The Deterministic Edge
Invariant Vector Defense (IVD) is a control-plane security architecture that enforces stability before systems converge and before execution occurs.
Conventional systems detect and react after damage has begun. IVD operates upstream, where control decisions are made. It identifies invariant structure in distributed activity, constructs bounded representations of that activity, and applies deterministic enforcement before the network or system state becomes unstable.
Two coordinated enforcement planes:
IVD Core
Operates in the network control plane. Reduces distributed traffic into invariant Psi-vectors (Ψ-vectors), synthesizes macro-objects, and enforces bounded upstream mitigation using Border Gateway Protocol (BGP) Flow Specification (FlowSpec).
IVD-ACP
Operates in the execution control plane. Evaluates commands, artifacts, and system states before execution and assigns authority states that determine whether execution is allowed, sandboxed, or denied.
/// This is not monitoring. This is not reactive filtering. This is deterministic control of admissibility and propagation.
Get In Touch
IVD Endpoint Posture Scanner
A free, locally-executed Windows endpoint assessment tool. No data leaves your machine.
The IVD Endpoint Posture Scanner (EPS) is a lightweight Windows executable that evaluates your system's security posture against common insurance attestation and compliance baselines. It runs locally, requires no installation, and produces a single JSON output file that you drop into this portal for a structured readiness report.
No Telemetry
Scan results never leave your machine. The JSON file is processed entirely in your browser.
No Installation
Single executable. Run it, get the JSON output, drop it into the portal. Done.
Compliance Baseline
Checks disk encryption, credential exposure, email archive risk, and more.
How It Works
-
1
Download the scanner
Download IVD_EPS_Scanner.exe from the button below. No installer required.
-
2
Run on Windows
Double-click or run from PowerShell. The scan completes in under 60 seconds and writes ivd_eps_local_scan.json to your Downloads folder.
-
3
Drop into the portal
Navigate to EPS Results Portal and drop your JSON file. Your posture report renders instantly, client-side only.
What It Checks
The EPS scanner is provided free of charge as a readiness assessment tool. It does not install any persistent components, does not connect to the internet, and does not transmit scan results. The JSON output is processed entirely in your local browser session when dropped into this portal.
EPS Readiness Portal
Drop your ivd_eps_local_scan.json file to evaluate endpoint posture.
Drop ivd_eps_local_scan.json here
or click to browse
v1.2 Scan Logic Active
File parse error
Technical Posture
—
Scan Summary
Technical Findings
Step 2 of 3: Governance Assessment
Technical scan complete. Answer 13 binary governance questions to generate your full Readiness Certificate.
Group 1: Identity & Access Control
01Administrative MFA — Is Multi-Factor Authentication (MFA) enforced for all system and network administrative accounts?
02SaaS / Email MFA — Is MFA enforced for all end-user email platforms (e.g., M365, Google Workspace) and critical SaaS applications?
03Endpoint Protection — Do all business-critical endpoints utilize a managed Endpoint Detection and Response (EDR) solution?
04BYOD Policy — Are personal mobile devices permitted to access company data? (Yes = risk exposure)
05Device-Email Linking — Is business email currently accessed on personal, unmanaged mobile devices? (Yes = risk exposure)
Group 2: Data Integrity & Recovery
06Off-site Backups — Is critical business data backed up to a physically off-site, immutable location (e.g., air-gapped or write-once-read-many)?
07Recovery Testing — Are backup recovery procedures tested for viability at least quarterly?
08Data Loss Prevention (DLP) — Does the organization utilize tools to prevent the unauthorized transfer of sensitive data?
Group 3: Governance & Policy
09Incident Response Plan — Does the organization maintain a documented, technical Incident Response (IR) plan?
10Security Training — Do all employees undergo annual security awareness and social engineering training?
11Cyber Liability Insurance — Does the organization carry an active Cyber Liability Insurance policy?
Compliance Integrity Failure
Your technical scan indicates disk encryption (BitLocker) is OFF on this endpoint. Cyber Liability Insurance policies typically require attestation of disk encryption as a baseline control. Attesting to active coverage while this control is absent may constitute a policy compliance gap or contribute to a coverage void in the event of a claim.
12Asset Inventory — Does the organization maintain a formal, updated inventory of all critical hardware and software assets?
13Vulnerability Management — Are system patches and vulnerability scans performed on a documented monthly cycle?
Invariant Vector Defense (IVD) / Endpoint Posture Scanner
Readiness Certificate
Technical Posture
—
Governance Score
—
Overall Verdict
—
Governance Control Summary
Compliance Integrity Flag
Insurance attested while disk encryption is absent. Recommend remediation before policy renewal.
This certificate is generated client-side from scan data and self-reported governance inputs. It does not constitute an audit, insurance attestation, or regulatory certification.
Upstream Control-Plane Enforcement
IVD Core is a distributed control-plane defense system for detecting and suppressing large-scale coordinated traffic before it destabilizes the network.
Edge Telemetry Sensors (ETS)
Extract fixed-length invariant Ψ-vectors from packet headers and timing at the edge. Correlation and macro-object synthesis occur at regional and global layers.
