If you strip away the branding, almost every "trust" company in the market is selling one of four things: cryptography, a blockchain, an AI model, or a compliance workflow. KXCO sells none of them as a standalone product. We treat quantum-grade cryptography, a shared record, machine judgment, and live regulation as the four primitives of a single machine whose only job is to answer a deceptively hard question: is this real?
This piece is the technical, unabridged version of that idea. It is written for engineers, architects, and technically-minded decision-makers who want to see the seams — the algorithms, the network parameters, the data model, and the exact product that makes each claim true. Where a number changes over time (block height, validator count), we point you at the live explorer rather than freezing a figure on a page. Where we cannot yet prove something, we say so.
KXCO is reality infrastructure: a common, verifiable layer beneath identity, ownership, authority, and history that both people and machines can rely on without having to trust each other's records — or ours.
How to read this. The piece is linear but the sections are self-contained. If you are here for the cryptography, jump to Trust; for the network, Record; for agents, Judgment; for the data model that unifies them, the ontology. If you are evaluating rather than building, the worked examples and the honest-claims section are the fastest route to a decision. Throughout, a link takes you to the live product or the open-source package that makes each claim checkable — the intent is that you can verify every assertion here without taking our word for it, which is, after all, the entire premise.
01The problem: the digital world runs on fragmented truth
Today's digital economy does not have a shared model of reality. It has millions of private ones. Every bank keeps its own ledger. Every registry keeps its own definition of ownership. Every platform keeps its own copy of who you are, what you are allowed to do, and what you have done. These copies rarely agree, and there is no neutral place to reconcile them.
Humans paper over this with judgment. When a signature looks wrong, a person picks up the phone. When a document seems forged, a lawyer asks for the original. When a counterparty feels risky, an underwriter leans on reputation and context. It is slow and expensive, but it works — because a human can fall back on discretion when the data is ambiguous.
Machines cannot do this. An AI agent has no judgment to fall back on. It cannot "get a feel" for whether a credential is genuine or call a bank to confirm a wire. It needs an answer that is structured (a machine can parse it), verifiable (a machine can check it without asking a human), and universal (every other system will compute the same answer). Absent that, an AI-participant economy is just the old fragmented mess running faster — and failing faster.
This is the gap KXCO exists to close. Not a faster database. Not a better login. A layer where a claim about the world can be proven rather than asserted, by anyone, in a way that survives both a dishonest counterparty and a future quantum computer.
A human can call the bank to confirm a signature. An AI agent cannot. It needs cryptographic proof — the way a network needs a protocol before it can carry traffic.
Two deadlines, colliding
What makes this the problem of the decade rather than a slow-burning nice-to-have is that two independent trends are arriving at the same time, and they compound each other.
The first is AI as an economic actor. Agents are moving from answering questions to taking actions — negotiating, transacting, verifying, and acting on behalf of people and institutions. Each one of those actions needs to be authenticated, authorised, and accountable, at machine speed and machine volume, with no human available to vouch for it. The infrastructure that was tolerable when a human was always in the loop becomes the bottleneck — and the attack surface — the moment the human steps out.
The second is the quantum deadline. The cryptography that currently underwrites every one of those authentications has a published expiry date (see the timeline in section 03). "Harvest now, decrypt later" means the exposure is already live: anything signed or encrypted today with classical cryptography, that must remain valid for years, is being recorded now to be broken later.
Put them together and the picture is stark. Just as machines are about to generate an explosion of consequential, autonomous actions, the cryptographic foundation those actions rely on is scheduled to fail. Building the AI-participant economy on classical cryptography is building on a foundation with a demolition date already on the calendar. KXCO's bet is that the only sane thing to do is lay the post-quantum, verifiable foundation first — before the volume of machine actions makes retrofitting impossible.
02Four primitives, one system
The mistake almost everyone makes is to treat quantum, blockchain, AI, and regulation as four separate purchases from four separate vendors. KXCO's core design decision is to treat them as four primitives of one system, each answering a different half-question about reality:
- Trust (the quantum layer) — the mathematics that makes a claim unforgeable, and keeps it unforgeable even against an adversary with a quantum computer. This is post-quantum cryptography, standardised by NIST as FIPS 203/204/205.
- Judgment (the AI layer) — the intelligence that reads, screens, scores, and interprets. It turns a pile of verified facts into a decision, and it flags contradictions a human would otherwise miss.
- Record (the blockchain layer) — the shared, tamper-evident memory that anyone can check without a referee. This is Armature L1.
- Permission (the regulation layer) — what is allowed, by whom, and where. KXCO makes this a first-class, live, cited part of the system rather than an assumption baked in at build time and forgotten.
The rule that binds them is what we call the four-agreement rule: nothing is real until trust, judgment, record, and permission all hold at once. A signature that is cryptographically valid (trust) but violates a jurisdiction's rules (permission) is not a valid action. A permitted action that was never recorded (record) cannot be relied upon later. A recorded action that no intelligence has screened (judgment) may be laundering a contradiction nobody noticed. Only when all four align is a claim treated as real.
The integration tax nobody prices in
Suppose you tried to assemble this yourself from best-of-breed vendors: a post-quantum cryptography library from one, a blockchain from another, an AI platform from a third, a compliance-rules engine from a fourth. Each is excellent in isolation. The problem is the seams. Your identity system does not know what your chain considers final. Your AI screens data your signature layer never validated. Your compliance rules encode a jurisdiction snapshot that drifts out of date while the other three components evolve. The cost of a four-vendor stack is not four licences — it is the permanent, load-bearing glue code that has to keep four independently-versioned world-models agreeing, and the silent failures that happen when they don't.
That glue is where trust quietly leaks. A verification that "passes" because two systems disagreed about what was being verified is worse than no verification, because it looks like assurance. KXCO's answer is to make the four primitives share one model of reality — the ontology — so that "who this is," "what happened," "what it's worth," and "what's allowed" are not four answers stitched together after the fact, but four views of the same underlying object. The integration is not a project you run; it is the product.
