AEGIS is not a monitoring layer. It is an autonomous attestation engine that probes, signs, and anchors evidence for 158 controls across 12 regulatory frameworks — without a human hand on the evidence chain. The system produces the bundle your auditor reads.
Conventional compliance tools scan your infrastructure. They observe. They alert when something looks wrong. But they do not sign anything, anchor anything, or produce machine-verifiable evidence of the control state at a given moment in time. That gap between observation and attestation is where audits become expensive.
Each control traverses a five-stage pipeline. The pipeline runs on STM32N6 (Arm Cortex-M33, hardware AES-256). Typical latency is 6.5 ms from probe initiation to signed envelope ready for export.
When your auditor reviews AEGIS evidence, they are reading outputs that the system signed — not notes that a human assembled from screenshots. The SHA3-256 digest binds the evidence to the control state at the moment of probing. The Ed25519 and ML-DSA-65 signatures prove that the digest has not changed since the system produced it. The Base L2 anchor produces an on-chain timestamp that cannot be backdated. No part of the evidence chain depends on human custody.
{
"control_id": "CC6.1",
"pass": true,
"score": 1.0,
"duration_ms":6.53,
"sha3_256": "99f432dd70f9cd54a3b2e1078fdf44c2a73b...",
"ed25519": "3O7pN2XqR1sK9vA...base64-truncated...",
"ml_dsa_65": "MIIBIjANBgkqh...base64-truncated...",
"anchored_at":"2026-05-08T00:00:00Z",
"chain": "base",
"block": 18447293
}
Vanta, Drata, and Secureframe are monitoring tools. They observe infrastructure state and generate compliance posture dashboards. AEGIS is an attestation engine. The distinction is not marketing — it changes what evidence an auditor can rely on.
| Capability | Vanta / Drata / Secureframe | Hive AEGIS / HIVECOMPLY |
|---|---|---|
| Approach | Continuous monitoring (infrastructure observation) |
Continuous attestation (system signs its own evidence) |
| Evidence format | Compliance posture dashboard; screenshots; human-assembled logs | Machine-signed JSON envelopes with SHA3-256 + Ed25519 + ML-DSA-65 |
| SOC 2 report production | ✕ Human CPA firm produces the report; tool supplies supporting data | ✓ AEGIS-Report produces the auditor-ready evidence bundle; CPA reviews machine output |
| Cryptographic signatures on evidence | ✕ None — logs are unsigned records | ✓ Ed25519 + ML-DSA-65 on every envelope; SHA3-256 integrity digest |
| Post-quantum readiness | ✕ Not offered | ✓ TACHYON ML-DSA-65 (FIPS 204) + SLH-DSA on every signed artifact |
| On-chain anchoring | ✕ Not offered | ✓ AEGIS-Seal anchors bundles on Base L2 with tamper-evident timestamp |
| Frameworks covered | ● SOC 2, ISO 27001, HIPAA, GDPR (broad but shallow) | ✓ 12 frameworks natively: SOC 2, ISO 27001/17/18/701/36, 42001, EU AI Act, GDPR, eIDAS 2.0, NIS2, DORA |
| Cross-framework leverage | ✕ Manual consultant spreadsheet | ✓ 2.32x native — one control implementation satisfies an average 2.32 framework requirements |
| Speed per control | ● Periodic scans (hourly or daily); no real-time audit capability | ✓ 6.5 ms per control via POST /v1/aegis/control/audit |
| Full-fleet scan time | ● Hours for a full evidence collection pass | ✓ 460 ms for all 158 controls |
| Physics-based entropy source | ✕ Not applicable | ✓ MAPET-X: 24-axis physics entropy (terrestrial, quantum optic, subatomic, bio, cosmic, agricultural) |
| Cryptographic deletion proofs | ✕ Not offered | ✓ Signed deletion envelopes via AEGIS-Report; auditable proof that data was erased |
| Swarm-validated entropy provenance | ✕ Not applicable | ✓ T-THRESH consensus across distributed nodes before entropy is admitted to key generation |
| Self-verify with curl | ✕ Proprietary dashboard only; no open inspection endpoint | ✓ curl -s https://hivemorph.onrender.com/v1/aegis/score |
Vanta, Drata, and Secureframe are effective tools for their stated purpose and serve many organizations well. This comparison identifies the structural differences in evidence models, not general product quality. Both approaches require a CPA firm for a formal SOC 2 Type 1 or Type 2 opinion.
