The current digital security model was built for a world where trust was between people.
That world is ending.
Machines, workloads, APIs, software agents, and autonomous systems have become the dominant participants in digital infrastructure. Most of them were never designed to prove they are genuine. That is not a configuration problem. It is an architectural problem.
Incremental fixes do not change the architecture.
INTEGRATORS
THE SHIFT
What broke was the assumption. Not the implementation.
The Model We Built
For thirty years, digital security was built on a single foundational move: establish identity once, store proof of it, and present that stored proof on demand.
The Vulnerability
The vulnerability is structural. Anything stored can be extracted. Anything extracted can be replayed.
The Band-Aids
Key rotation, certificate revocation, MFA overlays, and PAM tooling are friction added to a model that has not changed. They slow attackers down. They do not change what is being attacked.
The Real Target
The attack surface is not the implementation. It is the model. Stored identity is always a target. The only way to eliminate that target is to stop creating it.
THREE HORIZONS This is not a sudden problem. It has been building for years, now.
Post-quantum is not a planning exercise. Anything you deploy today that needs to be secure in ten years is already subject to harvest-now, decrypt-later collection. The transition window is not ahead of you.
It is already here.
THE INSIGHT
The problem is not that credentials are too easy to steal
The problem is that credentials exist at all.
Every security framework built around credential management is optimizing the wrong variable. It assumes that persistent secrets are necessary and works to protect them more effectively. The real question is whether a system can prove trust without generating anything worth stealing in the first place.
THE CATEGORY
Continuous proof trust
Not a better lock. The elimination of what makes locks necessary.
Continuous Proof Trust is a new category in which trust is not stored, inherited, or assumed. It is generated fresh for each session, cryptographically verified throughout its duration, and destroyed the moment the session ends. There is no credential to rotate. No certificate to revoke. No long-lived secret to harvest.
kin is IOTHIC's implementation of that category. It gives machines, workloads, devices, and autonomous systems a way to continuously prove trust without relying on stored credentials, reusable secrets, or a central authority. In fact, the proof is user-defined
THE TRANSFORMATION
What changes when the trust model changes?
When a system proves trust continuously rather than presenting a stored credential, a few things follow directly.
Session-native identity
Ephemeral keys are generated per session and destroyed at close. Nothing remains to be harvested.
Continuous proof inline
Authentication runs throughout the session, not only at the gate. A drifting device is quarantined mid-session.
Nefarious behavior
Unprovisioned devices receive zero network visibility. The surface is not hardened. It is absent.
Distributed mesh trust
No single authority. No single point of cascade failure. Mesh nodes authenticate independently during connectivity loss.
The library is under 8MB . It compiles into existing stacks.
Built on NIST-approved standards.
Modular cryptographic libraries enable post-quantum algorithm updates without re-architecture.
Designed for constrained OT and IoT Compute environments, including 15-year old PLCs.
WHY WE BUILT IOTHIC
“The research became a company because the problem was bigger than academia.”
IOTHIC began at the University of Oxford with a question most security architectures were never designed to answer:
What happens when stored credentials are removed from the trust equation entirely?
Nearly a decade of research led to the creation of the Open Interoperable Security Protocol and a new approach to Zero Trust: Continuous Proof Trust.
Today, that research powers kin.
Trust is not inherited. It is continuously proven.