Quantum‑Native Security Platform (QNSP)90 PQC Algorithms · 14 FamiliesFree Forever · No Credit CardAI Orchestration & Enclaves12 SDKs · Always FreeEncrypted Storage & SearchHSM KMS · 4 VendorsSecrets VaultZero-Trust Edge GatewayAudit & Compliance AutomationSovereign AI & GovCloudAir-Gapped Deployments10 GB PQC Storage · 50K API Calls · 20 KMS Keys · 25 Vault Secrets · Free Forever

End-to-End Quantum-NativeSecurity Fabric for AI, Data, andMission-Critical Systems

Built by CUI Labs Singapore, the Quantum‑Native Security Platform (QNSP) is a production platform delivering NIST finalized post-quantum standards—ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205)—across a multi-service platform behind a zero-trust Edge Gateway (auth/capability proxy, WAF, rate limits, and secure service routing). It provides PQC-TLStermination and continuous TLS posture evidence (live evidence endpoint + scheduled canary) to detect downgrade risk and validate PQC enforcement. QNSP supports 90 PQC algorithms across 14 families including FN-DSA (FIPS 206 draft), HQC, BIKE, Classic McEliece, FrodoKEM, NTRU, MAYO, CROSS, UOV, and SNOVA. Secrets vault and HSM-integrated KMS manage keys and rotation across vendors (PKCS#11; Luna, nShield, CloudHSM, Azure HSM), while encrypted storage and SSE-encrypted search protect and query sensitive datasets end-to-end. Authentication, tenant isolation, and access control enforce least privilege across APIs, backed by audit evidence (hash-chained events, signatures) and observability (metrics/traces/logs) for compliance and forensics. AI orchestration runs GPU/TPU workloads via Kubernetes and AWS Batch with confidential-computing / enclave-backed execution where available (capability depends on cloud/provider and instance class (Intel SGX, AMD SEV, NVIDIA CC, Intel TDX, ARM TrustZone, ARM CCA/RME, AWS Nitro Enclaves, IBM Secure Execution)), plus security monitoring for real-time detection and response.

Cloud Platform

General AvailabilityFree Forever

Report a bug · Report a security issue

Start with a free account.
Get 10 GB storage, 50,000 API calls per month, 20 KMS keys, 25 vault secrets, and access to all Always Free services including encrypted storage, secrets vault, and PQC authentication—store anything (documents, AI artifacts, secrets, archives) inside your quantum-secure drive.

Upgrade anytime to Pay As You Go. Pay only for services that exceed your free tier limits. Scale to AI workloads, hardware enclaves, multi-region replication, and enterprise features as needed.

Continue with Always Free services. If you don't upgrade, you'll continue to receive Always Free services in your Free Tier account with no credit card required.

Developer Platform

General AvailabilityAlways Free SDKs

Report a bug · Report a security issue

↳You asked. We built it.

The new Dev Team tier ($1,499/mo) is the most requested plan in QNSP — designed by the community, for the community. CBOM export, quantum readiness reports, 90-day audit retention, and compliance visibility included from day one.

12 Production-ready SDKs. All SDKs are free on every plan. TypeScript SDKs for storage, search, AI orchestration, auth, vault, tenant, billing, access control, audit, KMS, crypto inventory, and browser. Type-safe APIs with built-in OpenTelemetry metrics.

REST APIs, CLI & WebSocket. Comprehensive REST APIs with OpenAPI specifications, interactive API explorer, CLI tools for model packaging and deployment, and WebSocket API for real-time notifications and live collaboration.

Dev Team tier — by you, for you. CBOM export, quantum readiness reports, 1M API calls/month, 1 TB PQC storage, 200 KMS keys, 3 portal seats, and 90-day audit retention — all included at $1,499/month with a 7% annual discount.

Free forever starts here. 10 GB PQC storage, 50,000 API calls/month, 20 KMS keys, 25 vault secrets, PQC TLS on all connections, and all 12 SDKs — no credit card, no time limit.

PQC algorithms

90 algorithms

FIPS Standards: ML-KEM-512/768/1024 (FIPS 203) • ML-DSA-44/65/87 (FIPS 204) • SLH-DSA SHA2/SHAKE variants (FIPS 205) • FN-DSA-512/1024 (FIPS 206 draft) • NIST Selected: HQC-128/192/256 • NIST Round 4: BIKE L1/L3/L5 • ISO Standards: Classic McEliece (5 variants), FrodoKEM (6 variants) • Lattice: NTRU (6 variants), NTRU-Prime • Additional Signatures: MAYO (4), CROSS-RSDP/RSDPG (18), UOV (12), SNOVA (12)

Multi-Service Platform

Full stack

Edge Gateway • Auth Service • Vault Service • Storage Service • Search Service • Tenant Service • Billing Service • KMS Service • Audit Service • Access Control Service • Security Monitoring Service • Observability Service • AI Orchestrator • AI Intelligence Service • Crypto Inventory Service • Platform API • Terraform Provisioner • PQC-TLS Canary

