QNSP

QNSP

Sign inTechnical Preview / Access Request
Quantum‑Native Security Platform (QNSP)AI OrchestrationHardware EnclavesEncrypted StorageHSM KMSSecrets VaultPQC SecuritySovereign AI & GovCloudAir-Gapped DeploymentsSearchable Encryption (SSE)Audit & Compliance AutomationZero-Trust Edge Gateway5GB Full PQC storage + limited KMS · Free Forever

End-to-End Quantum-NativeSecurity Fabric for AI, Data, andMission-Critical Systems

Built by CUI Labs Singapore, the Quantum‑Native Security Platform (QNSP) is a production platform delivering NIST finalized post-quantum standards—ML-KEM (formerly Kyber), ML-DSA (formerly Dilithium), and SLH-DSA (formerly SPHINCS+)—across 14 microservices behind a zero-trust Edge Gateway (auth/capability proxy, WAF, rate limits, and secure service routing). It provides PQC-TLStermination and continuous TLS posture evidence (live evidence endpoint + scheduled canary) to detect downgrade risk and validate PQC enforcement. QNSP also supports NIST’s selected algorithms still in standardization: the FALCON-based digital signature standard (FIPS 206, in development) and HQC (selected as an additional KEM), with NIST planning a HQC draft standard in about a year and a finalized standard in 2027. Secrets vault and HSM-integrated KMS manage keys and rotation across vendors (PKCS#11; Luna, nShield, CloudHSM, Azure HSM), while encrypted storage and SSE-encrypted search protect and query sensitive datasets end-to-end. Authentication, tenant isolation, and access control enforce least privilege across APIs, backed by audit evidence (hash-chained events, signatures) and observability (metrics/traces/logs) for compliance and forensics. AI orchestration runs GPU/TPU workloads via Kubernetes and AWS Batch with confidential-computing / enclave-backed execution where available (capability depends on cloud/provider and instance class (Intel SGX, AMD SEV, NVIDIA CC, Intel TDX, ARM TrustZone, ARM CCA/RME, AWS Nitro Enclaves, IBM Secure Execution)), plus security monitoring for real-time detection and response.

Cloud Platform

Technical PreviewFree Forever
1

Start with a free account.
Get 5GB storage, 2,000 API calls per month, and access to all Always Free services including encrypted storage, SSE search, secrets vault, and PQC authentication—store anything (documents, AI artifacts, secrets, archives) inside your quantum-secure drive.

2

Upgrade anytime to Pay As You Go. Pay only for services that exceed your free tier limits. Scale to AI workloads, hardware enclaves, multi-region replication, and enterprise features as needed.

3

Continue with Always Free services. If you don't upgrade, you'll continue to receive Always Free services in your Free Tier account with no credit card required.

Developer Platform

Technical PreviewAlways Free SDKs
1

11 Production-ready SDKs. All SDKs are free on every plan. TypeScript SDKs for storage, search, AI orchestration, auth, vault, tenant, billing, access control, and audit. Type-safe APIs with built-in OpenTelemetry metrics.

2

REST APIs, CLI & WebSocket. Comprehensive REST APIs with OpenAPI specifications, interactive API explorer, CLI tools for model packaging and deployment, and WebSocket API for real-time notifications and live collaboration.

PQC algorithms

10 variants

ML-KEM-512/768/1024 (formerly Kyber) • ML-DSA-44/65/87 (formerly Dilithium) • FALCON-512/1024 • SLH-DSA SHAKE-128f/256f (formerly SPHINCS+)

14 microservices

Full stack

Edge Gateway • Auth Service • Vault Service • Storage Service • Search Service • Tenant Service • Billing Service • KMS Service • Audit Service • Access Control Service • Security Monitoring Service • Observability Service • AI Orchestrator • Crypto Inventory Service

Hardware enclaves

8 types

Intel SGX (MEE) • AMD SEV (Memory Guard + SEV-SNP) • NVIDIA CC (GPU memory encryption) • Intel TDX (TME - Google Cloud) • ARM TrustZone • ARM CCA/RME (Google Cloud) • AWS Nitro Enclaves • IBM Secure Execution

Scheduler backends

4 adapters

Kubernetes (Jobs API) • AWS Batch (job queues) • GPU Fleet (attestation) • TPU Fleet (attestation)

