Launch App
Powered by Rust & Cryptography

Cryptographically Verifiable
Compliance & Identity Governance

Aphantos proves who had access to what, when, and why — with cryptographic evidence. A graph-native compliance engine, it unifies Identity Governance (IGA), Risk Management (GRC), and Endpoint Security (EDR) into a single mathematical ledger secured by Polynomial Graph Commitments.

Explore the Suite Book a Demo View PGC Repository (Request Access)

Visualizing the Compliance Graph

Identities, roles, systems and policies become nodes and edges — and every relationship is provable. Switch tabs to see an SoD threat path, the cryptographic ledger, and a GDPR erasure flow.

WHAT IS HAPPENING: User Alice Smith simultaneously holds both Billing Clerk and Payment Approver roles.
WHY IT MATTERS: This violates Separation of Duties (SoD) policies, allowing her to create and approve payments in SAP Finance ERP.
Monitoring live compliance graph...

Node Inspector

Click on any node in the graph to inspect its properties, cryptographic status, and relationships.

The Unified Security Fabric

Three core products and two specialized modules, built natively on the high-performance Aphantos Core graph engine.

Core Product

Aphantos IGA

Identity Governance & Administration. Dynamic integration with enterprise identity directories (AWS IAM, Entra ID, Workday, plus template configurations). Just-in-Time access, PAM, and automated Separation of Duties audits.

  • Directory Integration Templates
  • JIT Privileged Access
  • Automated Access Reviews
Core Product

Aphantos GRC

Governance, Risk, and Compliance. Dynamic policy engine with real-time assurance summaries, risk radars, and mapping of 420+ controls across SOC 2, ISO 27001, NIS 2, DORA, and GDPR.

  • Dynamic Risk Radars
  • 40+ Compliance Frameworks
  • Real-time Control Evidence
Core Product

Aphantos EDR

Endpoint Detection & Response. Lightweight endpoint telemetry with behavioral threat detection, kernel-level eBPF probes, and automatic mapping to MITRE ATT&CK frameworks.

  • eBPF Kernel Probes
  • MITRE ATT&CK Mapping
  • Real-time Telemetry Ingestion
Integrated Module

Aphantos GDPR (Beta)

Privacy & Data Protection. Zero-knowledge DSAR processing, consent lifecycle tracking, and research-stage cryptographic deletion proofs validating data deletion under zero-trust privacy audits.

  • ZK Deletion Proofs (Roadmap)
  • DSAR Automation Workflows
  • Consent Ledger Auditing
Integrated Module

Aphantos PAM

Privileged Access Management. Native AES-256-GCM encrypted credential vault, session recording, and credential rotation. Fully integrated into the core IGA governance workflow.

  • AES-256-GCM Vault
  • Active Session Recording
  • JIT Rotation Workflows
Underlying Engine

Aphantos Core

The high-performance graph engine. Written in Rust, it utilizes SuccinctGraph encoding, Dynamic Elias-Fano data structures, HNSW vector indexing, and Raft consensus.

  • Sub-microsecond Graph Traversals
  • Raft & SWIM Gossip
  • PGM Learned Indexing
Cryptography

Polynomial Graph Commitments

Aphantos implements Polynomial Graph Commitments (PGC) to prove the compliance and authorization state of the entire system. Instead of trusting raw database logs, external auditors can verify cryptographic proofs.

Zero-Knowledge Auditing

Prove that all active user privileges conform to Separation of Duties (SoD) policies without exposing any actual user names or roles to third-party auditors.

KZG Commitments

Authorization states are mapped to polynomials. A single 48-byte cryptographic commitment secures millions of relations, evaluatable in O(1) time.

Incremental Proof Updates

As access changes are processed, proofs are updated incrementally, avoiding complete database recalculations while keeping the audit state live.

