An enterprise credential control plane for organizations with strict privacy and access-control requirements — deployed at organization scale. AEGIS gives your team the full XVault capability set (AI access controls, dual-vault mode, Shamir, Sentinel, memory protection) under organization-wide licensing, with a dedicated management portal, priority support, and API access. No cloud sync. No browser extension. No AI access by default.
Every XVault capability — AI access controls, dual-vault mode, Shamir, Sentinel, AES-256-GCM, offline-first — plus the operational controls a real organization needs: licenses, billing, team, support, downloads, and API access.
AI Paste Guard warns before clipboard ops near detected AI processes. Agent Vaulting issues scoped ephemeral credentials with TTL. Human Approval Gates require live operator confirmation for gated secrets. Every retrieval is logged. No AI access by default.
Two independent PIN-protected vaults using AES-256-CTR with PBKDF2-SHA256 (500,000 iterations). Each vault uses a key derived from its own PIN, so the two vaults stay fully separated. Includes time-triggered and destruction-triggered emergency fallbacks.
K-of-N threshold scheme over GF(256). Org-level Shamir quorums let designated beneficiaries reconstruct vault access; fewer than K shares reveal no information about the key — credential continuity when key personnel are unavailable or unable to operate the vault.
Before the master password prompt appears, Sentinel checks the host against multiple threat-intel feeds (ThreatFox, MISP, MalwareBazaar, and others) across several scan categories: clipboard hijackers, keyloggers, RATs, screen capture tools, debuggers, and cryptominers.
Authenticated vault encryption with AES-256-GCM. Keys derived via Scrypt (n=131072, r=8, p=1). Dual-vault decoy partitions use AES-256-CTR with PBKDF2-SHA256 (500,000 iterations). Exact cryptographic primitives documented in the Executive Overview.
No cloud sync, no telemetry by default, no network dependency at runtime. Single portable executable — no installation, no registry entries. Runs from USB. Process isolation and memory protection limit exposure to other software on the same host.
Manage all XVaultPro licenses from a single portal. Track seat allocation, device activations, entitlement status, and renewal timelines across your entire deployment.
Contracts, invoices, payment history, and package details in an enterprise billing experience designed for procurement and finance teams.
Invite team members, assign roles, enforce AI policy per role, and manage per-user Shamir share distribution. Every seat stays scoped to your organization with clear ownership.
SLA-backed support tickets tied to your contract and service level. API credentials for integrating license provisioning, audit export, and Sentinel events into your existing infrastructure.
AEGIS isn't a re-skinned consumer product. It's the enterprise delivery of a credential control plane built around three concrete concerns that matter to security teams: AI tools getting broad access to secrets, cloud sync as a persistent attack surface, and the need to separate sensitive credentials from day-to-day ones. Each is addressed with documented architecture, not marketing.
A structured onboarding path — contract, Shamir quorum, AI policy, license provisioning — no detached handoff between security, procurement, and operations.
Request AEGIS evaluation. Confirm offline-first architecture and dual-vault / Shamir capabilities match your organization's privacy and access-control requirements.
Onboard into the AEGIS program: contract, org-level Shamir thresholds, AI Policy Engine configuration, and license provisioning.
Deploy XVaultPro across your team: licenses, downloads, support, team, API credentials, and audit exports from one portal.
Scale with renewals, additional seats, on-prem threat intel bundle, and operational mode controls as your deployment grows.
Request AEGIS enterprise access or sign in to your existing portal. Designed for institutional and enterprise partners.