HSM vendors

4 supported

Thales Luna (AES-KW-PAD) • Entrust nShield (AES-KW-PAD) • AWS CloudHSM (AES-KW-PAD) • Azure HSM (AES-KW-PAD)

Edge gateway & infrastructure

Full stack

PQC-TLS termination • Rate limiting (token bucket) • Auth/Capability proxy • WebSocket (channels/broadcast) • Route management • Quota enforcement (tier-based) • DDoS protection • WAF (SQL/XSS/path traversal) • Anomaly detection • IP reputation • Bot protection • OTLP proxy (metrics/traces/logs) • Merkle tree checkpoints • Automated remediation (block/quarantine/revoke) • Stripe webhooks

Quantum imperative

Designed for 2026+ resilience

Multi-tenant Integrated Trust Platform delivering PQC-native security, zero-trust automation, quantum-resistant protection and built-in compliance across all services.

Quantum Computing Threat Timeline

2026-2030

Cryptographically relevant quantum computers emerge. QNSP provides NIST-standardized post-quantum cryptography (ML-KEM (formerly Kyber), ML-DSA (formerly Dilithium), FALCON, SLH-DSA (formerly SPHINCS+)) across 14+ production services.

2030-2035

Projected availability of quantum systems capable of breaking RSA-2048 and ECC used in current TLS, digital signatures, and key exchange protocols. Compliance deadlines accelerate as regulatory bodies mandate PQC adoption.

Last reviewed (UTC)

This timeline is periodically reviewed against public sources. Evidence-backed claims are exposed via live endpoints (e.g., /platform/v1/crypto/tls/evidence/public). Last reviewed: Jan 19, 2026 00:00 UTC.

Sources: NIST releases first 3 finalized post-quantum encryption standards (FIPS 203/204/205) · AWS Security Blog: ML-KEM post-quantum TLS now supported in AWS KMS, ACM, and Secrets Manager

Harvest-Now, Decrypt-Later Attacks

Executive summary: Adversaries can collect encrypted data today and decrypt it later once cryptographically relevant quantum computers (CRQC) become available.

Latest PQC & crypto updates

No PQC/crypto updates matched yet. Try Refresh, or check back later.

Why it matters: PQC standardization and vendor rollout are accelerating. Organizations should treat long-lived confidentiality as exposed unless migration plans are actively underway.

Risk surface

  • Long-term data archives and backups
  • AI training datasets and model weights
  • Encrypted communications and stored messages
  • Digital signatures on legal documents
  • Encrypted databases containing sensitive information
  • PKI certificates and key material

QNSP response

Forecast window: 2030-2035 (~4-9 years; UTC)

NIST Post-Quantum Cryptography Standards

The National Institute of Standards and Technology (NIST) has standardized PQC algorithms after extensive evaluation:

ML-KEM (formerly CRYSTALS-Kyber)

Selected for key exchange and encryption. Provides security levels equivalent to AES-128, AES-192, and AES-256. Recommended for TLS handshakes and secure communications.

ML-DSA (formerly CRYSTALS-Dilithium)

Selected for digital signatures and authentication. Provides high security with efficient signing and verification. Suitable for code signing, document authentication, and identity verification.

FALCON (Digital Signatures)

Alternative signature scheme with smaller signature sizes. Ideal for bandwidth-constrained applications and embedded systems requiring compact signatures.

SLH-DSA (formerly SPHINCS+)

Conservative hash-based signature scheme providing long-term security guarantees. Recommended for high-security applications requiring maximum assurance.

Compliance and Regulatory Requirements

Government and industry regulations are mandating PQC adoption:

  • HSM requirements: For high-security deployments, QNSP integrates with customer-managed HSMs (e.g. Thales Luna, Entrust nShield, AWS CloudHSM, Azure HSM). Certification level depends on the selected HSM and environment.
  • FedRAMP Alignment: Cloud security standards for federal agencies. QNSP follows FedRAMP roadmap requirements.
  • Executive Order 14028: Mandates zero-trust architecture and enhanced software supply chain security with PQC protection.
  • GDPR & Data Residency: PQC ensures long-term protection of personal data, meeting regulatory requirements for data protection.
  • IL5/FedRAMP High: Required for classified and sensitive government data processing.