Hardware enclaves

8 types

Intel SGX (MEE) • AMD SEV (Memory Guard + SEV-SNP) • NVIDIA CC (GPU memory encryption) • Intel TDX (TME - Google Cloud) • ARM TrustZone • ARM CCA/RME (Google Cloud) • AWS Nitro Enclaves • IBM Secure Execution

Scheduler backends

4 adapters

Kubernetes (Jobs API) • AWS Batch (job queues) • GPU Fleet (attestation) • TPU Fleet (attestation)

HSM vendors

4 supported

Thales Luna (AES-KW-PAD) • Entrust nShield (AES-KW-PAD) • AWS CloudHSM (AES-KW-PAD) • Azure HSM (AES-KW-PAD)

Edge gateway & infrastructure

Full stack

PQC-TLS termination • Rate limiting (token bucket) • Auth/Capability proxy • WebSocket (channels/broadcast) • Route management • Quota enforcement (tier-based) • DDoS protection • WAF (SQL/XSS/path traversal) • Anomaly detection • IP reputation • Bot protection • Merkle tree checkpoints • Automated remediation (block/quarantine/revoke) • Stripe webhooks • OTLP ingestion proxy via Observability Service (metrics/traces/logs)

Trust & Compliance

CSA STAR Level 1 — CAIQ Self-Assessment

QNSP is listed in the Cloud Security Alliance (CSA) STAR Registry at Level 1 (CAIQ v4.1.0 self-assessment). Level 1 is a public CAIQ self-assessment provided by the vendor.

STAR Level 1

Self-Assessment (CAIQ)

Listed Since: February 23, 2026
Last Updated: February 23, 2026
ISO Programs (in progress): ISO 9001 (QMS), ISO 14001 (EMS), ISO 45001 (OH&S), ISO 27001 (ISMS), ISO 22301 (BCMS)
Not yet certified. Status and scope vary by program and service.

View CSA STAR Service Listing →📥 Download CAIQ (from CSA)Download CAIQ mirror (XLSX)View CUI LABS organization profile →

What This Means

✓

CAIQ Self-Assessment v4.1.0

Comprehensive documentation of security controls for IaaS, PaaS, and SaaS services

✓

Mapped to CSA CCM

Industry-accepted framework for cloud security assurance

✓

Publicly verifiable assurance

Publicly accessible assurance artifacts for customer due diligence

About CSA STAR

The Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) Registry is a public registry for cloud security assurance artifacts.

QNSP Platform Coverage:
End-to-end quantum-native security fabric for AI, data, and mission-critical systems with PQC-TLS termination, HSM-integrated KMS, secrets vault, encrypted storage, and full observability.

View CUI LABS Organization Profile →

🎯 Enterprise & Government Customers: Our CSA STAR Level 1 listing provides the transparency and assurance you need for vendor risk assessments. Download our CAIQ self-assessment directly from the CSA STAR Registry.

Scope: QNSP cloud service as listed in CSA STAR. Controls vary by deployment model (cloud/private/air-gapped).

Quantum imperative

Designed for 2026+ resilience

Multi-tenant Integrated Trust Platform delivering PQC-native security, zero-trust automation, quantum-resistant protection and built-in compliance across all services.

Quantum Computing Threat Timeline

2026-2030

Cryptographically relevant quantum computers emerge. QNSP provides NIST-standardized post-quantum cryptography — ML-KEM (FIPS 203), ML-DSA (FIPS 204), SLH-DSA (FIPS 205), FN-DSA (FIPS 206 draft) — plus 90 PQC algorithms across 14 families and 18 production services.

2030-2035

Projected availability of quantum systems capable of breaking RSA-2048 and ECC used in current TLS, digital signatures, and key exchange protocols. Compliance deadlines accelerate as regulatory bodies mandate PQC adoption.

Last reviewed (UTC)

This timeline is periodically reviewed against public sources. Evidence-backed claims are exposed via live endpoints (e.g., /platform/v1/crypto/tls/evidence/public). Last reviewed: Jan 19, 2026 00:00 UTC.

Sources: NIST releases first 3 finalized post-quantum encryption standards (FIPS 203/204/205) · AWS Security Blog: ML-KEM post-quantum TLS now supported in AWS KMS, ACM, and Secrets Manager

Harvest-Now, Decrypt-Later Attacks

Executive summary: Adversaries can collect encrypted data today and decrypt it later once cryptographically relevant quantum computers (CRQC) become available.

Latest PQC & crypto updates

No PQC/crypto updates matched yet. Try Refresh, or check back later.

Why it matters: PQC standardization and vendor rollout are accelerating. Organizations should treat long-lived confidentiality as exposed unless migration plans are actively underway.