Aphantos Cryptographic Prover (PGC)
// Aphantos PGC Prover Runtime v1.2.0
// Ready to verify compliance state proofs.
$ aphantos-prover --verify-state
Connecting to local SuccinctGraph Engine... [OK]
Active shards: stack-local-shard-1 (authority active)
Loading PGC Setup parameters: ead2671a... [OK]
Active nodes in graph: 104,784 | Edges: 1,498,902
$

Aphantos Query Language (AQL)

Graph queries compiled to highly optimized Rust traversals. Tap the buttons to load and run sample queries.

AQL Query
// Load query...
Engine Output (JSON Graph Result)
// Run query to view output...
Technical Preprint

Academic & Cryptographic Foundation

Aphantos' zero-knowledge compliance verification is backed by rigorous cryptographic research. Our preprint describes how Polynomial Graph Commitments (PGC) are utilized to seal entire system authorization states.

By mapping directed edges to the roots of a polynomial, we get constant-size proofs verified in $O(1)$. External pairing checks let auditors verify compliance constraints without exposing database indices or user identities.

TECHNICAL PREPRINT ABSTRACT

Polynomial Graph Commitments: Constant-Size Proofs for Directed Graphs with Cycles

M. Douwes — Aphantos Labs

Abstract: We present Polynomial Graph Commitments (PGC), a graph-native instantiation of bilinear polynomial accumulators for dynamic directed graphs. Each directed edge is mapped to a field element, and the edge set is committed as the roots of a univariate polynomial via a KZG commitment over BLS12-381. PGC produces constant-size (81-byte) proofs of edge existence, non-existence, and batch membership — including over cyclic topologies — letting an untrusted graph database prove compliance constraints such as Separation of Duties (SoD) and authorization limits in $O(1)$ verification time, with an optional hiding mode for confidential identifiers. All claims are backed by a reproducible Rust implementation and test suite.

$$P(x) = \prod_{e \in E} (x - H(e))$$
(1)
$$e(C - [v]_1, G_2) = e\left(\pi, [\tau - H(e)]_2\right)$$
(2)

Performance Benchmarks

Aphantos (SuccinctGraph Engine in Rust) compared against traditional relational and graph databases on complex authorization path traversals.

Sub-Millisecond Operations

Traditional graph databases require joining multiple index structures or traversing deep pointer networks, which degrades performance as the graph depth increases.

Aphantos represents the graph using Succinct Elias-Fano CSR structures. Combined with PGM learned indices, lookups are reduced to O(1) and fit entirely inside CPU L2/L3 cache.

42x Faster than Neo4j
110x Faster than Postgres

* Benchmarks are indicative, measured under standardized workloads (100k nodes, 1.5M relations). Detailed reproducibility steps and synthetic workload generation scripts are documented in the PGC repository.

Traversal Latency (Lower is Better)

PostgreSQL 24.1 ms Neo4j (v5) 9.2 ms Aphantos 0.22 ms 0ms 12ms 25ms
Secure by Design

Security & Operational Trust

Aphantos is engineered to secure sensitive compliance and identity graphs. We practice the exact principles we verify.

Zero-Egress VPC Deployment

Designed to run fully inside your own air-gapped or isolated VPC — with no telemetry or phone-home. Identity metadata, credentials, and audit logs stay within your environment, under your control.

Hardened Runtime & Access Control

Defense-in-depth around the graph itself: role-based access control with signed, expiry-bound JWT sessions, bcrypt-hashed credentials, per-route rate limiting, and a least-privilege hardened runtime — not just a network perimeter.

Sealed Ledger Auditability

Every policy evaluation, access change, and onboarding event is recorded in an append-only, cryptographically hash-chained ledger — tamper-evident, verifiable logs for SOC 2 / ISO audits.

Secure Your Enterprise Identity Graph

Deploy Aphantos in your private cloud, verify compliance mathematically, and achieve evidence-backed zero-trust identity security.

Launch Demo App Contact / Schedule Demo

Interested in self-hosted pilots, customized enterprise SLA packages, or custom directory connectors? Get in touch.