Security & Trust Center

Security Posture, Not Security Theatre

AegisWire treats trust operations as production functionality, not a compliance checkbox. Every release is cryptographically signed. Every build is reproducible with public verification. Trust-anchor lifecycle management — issuance, rotation, revocation — is implemented and operating. Observability surfaces operational signals without exposing metadata about sessions, endpoints, or user behaviour. This page documents what exists and is operating, not what is planned.

What Makes AegisWire Different

Purpose-Built Transport

Not a VPN service layered on inherited protocol defaults. AegisWire runs its own secure transport with anti-replay, anti-amplification, and deterministic wire behavior.

Signed Trust Chains

Policy artifacts are signed from publication through enforcement. Trust anchors have managed lifecycle with rotation and revocation. Not dashboard-only governance.

Privacy-Safe by Default

Observability uses metadata-only telemetry. Packet-level privacy protects headers. This is the default operating mode, not an optional add-on.

Reproducible & Auditable

Reproducible builds, SBOM generation, signed releases, and release manifest workflows operate in the current build pipeline.

Deployment Choice

Managed SaaS, dedicated single-tenant, self-hosted sovereign, and regional gateway fabric all run the same trust architecture. Control boundaries differ. Trust integrity does not.

Operational Integrity

Signed update paths, trust-anchor lifecycle, and audit-ready evidence packaging are production platform features, not afterthought processes.

Engineering Discipline

Trust claims require engineering evidence. These practices are implemented in the current platform.

Signed Releases

Available Now

Every release artifact is cryptographically signed. Signature verification is part of the update path.

SBOM Generation

Available Now

Software bill of materials is generated for each release. Dependency tracking is part of the build pipeline.

Reproducible Builds

Available Now

Build process produces identical outputs from identical inputs. Third-party verification is structurally supported.

Trust-Anchor Lifecycle

Available Now

Trust anchors have managed creation, rotation, and revocation. Lifecycle operations do not require service interruption.

Signed Policy Distribution

Available Now

Policy artifacts carry signatures from control plane through gateway enforcement. Unsigned policy is rejected.

Secure Update Discipline

Available Now

Updates follow signed distribution paths. Rollback and version pinning are operationally supported.

How We Communicate Maturity

AegisWire distinguishes clearly between what is implemented and what is in rollout. We do not list aspirational features as current capabilities.

Available Now

Implemented Now

  • Secure transport with custom session model
  • Anti-replay and anti-amplification
  • Stream multiplexing with per-stream PCS
  • Post-quantum hybrid key establishment
  • Packet-level privacy and header protection
  • Signed policy and trust-anchor lifecycle
  • Privacy-safe metadata-only telemetry
  • Reproducible builds and SBOM generation
  • Managed, dedicated, and self-hosted deployment
  • Enterprise admin with role-based access
  • Gateway pool selection with failover
  • Full and split tunnel VPN with kill switch
In Rollout

In Rollout

  • Advanced multipath transport posture
  • Camouflage and cover-traffic profiles
  • Extended authentication families

These capabilities are implemented and undergoing controlled rollout across deployment environments.

Available

Hardware Appliance

  • Hardware appliance for customer-controlled edge enforcement

All platform delivery models, including hardware appliance, are implemented and available. All capabilities listed on this site are in production.

Audit & Compliance Readiness

The goal is reducing friction between engineering reality and audit expectations. AegisWire produces evidence as part of normal operations, not as a separate compliance exercise.

Runtime platform controls

  • Signed policy enforced at the gateway — unsigned artifacts are rejected
  • Trust-anchor rotation operates without service interruption
  • Packet-level privacy active at connection setup, not only after session establishment
  • Metadata-only telemetry: no content inspection in operational defaults

Governance and evidence workflows

  • Signed releases with cryptographic artifact verification paths
  • SBOM generated per release and tracked through the build pipeline
  • Reproducible builds: identical inputs produce identical outputs, third-party verifiable
  • Structured evidence packaging for internal audit and security review cycles

What Security Evaluators Can Review

The following documentation and evidence is available to technical buyers, security teams, and procurement evaluators on request. We do not claim materials we cannot produce.

Transport & Protocol
  • Transport specification and protocol-level state machine documentation
  • Session model, wire behavior, and state transition descriptions
  • Handshake construction and key establishment details (X25519 + ML-KEM-768)
Cryptographic Controls
  • Hybrid post-quantum key establishment construction and rationale
  • Per-stream PCS ratchet model and key lifecycle behavior
  • Packet-level privacy and header protection design
Release & Build Integrity
  • Signed release artifacts with cryptographic verification paths
  • SBOM output per release with dependency tracking
  • Reproducible build process documentation and third-party verification approach
Policy & Trust Architecture
  • Signed policy pipeline from control plane through gateway enforcement
  • Trust-anchor lifecycle model: issuance, rotation, and revocation
  • Device enrollment binding and trust chain verification flows
Deployment Architecture
  • Deployment model specifications for all four delivery modes
  • Isolation and control boundary documentation per deployment type
  • Self-hosted and sovereign deployment architecture details
Maturity & Status Mapping
  • Explicit control mapping of implemented vs in-rollout vs roadmap items
  • No feature conflation between implemented and aspirational capabilities
  • Hardware appliance roadmap rationale and architectural readiness state

Review Our Security Posture

Request access to security documentation or schedule an architecture review. We discuss implemented controls, not marketing narratives.

Request Security Review