Risk surface

Long-term data archives and backups
AI training datasets and model weights
Encrypted communications and stored messages
Digital signatures on legal documents
Encrypted databases containing sensitive information
PKI certificates and key material

QNSP response

NIST-standardized PQC primitives across platform services
Deterministic policy enforcement and cryptographic posture visibility. Evidence endpoints (public): /platform/v1/crypto/tls/evidence/public · /platform/v1/crypto/posture/public. Additional admin-only endpoints are available via authenticated access.

Forecast window: 2030-2035 (~4-9 years; UTC)

NIST Post-Quantum Cryptography Standards

The National Institute of Standards and Technology (NIST) has standardized PQC algorithms after extensive evaluation:

ML-KEM (formerly CRYSTALS-Kyber)

Selected for key exchange and encryption. Provides security levels equivalent to AES-128, AES-192, and AES-256. Recommended for TLS handshakes and secure communications.

ML-DSA (formerly CRYSTALS-Dilithium)

Selected for digital signatures and authentication. Provides high security with efficient signing and verification. Suitable for code signing, document authentication, and identity verification.

FALCON (Digital Signatures)

Alternative signature scheme with smaller signature sizes. Ideal for bandwidth-constrained applications and embedded systems requiring compact signatures.

SLH-DSA (formerly SPHINCS+)

Conservative hash-based signature scheme providing long-term security guarantees. Recommended for high-security applications requiring maximum assurance.

Compliance and Regulatory Requirements

Government and industry regulations are mandating PQC adoption:

HSM requirements: For high-security deployments, QNSP integrates with customer-managed HSMs (e.g. Thales Luna, Entrust nShield, AWS CloudHSM, Azure HSM). Certification level depends on the selected HSM and environment.
FedRAMP Alignment: Cloud security standards for federal agencies. QNSP follows FedRAMP roadmap requirements.
Executive Order 14028: Mandates zero-trust architecture and enhanced software supply chain security with PQC protection.
GDPR & Data Residency: PQC ensures long-term protection of personal data, meeting regulatory requirements for data protection.
IL5/FedRAMP High: Required for classified and sensitive government data processing.

Migration Strategy and Best Practices

Organizations should adopt a phased approach to PQC migration:

Phase 1: Immediate Protection

Implement PQC for new data and systems. Begin inventory of cryptographic assets. Start training teams on PQC standards and best practices.

Phase 2: Hybrid Deployment

Deploy hybrid classical-PQC systems. Migrate critical infrastructure to PQC. Update key management systems and certificate authorities.

Phase 3: Full PQC Transition

Complete migration to PQC-only systems. Retire legacy cryptographic protocols. Ensure all data storage and communications use quantum-resistant algorithms.

Cloud Service Status (Public)

Environment: Production

Region: ap-southeast-1 (Singapore)

Last updated: Mar 22 10:21 UTC

●Edge Gateway

online

●Auth Service

online

●Vault Service

online

●Storage Service

online

●Search Service

online

●AI Orchestrator

online

●Tenant Service

online

●Billing Service

online

●KMS Service

online

●Observability Service

online

●Audit Service

online

●Access Control Service

online

●Security Monitoring Service

online

●Crypto Inventory Service

online

Private/VPC/sovereign and air-gapped deployments are not shown here.
Statuses may appear Offline/Degraded due to network connectivity. Refresh to retry. For persistent issues, check your deployment’s /status endpoint or internal monitoring. If you’re using QNSP Cloud, visit https://qnsp.cuilabs.io/status.

Transparent pricing

Simple, predictable pricing for every team

General Availability

Report a bug · Report a security issue

Start free, scale as you grow. All SDKs are free. Enterprise features (enclaves, AI training) available on higher tiers.

Free Forever

FREE

$0forever

Free-forever for everyone — explore PQC workloads with no time limit

✓10 GB PQC-encrypted storage
✓50,000 API calls/month
✓20 KMS keys (ML-KEM, ML-DSA, SLH-DSA)
✓25 vault secrets (read/write)
✓PQC TLS on all connections
✓Default crypto policy
✓7-day audit log retention
✓12 SDKs (Included)
✓Community support

Get started free

Developer Plans

DEV STARTER

$149/month

First paid commitment — build something real

✓100 GB PQC-encrypted storage
✓100,000 API calls/month
✓30 KMS keys
✓75 vault secrets
✓Default crypto policy
✓30-day audit log retention
✓12 SDKs (Included)
✓Email support (48h response)

Business Plans

BUSINESS TEAM

$2,199/month

Production-grade team tier with compliance reporting and crypto policy UI

✓5 TB PQC-encrypted storage
✓1.5M API calls/month
✓300 KMS keys, 500K KMS ops/month
✓1K vault secrets, 3K secret versions
✓SSE-X enabled
✓CBOM export + Crypto policy enforcement UI
✓90-day audit log retention (included)
✓50 API keys, 5 portal seats
✓12 SDKs (Included)
✓Slack Connect support (8h response)