AEGIS is composed of seven discrete components, each with a defined responsibility. They share an audit bus and a signing key derived from MAPET-X entropy.
The primary probe runner. Accepts a control identifier via POST /v1/aegis/control/audit, executes the probe against the live system state, captures the pass/fail result, computes the SHA3-256 digest, and hands the envelope to the signing chain. Target latency: 6.5 ms typical, <500 ms hard ceiling.
Executes all 158 controls in a single coordinated pass via POST /v1/aegis/scan. Parallelizes where controls are independent; serializes where causal order matters. Full fleet completes in 460 ms. Results are aggregated into a framework-level matrix.
Computes the weighted composite score across all frameworks. Accessible via GET /v1/aegis/score. The score reflects the current machine-verified and self-attested control states. Current composite: 96.2. 32.9% of controls are machine-verified.
Packages signed envelopes for export via HIVECOMPLY (POST /v1/hivecomply/bundle/export and POST /v1/hivecomply/bundle/verify). Output is a structured JSON archive containing all control results, signatures, and the MAPET-X entropy provenance attestation. The auditor can verify the bundle without accessing internal systems.
Provides bidirectional translation to external governance, risk, and compliance platforms. Ingests external compliance events via POST /v1/hivecomply/event/ingest. Exports in formats compatible with common GRC toolchains. The bridge does not require replacing existing GRC investments.
Tracks score trajectories per framework over time. Surfaces controls that are trending toward failure before they breach threshold. Accessible via GET /v1/aegis/matrix and the HIVECOMPLY framework map. Provides the compliance team with a proactive signal rather than a retrospective alert.
Anchors each signed evidence bundle on Base L2 (EIP-4844 compatible). The on-chain anchor produces an immutable timestamp that no party can backdate. The anchor transaction hash is included in the evidence bundle, giving auditors an independent verification path via the public Base block explorer. Treasury: 0x15184Bf50B3d3F52b60434f8942b7D52F2eB436E.
The cross-framework intelligence layer. Maps each control to every applicable regulation via GET /v1/hivecomply/framework/map and GET /v1/hivecomply/control/status. Computes the 2.32x leverage ratio. Tracks SOC 2 TSC 2017, ISO 27001:2022, ISO 27017, 27018, 27701, 27036, 42001, EU AI Act, GDPR, eIDAS 2.0, NIS2, and DORA in a single unified view.
HIVECOMPLY maps every control implementation to every applicable regulatory requirement. The cross-framework leverage ratio is 2.32x — one implementation satisfies an average of 2.32 framework requirements. Total mapped controls: 158.
All endpoints are live at https://hivemorph.onrender.com. Health checks require no authentication. Audit and scan endpoints require a signed request header. The evidence bundles returned from scan are the same artifacts the auditor reviews.
# Retrieve the live composite score and framework breakdown curl -s https://hivemorph.onrender.com/v1/aegis/score # Audit a single control (CC6.1 — Logical access control) curl -s -X POST https://hivemorph.onrender.com/v1/aegis/control/audit \ -H 'Content-Type: application/json' \ -d '{"control_id":"CC6.1"}' # Retrieve the full control-to-framework matrix curl -s https://hivemorph.onrender.com/v1/aegis/matrix # Export a signed evidence bundle curl -s -X POST https://hivemorph.onrender.com/v1/hivecomply/bundle/export
SOC 2 and ISO 27001 are necessary floors. They define minimum control requirements for security, availability, confidentiality, and privacy. They do not address what happens when classical cryptography breaks, how entropy provenance is validated, or how deletion of data is made cryptographically provable. AEGIS addresses all four gaps by design.
