KXCO Sentinel

Software verification.

Scan, fix and prove your software is quantum-safe — before it ships, not after.

Sentinel finds the breakable cryptography hiding in your code, dependencies and connections, gives you the exact fix, and signs every deployment with proof anyone can verify — no report-and-walk-away.

Live First result under 10 seconds ML-DSA-65 attested
Code Dependencies Deploy Attest Verify Config
The Problem

Every scanner hands you a report — and stops.

Existing hosting and scanning platforms tell you what's wrong and leave the rest to you. They surface findings, generate a PDF, and walk away — with no fix, no proof, and no way for a third party to confirm anything was actually done.

None of them prove or fix quantum-vulnerable cryptography before it ships. The RSA and ECC still sitting in most software stacks is exactly what a cryptographically relevant quantum computer is expected to break — and "we'll deal with it later" means shipping the exposure into production today and discovering it under a deadline later.

What's missing isn't another report. It's the ability to catch the weakness before deploy, apply the fix, and hand anyone a proof they can check themselves.

Why It Matters

Built for the age of AI and quantum.

Quantum
Direct and immediate
This product exists because the RSA and ECC in the current stack is exactly what's exposed. Bastion detects RSA, ECC, SHA-1 and weak TLS across 7 language ecosystems, and PQC standards — NIST FIPS 203/204 — are native from day one, not migration bolted onto a classical stack.
Blockchain
Proof with no vendor lock-in
Attestations are independently verifiable — the verification is mathematical, depending only on the ML-DSA-65 signature and the platform public key published at /.well-known/kxco-pq-pubkey. Verifiable by anyone, with no account and no connection to KXCO required.
AI
Optimize for AI
Most sites accidentally block the crawlers that feed AI answer engines. The Optimize for AI service fixes the technical foundation — robots.txt configuration, llms.txt, JSON-LD schema, and citation monitoring across the major AI models. See Optimize for AI →
The Tech

How Sentinel compares — and how it works.

Two products, one job: find the weak cryptography and prove it's gone. Here's how each stacks up against the tools you already know.

KXCO Bastion vs. enterprise scanners
FeatureEnterprise scannersKXCO Bastion
Setup requiredSPAN port + Linux LD_PRELOAD agentZero — paste any file or URL
Time to first resultInfrastructure deployment requiredUnder 10 seconds
PricingEnterprise contract onlyFree tier — self-serve
Detects RSA / ECC / SHA-1 / weak TLS 7 language ecosystems
Dockerfile / Terraform / KubernetesNot documented natively all three, zero setup
GitHub Actions CI/CDCustom integration required JackKXCO/bastion-action@v1
CBOM export (2 specific generators only) CycloneDX 1.6, ML-DSA-65 signed
Migration code per findingImpact simulation dashboard Before/after code + npm commands
Proof of assessmentProprietary control plane ML-DSA-65 — independently verifiable
PQ-native standardsPQ migration on classical stack NIST FIPS 203/204 from day one
PQC Host vs. Vercel / Netlify / Fly
FeatureVercel / Netlify / FlyKXCO Cloud
Static + Node.js hosting
GitHub auto-deploy
Free TLS
Pre-deploy security scanSome KXCO Bastion
Quantum-vulnerability detection
ML-DSA-65 deployment attestation
Independently verifiable proof

Bastion

Scan → risk score → fix
01
Submit any target
10 scan types — no setup for any of them. URL/TLS, package.json, requirements.txt, go.mod, Gemfile, Cargo.toml, pom.xml, nginx/OpenSSL config, Dockerfile, Terraform HCL, GitHub Actions YAML, Kubernetes manifests. Auto-detected.
02
Receive your ML-DSA-65 attested report
Risk score (0–100), per-finding severity, blast radius estimate, and the exact KXCO package command for every fix. Every report is ML-DSA-65 signed and exports as a CycloneDX 1.6 CBOM.
03
Apply the PQC fix
One click generates before/after code and npm commands for every finding. Confirming produces an ML-DSA-65 certificate of remediation — independently verifiable forever.

PQC Host

Connect repo → pre-deploy scan → attestation
01
Connect your GitHub repo
Paste any public or private GitHub URL. Framework auto-detected in under 3 seconds — Next.js, React, Vue, Svelte, static, Node.js all supported.
02
Bastion scans before we build
Before a single line compiles, Bastion checks your package.json for quantum-vulnerable dependencies. Critical findings block the deploy.
03
ML-DSA-65 attestation issued
The moment your build completes, the platform signs a deployment manifest: commit SHA, build timestamp, Bastion result, and live URL. Verifiable forever.
Capabilities

What you can do with Sentinel.

Two products, both live on the KXCO Cloud platform.

Who It's For

Anyone who has to prove their software is safe.

Sentinel serves teams that need to find, fix and evidence quantum-vulnerable cryptography — for auditors, regulators, or their own peace of mind.

Engineering teams Security & compliance Regulated platforms CI/CD pipelines Auditors Agencies shipping client sites

Don't just find it. Fix it, and prove it.

Scan any file or URL in under ten seconds, or talk to us about Bastion in your CI/CD pipeline.