Architecture Sneak Peek:
Why we are upgrading our ZTNA from PKI to a dynamic PSK architecture.
April 19, 2026
The cybersecurity industry's transition to Post-Quantum Cryptography (CNSA 2.0) is exposing real performance bottlenecks.

Asymmetric primitives like ML-KEM and ML-DSA introduce significant packet overhead and CPU cost—especially at scale.

(Read more)

 Current Development Status & Roadmap

Note: To maintain strict Operational Security (OPSEC), this roadmap provides only a high-level overview of core platform capabilities. Granular architectural schematics, zero-IP routing implementations, and advanced technical documentation are reserved exclusively for authorized evaluations and classified briefings under NDA. Therefore, the following status is abridged:

Phase 1: Core Architecture & Cryptographic Mesh (Status: Active Prototype / Code Complete)

• Pure Go FIPS 140-3 Foundation: Complete. The cryptographic engine natively utilizes Go's `crypto/fips140` module.

• CNSA 2.0 Post-Quantum Cryptography: Complete. Legacy WireGuard algorithms (Curve25519/ChaCha20) have been eradicated. The mesh operates exclusively on a True Hybrid SAKE protocol combining ML-KEM-1024 (Quantum Resistant) with ECDH P-384 (Classical Fallback) and AES-256-GCM.

• The Lead-Mare (Supervisor): Complete. The immutable orchestration engine successfully manages MicroVM and Rootless Namespace isolation.

• Hardware Firewalls: Complete. Peripheral isolation is implemented, physically separating workloads from the host kernel.

• Moving Target Defense (MTD): Complete. The "Double Roll" encrypted vault rotation and ephemeral identity generation is active.
  
  

Phase 2: Hardening & Compliance Remediation (Status: In Progress)

• Codebase Auditing: Active remediation of legacy anti-patterns.

• Network Bound Disk Encryption (NBDE): Refining the pre-boot vTPM attestation and Phase-2 LUKS payload injection.

• Immutable UKI Factory: Finalizing the STIG-compliant OS kickstart and Dracut module generation.

• WildHorse Code (Parametric AI Assist): Environment Setup designing the Parametric Core, (e.g., AST Parser & Database, and Parent/Child Call Graph)

• Why we are upgrading our ZTNA from PKI to a dynamic PSK architecture.
  
  

Phase 3: Autonomous Defense & DevSecOps (Status: Active R&D)

• WildHorse AI (CART): Development of the hardware-caged multi-agent penetration testing harness. Currently integrating the required eBPF ring-buffer telemetry to feed the models.

• WildHorse Code (Parametric AI Assist): Prototyping the deterministic dependency graph and secure CNSA 2.0 LLM routing to allow safe, air-gapped AI code generation.

Phase 4: Formal Certification (Future)

• NVLAP Laboratory Submission: Formal validation of the cryptographic modules and system architecture against FIPS 140-3 Level 2 and DISA STIG compliance matrices.