Policy Engine
Converts each macro-object into a bounded set of mitigation rules propagated via authenticated BGP sessions using FlowSpec. Rule deployment is constrained by stability policies: minimum lifetimes, safe update rates, and bounded rule counts.
This architecture prevents:
- ■ control-plane exhaustion from per-flow defenses
- ■ route flapping caused by reactive mitigation
- ■ collateral suppression of unrelated traffic
Execution Boundary Control
Invariant Vector Defense Autonomous Control Plane (IVD-ACP) applies deterministic admissibility enforcement prior to execution. ACP evaluates commands, artifacts, and ingestion events and assigns one of three authority outcomes before any execution path is entered.
Decisioning is deterministic and policy-driven. It is not probabilistic scoring and does not depend on behavioral prediction.
ACP is not an observability layer. It is an execution gate.
Macro-Object Representation
IVD represents distributed attacks as macro-objects rather than collections of flows.
Each macro-object is constructed from invariant Ψ-vectors derived from packet headers and timing. A Ψ-vector is a fixed-length statistical representation of traffic behavior that remains stable even when attackers rotate source IPs, vary ports, or distribute sources across many networks. This allows millions of flows to collapse into a single bounded representation. Mitigation operates on the macro-object, not on individual sources.
TRL-6 Baseline Evidence
Technology Readiness Level 6 (TRL-6): validated and reproducible system posture.
Validation Posture
- ✓ 60-node routing topology lab validated
- ✓ Reproducible attack profile test harnesses
- ✓ Structured logs and router state capture
- ✓ Bounded mitigation with no route flapping
- ✓ Convergence and withdrawal stability under load
- ✓ Frozen evidence bundles with local verification
Transition to TRL-7
IVD is designed for controlled transition into operational environments.
Initial Deployment Targets
- → Upstream network providers and enterprise edge environments
- → Administrative control planes with high-impact privileges
- → Retrieval and indexing systems vulnerable to poisoned inputs
- → Orchestration and automation systems with execution authority
TRL-7 Progression Focus
- → Deployment in live network and execution environments
- → Validation of stability under real-world conditions
- → Integration with existing routing policy and identity systems
- → Operator workflow and audit integration
Early deployments are structured as controlled pilot environments with bounded scope and measurable outcomes.
Pilot Deployment Expectations
Controlled introduction of deterministic control-plane enforcement.
A pilot deployment introduces IVD Core and IVD-ACP into a bounded operational environment to validate stability, enforcement behavior, and integration with existing infrastructure.
Deployment Scope
- ■ One network domain or edge segment for IVD Core
- ■ One administrative or ingestion surface for IVD-ACP
- ■ Defined prefix ranges, services, or system boundaries
- ■ Pre-agreed enforcement policies and thresholds
Known Boundaries (TRL-6)
- [!] ACP state persistence is not yet production-hardened
- [!] Restart and recovery behavior are managed but not fully externalized
- [!] Large-scale multi-domain coordination is not yet field-validated
- [!] Vendor-specific FlowSpec behavior may vary and is validated per environment
Success Criteria
- ✓ Detection and suppression of coordinated traffic without control-plane instability
- ✓ Bounded rule generation and predictable withdrawal behavior
- ✓ No collateral suppression of legitimate traffic within defined scope
- ✓ Deterministic ACP enforcement of admissibility decisions
- ✓ Complete and verifiable audit trail for all enforcement actions
The goal is not to prove possibility. That has already been established.
The goal is to prove stability, bounded behavior, and operational fit under real conditions.
Patents & IP
Invariant Vector Defense and IVD-ACP are covered by a foundational provisional patent and two non-provisional U.S. patent applications defining invariant-based detection, macro-object synthesis, and control-plane enforcement mechanisms.
| Application No. | Status | Scope |
|---|---|---|
| 63/919,908 | Filed | Foundational Architecture |
| 19/458,205 | USPTO Examining | Network Control Plane |
| 19/456,364 | USPTO Examining | Execution Control Plane |
Resources
Technical documentation and white papers available for direct download.
White Papers
Pattern-Based Upstream Mitigation: A Unified Framework for DDoS Neutralization at Internet Scale
Control-plane stabilization architecture using BGP FlowSpec and invariant Ψ-vector detection. Covers the macro-object model, bounded rule emission, and convergence behavior under volumetric attack conditions.
Invariant Vector Defense — Autonomous Control Plane: Deterministic Admissibility Enforcement for AI Pipeline Security
Execution boundary enforcement architecture for Retrieval-Augmented Generation (RAG) pipelines and agentic systems. Covers authority state assignment, indirect prompt injection defense, and Service Identity Layer (SIL) integration.
Additional technical documentation is available to qualified evaluators under NDA.
Contact to request the full evaluation package including TRL-6 evidence bundle and testbed specifications.
Contact
For technical evaluation, pilot deployment, federal engagement, or partnership inquiries:
Company
Sinteag Ventures, Inc.
Clyde, NC 28721
Preferred Engagement
Send inquiry via email. Include organization, area of interest, and relevant evaluation context. Technical documentation is available prior to scheduling.