The sections that follow take each primitive in turn: what it is technically, why it is hard, and which live KXCO product realises it. Then we show how the four compose into a single data model — the ontology — and walk one transaction end to end.
03Trust — the quantum layer
Every guarantee in the system ultimately rests on a signature: a piece of mathematics that says this exact data was authorised by the holder of this exact key, and has not been altered since. If that signature can be forged, nothing above it means anything. So the first question is not "which blockchain" or "which AI model" — it is "how long will the signatures survive?"
Why "post-quantum" is not marketing
The digital signatures that secure most of the internet today — RSA and elliptic-curve schemes like ECDSA — are safe only because certain maths problems (factoring large integers, computing discrete logarithms) are infeasible for classical computers. A sufficiently large, fault-tolerant quantum computer running Shor's algorithm breaks all of them. Not weakens — breaks. A forged signature becomes indistinguishable from a real one.
Two facts make this urgent rather than academic:
- "Harvest now, decrypt later" is happening today. An adversary does not need a quantum computer now to benefit. They can record encrypted traffic and signed records today and break them the day the hardware arrives. Anything that must stay confidential or verifiable for a decade — a mortgage, a medical record, a treaty, a corporate signature — is already exposed.
- The migration is now a defined obligation. In August 2024, NIST finalised the first post-quantum standards. Under current US guidance, RSA and ECDSA are slated for deprecation around 2030 and disallowal by 2035, with federal systems required to complete migration. This is a scheduled, calendared transition — not a hypothetical.
What KXCO actually runs
KXCO does not ship a research prototype. Every algorithm below is NIST-standardised and in production across the platform:
| Algorithm | Standard | Role in the system |
|---|---|---|
| ML-DSA-65 | FIPS 204 | Digital signatures on every action (formerly CRYSTALS-Dilithium) |
| ML-KEM-768 | FIPS 203 | Key encapsulation / encryption (formerly CRYSTALS-Kyber) |
| SLH-DSA | FIPS 205 | Stateless hash-based signatures, available for long-horizon use |
| AES-256-GCM | SP 800-38D | Symmetric encryption of payloads at rest and in transit |
| Hybrid PQ TLS | — | Classical + post-quantum key exchange for connections |
The default signing scheme is ML-DSA-65, a lattice-based scheme at NIST security Category 3 — a deliberate balance of security margin against signature and key size. We are precise about the ceiling of that claim: KXCO states compliance with NIST FIPS 203/204/205. It does not claim compliance with the NSA's CNSA 2.0 suite, which mandates the Category 5 parameter sets (ML-DSA-87, ML-KEM-1024). Conflating the two is a common and misleading overclaim; we don't make it.
Transport uses hybrid key exchange — a classical curve and a post-quantum KEM together — so a break in either one alone does not expose the channel. This is the same conservative posture major browsers and cloud providers are adopting: you get post-quantum protection without betting everything on cryptography that is newer than the classical schemes it augments.
A note on the maths, and why the numbers are bigger
ML-DSA and ML-KEM are lattice-based. Their security rests on the hardness of problems over structured lattices — Module Learning-With-Errors and Module Short-Integer-Solution — for which no efficient quantum algorithm is known, unlike factoring and discrete logs, which Shor's algorithm dispatches. That difference in the underlying problem is the entire point: it is why a lattice signature is expected to survive a quantum adversary and an elliptic-curve one is not.
There is an engineering cost, and it is honest to name it. Post-quantum keys and signatures are larger than their classical counterparts — an ML-DSA-65 signature is on the order of a few kilobytes where an ECDSA signature is tens of bytes, and public keys grow similarly. For a page load this is negligible; for a system that signs and stores millions of records, it is a real design parameter that touches storage, bandwidth, and on-chain footprint. KXCO's choice of Category 3 (ML-DSA-65 / ML-KEM-768) rather than the maximal Category 5 sets is precisely this trade: a security margin that comfortably exceeds today's requirements, without paying the larger Category-5 sizes everywhere by default. Where a specific long-horizon artefact justifies it, SLH-DSA (FIPS 205) is available — hash-based signatures whose security rests only on the strength of the hash function, a conservative fallback that makes no lattice assumption at all.
Crypto-agility: the migration is a program, not a flag
The naïve mental model of "going post-quantum" is flipping a switch. The real work is crypto-agility: knowing every place your systems rely on cryptography, being able to change the algorithm without rewriting the application around it, and proving to an auditor that you did. You cannot migrate what you have not inventoried, and most large estates have no accurate inventory — RSA and ECDSA are buried in dependencies, certificates, hardware modules, and code nobody has touched in years.
This is why KXCO pairs the cryptography with discovery. A cryptographic bill of materials (CBOM) — the crypto analogue of a software bill of materials — enumerates which algorithms live where, so migration becomes a tracked program with a start, a burn-down, and evidence at the end. The scanning that produces it is the same capability described under Judgment: Bastion reads the estate and reports the exposure. Agility also explains the hybrid posture above: a system that can run classical and post-quantum side by side can migrate incrementally and roll back safely, rather than betting an entire cutover on a single flag day.
The regulatory clock is calendared
None of this is speculative timing. The migration has published dates, and they are close enough that decade-lived data signed today is already inside the window:
| When | What |
|---|---|
| Aug 2024 | NIST finalises FIPS 203, 204, 205. Post-quantum migration becomes a defined obligation, not a research topic. |
| Jan 2026 | The G7 Cyber Expert Group publishes a post-quantum roadmap (non-binding); the financial sector is named a priority. |
| 2030 | Under US guidance, RSA / ECDSA deprecated; NSA CNSA 2.0 makes quantum-safe signing mandatory for covered systems. |
| 2033 | CNSA 2.0 reaches exclusive use for covered national-security systems. |
| 2035 | US federal systems must complete migration; quantum-vulnerable algorithms disallowed. |
| Today | "Harvest now, decrypt later" collection is active. The clock on confidentiality started before the deadline did. |
The institutions with the most to lose — banks, registries, governments — are also the ones whose records must stay valid the longest. For them, the question is not whether to migrate but how to prove they have, which is exactly the shape of problem KXCO's trust layer is built to answer.
