kxco.ai

KXCO — Post-quantum Infrastructure for corporates, institutions and AI agents.

Every signature is ML-DSA-65 and permanently recorded on a live blockchain. Quantum identity and credentials that don't depend on trusting a central party. Built for systems that need to survive quantum computers.

See live infrastructure  → Talk to the team  →
Scroll
The Real Problem

The cryptographic foundation of
current systems has a documented,
time-bound vulnerability.

RSA and ECDSA — the algorithms securing global financial infrastructure, government systems, and most production blockchain networks — are broken by Shor's algorithm on a sufficiently capable quantum computer. That capability is not yet available at scale. The threat, however, is active now: nation-state actors are collecting encrypted data with the stated intention of decrypting it once quantum capability becomes available. NIST, the G7, and the NSA have each published formal migration obligations and timelines. Institutions that begin migration during this period complete it on their own terms. Those that wait face an emergency transition under regulatory pressure.

2024
Standards ratified. NIST publishes FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA) as final standards. The post-quantum cryptographic baseline is settled. Migration from RSA and ECDSA is now a defined compliance obligation, not a research recommendation.
Jan 2026
G7 mandate published. The G7 Cyber Expert Group issues a formal migration roadmap. Financial sector infrastructure is identified as a priority category. Institutions with exposure to long-lived data or multi-year contractual obligations are directly in scope.
2029
US federal deadline. Federal systems are required to complete post-quantum migration. Regulatory enforcement begins. Financial institutions without quantum-safe infrastructure face compliance exposure for the first time.
2030–31
Estimated quantum window opens. Current projections place cryptographically relevant quantum computation in this range. Harvest-now-decrypt-later attacks using data collected from 2024 onward become viable. Systems that have not completed migration at this point face an active threat, not a future one.
What KXCO Delivers

Four foundational capabilities,
each independently verifiable.

01
ML-DSA-65 signatures on every operation, permanently recorded on-chain

Every operation across KXCO infrastructure — identity issuance, credential verification, document signing, API transactions — is signed with NIST FIPS 204 (ML-DSA-65) and anchored to Armature L1. The record is immutable and independently auditable by any third party. There is no dependency on a KXCO-controlled server remaining accessible to verify any prior operation.

02
On-chain identity and credentials with no centralised trust dependency

KXCO issues institution and agent credentials directly on Armature L1. An institution's identity is its ML-DSA-65 key pair, anchored on-chain at registration. Verification requires no KXCO-controlled server. Any party can independently verify any credential, at any time, without KXCO's involvement.

03
Deployment attestations and quantum vulnerability scanning for hosted infrastructure

PQC Host deploys code from GitHub and issues an ML-DSA-65 attestation for every build, anchored to Armature L1 at the moment of deployment. KXCO Bastion scans code dependencies, configuration files, and infrastructure for quantum-vulnerable algorithms and produces structured reports suitable for compliance review and audit submission.

04
Post-quantum document signing and on-chain verification for institutional deployment

KXCO Sign provides ML-DSA-65 document signing with on-chain verification records — a quantum-resistant replacement for classical signing workflows where audit trails must remain valid over long time horizons. KXCO Verified issues on-chain verification badges that any counterparty can independently check against Armature L1, with no requirement to trust KXCO as an intermediary.

Live Capabilities

Operational infrastructure.
Available today.

