Origin. Integrity. Destination. The stamp proves three things and only those three things. The industry has been trying to solve this with the wrong tools for fifty years. We finally built the right one.
By Carl Hendrix, Founder & CEO, InnoviGuard AB
I am going to keep this simple, because the thing itself is simple.
We make a stamp. The stamp goes on data. The stamp proves three things. Where the data came from. That the data has not been altered. That only the intended destination can verify the proof. That is what we sell. That is the entire product. Everything in this essay is about why those three guarantees matter, why nobody else has built them properly, and why the industry’s existing answers do not work.
I am going to use the word stamp on purpose throughout this piece. Not protocol. Not framework. Not platform. Stamp. Because that is what it is. You hand us data. We give you a proof. The proof rides with the data. The destination verifies it. Anyone in between can see it. Nobody in between can verify it, forge it, or use it. That is the whole story.
We are not cryptography. We do not hide data. We do not encrypt anything. We have no quarrel with cryptographers and we are not in their conversation. They are very good at what they do. Hiding information is hard and they have spent fifty years getting good at it. If you need confidentiality, hire a cryptographer. They will sort you out.
We do something completely different. We attest. The stamp says this came from here, this has not changed, only that destination can confirm it. The stamp does not care what is inside the data. Plain text. Encrypted blob. A photograph. A sensor reading. A love letter. A voicemail in a language nobody speaks. A pharmaceutical formula. A telemetry packet from somewhere unfriendly. A prompt for an AI agent. We do not look at the contents. We do not need to. The stamp works on whatever you hand P55 Nexus.
Cryptography and InnoviGuard’s stamp are complementary. You can encrypt your data and stamp it with us. You can stamp without encrypting. The two operations do different jobs. We have no opinion about confidentiality. We have a strong opinion about provenance. We do one thing. We do it well. The other thing is somebody else’s department.
Every system in the world that moves data tries to answer three questions. Where did it come from. Has it been altered. Where is it going. The current answers to these three questions are weaker than people think. Most people in the industry know this privately. Almost nobody says it out loud.
The current industry answer is certificates. A certificate is a public document that binds a name to a public key, vouched for by a third party. The private key is the secret. The certificate is the label on the box. When the key gets stolen, and keys get stolen constantly, the certificate keeps working perfectly. It was never checking for the holder of the key. It was checking for the key. Two different things.
The current industry answer is hashes. A hash is a fingerprint of the data, but the fingerprint travels with the data it is supposed to vouch for. If I can touch one, I can touch the other. The industry response is to sign the hash with a private key vouched for by a certificate, which puts us back in the previous paragraph. P55 Nexus closes this. Touch the data or the stamp and it stops validating. You can’t forge a replacement.
There is no current industry answer. None. Sit with that. Every protocol the world uses to move data secures the sender and the payload. None of them say anything meaningful about whether the data arrived where it was supposed to arrive. We secured the envelope. Nobody secured the address. If somebody intercepts your data and forwards it elsewhere, every signature still passes. The data just ends up where it was not supposed to be.
P55 Nexus is a mathematical proof engine. It takes data, a source, and a destination, and produces a proof that binds the three together. The proof is destination-bound. It only verifies at the intended destination. Everywhere else it is inert. There is no key in the system. No secret. No vault. No certificate authority. Nothing for an attacker to steal because there is nothing in the system worth stealing. No secrets to protect, no third party to trust, no certificate at the end of the chain.
Five hundred thousand operations per second per thread. Validated across billions of operations with zero observed forgeries. Runs on a server. Runs on a phone. Runs on an industrial controller. Runs on a sensor with a coin cell. The stamp is small, fast, cheap, and indifferent to what it stamps.
If the engine is compromised, it stops working. It does not betray you. There is nothing to betray. The worst case is non-functionality, not exploitation. That is a fundamentally different risk profile than every system the industry has built before us, and it is one of the reasons we sleep well at night.
Without our stamp, you have what you have today. Certificates, hashes, encryption, perimeters. You hope they hold.
Add our stamp, and you have what you had, plus three guarantees you did not have before. Origin proven. Integrity proven. Destination bound.
The stamp sits alongside your stack. It does not replace anything, and it does not depend on anything. If it works, you have capabilities your stack could not deliver. If it somehow does not, you are exactly where you started. No trapdoor. No secret to leak. No failure mode where an attacker suddenly gains anything, because we are not protecting anything. Cryptography protects data. We attest.
That is the offer. The upside is real. The downside is bounded by what you already run.
And once the stamp proves itself in your environment, you can decide what parts of your old stack you no longer need. We are not dependent on certificates, PKI, or perimeters. You are free to keep them, retire them, or replace them on your timeline.
