The Foundation

Cyphers Architecture

Server Authenticated TLS (HTTPS): TLS 1.3, Authenticated Encryption with Associated Data (AEAD) ciphers, strict certificate validation. mTLS for access control. The same foundation powers every Cyphers product.

Defence in depth. Multiple security layers. Each layer independent. The same foundation powers every product we ship.

Developed from years of building security systems that pass government evaluations. Now available in everything we build.

Cert Manager
Auth Server
JWT Validator
Rate Limiter
Input Sanitizer
Security Monitor

Assume breach.

Every layer is built to hold alone. We design as if attackers are already inside the outer perimeter.

Trust nothing.

No connection is trusted by default. Identity verified. Certificates validated. Permissions checked.

Govern everything.

No configuration drift. No certificate surprises. No invisible traffic.

Foundational Components

Cyphers Cert Manager

Manages certificates.

Certificates are the foundation of transport security. Expired certs cause outages. Misconfigured mTLS causes breaches. Cert Manager handles the lifecycle.

Internal CA (ECDSA/RSA)
Automated ACME/API issuance
Pre-expiry rotation
CRL and OCSP revocation
HSM support
Config generation for NGINX, Envoy, HAProxy
Used in: TLSMCP, Cyphers HTTPS Node, Cyphers HTTPS for Claude

Cyphers Auth Server

Issues tokens.

Identity is the first question: who is this? Auth Server answers with cryptographic proof. Scopes answer the second question: what can they do?

OAuth 2.1 compliant
PKCE required (no implicit grant)
RS256-signed JWTs
Granular scope-based permissions
Token revocation (RFC 7009)
JWKS endpoint
Used in: TLSMCP

Cyphers Input Sanitizer

Sanitizes inputs.

94.4% of LLM agents are vulnerable to prompt injection. Input Sanitizer catches attacks at the gate. Your code sees only validated, safe data.

SQL injection detection
Command injection detection
Prompt injection detection
XSS prevention
Strict schema validation
Fail-fast rejection
Used in: TLSMCP

Cyphers Rate Limiter

Limits rates.

AI agents drain budgets fast. A compromised agent makes thousands of calls before anyone notices. Rate Limiter caps the damage.

Sliding window algorithm
Dual metrics: requests AND tokens
Tiered limits
Redis-backed for scale
Automatic rate limit headers
Prometheus metrics
Used in: TLSMCP

Cyphers Security Monitor

Monitors security.

You can't govern what you can't see. Security Monitor provides visibility. Configuration drift triggers alerts in minutes, not months.

Structured security events (CEF, Syslog)
SIEM integration
Prometheus metrics
Drift detection alerts
Anomaly detection
One-click audit export
Used in: TLSMCP, Cyphers Hub, Cyphers HTTPS for Claude

Cyphers Hub

Orchestrates fleet.

One dashboard. Complete control. Cyphers Hub is how you manage security at scale.

Web dashboard for fleet status
Certificate operations at scale
Golden configuration enforcement
Zero-downtime rotation
Slack/PagerDuty alerting
Compliance evidence export
Used in: Enterprise deployments

Same components. Different deployments.

See how our foundation adapts to each product—from AI agent infrastructure to workflow automation to developer tools.

Capability
TLSMCP
Cyphers HTTPS Node
Cyphers HTTPS for Claude
Server Authenticated TLS (HTTPS)
TLS 1.3, Authenticated Encryption with Associated Data (AEAD) only
TLS 1.3, Authenticated Encryption with Associated Data (AEAD) only
TLS 1.3, Authenticated Encryption with Associated Data (AEAD) only
mTLS Support
Full mTLS access control
Client certificate auth
Client certificate auth
Certificates
Hub-managed, auto-rotation
Pinning, revocation, custom CAs
Pinning, revocation, custom CAs
Deployment
Drop-in proxy
n8n community node
MCP server for Claude
Observability
Hub dashboard, SIEM export
SIEM export (JSON, CEF)
SIEM export (JSON, CEF)
Compliance
FIPS 140-3 (Pro)
FIPS 140-3 (Pro)
FIPS 140-3 (Pro)

Built for enterprise.
Ready for you.

Pick your entry point.

Explore Products Contact Us