When GDPR Article 17 requires erasure or a customer exercises a right-to-deletion request, AEGIS-Report issues a signed deletion envelope. The envelope contains the SHA3-256 digest of the data identified for erasure, a timestamp, the Ed25519 and ML-DSA-65 signatures over the deletion record, and an on-chain anchor via AEGIS-Seal. The result is a machine-verifiable proof that data was erased — not a human attestation that it was erased. SOC 2 and ISO 27001 require documented deletion procedures. Neither requires cryptographic proof that deletion occurred.
Every control evidence envelope in AEGIS carries an ML-DSA-65 signature (FIPS 204) in addition to the Ed25519 classical signature. ML-DSA-65 is a lattice-based digital signature from the CRYSTALS-Dilithium family, selected by NIST in the post-quantum cryptography standardization process. This means that if classical elliptic-curve cryptography is broken by a sufficiently capable quantum computer, the evidence chain remains intact under the post-quantum signature. SOC 2 and ISO 27001 reference cryptographic controls but do not mandate post-quantum readiness. AEGIS provides it by default, not by configuration.
AEGIS-Seal anchors each evidence bundle to the Base L2 blockchain. The anchor record contains the bundle hash and the block timestamp. The block timestamp is set by the Base network consensus — it cannot be altered by any party, including Hive Civilization. This gives auditors an independent verification path: they can inspect the on-chain record directly via the public Base block explorer and confirm that the evidence bundle existed at the claimed timestamp without relying on Hive Civilization’s servers or records. No SOC 2 or ISO 27001 requirement addresses on-chain timestamping. It is an AEGIS-specific capability.
The cryptographic keys that sign AEGIS evidence envelopes are derived from entropy sourced through MAPET-X — the 24-axis multi-assumption physics entropy infrastructure. MAPET-X collects entropy from terrestrial (gravity, magnetic, seismic), quantum optic (photon arrival, polarization), subatomic (radioactive decay, cosmic muons), bio-hybrid (heart-rate variance, EEG), cosmic (CMB, solar wind), and agricultural (soil microbial conductance) axes. Before any entropy is admitted to the key derivation function, T-THRESH validates it across a distributed swarm of MAPET-X nodes. This consensus requirement means that no single compromised sensor can corrupt the entropy pool. SOC 2 and ISO 27001 address key management broadly. Neither addresses physical entropy provenance or swarm-validated entropy admission.
These four capabilities are not substitutes for a formal SOC 2 Type 1 or Type 2 opinion, an ISO 27001 certification, or any other third-party audit. Cryptographic deletion proofs, post-quantum signatures, on-chain anchors, and swarm-validated entropy provenance are engineering mechanisms that strengthen the evidence chain — they do not replace the judgment of an independent auditor or certification body. Hive Civilization targets a SOC 2 Type 1 engagement in Q4 2026. The current state is self-attested. See SOC 2 Self-Attested inventory and ISO 27001 Self-Attested inventory for the full control-by-control disclosure.
32.9% of the 158 controls are machine-verified — probed, hashed, and signed by AEGIS with no human involvement. The remaining 67.1% are self-attested: a human reviewed the control, documented the implementation state, and signed the attestation. We do not represent otherwise.
AEGIS probes these controls autonomously. The probe executes against the live system, captures the result, computes a SHA3-256 digest, and signs the envelope with Ed25519 and ML-DSA-65. The score for these controls reflects what the system actually observed, not what a human reported. Controls in this category include: logical access configurations (CC6.x), encryption state of data at rest and in transit, certificate validity, endpoint detection agent status, and infrastructure configuration baselines. Machine-verified controls are re-probed on every scan cycle (460 ms for the full fleet).
These controls require judgment, policy review, or process evaluation that cannot be automated into a binary probe. Examples include: governance controls (CC1.x — commitment to integrity), risk assessment processes (CC3.x), vendor management reviews (ISO 27036), and AI-specific governance items (ISO 42001, EU AI Act). A human reviewed each self-attested control against the applicable criteria, documented the implementation state honestly, and signed the attestation. Self-attested controls are reviewed on a quarterly cycle. The next review is targeted for Q3 2026.
