Innovation & Research

ACSE — Adaptive Cryptographic Surface Engineering

A defensive cybersecurity architecture built on one idea: an attacker can't exploit a surface they mapped yesterday if that surface no longer exists today. ACSE continuously regenerates the cryptographic identity of protected systems — on a timescale faster than any attacker can act on what they've observed.

v1.1 · 10 sections · Benchmark data · Red-team results · ASMP/1.0 wire spec

Patent Published · Indian Patent Office · 19/06/2026 · Journal 25/2026

Application No. IN202641070690 · Inventor: Arul Raj
Expedited Examination Requested
The Problem

Static surfaces are a liability

Almost every major breach of the last decade follows the same shape: an attacker observes a system's cryptographic and network identity, builds a map of it over days or weeks, and then acts on that map. Credentials, certificates, endpoint fingerprints, and session identifiers are typically valid for long enough that reconnaissance pays off. ACSE removes that assumption — the map an attacker builds has a shelf life measured in microseconds.

"

An attacker can't exploit a surface they mapped yesterday
if that surface no longer exists today.

The Kali Invariant  ·  ACSE Core Principle  ·  Published Patent IN202641070690
Why Now

The timing has never been more critical

Static surfaces have always been a liability. What changed is the speed, scale, and automation of the attacks exploiting them — and the personal regulatory cost of getting it wrong. Six converging forces make this the moment for continuous surface mutation.

Minutes
AI Recon Time (was: days)

AI-Assisted Attackers

WormGPT and AutoGPT-based attack frameworks cut surface mapping from days to minutes. ACSE's answer: the surface expires before any AI model can act on what it observed.

6 hrs
Full Internet Rescan Frequency

Automated Continuous Scanning

Shodan and Censys re-index the entire internet every few hours. Every static endpoint is catalogued before you notice the scan. ACSE: what they index is cryptographically stale before they serve the result.

71%
YoY Rise in Credential Attacks (IBM 2024)

Identity is the Primary Vector

Valid accounts were used in 30% of all incidents last year. The root cause isn't weak passwords — it's that stolen credentials remain valid. ACSE closes this at the root: credentials expire at mutation boundaries.

1,000+
Cloud Services Per Enterprise (Gartner 2024)

Cloud Sprawl Explodes Attack Surface

Each service is an API. Each API is a static fingerprint accumulating in attacker databases. ACSE: every API surface rotates on every access event.

10 days
Median Attacker Dwell Time (Mandiant 2024)

Dwell Time Remains Catastrophic

Change Healthcare: 9 days and $2.457B in damage. SolarWinds: 14 months. Attacks succeed because surfaces stay static long enough to stage. ACSE's staging window: microseconds.

4 days
SEC Breach Disclosure Deadline (2023)

Regulatory Liability is Now Personal

SEC rules, EU NIS2, India DPDP Act, CERT-In mandatory reporting. Board directors are personally liable. The cost of a static surface failure is now measured in fines, criminal liability, and stock price.

See the Full Platform Vision →
Core Property

Every cycle, every surface, a new identity

At the heart of ACSE is a simple invariant: for every protected element, the cryptographic fingerprint produced in one mutation cycle is guaranteed never to repeat in any other cycle. Each element mutates using independently derived entropy, so fingerprints can't be predicted from previous cycles — and can't be reused once they've passed.

  • Independent entropy per protected element, per cycle
  • Estate-wide coordinated rotation across every node
  • Formally verified security properties
  • Hardware-rooted attestation for management operations
Architecture

How it's structured

ACSE is implemented as four co-operating layers — a management control plane operators run the estate from, a mutation engine that runs on each protected node, a coordination protocol that synchronises mutation across the estate, and a set of defensive profiles tuned to different operational contexts.

CP

ACSE Control Plane

The management layer operators run the estate from — one dashboard over every protected node, with live Kali Invariant status, SIEM dispatch, firewall orchestration, and TEE-attested role-based policy management. Auto-Discovery onboards an entire estate from existing identity and network systems, and every mutation across every node is aggregated into a single tamper-evident audit chain. Shipped now as Control Plane v0.3.0 — multi-tenant with Row-Level Security, mTLS production transport, HSM PKCS#11 adapter, first-run setup wizard, licensing enforcement, and org-scoped estate management.

PME

Polymorphic Mutation Engine

The core engine running on every protected node. On each cycle, it regenerates the cryptographic fingerprint of every registered surface using independently derived entropy, validates the result, and commits or rolls back atomically. Every mutation is recorded in a cryptographically chained, tamper-evident audit log. The AI/ML Hybrid layer (Foundation-A) classifies each mutation cycle as Normal, Suspicious, or Critical using a local 16-feature ONNX inference pipeline — air-gap safe, no external API calls.

ML

AI/ML Anomaly Classification

Foundation-A: a local ONNX inference pipeline that converts every mutation cycle output into a 16-dimensional feature vector — fingerprint entropy, Hamming distance, EWMA score, torpedo count delta, organ state — and classifies it as Normal, Suspicious, or Critical. The stub classifier runs by default with zero dependencies. A custom trained ONNX model can be hot-swapped via ACSE_ML_MODEL_PATH without recompiling. Pure Rust via tract-onnx — air-gap safe, DRDO-compatible, no cloud API calls.

ASMP

Adaptive Surface Mutation Protocol

A purpose-built network protocol that coordinates mutation across an entire estate. Peers authenticate using zero-knowledge handshakes bound to the current mutation epoch, anomaly signals propagate between nodes in real time, and a single trigger can broadcast a defensive rotation to every authenticated peer in the estate.

×11

Defensive Profiles

Eleven specialised mutation profiles, each tuned to a different class of infrastructure — transaction systems, healthcare records, cloud workloads, distributed network grids, and more — plus a master profile that can rotate every protected surface across all profiles from a single trigger, in well under 200 microseconds estate-wide.

Rigour

Built to be verified, not just demonstrated

Every claim behind ACSE is backed by an automated test suite, formal verification of the protocol's security properties, and benchmark evidence of real-world performance.

956
Automated Tests · 0 Failures
<200µs
Estate-Wide Rotation
11
Defensive Profiles
3
Protocol Models Formally Verified
IN202641070690

Filing Status

  • Application filed with the Indian Patent Office
  • Expedited examination requested (Form 18A)
  • Patent Published · 19/06/2026 · Journal 25/2026
Patent Status

From research to filing

ACSE began as an independent research project exploring whether the cryptographic identity of a system could be made to change faster than an attacker's reconnaissance cycle. The resulting architecture — covering the mutation engine, the coordination protocol, and the estate-wide orchestration model — has been filed as a patent application with the Indian Patent Office under expedited examination.

The application is publicly searchable on the Indian Patent Office portal under application number IN202641070690.

What's Next

Continuing the research

A second patent application is in preparation

Building on the foundations of ACSE, a second patent application is currently in preparation, extending this research into a related domain. Details will be shared here once filed.

Interested in this research?

Whether you're exploring collaboration, licensing, or just want to talk through the architecture in more depth — I'd welcome the conversation. The full technical whitepaper covers architecture, benchmarks, red-team results, and the ASMP/1.0 wire protocol specification.

The Governing Intelligence

KāliCore - Adya Mahā Kāli

Explore KāliCore →