The property that matters most: signatures that outlive the signer
A consumer login can rotate keys weekly; it barely matters if last year's session token is forgeable today. Legal execution is the opposite. A signature on a deed, a bond, or a corporate resolution must remain verifiable for decades, long after the signer, the software, and possibly the company are gone. That is the exact case post-quantum signing is built for, and it is why KXCO's signing product is engineered around durability rather than convenience.
Crucially, verification does not require trusting KXCO. The verifier is open source. Anyone can take a KXCO signature, the signed payload, and the public key, and check them offline with no KXCO server in the loop:
// verify a KXCO post-quantum signature — no KXCO server involved import { verify } from 'kxco-verify' const ok = verify({ payload, // the exact bytes that were signed signature, // ML-DSA-65 signature publicKey, // signer's published public key algorithm: 'ml-dsa-65' }) // ok === true → authentic and unaltered, provable by anyone, forever
The threat model we actually defend against
It is worth being explicit about the adversary, because "quantum" is often waved around without saying what it changes. KXCO's trust layer is designed against three concrete threats, in ascending order of how much of the industry ignores them:
- A dishonest counterparty, today. The most common attack needs no quantum computer at all — it is a party altering a record after the fact and claiming it always said that. Signatures plus an anchored, ordered record defeat this now: the altered version will not match the digest that was anchored, and the anchor is timestamped and immutable.
- A store-and-wait adversary. An attacker who cannot break today's cryptography but can record it — the "harvest now, decrypt later" case. The defence is not to have used breakable cryptography in the first place. Post-quantum signatures and hybrid key exchange mean the harvested material is still safe when the hardware arrives.
- A future quantum adversary. The eventual capability to run Shor's algorithm at scale. Against this, classical signatures offer zero protection — a forgery becomes indistinguishable from an original. This is the one that reclassifies the whole problem from "risk management" to "expiry date," and it is why the migration is calendared rather than optional.
What KXCO deliberately does not claim to defend against is worth stating too: it does not protect a secret key you leak, it does not make a lie true because it was signed, and it does not turn a cryptographic proof into a legal judgment. It makes integrity and authenticity provable. What a court, a regulator, or a counterparty does with that proof is their decision, under their own authority.
The products that make Trust real
That last one, KXCO Sentinel, is worth dwelling on because it is where trust meets the messy reality of an existing estate. You cannot migrate what you cannot see. Bastion scans a codebase and its supply chain for RSA/ECDSA usage, weak TLS, and other quantum-vulnerable cryptography, scores the exposure, proposes post-quantum fixes, and produces a compliance report — then PQC Host signs and records each deployment so the migration itself is provable. We cover its architecture in depth on the Sentinel pillar page.
04Record — the Armature L1 chain
A signature proves who and what. It does not, on its own, prove when or establish an order that no one can quietly rewrite. For that you need a shared, tamper-evident memory — a place where an event, once written, cannot be un-written or reordered without everyone noticing. That is the job of Armature L1, KXCO's settlement layer.
Post-quantum from genesis, not retrofitted
Most chains that talk about "quantum readiness" mean a future upgrade: at some point they intend to add post-quantum signatures. Armature L1 was rebuilt so that every block is post-quantum-attested from block zero. ML-DSA-65 is not bolted on; it is the signing scheme of the genesis chain itself. This matters because the honest version of the "moat" is architectural, not chronological. We do not claim years of quantum-safe history — the post-quantum chain is young, and we will not backdate a record it does not have. What we claim is that there is no pre-quantum era in its history to migrate away from: it starts quantum-safe and stays that way.
As of writing, the public explorer reports:
- · Chain ID 1111111
- · Block time ~2 seconds, deterministic finality
- · Native settlement unit ARMR (not a tradeable cryptocurrency)
- · ML-DSA-65 attested blocks; ML-KEM-768 + SLH-DSA available
Block height and the validator set change continuously — read the authoritative values at chain.kxco.ai before you integrate. We deliberately do not freeze those numbers on this page.
Standard tooling, unusual guarantees
Armature exposes a standard EVM-compatible JSON-RPC interface. If you have ever pointed a wallet, an indexer, or a deployment script at an Ethereum-style endpoint, you already know how to talk to it. You keep your tools; you gain post-quantum settlement and roughly two-second deterministic finality — no probabilistic "wait for N confirmations" guessing about whether a transaction will be reorged away.
ARMR, the native unit, is a settlement token: it meters and finalises activity on the network. It is deliberately not positioned as a tradeable cryptocurrency, and you will not find it being pumped on an exchange. This is a design choice consistent with KXCO's whole posture — the chain is infrastructure for recording provable events, not a speculative asset.
Consensus, finality, and why "permissioned" is a feature here
A public, permissionless chain optimises for open participation and pays for it with probabilistic finality — you wait for confirmations and accept a small, shrinking chance that your transaction is reorganised out of history. That trade is wrong for settlement infrastructure a bank or registry is going to rely on. Armature runs a known validator set under Byzantine-fault-tolerant consensus, which buys deterministic finality: once a block is committed, it is final — there is no reorg to wait out. Combined with a ~2-second block time, that gives an institution the property it actually needs — "settled means settled" — with a latency budget a payment flow can live inside.
Making the validator set known is not a compromise on decentralisation dressed up as a virtue; it is the correct choice for a settlement layer whose participants are accountable, identifiable entities in the first place. The tamper-evidence that matters to a regulator is not "anonymous miners cannot collude" — it is "no single party, including the operator, can quietly rewrite what happened, and everyone can check." A known-validator BFT chain delivers exactly that, and does it at institutional latency.
