Skip to content
SYMMACHY federation — K₇ constellationSeven nodes connected pairwise by twenty-one edges, no centre. Each node protects every other. The empty interior of the figure is the common ground that the federation defends.

The alliance, not the owner.

La alianza, no el dueño.

SYMMACHY is autonomous security infrastructure organised as a horizontal alliance of equals bound by an oath of mutual defense. No central command. No single shield. Each node protects every other, with cryptographic provenance from sensor to court-room.

What we are

An infrastructure for the systems that cannot fail.

Critical infrastructure. AI-native enterprises. Sovereign-adjacent operators. SYMMACHY designs, builds, and operates — across software, hardware, and operations — the protection envelope for environments where failure cascades into people, capital, or sovereignty.

The threat surface fuses cyber and physical. The response is measured in seconds, not hours. The evidence holds up in front of a regulator, an auditor, and a court of inquiry. The architecture, the Charter, and the published refusals are public record.

What we are not

  • ×A staffing-based guard company.
  • ×A CCTV / camera integrator.
  • ×A generic MSP wrapping commodity tools.
  • ×A consulting firm selling deliverables.
  • ×A surveillance vendor against civilians.
  • ×An exclusive contractor to any single buyer.

The full text of these refusals is in the Charter — Article II.

The four operating planes

Bound at the ontology layer. Sovereign on the wire.

ai

AI Security

Runtime guardrails. Frontier evals. Models that cannot be turned against you.

Each deployed model runs behind a signed OPA policy that constrains its input domain, output schema, latency budget, and refusal behaviour. Every output carries cryptographic provenance — model id, version, input hash, output hash, policy hash. Hallucinations and jailbreaks are classified as security events, not engineering bugs.

σύμβολον — the broken token, half held by each peer, that proves identity when rejoined

physical

Physical Security

Sensor fusion. Perimeter intelligence. Identity-aware physical access.

Camera, lidar, infrared, RF, and radar telemetry are fused into a single asset-and-threat graph. Cross-modal verification is required by design, so an adversary cannot spoof one sensor and pass the rest. Every physical-access decision is bound to a SPIFFE identity, signed, and replayable in front of an auditor.

φύλαξ — the watcher who answers to the law, not to the lord

fleet

Robotic Fleet

Autonomous patrol. Edge AI. Coordination without command.

Quadrupeds, drones, ground vehicles, edge AI gateways. Each unit carries a SPIFFE identity provisioned at the factory; firmware is Cosign-attested; every mission is policy-bounded and reversible. The fleet operates as a federation of peers, not a chain of command — when one detects, all respond.

σύνταξις — the ordering of equals into action without a general

operations

Operations + Resilience

Incident response. AI SOC. Drills, evidence, refusal.

A 24×7 security operations centre runs as a peer of the customer's own team, never above it. Runbooks are versioned, testable, and signed. Restore drills quarterly, kill-switches tested weekly, incident commanders rotated by schedule. Every action lands in an evidence chain the customer can give to a regulator without our cooperation.

εὐταξία — the good order that survives the night watch

Evidence-grade or it does not ship

By doctrine: every action signed, every signature anchored, every claim publicly verifiable.

The substrate: Sigstore Cosign keyless · Rekor public transparency log · SLSA Level 3 provenance · SPIFFE identities for workloads and devices. A customer's auditor verifies our claims against rekor.sigstore.dev without our cooperation.

The stream beside this paragraph is illustrative — it is generated client-side from a deterministic seed and anchors nothing. The mechanism it depicts is not illustrative.

Read the research notes

Evidence chain · transparency log

Rekor entry #91,408,220

    Illustrative stream. In production, every artefact deployed by SYMMACHY is Cosign-keyless-signed and anchored to the public Rekor log; auditors verify against rekor.sigstore.dev directly.

    Article II — what we will refuse

    A federation that cannot be bought is the only one worth joining.

    No deployment of autonomous force projection against civilian populations under non-conflict policing.

    No support for surveillance of migrants outside formal legal asylum or border channels.

    No technology for protest or assembly suppression.

    No mass surveillance of populations under autocratic regimes.

    No exclusivity agreement that compromises sovereignty.

    No model that we cannot turn off.

    No deployment without a customer-signed Authority of Use.

    No single customer above 35% of trailing twelve-month ARR.

    Read the full Charter

    Begin a conversation

    You petition for federation. We do not solicit.

    SYMMACHY is built deliberately to filter for buyers who already understand the doctrine. If you operate a system whose failure cascades into people, capital, or sovereignty — and you have read the Charter and find no clause you would ask us to weaken — write us. The founders read every message.

    [email protected]

    For sensitive security disclosures: [email protected] — PGP key required. Disclosure policy →

    For partnerships: [email protected]

    For careers: [email protected]