Once you have a stamp that works, something interesting falls out for free. If the system can prove what is true, the system can also produce things that look identical to truth but are not. Decoys, indistinguishable from real payloads to anyone who is not the destination.
Picture a sensor on a battlefield. It transmits readings. The conventional answer is to encrypt every reading and hope the cryptography holds. That costs battery, it costs processing power, it costs operational time. Our answer is different. The sensor stamps and sends many readings. Most are decoys. Some are real. Every reading carries a stamp. Only the destination can tell the real reading from the decoys. Anyone in the middle sees a stream of stamped data, all of it looking identical, none of it telling them anything useful. They can capture all of it. They can keep it forever. They learn nothing. The cost in battery is a fraction of the encryption alternative. The protection is stronger.
Now picture the same trick at rest. A database holds part specifications for a flagship product. Aircraft. Drug. Semiconductor. Industrial machinery. Pick your example. For every real specification the database holds many plausible alternatives. All of them stamped. All of them indistinguishable to anyone who is not the application that owns them. An attacker exfiltrates the entire database. They have everything. They have nothing. They cannot tell the real bolt from the decoy bolt. They cannot tell the real alloy from the decoy alloy. They cannot tell the real dose from the decoy dose. They have stolen a library of plausible lies and no key to the truth.
They have stolen a library of plausible lies and no key to the truth. And the same property that makes exfiltration pointless makes silent tampering visible. Modify a row, replace a row, the math stops agreeing. Write access is not the same as being believed.
Two of the most expensive categories of attack in the world. Interception in transit. Exfiltration at rest. Both rendered economically pointless by the same property. The attacker is not blocked. The attacker becomes irrational. There is nothing to gain by attacking a system where the captured data is indistinguishable from manufactured noise.
Man in the middle does not get harder. It gets pointless. Database theft does not get harder. It gets pointless. P55 Nexus is not an improvement to a category of defence. It is a category of attack going extinct.
The cybersecurity industry is currently spending an enormous amount of money on a threat called harvest now, decrypt later. The premise is simple. Adversaries are recording encrypted traffic today and storing it. They are betting that quantum computers will eventually break the cryptography protecting it. When that day comes, they decrypt the archive and harvest twenty years of secrets. The defence the industry is selling is post-quantum cryptography. Bigger keys. Stronger algorithms. The migrations are well under way and they are not cheap.
Now apply the stamp to that scenario. The adversary records the traffic as before. Most of what they captured is decoys, indistinguishable from real payloads to anyone who is not the destination. They store the archive. They wait twenty years. They acquire their quantum computer. They decrypt everything in the archive. They have decrypted a library of plausible lies. They still cannot tell which readings were real. The harvest was poisoned at the source.
Save now. Prove never.
I want to talk about a specific problem that is becoming urgent right now, because the stamp solves it and most of the industry has not noticed.
An AI agent reads instructions. Sometimes from a human user. Sometimes from a document. Sometimes from a webpage it has been told to fetch. Sometimes from a tool description in a registry. Sometimes from another agent. Modern agentic systems read instructions from many sources, blend them, and act on them. The agents that matter most, the ones writing your code, managing your calendar, drafting your emails, running your workflows, take actions in the real world based on what they read.
Now ask the obvious question. When the agent reads an instruction, how does the agent know the instruction came from where it was supposed to come from, has not been altered along the way, and was intended for this specific agent? The answer today is that the agent does not know. It cannot know. There is no mechanism in the stack that tells it. The agent reads the instructions. The agent acts on the instructions. If somebody slipped different instructions into the stream, the agent acts on those instead. This is what people call prompt injection. It is not a flaw in the model. It is a missing layer in the architecture.
The industry’s current response is to train the models harder. Teach them to recognise hostile instructions. Filter the inputs. Add guardrails. None of these are solutions. They are mitigations on top of a foundation that is missing. The model is being asked to do a job that should never have been the model’s job. Distinguishing legitimate instructions from injected ones is a provenance problem, not a comprehension problem.
Provenance is what the stamp does.
An agent that only acts on stamped instructions cannot be hijacked by an unstamped instruction. The attacker can inject anything they like. The agent reads, checks the stamp, finds nothing valid, and ignores the instruction. The attack surface does not shrink. It disappears. Whether the agent is Mythos, or any of the agents that will exist next year that do not exist today, does not matter. The architecture is the same. Stamp the instructions. Verify the stamps. Act only on what verifies. Done.
Prompt injection is one of the defining security problems of the next decade. The industry is going to spend billions trying to solve it the wrong way before catching up to the obvious answer. The stamp is the obvious answer. We are already shipping it.
The stamp is a foundation. Many things can be built on it. Dynamic credentials that cannot be replayed. Unforgeable QR codes. AI provenance. We have a list.