The anatomy of an anchor
When a system anchors an event, it does not put the raw content on chain. It follows a discipline worth spelling out, because it is the same pattern everywhere in the platform:
- Canonicalise. The event is serialised into a single, deterministic byte sequence — an envelope — so that the same logical event always produces the same bytes. Ambiguity here would let two parties disagree about what was signed.
- Digest. A cryptographic hash of the envelope produces a fixed-size digest. This is what identifies the event uniquely without revealing its contents.
- Sign. The signer produces an ML-DSA-65 signature over the envelope, tagged with a key id (
kid) that says which public key checks it. The signature is stored off-chain with the event. - Anchor. The digest (and a reference to the signature) is written to Armature L1. The chain now holds an ordered, timestamped, tamper-evident proof that this exact event existed by this time — without ever exposing the event's private content.
The privacy property falls out for free: the public record proves existence and integrity, but the content stays with whoever holds it. A regulator can be handed the envelope later and confirm, byte-for-byte, that it matches the digest anchored months ago. This is the difference between "trust our database" and "here is the proof, check it yourself."
Anchoring: how the rest of the platform uses the chain
The chain's value shows up most clearly when other systems anchor to it. A concrete, live example: KXCO's own newsroom, Live Trading News, signs every new article with ML-DSA-65 and anchors the signature's digest to Armature L1 on publish. The result is a public, tamper-evident record that a given article existed in a given form at a given time — checkable by a reader who trusts neither the publisher nor KXCO. (In keeping with our honesty rules, only articles published after signing went live are anchored; we never backdated the archive.)
The same anchoring pattern generalises: a signed credential, a settled invoice, an agent's authorised action, a software release. Anchor the digest, and you convert "trust me, this happened" into "here is where you can check that this happened."
The products that make Record real
05Judgment — AI as a first-class participant
Trust and record give you facts you can rely on. They do not, by themselves, produce a decision. Somebody — or something — still has to read the facts, screen them against rules, score the risk, and interpret the contradictions. That is the judgment layer, and in the human–AI economy it is increasingly performed by AI.
AI agents are not a feature of KXCO. They are a primary participant, held to the same cryptographic standard as people and businesses.
An agent is an accountable actor, not a black box
Most "AI agent" integrations authenticate the agent with a bearer token — a shared secret that, if leaked, lets anyone impersonate the agent, and that reveals nothing about which action the agent actually intended. KXCO treats an agent the way it treats a person or an institution: as the holder of a cryptographic identity that must sign what it does. On KXCO, an AI agent can:
- Hold a verifiable identity — a real entry on the public record, issued the same way a human's or a company's is.
- Receive scoped permissions — it acts only within limits its owner defines (which counterparties, what value, what actions).
- Execute machine-to-machine transactions — settle directly with other agents or systems, without a human in the loop for each step.
- Sign every action with its own key — each output carries the agent's own post-quantum signature, not a reusable token.
- Operate under accountability — because every action is signed and recorded, any action can be traced back to the agent and audited after the fact.
The practical upshot for developers: authentication becomes per-request and non-repudiable. There is no long-lived secret to steal, and the server stores only the agent's public key.
Delegation without impersonation
The hard part of agent autonomy is not letting an agent act — it is letting it act on your behalf, within limits, provably. A bearer token cannot express "this agent may spend up to X with counterparty Y until Friday"; it is all-or-nothing, and it makes the agent's actions indistinguishable from the owner's. The signed-identity model makes delegation explicit: the owner issues a scoped grant to the agent's key, the agent signs its own actions under that grant, and every action carries both the agent's signature and the chain of authority that permitted it. If the agent misbehaves or its key is compromised, the blast radius is the grant, not the owner's whole account, and the record shows exactly what was authorised versus what was attempted. Non-repudiation runs in the owner's favour too: because the agent — not the owner — signed, the owner can prove which actions were the agent's.
The judgment loop, made concrete: the Sentinel pipeline
The clearest working instance of machine judgment over a typed graph is KXCO Sentinel's cryptographic-risk pipeline. It is a good illustration precisely because the domain — "where is this codebase quantum-vulnerable, and how do we prove we fixed it" — is one where a human reviewer drowns and a model with structure thrives. The stages:
- Ingest the repository and its dependency graph.
- Scan code, dependencies, configuration and TLS for quantum-vulnerable algorithms (RSA, ECDSA, weak key exchange).
- Score the exposure — not every use of RSA is equally urgent; a long-lived signing key matters more than an ephemeral one.
- Interpret and propose post-quantum fixes, prioritised by that score.
- Attest each remediated deployment with an ML-DSA-65 signature via PQC Host, so the migration itself is provable.
- Monitor continuously, because a clean repo today regresses the moment a dependency reintroduces a vulnerable primitive.
Every one of those steps is judgment applied to verified structure. The AI is not asked to hallucinate a verdict from raw text; it reasons over a typed model of the estate and produces an output that is itself signed and recorded. That is the pattern KXCO generalises across domains — the difference between an AI that guesses and one that reasons over a provable world.
# 1 · generate a post-quantum keypair for the agent npx kxco-pq keygen --algo ml-dsa-65 --out agent-identity # 2 · the agent signs every request; no bearer token is ever sent import { sign, verify } from 'kxco-post-quantum' const sig = sign(request, agentSecretKey) // attach to the request verify(request, sig, agentPublicKey) // the server — or anyone — checks it
What the AI actually reasons over: the ontology
An AI is only as good as the world model it operates on. Point a capable model at a pile of contradictory PDFs and you get confident nonsense. Point it at a typed, verifiable graph — where every entity has a defined kind, every relationship is explicit, and every datum carries its source and confidence — and the same model can do genuinely useful work: screen a counterparty, score an exposure, or surface a contradiction that a human reviewer would have taken hours to find.