RECOMMENDED

BUSINESS ADVANCED

$5,499/month

Strict crypto policy — regulated workloads with compliance evidence

✓10 TB PQC-encrypted storage
✓7.5M API calls/month
✓600 KMS keys, 750K KMS ops/month
✓2K vault secrets, 7.5K secret versions
✓Strict crypto policy (ML-KEM-768/1024, ML-DSA-65/87)
✓180-day audit log retention (included)
✓Compliance reports + attestation streaming
✓100 API keys, 10 portal seats
✓12 SDKs (Included)
✓Slack Connect + email support (4h response, named CSM)

BUSINESS ELITE

$8,499/month

Full compliance evidence — everything short of enclaves

✓15 TB PQC-encrypted storage
✓10M API calls/month
✓1K KMS keys, 1.5M KMS ops/month
✓4K vault secrets, 15K secret versions
✓Strict crypto policy
✓1-year audit log retention (included)
✓Full compliance evidence + observability pack
✓200 API keys, 25 portal seats
✓12 SDKs (Included)
✓Priority support (8×5, 4h response, named CSM)

Enterprise Plans

ENTERPRISE STANDARD

$12,999/month

Enclave-secured AI inference with maximum crypto policy

✓20 TB PQC-encrypted storage
✓15M API calls/month
✓2K KMS keys, 7.5M KMS ops/month
✓8K vault secrets, 30K secret versions
✓🔒 Enclave AI inference (PQC-attested)
✓Maximum crypto policy (ML-KEM-1024, ML-DSA-87)
✓1-year audit log retention + failover region
✓500 API keys, 50 portal seats
✓12 SDKs (Included)
✓Priority support (8×5, 4h response, named CSM)

ENTERPRISE PRO

$24,999/month

Full AI security — training, fine-tuning, inference, all PQC-attested

✓25 TB PQC-encrypted storage
✓30M API calls/month
✓5K KMS keys, 30M KMS ops/month
✓20K vault secrets, 100K secret versions
✓🔒 Full enclave AI: training, fine-tuning, inference
✓Maximum crypto policy
✓Full compliance evidence suite
✓1K API keys, 100 portal seats
✓12 SDKs (Included)
✓Premium support (24×7, 1h response, named CSM)

ENTERPRISE ELITE

Fortune 200 & mission-critical — government policy, HSM, unlimited scale

✓Unlimited storage & API calls
✓Unlimited KMS keys & vault secrets
✓🔒 Government crypto policy (FIPS 203/204/205 only)
✓🔒 HSM-backed root keys (CloudHSM included)
✓🔒 Full enclave AI suite + dedicated GPU clusters
✓7-year audit log retention
✓Isolated tenancy + failover region
✓12 SDKs (Included)
✓Custom SLA (99.99% uptime)
✓Dedicated CSM + premium support

Mission-Critical Programs

PUBLIC SECTOR

Government & public services programs with regulated procurement

✓Custom storage & API limits
✓🔒 Controlled deployment options (VPC / private / on-prem)
✓Customer/partner-managed HSM integration (certification level depends on selected HSM)
✓IL5/FedRAMP High alignment (deployment-specific)
✓SOC 2 Type II & ISO 27001 programs (in progress)
✓ISO 9001 / ISO 14001 / ISO 45001 / ISO 22301 programs (in progress)
✓GDPR, HIPAA & data residency
✓12 SDKs (Included)
✓Dedicated account manager
✓24/7 incident escalation (enterprise agreement)
✓Field engineering via customer/partner processes (as required)

DEFENSE & SPACE

Defense, national security, and space agency deployments

✓Custom storage & API limits
✓🔒 Classified enclave clusters
✓🔒 Customer-controlled air-gapped orchestration
✓Customer/partner-managed HSM integration (certification level depends on selected HSM)
✓ITAR program support (deployment-specific)
✓Data residency guarantees (deployment-specific)
✓Private cloud & edge deployment
✓12 SDKs (Included)
✓Dedicated account manager
✓24/7 incident escalation (enterprise agreement)

CRITICAL INFRASTRUCTURE & LABS

Nuclear, biosecurity, critical infrastructure, and quantum labs

✓Custom storage & API limits
✓🔒 High-assurance enclaves + attestation controls
✓Customer/partner-managed HSM integration (certification level depends on selected HSM)
✓Air-gapped / isolated tenancy options (deployment-specific)
✓Compliance alignment (deployment-specific)
✓Data residency & retention controls
✓Private cloud & edge deployment
✓12 SDKs (Included)
✓Dedicated account manager
✓Field engineering via customer/partner processes (as required)

Features, functionality, SDKs, and APIs may evolve. Where applicable, changes are communicated through release notes and may be subject to plan-specific feature availability.
Support and SLA coverage depend on your subscription tier and (for Enterprise) signed agreements. Free/community usage is supported on a best-effort basis.
“Popular” and “Recommended” indicators are derived from aggregated customer preference signals and live usage analytics.
Pricing may change over time. Promotional or introductory pricing is subject to change following the applicable promotional period.