Migration Strategy and Best Practices

Organizations should adopt a phased approach to PQC migration:

Phase 1: Immediate Protection

Implement PQC for new data and systems. Begin inventory of cryptographic assets. Start training teams on PQC standards and best practices.

Phase 2: Hybrid Deployment

Deploy hybrid classical-PQC systems. Migrate critical infrastructure to PQC. Update key management systems and certificate authorities.

Phase 3: Full PQC Transition

Complete migration to PQC-only systems. Retire legacy cryptographic protocols. Ensure all data storage and communications use quantum-resistant algorithms.

Cloud Service Status (Public)

Environment: Production

Region: ap-southeast-1 (Singapore)

Last updated: Feb 04 00:21 UTC

Edge Gateway
online
Auth Service
online
Vault Service
online
Storage Service
online
Search Service
online
AI Orchestrator
online
Tenant Service
online
Billing Service
online
KMS Service
online
Observability Service
online
Audit Service
online
Access Control Service
online
Security Monitoring Service
online
Crypto Inventory Service
online
  • Private/VPC/sovereign and air-gapped deployments are not shown here.
  • Statuses may appear Offline/Degraded due to network connectivity. Refresh to retry. For persistent issues, check your deployment’s /status endpoint or internal monitoring. If you’re using QNSP Cloud, visit https://qnsp.cuilabs.io/status.

Transparent pricing

Simple, predictable pricing for every team

Start free, scale as you grow. All SDKs are free. Enterprise features (enclaves, AI training) available on higher tiers.

Free Forever

FREE

$0forever

Free-forever for everyone—from individual users to global enterprises—exploring QNSP workloads

  • 5GB quantum-secure storage
  • 2,000 API calls/month
  • Full PQC storage + limited KMS (1 key, 5k ops/month)
  • 11 SDKs (Included)
  • Community support
Get started free

Developer Plans

DEV STARTER

$99/month

For startups and small teams

  • 50GB quantum-secure storage
  • 50,000 API calls/month
  • PQC storage + KMS
  • Basic search
  • 11 SDKs (Included)
  • Email support
MOST POPULAR

DEV PRO

$499
$450/month
10% OFF

For growing companies and production

  • 200GB quantum-secure storage
  • 250,000 API calls/month
  • Full PQC stack
  • Advanced SSE + Vault
  • AI inference (non-enclave)
  • 11 SDKs (Included)

DEV ELITE

$599/month

For advanced development teams

  • 500GB quantum-secure storage
  • 500,000 API calls/month
  • Full PQC stack
  • Advanced SSE + Vault
  • AI inference (non-enclave)
  • 11 SDKs (Included)

Business Plans

BUSINESS TEAM

$1,499/month

For mid-market teams

  • 500GB quantum-secure storage
  • 1M API calls/month
  • SSO (SAML/OIDC) + Audit
  • Team management (25 users)
  • AI orchestration
  • 11 SDKs (Included)
  • Priority support (8h)
RECOMMENDED

BUSINESS ADVANCED

$3,999/month

For advanced teams and larger businesses

  • 2TB quantum-secure storage
  • 5M API calls/month
  • PQC automation + SCIM
  • Team management (100 users)
  • AI batch workloads
  • 11 SDKs (Included)
  • Priority support (4h)

BUSINESS ELITE

$5,999/month

Premium business tier with compliance focus

  • 3.5TB quantum-secure storage
  • 7.5M API calls/month
  • Multi-region PQC
  • Enhanced audit logs + compliance
  • Team management (200 users)
  • 11 SDKs (Included)
  • Priority support (2h)

Enterprise Plans

ENTERPRISE STANDARD

$7,999/month

Enclave-secured AI inference

  • 5TB quantum-secure storage
  • 10M API calls/month
  • 🔒 Enclave inference (8 hardware enclave types)
  • Multi-region PQC
  • Audit + residency proofs
  • 11 SDKs (Included)
  • Dedicated account manager

ENTERPRISE PRO

$14,999/month

Full AI security platform

  • 10TB quantum-secure storage
  • 25M API calls/month
  • 🔒 Encrypted AI training/fine-tuning
  • 🔒 Full enclave security suite
  • Full compliance bundle
  • 11 SDKs (Included)
  • Dedicated support engineer