This is why judgment and the ontology are inseparable. The ontology (next section) gives the AI something structured to reason over; the AI gives the ontology the interpretation that turns verified facts into decisions. KXCO's Sentinel pipeline is a working instance of this loop applied to cryptographic risk: it reads a codebase, screens it against post-quantum standards, scores the exposure, and interprets the results into a prioritised, attested report.
The products that make Judgment real
06Permission — regulation as a first-class, live input
The fourth primitive is the one most technical platforms treat as an afterthought: what is actually allowed, by whom, and where. The usual pattern is to encode a snapshot of the rules at build time and forget it. Rules change; jurisdictions differ; a permission that was valid last quarter may not be valid now. KXCO makes permission a live, cited part of the system — something checked and referenced at the moment of action, not assumed.
A token is a typed claim, not a thing
This becomes concrete with financial instruments. In the KXCO model, a token is never "a thing" — it is a typed claim that must be proven:
- A stablecoin is a claim on a reserve.
- A CBDC is a sovereign liability.
- An RWA token is a claim on a real, off-chain asset.
Because the claim is typed and every relationship is explicit, the machinery can do three things that are painful or impossible in a bag-of-balances model:
- Look through the instrument to the real asset or reserve underneath it, rather than taking the label at face value.
- Report on it — exposure and coverage become a query, expressible in the ISO 20022 vocabulary institutions already use, rather than a manual reconciliation.
- Reason over it — the judgment layer can walk the graph and surface contradictions (a claim whose backing does not add up, an exposure that breaches a limit).
Exposure becomes a query, not a reconciliation
Consider what "how much are we exposed to reserve asset R?" costs in a conventional stack. It is a project: pull balances from several systems, chase the backing of each instrument by hand, normalise formats, and produce a spreadsheet that is stale the moment it is finished. In the KXCO model, because every instrument is a typed claim with an explicit edge to what backs it, the same question is a graph traversal: start at reserve R, walk inbound "claim-on" edges, sum the exposure, and return the paths. The answer comes with its own provenance — every figure in the total is a sourced claim you can click into — and it can be expressed in ISO 20022's vocabulary, the same messaging standard the institution already uses for payments and reporting, so the output speaks the language downstream systems expect rather than a bespoke dialect.
The same traversal powers look-through: an RWA token that claims to represent a basket of assets can be walked down to the individual claims, and any link that does not resolve to a real, sourced backing is a contradiction the judgment layer surfaces rather than a footnote nobody reads. This is the practical payoff of treating a token as a typed claim instead of a balance — provability and reporting stop being bolt-ons and become properties of the data model itself.
KXCO supplies the machinery to prove a claim. The licensed institution issues the instrument and holds the licence and the custody relationship with its customers.
KXCO is a software company. It holds no financial licences and does not custody assets. This is not a disclaimer bolted on for lawyers — it is the architecture. It is why KXCO can serve banks, exchanges, and governments without competing with them: it hands them a provable substrate; they operate under their own authority on top of it.
The products that make Permission real
07The ontology that ties it together
We have now described four primitives. The thing that makes them a system rather than a toolbox is the data model they share — the ontology. It is worth being precise about what that word means here, because it is doing real work, not decoration.
Every meaningful transaction depends on a small set of questions being answered correctly and consistently:
Who is this? What is this? Who owns it? Who has the authority to act? What has happened? What is genuine?
Today, each of those questions is answered differently by every system that asks it — your bank's "who is this" is not your government's, is not your exchange's. KXCO's ontology connects them into a single structure that links identities, assets, authority, relationships, and events into one verifiable model of reality. The ontology is not itself a product; it is the framework that gives every product its meaning. A credential, a signature, a settlement, an agent's action — each is only as trustworthy as the ontology beneath it.
The core objects
The model is deliberately small. A handful of object types, each a typed claim rather than a bare value, and each connectable to the others:
| Object | Answers | Made real by |
|---|---|---|
| Identity | Who / what is this? | KXCO Nexus |
| Authority | Who may act, on whose behalf? | KXCO Nexus |
| Asset | Who owns what? | Armature L1 + KXCO Treasury |
| Event | What happened, in what order? | Armature L1 |
| Proof | Is this genuine? | KXCO Nexus + open-source verifier |
The power is in the edges, not the nodes. An identity on its own is a name; an identity connected by an authority edge to an organisation, which holds an asset, which is the subject of an event, which carries a proof — that is a situation a machine can reason about end to end. Ask "can this agent settle this trade?" and the answer is a walk across those edges: is the identity valid, does the authority edge grant this action, does the asset's ownership check out, is there a permission that forbids it, and is every step backed by a proof? Each object is small; the composition is where the leverage lives, and it is why adding a new capability to KXCO usually means adding a new kind of edge to the ontology rather than a new silo bolted on beside it.
"A typed claim, not a thing" — see it on real companies
The most important design principle in the ontology is that every datum is a typed claim, carrying its source, its as-of date, its confidence, and its basis — or an honest, visible statement that the value is unknown. Nothing is a bare number floating free of where it came from.
Rather than assert that abstractly, KXCO built a public demonstration: the Ontology Engine applies the model to six of the most scrutinised technology firms in the world (Meta, Anthropic, Nvidia, Alphabet, OpenAI, SpaceX) and their web of cross-investments and supply dependencies. Every figure on that graph is either a sourced claim you can inspect — or a clearly labelled opacity state where the real world simply does not disclose the number. It is the ontology's honesty discipline made visible: where the data is filed, it is cited; where it is not, we do not fabricate it. There is also a machine-readable JSON-LD version of the ontology for systems that want to consume the model directly.
Why an ontology, and not just a bigger database
It is fair to ask what "ontology" buys over a well-designed relational schema. Three things, and they are exactly the three a machine needs to reason rather than merely retrieve.