Platform

Security Framework

Threat modeling, cryptographic policy enforcement, signed audit trails, and automated incident response—mapped to common enterprise frameworks.

Live PQC-TLS Evidence

Public TLS terminates at the AWS ALB with a PQ/hybrid TLS policy. You can verify negotiated groups and policy evidence via /platform/v1/crypto/tls/evidence/public. Full platform crypto posture is available at /platform/v1/crypto/posture/public(authentication required for full details).

Quantum Threat Model v2.0

Comprehensive threat modeling aligned with NIST PQC standards and CRQC timeline assumptions.

6 attacker classes: Opportunistic → Nation-State with CRQC
HNDL (Harvest Now, Decrypt Later) timeline modeling
22 security controls mapped to specific threats
Data classification: ephemeral → long-lived secrets
Legacy migration milestones: staged classical deprecation (PQC-Native is the default)

Cryptographic Attestation

Forensic-grade cryptographic evidence with NIST algorithm lifecycle tracking and compliance assessment.

NIST algorithm registry with lifecycle status (Final/Draft/Deprecated)
CBOM (Cryptographic Bill of Materials) export with SHA3-256 hash
Automated CNSA 2.0 and FIPS 140-3 compliance checks
Policy enforcement: audit mode or hard-block mode
Migration planning for deprecated algorithms (platform-wide)
Machine-verifiable compliance snapshots with PQC signatures

Cryptographic Policy Engine

Tenant-configurable PQC enforcement with algorithm allowlists and HSM requirements.

KEM: ML-KEM-512/768/1024 (FIPS 203), HQC, BIKE, Classic McEliece, FrodoKEM, NTRU
Signatures: ML-DSA-44/65/87 (FIPS 204), SLH-DSA (FIPS 205), FN-DSA (FIPS 206 draft), MAYO, CROSS, UOV, SNOVA
Symmetric: AES-256-GCM, ChaCha20-Poly1305
90 PQC algorithms across 14 families, 4 policy tiers: Default → Government/Defense
HSM-enforced root key protection (HSM-backed root keys; certification depends on deployment)

Signed Audit Evidence

Cryptographically signed, hash-chained audit trail for compliance and forensics.

30 crypto-critical event types across 7 services
PQC-signed events with ML-DSA-3 signatures
SHA3-512 hash chains with Merkle checkpoints
Severity inference: info → critical
SIEM/monitoring export (Splunk, Datadog) + 6 additional integrations (Slack, GitHub, AWS, Azure, GCP, Okta) via deployment-specific forwarding

Key Compromise Response

Automated incident response for suspected or confirmed key compromises.

5-step remediation: record → rotate → rewrap → revoke → audit
KMS, Vault, Storage service integration
Automatic capability token revocation
5s per-call timeout with retry for remediation actions
Correlation tracking across services

Downgrade Attack Remediation

Real-time detection and response to cryptographic downgrade attempts.

Protocol tracking: PQC-TLS → TLS 1.3 → TLS 1.2
Algorithm monitoring: ML-DSA → ECDSA downgrades
Automatic IP/user blocking on critical severity
Token revocation and resource quarantine
Escalation to key compromise handler

Platform Capabilities

18 Production Services

Edge Gateway, Auth Service, Vault Service, Storage Service, Search Service, Tenant Service, Billing Service, KMS Service, Audit Service, Access Control Service, Security Monitoring Service, Observability Service, AI Orchestrator, AI Intelligence Service, Crypto Inventory Service, Platform API, Terraform Provisioner, PQC-TLS Canary — all deployed as optimized containers (~85 MB average) to AWS ECR.

Hardware Enclaves

Intel SGX (MEE), AMD SEV (Memory Guard + SEV-SNP), NVIDIA CC (GPU memory encryption), Intel TDX (TME - supports Google Cloud Confidential VMs/GKE), ARM TrustZone, ARM CCA/RME (supports Google Cloud Confidential GKE), AWS Nitro Enclaves, IBM Secure Execution with cryptographic attestation.

Scheduler Backends

Kubernetes (Jobs API), AWS Batch (job queues), GPU Fleet, TPU Fleet (with attestation).

HSM Integration

Thales Luna, Entrust nShield, AWS CloudHSM, Azure HSM (PKCS#11 integration; certification level depends on the selected HSM and customer deployment).

Developer Platform

12 TypeScript SDK/client packages, REST APIs (OpenAPI), WebSocket API, CLI tools, CI/CD usage guides (GitHub Actions, GitLab CI, Jenkins, CircleCI).