We are starting with Watermark. The use case where you stamp data so its origin, integrity, and destination are mathematically guaranteed. We are starting here because the pain is acute, the field is empty, and the customers in this space already know they have a problem they cannot solve with the current tools they have.
Sensors in adversarial environments. Industrial telemetry. Medical devices reporting from places nobody fully controls. Supply chain provenance for high-value goods. Defence telemetry. Hospital networks. Critical infrastructure. AI agents reading instructions from untrusted sources. The same architecture defends a battalion in the field, a hospital ward at home, a defence contractor’s parts catalogue, a clinical trial database, a satellite link, a smart meter, and an AI agent making decisions about your business. The stamp does not care what it stamps. The market follows.
Watermark is the beachhead. The wave is wider than the beachhead. The beachhead is where the wave begins.
I am Carl Hendrix. I started taking apart radios when I was nine. I never put one back together. I went on to spend three decades inside Swedish state security and inside information technology and operational technology environments, working with Swedish military intelligence and national police systems, watching the same patterns of failure repeat across very different domains. The certificates that did not prove identity. The hashes that did not prove integrity. The destinations that nobody verified. I saw enough breaches from the inside to stop believing in the marketing.
P55 Nexus did not come from an academic insight. It came from thirty years of staring at the same wall and asking why nobody had built the obvious tool. Eventually I realised why nobody had built it. For fifty years the industry had tried to prove provenance with tools built to keep secrets. Wrong tool, wrong answers. So I stopped trying to bend cryptography into a shape it was not made for and built a stamp instead. The stamp does the job. That is the whole story.
I am the founder and CEO of InnoviGuard AB, based at Ideon Science Park in Lund. We are part of Amyna, a dual-use accelerator at Ideon. We are a small Swedish company shipping a Swedish product that we believe is going to matter globally. The team is deep, focused, and stubborn in the right ways. We are not in a hurry, and we are not going anywhere.
Our first commercial pilot launches in Switzerland within weeks. A major German enterprise is in advanced discussions, with a letter of intent in preparation. Other engagements are under negotiation across European critical infrastructure, defence, and AI-adjacent sectors. The buyers who recognised the offer early are moving now.
An early ecosystem of builders is forming around P55 Nexus. One team is building a new kind of encryption with our core inside it. Another is making sure firmware comes from the right source, reaches the right device, and has not been touched along the way. A third integration is in progress. None of these products look alike. None of them share a market. They share an architecture. That is what general infrastructure looks like early.
If you run a defence programme that depends on telemetry surviving contact with the enemy, you should be looking at our stamp.
If you run a hospital network where medical devices report from places you do not fully control, you should be looking at our stamp.
If you run a supply chain where the provenance of goods determines their value, you should be looking at our stamp.
If you run a database whose theft would damage your country, your company, or the people who depend on you, you should be looking at our stamp.
If you build or deploy AI agents that take instructions from sources you do not fully control, you should be looking at our stamp before prompt injection costs you something you cannot get back.
If you are paying for a post-quantum migration because you are worried about harvest now, decrypt later, you should be looking at our stamp first. Migration is expensive. Decoys are cheap. The combination is stronger than either alone.
If any of those readers is you, the path is short. Sign a non-disclosure agreement. Sign a letter of intent. License a pilot. Prove us wrong on your own data, in your own environment, on terms that protect both sides. We are a Swedish company with a first-mover position we intend to keep. Engagement is commercial and it is serious. Customers who pilot early get the architectural advantage early. That window will not stay open forever.
If you write about this industry for a living and you are tired of the same press releases about the same incremental improvements, come to Lund. Bring whatever scepticism you want. Bring a cryptographer. Bring an engineer. We will sit across the table from you under terms that work for both of us. Serious questions get serious answers.
The cybersecurity industry has spent fifty years getting better at hiding things. We spent thirty years asking why nobody was building a stamp. The answer turned out to be that the industry had collapsed two different problems into one and was trying to solve both with the same set of tools. Confidentiality and provenance are not the same problem. Hiding information and proving information are not the same job. They got mixed together because they live in the same neighbourhood, and for fifty years the industry treated them as one discipline.
We separated them. We left confidentiality where it belongs, in the very capable hands of the cryptographers. We took provenance and built the right tool for it. A stamp. Origin, integrity, destination. Three guarantees. One operation. No secrets, no third parties, no hierarchies of trust.
We are not asking the world to trust us. We are asking the world to look. The stamp exists. It works. It costs less than the alternatives. It does what the alternatives cannot do at any price. The customers who have deployed it know what they are getting. The journalists who write about us will see what we have. The industry will catch up on its own schedule, but the stamp does not need permission to exist.
Watermark first. The rest follows. We are in Lund, building, shipping, and quietly proving everything.
Come and find us.
Carl Hendrix
Founder & CEO, InnoviGuard AB
Lund, Sweden
