Local-first data control
VASSAGO, GARM, KAIROS and PHANES are designed to minimize unnecessary cloud exposure. Sensitive documents, credentials and evidence logs should be protected by GARM and role-based access before enterprise pilots.
Forneus is pre-institutional, so this page does not pretend mature certifications are already complete. It shows the control architecture, audit path, and evidence plan investors should expect before enterprise and defense-adjacent deployment.
The security thesis is local-first execution, hardware-bound identity, post-quantum migration readiness, and auditable workflows across the product portfolio.
VASSAGO, GARM, KAIROS and PHANES are designed to minimize unnecessary cloud exposure. Sensitive documents, credentials and evidence logs should be protected by GARM and role-based access before enterprise pilots.
NIST finalized its first post-quantum encryption standards in 2024. Forneus treats PQC as a migration roadmap: protocol selection, key lifecycle documentation, and third-party cryptographic review before high-assurance claims.
NIS2, DORA and the EU AI Act create audit pressure. The portfolio needs evidence trails: user action logs, human-review checkpoints, model-output disclaimers, access controls and retention rules.
ELIGOS, MORRA and PAZUZU require staged demonstrations, export/legal review, safety cases and partner-controlled pilots. Public material should support qualified diligence without theatrical secrecy language.
Certification spend is staged after product-market evidence. The goal is to avoid paying for audits before the right lead products are clear.
A professional trust center should guide diligence rather than hide behind broad security claims.
Threat model, data-flow diagrams, key-management model, secure SDLC, dependency policy, deployment topology and product-specific risk register.
Security questionnaire answers, procurement one-pager, privacy summary, incident response contacts, retention policy and model-output human-review disclaimer.
For defense-adjacent systems, full technical details should move under NDA with qualified investors, grant reviewers or strategic partners only.
Reports submitted below are routed through the site backend, stored as form submissions and emailed to the admin recipient configured in the backend.
Trust starts with identifiable leadership, public diligence surfaces, and a clear distinction between what is proven today and what must still pass external review.
Oleksandr Lushpihan and Juliia Nuzhnenko are presented through public profile links, role descriptions, and a leadership page that explains what each founder owns. Sensitive co-founder details are reserved for qualified NDA review rather than dramatized on the public site.
Founder education artifacts are linked from the leadership page, including cybersecurity, risk management, network security, security policy, AI strategy, communication, and leadership training. These are not substitutes for audits; they support founder diligence.
Current public proof points include GARM in the EEC 2026 Top-80 context and PAZUZU's Brave1 / MineSight semi-finalist review context. The page treats them as signals, not revenue or certification claims.
Forneus does not claim ISO 27001, SOC 2, defense accreditation, or production-grade certification before those audits are funded, scoped, and completed. The roadmap shows what must happen first.
The trust center defines the control set expected before enterprise, financial, or defense-adjacent deployment.
Administrative surfaces require bearer-token authentication, protected backend routes, rate limits, and separation from public content. Future production hardening should add MFA, role-based admin accounts, rotation policy, and audit trails.
Site analytics use session identifiers, page paths, device type, referrer, coarse location, and engagement duration. Coordinates collected through the weather widget should be rounded and used for city/country analytics rather than invasive user profiling.
Before commercial scale, every product should maintain dependency review, secret handling, branch/release discipline, vulnerability triage, reproducible deployments, backup/restore tests, and documented rollback procedures.
Legal, finance, security, and defense-adjacent workflows require user-visible limitations, human review checkpoints, evidence logging, model-risk notes, and clear ownership of final decisions.
A real trust center helps investors, partners, and researchers know exactly what evidence to request.
The professional trust position is ambitious but honest: strong founder execution and proof assets, with formal certifications still ahead.
Security researchers can submit reproducible findings. Forneus is not advertising a paid bounty pool yet; severity, impact and response path are reviewed case by case.