First, types are explicit and shared. In a typical database, "owner" is a column whose meaning lives in a developer's head and a wiki nobody reads. In an ontology it is a defined relationship between defined kinds, with rules about what can legitimately stand at each end. A machine can therefore reason — "if X owns Y and Y is a claim on Z, then X has exposure to Z" — instead of just reading rows. Second, provenance is intrinsic, not bolted on. Every datum is a typed claim carrying source, as-of date, confidence and basis; the model has no place to put a naked number with no lineage, which is precisely the kind of number that causes disasters. Third, it composes across boundaries. Because the vocabulary is shared, an identity issued by one system, an asset settled on another, and a permission asserted by a third can be reasoned about together without a bespoke integration for each pair — the interoperability is a property of the model, not a feature you build per connection.
Opacity is a first-class state
The subtle discipline that keeps an ontology honest is how it represents the absence of a fact. The failure mode of most data systems — and most confident AI — is to treat "I don't know" as either an error to hide or a blank to fill with a guess. KXCO's model makes not-knowing a legitimate, typed value. On the Ontology Engine you can see the distinctions in practice: a figure that is genuinely undisclosed (a private company that has not filed it) is marked differently from one that exists but has not yet been wired in, which is different again from one that is not applicable. A machine reasoning over the graph can then treat an honestly-unknown value as unknown — declining to assert, flagging where more evidence is needed — rather than laundering a placeholder into a decision. In a system whose entire purpose is provability, a well-marked "unknown" is more valuable than a plausible fabrication, because the fabrication is the thing that eventually gets someone sued.
08The products, mapped to the primitives
KXCO's platform is not a catalogue of unrelated apps. It is three pillars plus the settlement network, each a capability that makes one or more primitives real, all drawing on the same ontology. Here is the whole platform on one table, mapped to what it realises:
| Product | Realises | What it is |
|---|---|---|
| KXCO Nexus | Trust · Record · Permission | Identity, legal execution & proof — verifiable identity for people, businesses and AI agents, and post-quantum document signing whose proof lasts for decades. |
| KXCO Treasury | Record · Judgment · Permission | Payments, custody & banking — a self-custodial multi-chain wallet, invoicing, and white-label banking and exchange software for licensed institutions. |
| KXCO Sentinel | Trust · Judgment | The quantum-resistant cloud — signs and records every deployment, and scans code, dependencies, configs and TLS for quantum-vulnerable cryptography. |
| Armature L1 | Record | Settlement & public record — a post-quantum network that finalises every action with quantum-safe signatures and a public explorer. |
Each pillar bundles named capabilities you will meet on their own product surfaces: KXCO Nexus contains KXCO Verified (identity) and KXCO Sign (legal execution); KXCO Treasury contains the KnightsPurse wallet and KnightsVault banking software (in beta); KXCO Sentinel contains PQC Host (attestation) and Bastion (scanning). Those component names still appear on their live subdomains — the pillars are how the platform is packaged and sold; the capabilities are how it is built.
What each product actually is
KXCO Nexus is the identity, execution and proof layer, and it is the entry point to the whole model because every other object hangs off "who." Through its KXCO Verified capability it issues a permanent, independently checkable identity for a person, a business, or an AI agent — the same primitive for all three, which is what makes machine-to-machine and human-to-machine interactions expressible in one vocabulary. Through KXCO Sign it does legal execution built for durability: document signing where the point is that the proof lasts — decade-scale verifiability with post-quantum signatures, anchored to the record. Nexus is where "signatures that outlive the signer" is the literal specification, and where the second worked example above lives in production rather than in theory.
KXCO Treasury is the money layer. Its KnightsPurse wallet is a self-custodial, multi-chain wallet for people and businesses across web, mobile and browser extension — hold and send Bitcoin and stablecoins, invoice, and authorise an agent to transact under defined limits. It is where the abstract "agent with a wallet governed by its own keys" becomes something a real person or business operates. Treasury also includes KnightsVault (in beta): white-label banking and exchange software licensed institutions deploy under their own brand and their own authority. That is the clearest expression of KXCO's B2B2C posture — KXCO supplies the provable software substrate; the institution holds the licence, the custody, and the customer relationship. KXCO never becomes the operator.
KXCO Sentinel is the quantum-resistant cloud — software verification pointed at the one estate every institution has and few have inventoried: its own software. Its PQC Host capability signs and records every deployment, while Bastion scans code, dependencies, configs and TLS for quantum-vulnerable algorithms and produces the compliance report and CBOM that turn migration into a tracked, provable program. It is trust and judgment applied to the codebase itself.
Armature L1 is the settlement layer and the public record — the substrate every anchor lands on, with EVM tooling, ~2-second deterministic finality, and post-quantum attestation from genesis. It is the one product that is mostly invisible when it works, which is precisely what infrastructure is supposed to be.
Why this is "infrastructure," not a suite
The reason to insist on the word infrastructure rather than product suite is economic, not aesthetic. A suite is a set of apps you buy and use. Infrastructure is a layer other things are built on, whose value compounds as more is built on it and whose defining virtue is that it is invisible until it fails. The shift KXCO is making is from a world where trust is asserted (and re-established, expensively, at every boundary between systems) to one where trust is proven once and checked freely thereafter. That changes the cost structure of everything above it: reconciliation stops being a project, audit stops being an archaeology dig, and a counterparty you have never met becomes workable because you can verify their claims instead of underwriting your ignorance of them. When proof is cheap and universal, entire categories of intermediary friction — the phone call to confirm the signature, the lawyer who asks for the original — become unnecessary. That is what a protocol layer does, and it is the standard KXCO is building to.
09A worked example: one agent, one settlement, four primitives
Abstractions are easy to nod along to and hard to trust. So here is a single transaction — an AI agent settling a payment on behalf of its owner — traced through all four primitives. Watch how each one is load-bearing: remove any and the transaction is no longer real in the sense that matters.