ENTERPRISE ELITE

Fortune 200 & mission-critical

  • Unlimited storage & API calls
  • 🔒 Dedicated enclave GPU clusters
  • 🔒 Private/VPC deployments
  • Custom PQC schedules
  • 11 SDKs (Included)
  • 1-hour SLA (99.95% uptime)
  • Pre-warmed enclave pools
Request a quote

Mission-Critical Programs

PUBLIC SECTOR

Government & public services programs with regulated procurement

  • Custom storage & API limits
  • 🔒 Controlled deployment options (VPC / private / on-prem)
  • Customer/partner-managed HSM integration (certification level depends on selected HSM)
  • IL5/FedRAMP High alignment (deployment-specific)
  • SOC 2-aligned controls & ISO 27001 roadmap
  • GDPR, HIPAA & data residency
  • 11 SDKs (Included)
  • Dedicated account manager
  • 24/7 incident escalation (enterprise agreement)
  • Field engineering via customer/partner processes (as required)
Request a quote

DEFENSE & SPACE

Defense, national security, and space agency deployments

  • Custom storage & API limits
  • 🔒 Classified enclave clusters
  • 🔒 Customer-controlled air-gapped orchestration
  • Customer/partner-managed HSM integration (certification level depends on selected HSM)
  • ITAR program support (deployment-specific)
  • Data residency guarantees (deployment-specific)
  • Private cloud & edge deployment
  • 11 SDKs (Included)
  • Dedicated account manager
  • 24/7 incident escalation (enterprise agreement)
Request a quote

CRITICAL INFRASTRUCTURE & LABS

Nuclear, biosecurity, critical infrastructure, and quantum labs

  • Custom storage & API limits
  • 🔒 High-assurance enclaves + attestation controls
  • Customer/partner-managed HSM integration (certification level depends on selected HSM)
  • Air-gapped / isolated tenancy options (deployment-specific)
  • Compliance alignment (deployment-specific)
  • Data residency & retention controls
  • Private cloud & edge deployment
  • 11 SDKs (Included)
  • Dedicated account manager
  • Field engineering via customer/partner processes (as required)
Request a quote
  1. This service is currently in Technical Preview. Features, functionality, SDKs and APIs may evolve, and users may experience bugs, outages, or performance variability. Certain capabilities may be limited or unavailable during the beta period.
  2. Support is provided on a best-effort basis and no service level agreement (SLA) applies during Technical Preview.
  3. “Popular” and “Recommended” indicators are derived from aggregated customer preference signals and live usage analytics.
  4. Pricing may change over time. Promotional or introductory pricing is subject to change following the applicable promotional period.

Platform

Security Framework

Threat modeling, cryptographic policy enforcement, signed audit trails, and automated incident response—mapped to common enterprise frameworks.

Live PQC-TLS Evidence

Public TLS terminates at the AWS ALB with a PQ/hybrid TLS policy. You can verify negotiated groups and policy evidence via /platform/v1/crypto/tls/evidence/public. Full platform crypto posture is available at /platform/v1/crypto/posture/public(authentication required for full details).

Quantum Threat Model v2.0

Comprehensive threat modeling aligned with NIST PQC standards and CRQC timeline assumptions.

  • 4 attacker classes: Script Kiddie → Nation-State with CRQC
  • HNDL (Harvest Now, Decrypt Later) timeline modeling
  • 15+ security controls mapped to specific threats
  • Data classification: ephemeral → long-lived secrets
  • Legacy migration milestones: staged classical deprecation (PQC-Native is the default)

Cryptographic Attestation

Forensic-grade cryptographic evidence with NIST algorithm lifecycle tracking and compliance assessment.

  • NIST algorithm registry with lifecycle status (Final/Draft/Deprecated)
  • CBOM (Cryptographic Bill of Materials) export with SHA3-256 hash
  • Automated CNSA 2.0 and FIPS 140-3 compliance checks
  • Policy enforcement: audit mode or hard-block mode
  • Migration planning for deprecated algorithms (platform-wide)
  • Machine-verifiable compliance snapshots with PQC signatures

Cryptographic Policy Engine

Tenant-configurable PQC enforcement with algorithm allowlists and HSM requirements.

