Model Hub
Browse PQC-verified AI models, datasets, and tools
ML-DSA authenticated transport layer for Model Context Protocol (MCP) servers. Quantum-resistant agent-to-tool connections with per-call signing and session-level mutual authentication. Open source, 29 tests passing.
Sign and verify RAG document chunks with ML-DSA at ingestion and retrieval time. Prevents vector database poisoning attacks on enterprise RAG pipelines. Open source, 43 tests passing.
GitHub Action + CLI that scans code for classical cryptography (RSA, ECDSA, ECDH, DH, Ed25519, MD5, SHA-1) and suggests PQC replacements. Supports Python, JavaScript, Go, Rust, Java, C/C++. SARIF output for GitHub code scanning. Open source, 43 tests passing.
PQC-native C2PA-compatible content provenance for AI outputs. Sign every LLM/image/audio output with ML-DSA so its origin and chain-of-custody remain verifiable after quantum computers exist. Includes pluggable assertions (AI-generated, training data, usage licensing). 34 tests passing.
Quantum-resistant credential vault for AI agents. ML-KEM-768 key encapsulation, AES-256-GCM at rest, PBKDF2-SHA256 KDF, ML-DSA-signed audit log. Drop-in integrations for LangChain, AutoGen, CrewAI via secret provider and os.getenv shim. 40 tests passing.
PQC-signed AI Model Bill of Materials. Cryptographically enumerate every model component (weights, training data, fine-tuning, RLHF, quantization, evals) with quantum-safe ML-DSA signatures. SPDX-2.3 export/import. Diff utility for model version audits. 28 tests passing.
Merkle-tree commitments for AI training datasets using SHA3-256 + ML-DSA. Prove what a model was trained on without revealing the data. Inclusion proofs are O(log n) and publicly verifiable. Survives the quantum transition for the 15-20 year shelf life of training data. 29 tests passing.
PQC-signed hypervisor memory attestation framework for AI workloads. ML-DSA signed claims about memory region state, drift detection, pluggable backends for AMD SEV-SNP and Intel TDX. Protects model weights and activations on shared cloud infrastructure. 26 tests passing.
PQC-signed load gate for eBPF programs on AI inference servers. ML-DSA signatures over bytecode, pluggable LoadPolicy with allow-listed signers and size caps, append-only audit log. CLI (pqc-bpf sign/verify/info) for DevOps integration. 31 tests passing.
PQC-hardened framework for encrypted CPU-GPU tensor transfers and driver attestation. ML-KEM-768 channel keys, AES-256-GCM per-transfer encryption with AAD binding, ML-DSA signed driver attestations. Pluggable CUDA/ROCm backends. 24 tests passing.
PQC-native signed-boot framework for AI appliances. ML-DSA-65 firmware signatures, TPM-style measured-boot PCR chain, update-chain with rollback protection, manufacturer key-ring with revocation. Fork U-Boot/GRUB/coreboot to integrate. 31 tests passing.
PQC-native per-tenant KV cache encryption for multi-tenant LLM inference. ML-KEM-768 derived session keys, AES-256-GCM per-entry encryption, strict tenant isolation enforcement, automatic key rotation by entry count or time. Protects against cross-tenant side-channel reads. 34 tests passing.
Immutable filesystem-level audit log for AI inference events. SHA3-256 Merkle segments with ML-DSA-65 signed headers, cross-segment hash chain, O(log n) inclusion proofs, filesystem immutability guards. EU AI Act Article 12 compliance ready. 37 tests passing.