Security at the apex
Post-quantum by design, governed end to end, with keys that stay in your custody.
Built for the quantum era
Most AI products defer the quantum question. Throndar answers it now — signatures use post-quantum primitives (NIST-standardized ML-DSA-87, plus a Falcon co-signature — FN-DSA, the forthcoming FIPS 206, still a draft), dual-signed so one broken scheme isn't fatal.
- Key exchange: hybrid X25519 + ML-KEM-1024 (classical + lattice).
- Signatures: ML-DSA-87 (FIPS 204) and Falcon (FN-DSA; FIPS 206 draft, not yet published), dual-signed — two independent lattice families.
- Transport: every prompt, token, and media artifact is encrypted in transit.
Every answer is governed
A council answer isn't one model's guess. Twelve frontier models are routed, deliberated, and fused — then a governance pass checks the result before it ships, returning a verdict with every response.
- Supervisor routes and decomposes each prompt across the council.
- Outputs are cross-examined and fused into one synthesized answer.
- A governance check returns a PASS verdict on every council answer.
Your keys, your custody
Private keys live in your environment. Throndar is designed so secrets are never pasted into chat and never traverse the model context.
- Keys stay in your custody — never entered in chat.
- Server-side secrets are never exposed to the browser.
- Sessions are scoped and revocable.
Report a vulnerability
Found a security issue? We want to hear from you. Email security@throndar.ai with details and clear steps to reproduce. We aim to acknowledge within 3 business days, we won't pursue good-faith research that respects user privacy and avoids data destruction, and we credit reporters who help us improve.
- Contact: security@throndar.ai — also published at /.well-known/security.txt (RFC 9116).
- In scope: throndar.ai and its APIs. Out of scope: volumetric denial-of-service, social engineering, and third-party services.
- Good-faith research under these terms is welcome — please don't access or modify other users' data.
Sessions secured with X25519 + ML-KEM-1024 and ML-DSA-87 / Falcon dual-signatures. Aligned with the NIST PQC algorithms and the NSA CNSA 2.0 algorithm suite; not FIPS 140-3 validated or NSA-certified.