Blog
Thoughts on encryption, privacy, and ciphertext that doesn't betray you when it leaks.
-
19 May 2026
Our compliance roadmap: certified today, audited post-launch
Cyber Essentials Certified today. SOC 2 Type II and ISO 27001 controls operating but not yet audited. Independent crypto audit and pentest on the post-launch funding window. The honest distinction between certified, audited, and operating, and the timeline we are running.
Compliance -
12 May 2026
Mini Shai-Hulud and deny.sh
On 11 May 2026 an attacker published 84 malicious versions across 42 @tanstack/* npm packages. deny.sh is not affected: no compromised package in our lockfiles, no
Security Supply chainpull_request_targetin our workflows, every publish done by hand from one machine. Here is the audit and what we are doing as a result. -
13 May 2026
The decoy realism engine
A static template pool is a fingerprint. We replaced ours with a 17-type generation engine that produces shape-locked, type-aware, AI-validated decoys per request, with a deterministic validator that rejects any candidate that would have authenticated as real. Decoys you couldn't write yourself.
Engineering Infrastructure -
12 May 2026
Why deniability needs infrastructure, not just a library
A 200-line SDK can give you deniable encryption. It cannot give you deniability. The difference is the operational layer around it: per-tenant isolation, audit posture, key custody, disclosure pipeline. That layer is infrastructure, and it is what deny.sh actually ships.
Category Positioning -
11 May 2026
How to verify deny.sh
A deniability product gets held to a higher bar. Four layers you can verify yourself in under fifteen minutes: the threat model, the cryptographic construction, the disclosure pipeline, and the supply chain. With concrete commands at each step.
Trust Verification -
Scheduled · 4 July 2026
Why we built deny.sh, the deniability infrastructure
The launch post, queued for the launch morning. Three pillars (Encrypt, Operate, Verify), four trust anchors, agents-first from day one. What deniability infrastructure means, who it's for, and how to verify any of this yourself.
Scheduled Launch Deniable Encryption -
April 2026
Your AI agent handles secrets. Does it handle them well?
AI agents are handling API keys, credentials, and sensitive data. Most of them are doing it wrong. Here's how MCP + deniable encryption fixes it.
AI Agents Enterprise -
April 2026
Why deniable encryption matters more than you think
Every encryption tool protects bytes from people who don't have the key. None of them protect the bytes from being seen for what they are after they leak. That's the gap deniable encryption fills.
Privacy Encryption -
April 2026
Whitepaper: Deniable Encryption via XOR-Composed Control Data
The full technical specification. Algorithm, security analysis, threat model, empirical verification results, and honest discussion of limitations.
Whitepaper Research