Identity
A workload proves itself with cryptographic identity and runtime evidence. A shared secret only proves possession.
Control before execution.
QHx is an adaptive security platform for identity, policy, communication, and evidence. Workloads run under cryptographic identity, communicate on channels bound to it, and leave records that can be verified after the fact.
Policy-bound exchange
observed signalauthorized usesigned evidence
ISR Sensor
Verified workload
qhx://mission/isr/sensor-feedStrike Planner
Verified workload
qhx://mission/fires/targeting-correlatorCABE Envelope
Bound Attributes
▪ Role: ISR / Fires
▪ Domain: Air
▪ Releasability: REL TO USA, FVEY
▪ Expires: mission window
QHx Notary
Offline verifiable
QHx-Notarization-Level: signRequest
request + response + identity
Policy
Classification, releasability, and posture decide whether a call runs, not whether it's logged afterward.
Communication
Channels are bound to the workloads at each end. A stolen credential without the workload identity cannot complete the handshake.
Evidence
A signed record of the request, the response, and the identity that made the call survives the credential that authorized it.
001 · Mechanism
The old stack verifies too late.
Cryptography, IAM, network policy, and audit usually run as separate systems. Execution happens first; control tries to catch up. QHx moves identity, policy, communication, and evidence into the runtime path.
Stop treating the network as the system boundary.
Data crosses autonomous organizations, degraded links, and mixed infrastructure. Trust has to be decided end to end: who is running, where, what it can reach, and what evidence remains.01Workload identity
Each running workload has a cryptographic identity issued at startup and rotated continuously, so credentials cannot outlive the process that used them.
02Silicon-root-of-trust backed posture
A workload's identity is conditioned on hardware attestation, so a compromised host or a tampered binary cannot present a valid identity at all.
03Attribute-bound policy
Decisions operate on identity, releasability, and runtime context together, which is what allows release rules to follow the data instead of the perimeter.
04Provenance
Notary signs the request, the response, and the calling identity into one record. Disputes about what a system did, and on whose authority, become answerable.
002 · Where it matters
Designed for distributed systems that operate under pressure.
Mission systems rarely share one operator, one network, one identity provider, or one clean boundary. QHx is built for the space between them.
Secure data exchange
Move mission data across disjointed networks, platforms, classifications, and partners without treating the network as the control plane.
Open →Denied and degraded communications
Keep identity, policy, and release context attached when bandwidth is low, links are intermittent, or infrastructure is contested.
Open →Coalition interoperability
Allow independently operated systems to cooperate without collapsing identity, policy, or administrative authority into a single domain.
Open →AI provenance
Bind a model's inputs, its outputs, and the identity of the caller into a single signed record. A decision the model produced can then be reconstructed and challenged later, including by a party who was not present when it ran.
Open →003 · Paths
Three paths through.
Start with Product for what QHx is. Move to Architecture for how it composes. Move to Lineage for where the pattern came from.
// QHx
Interoperate without collapsing authority.
We work with teams whose systems have to authenticate, communicate, and leave evidence across organizations they don't run, networks they don't trust, and partners they don't share an identity provider with.
Start a conversation →