Observability & Compliance

OTLP streaming, Merkle tree checkpoints, automated remediation, 8 integration providers (Slack, GitHub, AWS, Azure, GCP, Datadog, Splunk, Okta) via edge gateway, real-time collaboration.

Feature Comparison

Feature

QNSP

Cloud Providers

Security Tools

PQC Tooling

Cryptography & Key Material

86 PQC algorithms (28 KEMs + 58 signatures) via native liboqs

Native

Partial

NIST FIPS 203/204/205 (ML-KEM, ML-DSA, SLH-DSA) + HQC + FN-DSA

Native

Varies

Partial

Native

Dual-provider cross-verification (liboqs + noble for 18 FIPS algorithms)

Native

Not focus

KMS / key management (create, rotate, BYOK, per-tenant isolation)

Native

Partial

Secrets vault (CRUD, rotation, leases, PQC-encrypted at rest)

Native

Not focus

HSM integration (BYOH + QNSP-managed CloudHSM) with FIPS 140-3 gates

Native

Varies

Partial

Browser SDK — client-side PQC encryption, signing, and key encapsulation

Native

Not focus

Encrypted Storage & Search

SSE-X (PQC-encrypted object storage with ML-KEM envelope encryption)

Native

Partial

Not focus

Encrypted vector search (SSE-X semantic search over encrypted data)

Native

Not focus

Storage up to 25 TB included (S3 backend, QNSP handles all encryption)

Native

Not focus

Secure Ingress & Access

PQC-TLS termination at edge gateway + PQC-signed JWT access control

Native

Partial

Native

Not focus

SPIFFE/SVID identity for service-to-service authentication

Native

Varies

Partial

Not focus

Entitlement-enforced API gateway (access + capability layer per route)

Native

Varies

Not focus

Confidential Compute & AI

Enclave AI (PQC-attested inference, training, and fine-tuning)

Native

Varies

Not focus

AI model governance (lineage tracking, PQC signing, provenance graph)

Native

Not focus

Confidential compute orchestration + hardware attestation

Native

Varies

Not focus

Policy & Crypto Governance

Per-tenant crypto policy tiers (default → strict → maximum → government)

Native

Not focus

Varies

Partial

Algorithm allowlist/blocklist enforcement with NIST lifecycle tracking

Native

Not focus

Partial

Cryptographic Bill of Materials (CBOM) — full crypto asset inventory

Native

Not focus

Native

Policy engine (create policies + evaluate requests) + capability tokens

Native

Varies

Partial

Not focus

Audit, Compliance & Evidence

Tamper-evident audit trail (hash-chained events + commitment signatures)

Native

Varies

Partial

Compliance evidence packs (SOC 2, ISO 27001, FIPS 140-3, NIST SP 800-208)

Native

Varies

Partial

Not focus

Real-time attestation streaming + provider attestation records

Native

Not focus

Conformance testing (L0–L3 signed reports)

Native

Not focus

Partial

Platform & Developer Experience

Self-serve developer tiers ($0 → $149 → $590) with instant provisioning

Native

Partial

Not focus

Full CLI (12 command groups) + typed SDKs for every service

Native

Varies

Not focus

Usage metering + quota enforcement (fail-open) at the gateway

Native

Not focus

Automated remediation (block / rate-limit / quarantine / revoke session)

Native

Varies

Partial

Not focus

NativeCore product capability

PartialSupported, but not end-to-end

VariesCapability depends on vendor / SKU

Not focusNot their primary product focus

Sources (public)

Cloud Providers

AWS: ML-KEM post-quantum TLS now supported in AWS KMS, ACM, and Secrets Manager AWS: post-quantum cryptography migration plan Google Cloud: quantum-safe digital signatures in Cloud KMS (ML-DSA / SLH-DSA)Google Cloud: quantum-safe key encapsulation mechanisms in Cloud KMS (ML-KEM)Azure Key Vault: keys and quantum-safe cryptography overview Microsoft: quantum-safe security program (ML-KEM/ML-DSA integration)

Security Tools

HashiCorp Vault: Transit supports experimental ML-DSA and hybrid signatures Fortanix: Data Security Manager — PQC migration and confidential computing Thales CipherTrust: transparent encryption and key management CyberArk: centrally manage and rotate credentials (Secrets Management)Cloudflare: post-quantum cryptography in Zero Trust

PQC Tooling

SandboxAQ: Security Suite — crypto discovery, CBOM, and migration orchestration PQShield: UltraPQ-Suite — FIPS 140-3 CMVP certified PQC library for embedded systems QuSecure: QuProtect — crypto-agile network overlay with CBOM reporting DigiCert: Post-Quantum Cryptography (PQC) and crypto-agility Entrust: nShield Post-Quantum Option Pack (datasheet PDF)Qrypt: quantum-secure encryption and key generation without transmission

Competitor Landscape

Cloud Providers

Cloud providers are rolling out PQC primarily through primitives (KMS, certificates, TLS endpoints) and managed services. This lowers the barrier to adoption, but customers still assemble end-to-end enforcement across ingress, policy, audit evidence, storage/search workflows, and incident automation.

