EVENT HORIZON // SECURITY BOUNDARY

NOTHING LEAVES
WITHOUT PROOF.

The security promise is architectural and testable: verified identity, least privilege, ciphertext storage, proof-gated egress and founder-controlled promotion. Absolute immunity is not a property honest engineering can guarantee.
01

Authenticated passage

Identity is derived server-side from the hosting authentication boundary and HMAC-bound to a protected secret.

02

Recipient-bound matter

Vault capsules use fresh-nonce AES-256-GCM and bind ciphertext to the intended recipient scope.

03

Proof-gated release

Exact digests and named checks must close before a verified result is labelled for Quasar Return.

PRIVATE CORE

A downloaded cell is not the Singularity Core

Device cells may contain only the signed runtime and model artefacts required for that bounded capability. Proprietary scheduler and optimisation logic, private equations, policy authority, evaluation corpus, founder credentials, release signing keys and Company-trained private adapters remain behind the server-side control plane.

NODE CONTROL

Signed, expiring, revocable envelopes

The target distribution model uses versioned manifests, integrity verification, expiry and revocation. Client-visible code can be inspected; AVORBYSS does not make the impossible claim that software delivered to another device cannot be copied or analysed.

INCIDENTS

Contain, preserve, report lawfully

Suspected attacks are isolated, rate-limited and evidenced. AVORBYSS does not retaliate or damage external systems. Do not probe the live service without written authorisation; a public vulnerability-reporting and safe-harbour channel remains a paid-launch gate.

ROADMAP

The rings still being forged

Independent penetration testing, threshold-signed epochs, confidential-compute attestation, multi-cloud erasure shards, audited post-quantum migration, node-envelope signing and an external transparency witness remain explicit readiness gates—not hidden claims.