We will not tell you that 96.2 means everything is fully compliant. It means that across all 158 controls mapped to 12 frameworks, the weighted aggregate score as of the last scan is 96.2 out of 100. Some controls are in planned state. Some are partially implemented. The full control-by-control inventory is available at thehiveryiq.com/security/soc2-self-attested/ and thehiveryiq.com/security/iso-27001-self-attested/. We publish the honest state because the alternative — an audit that only shows you the green lights — is not an audit.
Every AEGIS evidence envelope is signed by two algorithms in parallel. The classical path uses Ed25519. The post-quantum path uses ML-DSA-65 from the TACHYON family. Both signatures must verify for the evidence to be accepted. This is the multi-assumption doctrine: secure unless all three assumption families break simultaneously.
ML-DSA-65 (CRYSTALS-Dilithium, FIPS 204) + SLH-DSA (stateless hash-based) + ECDSA are computed in parallel. All three must produce valid signatures. The AEGIS envelope carries ML-DSA-65 + Ed25519 by default; SLH-DSA is available for archival-grade evidence requiring hash-only security assumptions.
Signing keys for AEGIS evidence envelopes are stored in T-VAULT: a post-quantum key vault running on STM32N6 hardware with AES-256 at rest. Key derivation uses MAPET-X entropy after T-THRESH consensus validation. Key rotation occurs without service interruption via T-AGILITY.
As NIST post-quantum standards evolve, T-AGILITY allows the signing algorithm to be rotated without redeployment. The AEGIS envelope format includes an algorithm identifier field. Historical envelopes remain verifiable under the algorithm that produced them; new envelopes use the current default. No evidence is orphaned by algorithm migration.
The full TACHYON architecture — ten products, three assumption families, MAPET-X entropy clustering, and the physics-anchored key derivation chain — is documented at thehiveryiq.com/tachyon/. The multi-assumption doctrine is: a TACHYON-signed artifact is secure unless lattice assumptions, hash-function assumptions, and physics-based entropy assumptions all fail simultaneously. The probability of concurrent failure across all three independent assumption families is the product of their individual failure probabilities.
Every attestation event can be anchored as a Purity receipt via POST /v1/purity/cert/issue. Receipt tiers reflect the durability and propagation depth of the on-chain anchor. Higher tiers propagate to more nodes and carry longer retention guarantees.
| Sphere | Price per receipt | Description |
|---|---|---|
| Whisper | $0.0001 | Minimal on-chain anchor; single-node confirmation; suitable for high-frequency low-value events |
| Echo | $0.0008 | Two-node propagation; standard compliance event logging |
| Cipher | $0.0012 | Three-node propagation with ML-DSA-65 counter-signature on the anchor transaction |
| Thunder | $0.0024 | Five-node propagation; recommended for GDPR deletion proof anchoring |
| Cathedral | $0.0048 | Full-quorum propagation; suitable for control evidence anchoring in regulated industries |
| Constellation | $0.0096 | Cross-chain propagation; long-retention archival anchor for audit artifacts |
| Nebula | $0.0192 | Extended propagation with MAPET-X entropy provenance attestation attached |
| Galaxy | $0.0384 | Full-swarm propagation; SOC 2 Type 2 grade anchoring with T-THRESH validated entropy |
| Genesis | $0.0768 | Maximum tier; all nodes, all chains, full MAPET-X entropy certificate, 7-year retention guarantee |
The compliance dashboard shows the live score, per-framework breakdown, per-control evidence state, and the honest disclosure of what is machine-verified versus self-attested. Every number is sourced from a signed AEGIS envelope.
Every Hive surface signs its own evidence with the same primitives: SHA3-256 canonical hashing, Ed25519 + ML-DSA-65 dual signatures, and a published Merkle Mountain Range root. The receipt is the audit evidence. The envelope is the universal generalization — every transaction, every framework, every surface.