BenchmarksStack Ranking
H33-128H33-CKKSH33-256H33-FHE-IQH33-TFHEFHE OverviewH33-CompileZK LookupsBiometricsH33-3-KeyH33-MPCZKP-AIRPQC ArchitecturePQ VideoStorage EncryptionAI DetectionEncrypted Search
APIsPricingDocsWhite PaperTokenBlogAboutSecurity Demo
Log InGet API Key
OPEN STANDARD CONTINUOUS POST-QUANTUM

Protect sensitive data.
Prove it mathematically.

Know—at any moment—whether sensitive data was exposed. Or prove that it wasn’t.

HATS continuously attests whether sensitive data is protected from external threats and internal exposure. The proof is cryptographic. The verification is independent. The math is the authority.

Because sensitive data is never exposed in plaintext, it remains protected—even during processing by AI systems or automated agents.

HATS is an open technical standard for continuous attestation of system control state and data exposure.

Certification under HATS provides independently verifiable evidence that a system satisfies defined controls — continuously, not periodically.

HATS attests two categories of risk—everything that leads to data exposure falls into one of these:

External Threats

  • Breach attempts and lateral movement
  • Data exfiltration and interception
  • Supply chain compromise
  • Credential stuffing and brute force
  • Zero-day exploitation detection and response state

Internal Exposure

  • Misconfiguration and control drift
  • Privilege creep and unauthorized access
  • Insider threat and data mishandling
  • Shadow IT and unmanaged endpoints
  • Policy violations and compliance gaps

Properties

Continuous

State is observed continuously. Attestation reflects current reality — not a past audit.

Mathematical

Attestation is cryptographic proof — not a report. A statement that can be verified, not trusted.

Independent

Verification requires no trust in H33 or the operator. The proof stands on its own.

Post-Quantum

Signed across three independent post-quantum families. Breaks only if all fail simultaneously.

Non-Invasive

Observes existing systems. No agents. No data extraction. No plaintext exposure. No infrastructure changes.

Time-Bound

Every attestation is anchored to a specific moment. Events reference verified state — not reconstructed history.

What Changes

This replaces trust-based reporting with verifiable truth. The question changes from “what was reported” to “what can be proven.”

Without HATS

  • Controls self-reported on questionnaires
  • Compliance verified annually or quarterly
  • Drift undetected between audit cycles
  • Evidence is documentary, not mathematical
  • Disputes rely on after-the-fact reconstruction
  • Trust required in the reporting organization

With HATS

  • Controls observed and attested continuously
  • Conformance verified in real time
  • Drift detected and recorded immediately
  • Evidence is cryptographic proof
  • Verified state available at time of event
  • Trust the math, not the organization

How HATS Works

1

Connect

HATS integrates with existing security controls — IAM, EDR, SIEM, cloud configuration, access management. No new agents. Authorization through existing tools and workflows.

2

Observe

Control state is continuously observed against HATS-defined controls. Each observation recorded with timestamp, scope, and measurement. Deviations trigger immediate attestation updates.

3

Attest

Observations are compiled into a cryptographic attestation — STARK proof of evaluation, post-quantum signed, time-bound. The result is a verifiable fact.

4

Verify

Any third party can independently verify the attestation. Auditors, regulators, insurers, partners, customers. No API calls to H33. No trust required. The proof verifies itself.

Attestation Structure

Each attestation is secured by three independent mathematical assumptions:

STARK PROOF SHA3-256 hash-based proof of correct control evaluation. Computation integrity without trusted setup.
ML-DSA-65 NIST FIPS 204 lattice signature. MLWE hardness assumption.
FALCON-512 NTRU lattice signature. Independent mathematical assumption from ML-DSA.
SLH-DSA-128f Stateless hash-based signature (SPHINCS+). Minimal assumption: hash function security only.

Three independent hardness assumptions. Breaks only if all three independent mathematical assumptions fail simultaneously.

What HATS Does Not Do

NO Does not make underwriting, pricing, or claims decisions
NO Does not guarantee security or prevent breaches
NO Does not access or store sensitive data
NO Does not replace existing security controls
NO Does not determine regulatory compliance or satisfy regulatory requirements

H33 Standards

You are here

HATS

Continuous attestation of control state and data exposure. Mathematical proof. Independent verification.

Code Scoring

HICS

Independent code scoring across five security dimensions. STARK-proven results. Runs locally. No data leaves your machine.
Request Certification HICS Standard Documentation

Trust is optional. Verification is not.

HATS certification provides independently verifiable evidence that a system satisfies defined controls. Certification does not guarantee the absence of security incidents. It provides mathematical proof that defined controls are operating as declared at the time of attestation. Terms.