  • KEM: ML-KEM-512/768/1024 (formerly Kyber)
  • Signatures: ML-DSA-2/3/5 (formerly Dilithium), Falcon-512/1024, SLH-DSA (formerly SPHINCS+)
  • Symmetric: AES-256-GCM, ChaCha20-Poly1305
  • 4 policy tiers: Default → Government/Defense
  • HSM-enforced root key protection (HSM-backed root keys; certification depends on deployment)

Signed Audit Evidence

Cryptographically signed, hash-chained audit trail for compliance and forensics.

  • 40+ crypto-critical event types across 12 services
  • PQC-signed events with ML-DSA-3 signatures
  • SHA3-512 hash chains with Merkle checkpoints
  • Severity inference: info → critical
  • SIEM-ready export (Splunk, Elastic, Datadog) via deployment-specific forwarding

Key Compromise Response

Automated incident response for suspected or confirmed key compromises.

  • 5-step remediation: record → rotate → rewrap → revoke → audit
  • KMS, Vault, Storage service integration
  • Automatic capability token revocation
  • Sub-10s response SLA for critical incidents
  • Correlation tracking across services

Downgrade Attack Remediation

Real-time detection and response to cryptographic downgrade attempts.

  • Protocol tracking: PQC-TLS → TLS 1.3 → TLS 1.2
  • Algorithm monitoring: ML-DSA → ECDSA downgrades
  • Automatic IP/user blocking on critical severity
  • Token revocation and resource quarantine
  • Escalation to key compromise handler

Platform Capabilities

14+ Production Services

Edge Gateway, Auth Service, Vault Service, Storage Service, Search Service, Tenant Service, Billing Service, KMS Service, Audit Service, Access Control Service, Security Monitoring Service, Observability Service, AI Orchestrator, Crypto Inventory Service (plus platform utilities like platform API and provisioning).

Hardware Enclaves

Intel SGX (MEE), AMD SEV (Memory Guard + SEV-SNP), NVIDIA CC (GPU memory encryption), Intel TDX (TME - supports Google Cloud Confidential VMs/GKE), ARM TrustZone, ARM CCA/RME (supports Google Cloud Confidential GKE), AWS Nitro Enclaves, IBM Secure Execution with cryptographic attestation.

Scheduler Backends

Kubernetes (Jobs API), AWS Batch (job queues), GPU Fleet, TPU Fleet (with attestation).

HSM Integration

Thales Luna, Entrust nShield, AWS CloudHSM, Azure HSM (PKCS#11 integration; certification level depends on the selected HSM and customer deployment).

Developer Platform

11 TypeScript SDK/client packages, REST APIs (OpenAPI), WebSocket API, CLI tools, CI/CD integrations (GitHub Actions, GitLab CI, Jenkins, CircleCI).

Observability & Compliance

OTLP streaming, Merkle tree checkpoints, automated remediation, SIEM-ready export via OTLP/audit forwarding (Splunk, Elastic, Datadog), real-time collaboration.

Feature Comparison

Feature
QNSP
Cloud Providers
Security Tools
PQC Tooling
Cryptography & Key Material
Secrets vault (CRUD, rotation, leases)
Native
Native
Native
Partial
Secret leases (issue / renew / revoke) for time-bound access
Native
Varies
Partial
Not focus
KMS / key management (create, rotate, BYOK)
Native
Native
Partial
Partial
HSM evidence collection + FIPS enforcement gates
Native
Varies
Varies
Partial
Post-quantum primitives (ML-KEM / ML-DSA / SLH-DSA)
Native
Varies
Partial
Native
PKI transition tooling (crypto inventory / policy / rotation orchestration)
Native
Varies
Not focus
Native
Secure Ingress & Access
PQC at ingress (PQC-TLS termination + PQC-signed JWT access control)
Native
Partial
Native
Not focus
Signature-verified ingestion (documents/events include PQC signatures + provenance)
Native
Varies
Not focus
Partial
Confidential Compute & Encrypted Operations
Confidential compute / enclave orchestration + attestation
Native
Varies
Not focus
Not focus
Searchable encryption controls (SSE tokens; encrypted-only search/indexing gate)
Native
Not focus
Not focus
Not focus
Policy & Authorization
Tenant crypto policy enforcement (PQC required / hybrid required)
Native
Not focus
Varies
Partial
Policy engine (create policies + evaluate requests) + capability tokens
Native
Varies
Partial
Not focus
Audit, Evidence & Monitoring
Evidence-grade audit trail (signed ingestion + security envelope)
Native
Varies
Partial
Partial
Tamper-evident audit chain (hash-chained events + commitment signatures)
Native
Not focus
Not focus
Not focus
Incident Response & Automation
Automated remediation actions (block / rate-limit / quarantine / revoke session)
Native
Varies
Partial
Not focus
NativeCore product capability
PartialSupported, but not end-to-end
VariesCapability depends on vendor / SKU
Not focusNot their primary product focus
Sources (public)

