TrustFour

TrustFour is a TLS-centric control plane designed to secure non-human identities (NHIs) and workloads, with a focus on AI and microservice environments. It uses lightweight shim/agent technology that attaches to services and sidecars without requiring application rewrites, working across Kubernetes, VMs, and serverless environments. Core capabilities: - Policy-driven mutual TLS (mTLS): Enforces which services can communicate with each other, binding workload identity to TLS sessions and restricting connections to explicitly permitted pairs with defined scopes. - Short-lifetime certificates and one-time-use Pre-Shared Keys (PSKs): Issues ephemeral credentials per connection or job run to prevent replay attacks and lateral credential reuse. - TLS hygiene assessment: Continuously scans domains and services for weak protocols (TLS 1.0/1.1), weak cipher suites, stale certificates, and misconfigurations, mapped to NIST 800-52 controls with guided remediation. - East-west and north-south traffic visibility: Provides observability and audit trails for workload-to-workload communication, tying each connection to a signed workload identity. - Agentic AI workload controls: Enforces policy bindings between agent identities and specific registered tools or services, blocking unregistered endpoints at the transport layer. - Post-quantum TLS readiness: Inventories which connections can adopt PQ-TLS, supports hybrid cipher testing, and assists with migration planning. TrustFour is targeted at securing AI stack components including data pipelines, model endpoints, agents, vector stores, and MLOps/CI/CD systems by enforcing least-privilege transport-layer policies between workloads.