Examples

PQC primitives in KMS / secrets / certificate services and selected TLS endpoints
Broad managed service catalogs (storage, search, AI) with varying security/enforcement cohesion
Identity + policy products exist, but cross-service, evidence-grade enforcement is usually an integration project

Strengths

Global footprint, managed services, and operational maturity
PQC exposure through standard interfaces (TLS, KMS) accelerates early adoption
Compliance programs and enterprise procurement pathways

Gaps

Often focused on primitives rather than end-to-end tenant policy + audit evidence
Customers still stitch together ingress enforcement, signed ingestion, retention, and incident automation
Consistency across services varies; strong outcomes often require additional control-plane buildout

AWS: ML-KEM post-quantum TLS now supported in AWS KMS, ACM, and Secrets Manager Google Cloud: quantum-safe digital signatures in Cloud KMS Microsoft: quantum-safe security progress towards next-generation cryptography

Security Tools

Security tools deliver best-in-class point capabilities (vaults, PAM, edge access, SIEM/SOAR). They can be critical building blocks, but the end-to-end outcome (tenant policy, capability enforcement, signed audit evidence, and secure data workflows) is usually assembled across multiple vendors and systems.

Examples

Vaults / PAM for secrets and credential rotation
Edge access + WAF/Zero Trust posture controls
SIEM/SOAR for monitoring and response automation

Strengths

Mature deployments for identity/edge/PAM use cases
Good fit for incremental adoption (swap one control at a time)
Broad ecosystem integrations

Gaps

Often focused on one layer rather than cross-service, tenant-scoped enforcement
Doesn’t typically unify storage/search/AI workflows under a single policy + capability model
Audit evidence exists, but it’s rarely delivered as a single, tamper-evident platform trail

HashiCorp Vault: Transit API docs CyberArk: Secrets Management Cloudflare: post-quantum cryptography in Zero Trust

PQC Tooling

PQC tooling vendors focus on crypto-agility and migration readiness (PKI lifecycle, discovery, HSM options, and PQC primitives). They can accelerate planning and rotation, but typically don’t deliver the full platform surface: secure ingress + signed ingestion, per-tenant policy enforcement, evidence-grade audit, and secure data workflows.

Examples

Crypto posture / inventory + certificate lifecycle automation
Hardware-backed key protection options and PQC primitives
Rotation orchestration for PKI and machine identity surfaces

Strengths

Deep cryptographic specialization and migration readiness tooling
Helpful for inventory, policy design, and lifecycle automation at scale

Gaps

Usually not a full stack for tenants, audit trails, storage/search workflows, or billing/metering
Integration and operational ownership remains with the customer or SI

DigiCert: Post-Quantum Cryptography (PQC) and crypto-agility Entrust: nShield Post-Quantum Option Pack (datasheet PDF)Keyfactor: Post-Quantum Cryptography: A Primer (crypto-agility, inventory, automation)

Developer platform

Build with quantum-secure infrastructure

General AvailabilityAlways Free SDKs

Report a bug · Report a security issue

TypeScript SDKs and REST APIs (OpenAPI). Free for all tiers. Get started in 5 minutes.

↳You asked. We built it.

Dev Team is the most requested tier in QNSP history — designed by the community, for the community. A startup bridge at $1,499/month with CBOM, quantum readiness reports, and compliance visibility included from day one.

✓CBOM export included

✓Quantum readiness report included

✓90-day audit retention included

✓1M API calls/month

✓1 TB PQC-encrypted storage

✓200 KMS keys, 350K ops/month

✓3 portal seats, 35 API keys

✓7% annual discount

Create your account at cloud.qnsp.cuilabs.io and provision your tenant in minutes

Install SDK

SDK install and usage instructions are provided in the documentation portal

Upload your first document

Use QNSP APIs to upload documents with quantum-secure encryption

Build your app

Integrate QNSP into your application with full PQC protection

Available SDK packages

@qnsp/storage-sdkAvailable

Document upload/download, lifecycle management, compliance controls

@qnsp/search-sdkAvailable

Full-text search, SSE token filtering, index optimization

@qnsp/ai-sdkAvailable

AI workload orchestration, enclave management, GPU scheduling

@qnsp/auth-sdkAvailable

Authentication, FIDO2 passkeys, Personal Access Tokens (PATs), session management

@qnsp/vault-sdkAvailable

Secrets management, credential storage, lease rotation

@qnsp/tenant-sdkAvailable

Tenant management, subscription, metadata operations

@qnsp/billing-sdkAvailable

Invoice management, usage tracking, payment processing

@qnsp/access-control-sdkAvailable

Policy management, capability tokens, authorization flows

@qnsp/audit-sdkAvailable

Audit log querying, compliance reporting, event retrieval

@qnsp/kms-clientAvailable

PQC envelope encryption client, BYOK workflows, signing helpers

@qnsp/crypto-inventory-sdkAvailable

Crypto asset discovery, PQC migration tracking, inventory management

@qnsp/browser-sdkAvailable

Browser-compatible PQC encryption: client-side encryption, signing, key encapsulation

SDK access and install guidance is provided in the documentation portal.