- Identity & Authority (Permission + Trust). The agent presents its verifiable identity from KXCO Nexus (its KXCO Verified capability). The system checks not just "is this a valid identity" but "is this agent permitted to move this value, for this owner, to this counterparty, in this jurisdiction" — permission, checked live, not assumed.
- Signed intent (Trust). The agent signs the exact transaction with its own ML-DSA-65 key. No bearer token changes hands. The signature is non-repudiable: only the holder of the agent's secret key could have produced it, and it covers these exact bytes.
- Judgment (AI). Before settlement, the judgment layer screens the transaction against the ontology — counterparty risk, exposure limits, contradictions (does the asset's backing actually exist?). A clean pass proceeds; a contradiction is surfaced rather than swallowed.
- Settlement & Record (Record). The transaction finalises on Armature L1 with ~2-second deterministic finality, and its digest is anchored to the public record. The event now has a permanent, ordered, tamper-evident place in history.
- Verification (Trust, again — by anyone). Later, a regulator, a counterparty, or an auditor takes the signature, the payload, and the public key, and checks the whole thing with kxco-verify — no KXCO server, no trust in KXCO required. The claim "this agent, authorised by this owner, settled this amount at this time" is proven, not asserted.
At no step did any party have to trust another party's private records. Trust made it unforgeable; judgment made it sensible; the record made it permanent; permission made it lawful. Four primitives, one real transaction.
A second scenario: a document, opened ten years later
The transaction above happens in seconds. The next one plays out over a decade, and it is where the design choices earn their keep. A corporation executes a financing agreement through KXCO Nexus (its KXCO Sign capability) in 2026. The document is signed with ML-DSA-65; the signature's digest is anchored to Armature L1; the signed envelope is retained by the parties.
Now fast-forward. In 2036 a dispute arises. The software that produced the signature may be several major versions gone; the person who signed may have left; classical RSA and ECDSA signatures from that era are, by then, potentially forgeable by a quantum adversary — which means any document that relied on them is contestable. The KXCO-signed document is not. An auditor takes the retained envelope, computes its digest, checks it against the anchor recorded in 2026 (still there, still ordered, still timestamped), and verifies the ML-DSA-65 signature with the open-source verifier against the signer's published key. The chain of reasoning — this exact text, authorised by this key, existed by this date — holds, with no dependency on KXCO still existing, the original software still running, or anyone's word being taken.
That is the whole thesis in one artefact: a claim made provable at creation stays provable for as long as it needs to, against adversaries that do not exist yet. It is also why "signatures that outlive the signer" is not a slogan — for a mortgage, a bond, a title deed, or a treaty, decade-scale verifiability is the actual requirement, and classical cryptography is the wrong tool for it starting now, not in 2035.
10Build on it
Everything above is available to developers today, and — this is the part that matters — everything you produce with it can be checked independently, with or without KXCO. There is no lock-in, because verification does not route through us.
Start here:
- Get the SDK. The open-source packages are published under @kxco on npm and JackKXCO on GitHub:
kxco-post-quantum,kxco-verify,kxco-post-quantum-webhook,kxco-pq-vault. Audit them before you trust them — that is the whole idea. - Open the network. Point your existing EVM tooling at chain.kxco.ai, read the live parameters, and read/write to a post-quantum network with a public explorer.
- Give an agent an identity and a wallet. The Developers page has the AI-agent quickstart: generate a keypair, connect to Armature, and sign every request instead of shipping a bearer token.
- Scan your estate. Run Bastion against a repository to see where you are still relying on quantum-vulnerable cryptography, and get a prioritised migration report.
No lock-in, and why that is a technical claim
"No lock-in" is usually a marketing reflex. Here it is a consequence of the architecture, and it is falsifiable. The test of lock-in is simple: if the vendor vanished, could you still use what you built? For most trust vendors the answer is no — verification routes through their servers, so a proof is only as durable as their uptime and their willingness to keep the lights on. For KXCO the answer is yes, by construction:
- The verification code is open source, on npm and GitHub, in four languages. You can vendor it, fork it, and run it forever.
- The algorithms are public NIST standards, not a proprietary scheme only KXCO can check. Any conformant implementation verifies a KXCO signature.
- The record is on a public chain with a public explorer and standard EVM RPC — the anchors are readable without KXCO in the path.
- The signed artefacts are yours: you hold the envelopes and the keys. KXCO stores public keys, not your secrets.
The business relationship, in other words, has to be earned every day on utility, because the exit is always open. That is deliberate. Infrastructure you cannot leave is not infrastructure you should trust with a decade-lived signature.
What integration actually looks like
Most teams do not adopt all four primitives on day one, and they should not. The common on-ramps, roughly in order of effort:
- Verify, first. Drop
kxco-verifyinto a service and start checking signatures on inbound data. Zero infrastructure, immediate value, and it teaches the model. - Sign your own events. Add
kxco-post-quantumto sign outbound webhooks or records; downstream consumers can now verify them independently. - Anchor what matters. Point at Armature L1 and start anchoring digests of the events that need a permanent, ordered record.
- Give your agents identities. Replace bearer tokens with per-request signed authentication for any autonomous component.
- Scan and attest. Run Bastion in CI so the migration off classical cryptography is measured and provable, not assumed.
Each step stands on its own and composes with the next. You are never forced into a big-bang cutover — the same crypto-agility principle that governs the migration governs the adoption.
If you are an institution or a government evaluating this as infrastructure rather than as libraries, the institutions and public-sector pages describe the deployment posture, and you can request a briefing.
