toolchain integration

Visit our Enterprise Assurance page for complete transparency documentation.

Our platform provides enterprise-specific advantages:

• CISO-Ready Reports: Executive summaries with business impact quantification
• Multi-AI Validation: 4-engine consensus for robust analysis (OpenAI, Anthropic, Gemini, xAI)
• Compliance Integration: Automated mapping to 37+ security frameworks
• Sample Documentation: Professional AI Security and PQC reports available
• Operational Transparency: Security.txt, status monitoring, and self-check endpoints
• Framework Coverage Matrix: Detailed mapping of findings to compliance standards

Our enterprise roadmap outlines planned features for advanced enterprise deployments.

Our data handling policies are designed for enterprise compliance:

• 14-Day File Retention: Uploaded files automatically purged after 14 days
• Immediate Deletion Option: Customers can request earlier purge at any time
• No Partner Sharing: Zero third-party data sharing under any circumstances
• Read-Only Processing: We do not modify customer systems
• Isolated Storage: Uploads stored under isolated paths with secure access controls
• Export Capabilities: SIEM/SOAR schemas for enterprise integration

This approach supports GDPR Article 17 (Right to Erasure), CCPA deletion requirements, and enterprise data minimization policies.