Illuminate the
Dark Matter of Your Software
You can't secure what you can't see. Laviq automates the discovery of cryptographic risks inside compiled binaries, third-party firmware, and runtime environments where source code is missing.
Why Now? The 2025 Compliance Cliff
Until recently, Quantum Readiness was theoretical. In 2024, it became a hard deadline. New mandates force CISOs to inventory cryptographic assets immediately.
USA: The Hard Deadline
NSA CNSA 2.0
The NSA requires National Security Systems to begin the transition to Quantum-Resistant algorithms by 2025.
Organizations must complete discovery and inventory now to meet the transition timeline.
Canada: The Inventory Requirement
CCCS ITSM.40.001
By April 2026, federal departments must have an initial PQC migration plan. The first step is a complete cryptographic inventory.
Most organizations cannot inventory "Black Box" binaries and 3rd-party apps—which is exactly where Laviq operates.
Europe: The Supply Chain Enforcer
EU Cyber Resilience Act (CRA)
The CRA requires manufacturers to fix vulnerabilities and maintain a secure supply chain. Products with known vulnerabilities (like weak crypto) will be banned from the EU market.
Automotive and IoT vendors are liable for the code inside their "Black Box" components. They must scan binary firmware for non-compliant crypto to keep selling.
Asia: The Financial Watchdog
Singapore MAS Advisory
The Monetary Authority of Singapore (MAS) requires financial institutions to perform a "Quantum Key Risk Assessment" and inventory cryptographic assets immediately.
Banks run massive legacy cores and 3rd-party financial gateways. They cannot inventory these systems manually without an automated discovery tool.
The Reality Gap
Why "Safe" Code Fails in Production.
01. Hidden Dependencies
Crypto libraries are often statically linked deep inside 3rd-party binaries. Your manifest says "Clean", but the compiled binary contains a hardcoded RSA-1024 key.
02. No Source Code
You rely on vendor firmware and proprietary SDKs. You cannot scan source code you don't have. You must validate the artifact itself.
03. Runtime Drift
Static files don't tell the whole story. Applications load libraries dynamically (dlopen) or change behavior based on config.
Example: An app only loads the vulnerable libcrypto.so when a specific "Legacy Mode" flag is triggered at runtime.
| Feature | Standard SCA / SBOM | Laviq Runtime Agent |
|---|---|---|
| Analysis Method | Text Scanning (Source/Manifests) | Binary "Physics" & Runtime Tracing |
| Statically Linked Libs | Blind (Files don't exist) | Visible (Scans raw bytes) |
| Dynamic Loading (dlopen) | Missed (Runtime only) | Captured (Via Kernel eBPF) |
| Crypto Validation | Library Version Check | Mathematical Constant Verification |
Offline Analysis Demo
Dual-Engine Architecture
"Static Scanners check Text. LAVIQ checks Physics."
Artifact Scanner
Analyzes the "Physics" of the binary at rest. Detects cryptographic constants in stripped executables.
Runtime Monitor
eBPF tracing of live execution. Maps connect() syscalls to PID and specific loaded libraries (.so) on disk.
What Laviq Does
- Analyze shipped firmware and binaries (no source code required)
- Identify long-term cryptographic commitments
- Bootloader Unpacking (U-Boot / FIT Images)
- Assess post-quantum relevance and migration difficulty
- Produce clear, audit-ready findings
What Laviq Does Not Do
- ✕ No agents
- ✕ No cloud uploads
- ✕ No code modification
- ✕ No operational disruption
Who It's For
Organizations with long-term cryptographic exposure
Industrial & OT
Control systems, PLCs, and infrastructure with multi-decade lifecycles.
Medical & Regulated
Devices subject to regulatory compliance and extended field deployment.
Embedded Systems
Long-lived firmware with constrained update capabilities.
Security & Compliance Consulting
Assessment engagements requiring clear, defensible findings.
Compliance & Risk Matrix
Automated mapping to ITSP.40.111 (Canada), NIST SP 800-218, and ISO 27001 asset inventory requirements.