11The whole system, in one breath
Step back from the parts and the shape is simple. The world is moving toward an economy in which AI agents act alongside people and institutions, at a volume and speed that removes the human who used to vouch for things. That economy needs a way to answer "is this real?" that a machine can compute, that a stranger can check, and that survives a quantum computer. No single technology answers it. Cryptography makes a claim unforgeable but cannot say whether it is permitted or sensible. A blockchain records order but cannot make signatures quantum-safe or exercise judgment. An AI can interpret but hallucinates without a verifiable world to reason over. Regulation defines what is allowed but is inert without the other three to enforce and record it.
KXCO's contribution is to fuse the four into one system with a shared model of reality — the ontology — such that a claim is treated as real only when trust, judgment, record, and permission all hold at once, and to ship the products that make each of those primitives concrete and live today. The result is a substrate on which a signature, a settlement, an identity, or an autonomous agent's action is proven rather than asserted — provable by anyone, durable for decades, and independent of KXCO's continued existence. That is the whole thesis. Everything on kxco.ai is an instance of it.
12What we claim — and what we don't
A piece like this is only worth reading if it is honest about its edges. So, explicitly:
"Post-quantum cryptography." "Independently verifiable." "Tamper-evident record." "Cryptographic proof of integrity." "NIST FIPS 203/204/205 compliant." "ML-DSA-65 attested from genesis" (of the post-quantum chain).
"Court-admissible." "Legally binding." "FCA/SEC-regulated." "CNSA 2.0 compliant." Any specific customer, user, transaction-volume or adoption metric that cannot be independently verified on the public record. Any claim that the post-quantum chain has years of history — it does not, and we will not backdate one.
KXCO is a software company operating in the UK and USA. It holds no financial licences and does not custody assets. Licensed institutions that deploy KXCO software operate under their own licences and hold the relationships with their end customers. When we publish a number, it is because it can be checked on the public record — not because it makes a better slide.
Honest limits and open questions
No serious infrastructure piece should read like it has solved everything, so here are the real edges. Post-quantum cryptography is young. The lattice schemes are the best-analysed candidates humanity has, standardised after years of public scrutiny — but they are newer than RSA, which is exactly why the transport layer stays hybrid rather than betting everything on them alone. Provable is not the same as true. KXCO can prove that a specific party signed specific bytes at a specific time; it cannot make the content of a claim honest. Garbage that is signed is provably-authored garbage, and the judgment layer's job is to catch the contradictions, not to bless the inputs. The ontology is only as good as what is wired into it. The Ontology Engine is candid about this: large parts of the world are undisclosed, and the model marks them undisclosed rather than inventing them — coverage grows deliberately, not magically. And the deadline cuts both ways: being early means building against standards and threat models that will keep evolving, which is why crypto-agility is treated as a permanent property rather than a one-time migration. We would rather state these plainly than have you discover them and conclude the confident parts were oversold too.
13Frequently asked questions
Is this just a blockchain project with extra steps?
No. The chain is one of four primitives. On its own, a blockchain records order and resists tampering, but it does not make signatures quantum-safe, it does not exercise judgment, and it does not model permission. The value is in the composition, anchored by the ontology.
Why should I believe the cryptography is real and not marketing?
Because you do not have to believe us. The primitives are open source on npm and GitHub, the algorithms are the published NIST standards (FIPS 203/204/205), and the verifier runs without any KXCO server. Take a signature and check it yourself.
What happens to my data and signatures if KXCO disappears?
They remain verifiable. Signatures are checked with open-source tools against public keys; the record is on a public chain. There is deliberately no dependency on KXCO being alive for a past claim to be provable.
Do you support AI agents as customers, not just tools?
Yes — that is the design. An agent is a first-class participant with its own identity, permissions, signing key, and accountability trail, held to the same standard as a person or a company.
Where do I see it working on real data?
The Ontology Engine applies the model to six real technology firms, with every figure sourced or honestly marked as undisclosed. The Sentinel page shows the scan-to-attestation pipeline. The explorer shows the live network.
Why Category 3 and not the maximum, Category 5?
Category 3 (ML-DSA-65 / ML-KEM-768) already exceeds the security margin today's requirements demand, at meaningfully smaller key and signature sizes than Category 5 (ML-DSA-87 / ML-KEM-1024). Since post-quantum artefacts are larger than classical ones, that size difference compounds across millions of signed records and on-chain anchors. Where a specific long-horizon artefact justifies more margin, SLH-DSA is available. This is also why KXCO is precise that it meets FIPS 203/204/205 and does not claim CNSA 2.0, which mandates the Category-5 sets.
Is ARMR something I can buy or trade?
No. ARMR is the native settlement unit of Armature L1 — it meters and finalises activity on the network. It is not positioned or offered as a tradeable cryptocurrency, and nothing in this piece should be read as investment advice.
What are KXCO Nexus, Treasury and Sentinel, and how do the capability names fit?
They are the three product pillars — the names KXCO sells and deploys under. KXCO Nexus is identity, legal execution and proof, and contains the KXCO Verified and KXCO Sign capabilities. KXCO Treasury is payments, custody and banking, and contains the KnightsPurse wallet and KnightsVault (beta). KXCO Sentinel is the quantum-resistant cloud, and contains PQC Host and Bastion. The capability names still appear on their live product subdomains; the pillars and Armature L1 are the products, and they all draw on the same ontology described here.
References & further reading
- NIST FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), FIPS 205 (SLH-DSA), finalised August 2024 — csrc.nist.gov.
- KXCO ontology (concept): kxco.ai/ontology · machine-readable: /ontology.jsonld · full text: /llms-full.txt.
- Ontology Engine (live demonstration on six firms): kxco.ai/ontology-live.
- Armature L1 explorer & live parameters: chain.kxco.ai.
- KXCO Sentinel (quantum-risk pipeline): kxco.ai/sentinel · Bastion: pqc.kxco.ai.
- Open-source packages: @kxco on npm · JackKXCO on GitHub.
- ISO 20022 financial messaging vocabulary — iso20022.org.
Start building.
Grab the SDK, open the explorer, or talk to us about a deployment.