Competitor Landscape

Cloud Providers

Cloud providers are rolling out PQC primarily through primitives (KMS, certificates, TLS endpoints) and managed services. This lowers the barrier to adoption, but customers still assemble end-to-end enforcement across ingress, policy, audit evidence, storage/search workflows, and incident automation.

Examples

  • PQC primitives in KMS / secrets / certificate services and selected TLS endpoints
  • Broad managed service catalogs (storage, search, AI) with varying security/enforcement cohesion
  • Identity + policy products exist, but cross-service, evidence-grade enforcement is usually an integration project

Strengths

  • Global footprint, managed services, and operational maturity
  • PQC exposure through standard interfaces (TLS, KMS) accelerates early adoption
  • Compliance programs and enterprise procurement pathways

Gaps

  • Often focused on primitives rather than end-to-end tenant policy + audit evidence
  • Customers still stitch together ingress enforcement, signed ingestion, retention, and incident automation
  • Consistency across services varies; strong outcomes often require additional control-plane buildout

Security Tools

Security tools deliver best-in-class point capabilities (vaults, PAM, edge access, SIEM/SOAR). They can be critical building blocks, but the end-to-end outcome (tenant policy, capability enforcement, signed audit evidence, and secure data workflows) is usually assembled across multiple vendors and systems.

Examples

  • Vaults / PAM for secrets and credential rotation
  • Edge access + WAF/Zero Trust posture controls
  • SIEM/SOAR for monitoring and response automation

Strengths

  • Mature deployments for identity/edge/PAM use cases
  • Good fit for incremental adoption (swap one control at a time)
  • Broad ecosystem integrations

Gaps

  • Often focused on one layer rather than cross-service, tenant-scoped enforcement
  • Doesn’t typically unify storage/search/AI workflows under a single policy + capability model
  • Audit evidence exists, but it’s rarely delivered as a single, tamper-evident platform trail

PQC Tooling

PQC tooling vendors focus on crypto-agility and migration readiness (PKI lifecycle, discovery, HSM options, and PQC primitives). They can accelerate planning and rotation, but typically don’t deliver the full platform surface: secure ingress + signed ingestion, per-tenant policy enforcement, evidence-grade audit, and secure data workflows.

Examples

  • Crypto posture / inventory + certificate lifecycle automation
  • Hardware-backed key protection options and PQC primitives
  • Rotation orchestration for PKI and machine identity surfaces

Strengths

  • Deep cryptographic specialization and migration readiness tooling
  • Helpful for inventory, policy design, and lifecycle automation at scale

Gaps

  • Usually not a full stack for tenants, audit trails, storage/search workflows, or billing/metering
  • Integration and operational ownership remains with the customer or SI

Developer platform

Build with quantum-secure infrastructure

TypeScript SDKs and REST APIs (OpenAPI). Free for all tiers. Get started in 5 minutes.

1

Sign up free

Create your account at cloud.qnsp.cuilabs.io and provision your tenant in minutes

2

Install SDK

SDK install and usage instructions are provided in the documentation portal

3

Upload your first document

Use QNSP APIs to upload documents with quantum-secure encryption

4

Build your app

Integrate QNSP into your application with full PQC protection

Available SDK packages

@qnsp/storage-sdkAvailable

Document upload/download, lifecycle management, compliance controls

@qnsp/search-sdkAvailable

Full-text search, vector similarity, SSE token generation

@qnsp/ai-sdkAvailable

AI workload orchestration, enclave management, GPU scheduling

@qnsp/auth-sdkAvailable

Authentication, FIDO2 passkeys, Personal Access Tokens (PATs), session management