Capability Description Status
Armature L1 ↗
Private permissioned blockchain. Hyperledger Besu 26.4.0, QBFT proof-of-authority, Chain ID 1111. ML-DSA-65 signatures on all transactions by architecture. Live block explorer and public RPC at chain.kxco.ai. All KXCO products run on this network.
 Live
PQC Hosting ↗
Deploys code from a connected GitHub repository with an ML-DSA-65 build attestation anchored to Armature L1 at each deployment. Every build record is permanently on-chain and verifiable without KXCO's involvement. API-accessible for integration with CI/CD pipelines.
 Live
Bastion ↗
Quantum vulnerability scanner for code and infrastructure. Identifies quantum-vulnerable algorithms across multiple language ecosystems, configuration files, container definitions, and TLS endpoints. Produces structured reports for compliance and audit purposes. Integrates with CI/CD pipelines.
 Live
KXCO Sign ↗
Post-quantum document signing platform. Every signature is ML-DSA-65, with on-chain verification records anchored to Armature L1. Provides a quantum-resistant audit trail for agreements and documents with long-dated validity requirements.
 Live
KXCO Verified ↗
On-chain verification badges for domains and institutions. Identity is registered on Armature L1. The badge queries the chain directly. Any relying party can independently verify the registration without trusting KXCO as an intermediary or querying a KXCO-controlled API.
 Live
In Beta

In active development.

White-label banking & exchange infrastructure
KnightsVault

Post-quantum white-label banking and exchange infrastructure for licensed financial institutions. Institutions deploy KnightsVault under their own brand — account infrastructure, card issuance via Thredd, stablecoin operations, and exchange functionality — running natively on Armature L1 with ML-DSA-65 signing on all operations. KXCO provides the software layer. The operating institution holds the relevant licences.

Beta
Built For

Three principal categories
of deployment.

Corporates
Organisations with long-dated contracts and audit obligations

Legal agreements, supply chain records, and financial commitments are routinely expected to remain valid for decades. A document signed today under RSA or ECDSA may be exposed before the obligation it covers has run its course. KXCO provides ML-DSA-65 signing for documents, transactions, and audit records that are required to remain secure over multi-year time horizons.

Licensed Institutions
Regulated entities under formal migration mandates

The G7 Cyber Expert Group, NIST, and NSA have each published transition timelines. For financial institutions, post-quantum migration is a defined compliance event with a regulatory deadline, not a discretionary technology upgrade. KXCO provides infrastructure that satisfies current and anticipated migration requirements without requiring full replacement of existing systems.

AI Agents
Autonomous systems that require verifiable, trustless identity

An AI agent transacting on behalf of an organisation requires an identity that is cryptographically verifiable without relying on a central database, credentials that any counterparty can check independently, and an immutable record of every action taken. KXCO issues ML-DSA-65 agent credentials anchored on Armature L1. The agent's identity is a fact on the chain, checkable by any party at any time.

Proof

Why institutions
can rely on this.

The following signals are independently verifiable. None of them require taking KXCO's word for it.

Live Infrastructure
Armature L1 is a live, operating blockchain. The block explorer at chain.kxco.ai is publicly accessible. Every KXCO operation is recorded on-chain and independently auditable — not dependent on KXCO's servers remaining available.
NIST Standards
All cryptographic operations implement NIST FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA) — the ratified post-quantum standards published in 2024. These are not proprietary or experimental algorithms. They are the international baseline to which regulated institutions will be required to migrate.
Regulatory Alignment
KXCO's cryptographic baseline directly addresses the migration obligations in the G7 Cyber Expert Group's January 2026 roadmap and the NIST transition guidance applicable to financial sector infrastructure. Institutions deploying KXCO are building on a compliant foundation, not retrofitting one.
Open-source Foundation
The core ML-DSA-65 and ML-KEM-768 implementations used in production are published as open-source libraries. Institutions can independently audit the cryptographic code before integrating or deploying. Source is available on request and via public package registries.
Leadership
Founded by Shayne Heffernan Ph.D. — 40 years in global capital markets, Knightsbridge Group. Advisory board includes senior practitioners from BlackRock, Fidelity Investments, DTCC, Bear Stearns, and Capgemini. Full team and corporate information at kxco.ai/corporate.
Work With KXCO
Discuss your requirements
with the KXCO team.

Whether you are assessing post-quantum migration risk, evaluating infrastructure for a regulated deployment, or building systems that require verifiable AI agent identity — the conversation starts here.

Talk to the team  →