API access (Edge Gateway)

Base URLhttps://api.qnsp.cuilabs.io

Auth/auth/v1

Tenant/tenant/v1

Billing/billing/v1

Storage/storage/v1

Vault/vault/v1

KMS/kms/v1

Search/search/v1

AI Orchestrator/ai/v1

Platform API/platform/v1

Health check: /health

Start building free Read documentation

Use cases

Real workloads, developer stories, and why now

Reference architectures, production patterns, and external standards show how QNSP lands in AI labs, gov clouds, and zero-trust programs.

Real workloads

Universal Free Forever Access

QNSP Cloud stays free forever for everyone—from individual users to global enterprises—starting with PQC storage and the full developer toolkit (12 SDK/client packages), with 10 GB storage, 50,000 API calls monthly, 20 KMS keys, and 25 vault secrets.

Kick off proofs of concept or production pilots immediately without credit cards, procurement reviews, or contracts.

Sovereign AI labs

Encrypted model training pipelines in customer-controlled sovereign cloud/VPC/on-prem environments, with GPU enclave orchestration and PQC-signed inference APIs.

Zero plaintext exposure of training sets with PQC-signed inference APIs.

Defense & intelligence

Customer-controlled private or air-gapped deployments with offline signing, distributed edge routing, tamper-evident audit flows.

Automated revocation workflows and tamper-evident audit replay.

Regulated finance

Quantum-safe document vaults, searchable encryption, automated retention + legal hold APIs.

PQC compliance with immediate regulator reporting via audit service webhooks.

Healthcare & life sciences

PHI-safe storage, secure collaboration, PQC-authenticated research data exchanges.

Meets HIPAA + GDPR residency through data-layer policying.

Developer stories

LegalTech contract management

Store thousands of contracts with long-term retention, search across clauses, and run AI contract analysis with immutable audit trails.

Unified storage + search + AI workflows with compliance-grade evidence and legal holds.

Healthcare patient record systems

Protect PHI with encrypted storage, HIPAA-aligned audit trails, and secure search across records with de-identification controls.

Retention, legal holds, and tenant isolation built into the platform primitives.

Investment & broker-dealer archives

WORM-style retention policies, immutable audit trails, and searchable encryption for investment documents and compliance reporting.

Regulator-ready retention and audit workflows without bespoke infrastructure.

Multi-tenant B2B document platform

Self-serve onboarding, tenant-isolated storage and search, and usage metering for billing across thousands of customer workspaces.

Ship faster by outsourcing encryption, compliance controls, and tenant isolation.

EdTech secure LMS

Securely store coursework and student submissions with privacy-safe search and long retention windows for transcripts and records.

FERPA-aligned handling through classification, retention, and tenant isolation patterns.

GovTech public records management

Manage public records with controlled access, immutable audit logs, and retention policies aligned to FOIA-style workflows.

Tamper-evident audit trails with policy-driven storage and selective indexing.

Why now

NIST post-quantum cryptography standards

NIST finalized FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA), encouraging organizations to begin transitioning.

Read reference →

Confidential computing for secure AI pipelines

Trusted execution environments (TEEs) protect data, models, and computations across preprocessing, training, and inference with attestation-based verification.

Read reference →

Engage

Start Building with QNSP

Join organizations deploying quantum-native security across cloud, private, and sovereign environments.

FREE FOREVER

Start Free Today

Get started immediately with 10 GB quantum-secure storage, 50,000 API calls/month, 20 KMS keys, 25 vault secrets, and full access to 12 TypeScript SDKs. No credit card required.

PQC storage + limited KMS

Full SDK access (auth, vault, storage, search, AI)

Production-ready for POCs and pilots

Create Free Account →

Business & Enterprise

Move beyond self-serve with a guided rollout plan for teams, production workloads, and higher-throughput integrations.

Architecture + integration onboarding

Production-readiness and scaling guidance

Support for rollout planning and governance

Request business onboarding →

Mission-Critical Sectors

Custom deployments for regulated industries, defense, critical infrastructure, and sovereign environments with security-first delivery and dedicated support.

Private/VPC/air-gapped deployments

Compliance alignment (FedRAMP, IL5, ITAR)

Dedicated account management

Contact Mission-Critical Sales →