@qnsp/vault-sdkAvailable

Secrets management, credential storage, break-glass access

@qnsp/tenant-sdkAvailable

Tenant management, subscription, metadata operations

@qnsp/billing-sdkAvailable

Invoice management, usage tracking, payment processing

@qnsp/access-control-sdkAvailable

Policy management, capability tokens, authorization flows

@qnsp/audit-sdkAvailable

Audit log querying, compliance reporting, event retrieval

@qnsp/kms-clientAvailable

PQC envelope encryption client, BYOK workflows, signing helpers

@qnsp/crypto-inventory-sdkAvailable

Crypto asset discovery, PQC migration tracking, inventory management

SDK access and install guidance is provided in the documentation portal.

Use cases

Real workloads, developer stories, and why now

Reference architectures, production patterns, and external standards show how QNSP lands in AI labs, gov clouds, and zero-trust programs.

Real workloads

Universal Free Forever Access

QNSP Cloud stays free forever for everyone—from individual users to global enterprises—starting with PQC storage and the full developer toolkit (11 SDK/client packages), with 5GB storage plus 2,000 API calls monthly.

Kick off proofs of concept or production pilots immediately without credit cards, procurement reviews, or contracts.

Sovereign AI labs

Encrypted model training pipelines in customer-controlled sovereign cloud/VPC/on-prem environments, with GPU enclave orchestration and PQC-signed inference APIs.

Zero plaintext exposure of training sets while holding <5% latency overhead.

Defense & intelligence

Customer-controlled private or air-gapped deployments with offline signing, distributed edge routing, tamper-evident audit flows.

Sub-10s revocation SLAs and deterministic mission replay.

Regulated finance

Quantum-safe document vaults, searchable encryption, automated retention + legal hold APIs.

PQC compliance with immediate regulator reporting via audit service webhooks.

Healthcare & life sciences

PHI-safe storage, secure collaboration, PQC-authenticated research data exchanges.

Meets HIPAA + GDPR residency through data-layer policying.

Developer stories

LegalTech contract management

Store thousands of contracts with long-term retention, search across clauses, and run AI contract analysis with immutable audit trails.

Unified storage + search + AI workflows with compliance-grade evidence and legal holds.

Healthcare patient record systems

Protect PHI with encrypted storage, HIPAA-aligned audit trails, and secure search across records with de-identification controls.

Retention, legal holds, and tenant isolation built into the platform primitives.

Investment & broker-dealer archives

WORM-style retention policies, immutable audit trails, and searchable encryption for investment documents and compliance reporting.

Regulator-ready retention and audit workflows without bespoke infrastructure.

Multi-tenant B2B document platform

Self-serve onboarding, tenant-isolated storage and search, and usage metering for billing across thousands of customer workspaces.

Ship faster by outsourcing encryption, compliance controls, and tenant isolation.

EdTech secure LMS

Securely store coursework and student submissions with privacy-safe search and long retention windows for transcripts and records.

FERPA-aligned handling through classification, retention, and tenant isolation patterns.

GovTech public records management

Manage public records with controlled access, immutable audit logs, and retention policies aligned to FOIA-style workflows.

Tamper-evident audit trails with policy-driven storage and selective indexing.

Why now

NIST post-quantum cryptography standards

NIST finalized FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA), encouraging organizations to begin transitioning.

Read reference →

Confidential computing for secure AI pipelines

Trusted execution environments (TEEs) protect data, models, and computations across preprocessing, training, and inference with attestation-based verification.

Read reference →

Engage

Talk to CUI Labs about QNSP

QNSP Cloud is currently in Technical Preview.

We’re working with a limited number of teams on early access, technical evaluations, and structured pilots across QNSP Cloud, private/VPC deployments, and partner-delivered on-prem environments.

Early Access & Enterprise Inquiries

Email contact@cuilabs.io to request preview access or discuss enterprise, government, and partner programs.

For fastest routing, include:

  • Intended workload (data, AI, identity, search, etc.)
  • Deployment model (cloud, private/VPC, sovereign)
  • Data residency or compliance requirements
  • Post-quantum cryptography scope

Private, sovereign, and air-gapped deployments are delivered into customer-controlled environments and operated under customer or partner governance.

Explore QNSP Platform Capabilities

Explore the platform architecture, APIs, and developer documentation while we prepare for the Technical Preview.