Product Method Platform Trust FAQ Request access
In development · built with producers

Cyber risk, made legible to the people writing the check.

Armada verifies a client's actual security posture against real underwriting requirements, destroys the raw data, and leaves behind one thing: a signed attestation the underwriter can trust.

M365 native first Read-only scopes 0 bytes retained
READINESS ATTESTATION
standby
Ephemeral scan · demonstration
identity — mfa registration·····
conditional access policies·····
privileged role assignments·····
secure score — context·····
raw telemetry in memory — bytes
sig awaiting scan
utc
Raw posture data never persists. Only the signed result remains.
Product tour

See the desk you'd actually work from.

Three views from the producer console — the book, the simulator, and the record. Everything below runs on sample data, marked as such, because we don't fake traction and we don't fake posture.

ARMADA
Sample data
InsuredScoreTierMarkets
Nimbus Logistics
Transportation · 140 seats
86Bind-ready5 of 5 clear
Halyard Financial
Financial services · 62 seats
71Conditional3 of 5 clear
Portside Medical
Healthcare · 210 seats
58Conditional2 of 5 clear
Cedar Ridge Mfg.
Manufacturing · 95 seats
41Likely declination1 of 5 clear
Every insured in the book carries its verified score, readiness tier, and modeled market access — so renewal conversations start from evidence.
ARMADA
Illustrative model
Enforce MFA everywhere
The single heaviest underwriting control
Deploy EDR fleet-wide
Managed detection on every endpoint
Immutable, tested backups
The ransomware recovery question
47
Readiness score
Likely declination
Clears 1 of 5 modeled markets
Toggle a fix, watch tier and market access move — that's the client meeting, rehearsed. The live product runs the full 13-control catalog; this is a simplified illustration.
ARMADA
Sample record
record  READINESS ATTESTATION · catalog v2026.07
subject  Nimbus Logistics (sample) · scanned 2026-07-09 14:02:11Z
identity — mfa registration — verified · pass
conditional access enforcement — verified · pass
privileged role hygiene — verified · partial
endpoint detection & response — not verified by this scan
score  86 / 100 over verified controls · tier bind-ready
chain  prev 9c41…e07a → this 6f2d…b391
sig  ECDSA P-256 · key never leaves the vault
Unverified controls say so, in writing — the attestation never guesses. The chain means history can't be quietly rewritten, including by us.
The method

Collected once. Checked once.
Then it's gone.

Every scan is single-use by construction. There is no database of your clients' security data, because the architecture has nowhere to put one.

i.

Collect

With the client's consent, posture is read directly from source systems into volatile memory. Read-only scopes. Nothing is written anywhere.

ii.

Evaluate

Controls are scored against a versioned catalog built from what carriers actually ask. Verified means verified — unchecked controls are labeled, never guessed.

iii.

Destroy

The buffer is overwritten and released the moment evaluation completes. Zero bytes of raw telemetry survive the scan.

iv.

Attest

What persists is one cryptographically signed record — score, tier, and a hash chained to every scan before it. Tamper-evident by design.

The platform

Built for the producer's desk,
not the server room.

Fleet readiness

Your whole book at a glance — every insured scored, tiered, and tracked against the requirements that decide whether an account binds.

Remediation simulator

Toggle a fix and watch readiness, tier, and market access move in real time. Walk into the client meeting with the answer, not a maybe.

Market access matrix

Appetite modeling shows which markets an account clears today — and exactly which control gap is closing the door on the rest.

Chained attestations

Every scan anchors to the one before it. The trail is verifiable by anyone, alterable by no one — including us.

Drift detection

Posture changes between scans are flagged by comparing signed results — surveillance-free monitoring, because re-verification is the monitoring.

Ephemeral engine

The core promise, engineered rather than promised: collection, evaluation, and destruction in one breath. You can't leak what you don't keep.

Consent & revocation

Access flows through the client's own identity provider. They grant it, they see it, and they can revoke it any time — without asking us.

Verified or labeled

A control is pass, partial, fail — or explicitly "not verified by this scan." The platform structurally cannot invent a status it didn't check.

Submission-ready output

Attestations export in the shape underwriting actually reads — pre-answering the security section instead of adding another PDF to the pile.

The difference

Retire the questionnaire.

The questionnaire era
With Armada
The client's office manager guesses at 40 security questions, under deadline, in a PDF.
Posture is read from the systems themselves — consented, read-only, verified at the source.
Sensitive answers sit in inboxes and shared drives for years.
Raw data is destroyed within the scan. What persists is a signed result — nothing to breach, nothing to subpoena.
Misstatements surface at claim time, when they're most expensive.
Verified-vs-not is explicit on the record — the attestation says what was checked and what wasn't, in writing.
Producers find out an account was unplaceable after shopping it.
Market access is modeled before submission — and the simulator shows exactly which fix opens which door.
0
Controls evaluated
0
Lifecycle stages
0
Bytes retained per scan
0
Signed record per scan
Integrations

Verification, source by source.

Coverage grows one integration at a time — and until a source is wired, the controls it would verify are labeled "not verified," never estimated.

Microsoft 365 · Entra
MFA registration, conditional access, privileged roles, secure score
First integration · in development
Google Workspace
Identity posture and enforcement state
On the roadmap
EDR platforms
Agent coverage and policy state
On the roadmap
Backup platforms
Immutability and restore-test evidence
On the roadmap
Trust

Security posture you can interrogate.

Armada is being built to SOC 2 control posture from the first commit — with an independent Type II audit on the roadmap, not claimed before it's earned. In the meantime, the architecture makes the strongest claims for us.

Read-only, least-privilege scopes

The platform can look. It can never touch, change, or administer anything in a client's environment.

Client-revocable at any time

Access is granted through the client's own identity provider — and revoked the same way, without asking us.

No raw telemetry at rest

There is no table, field, or backup where client security data could accumulate. Structurally absent, not policy-forbidden.

Cryptographically signed results

Attestations are signed with keys that never leave the vault, and chained so history can't be quietly rewritten.

Questions

Asked and answered.

Software for insurance producers. It verifies a client's cyber security posture against the requirements carriers actually underwrite on, then produces a signed attestation the producer can use in a submission. It is not an insurance product, a policy, or a security service.

No. Posture data is read into memory, evaluated, and destroyed within a single scan. What persists is the result — a score, a tier, and a signed hash. The storage layer has no place for raw telemetry by design, so retaining it isn't a policy we follow; it's a capability we don't have.

The first integration verifies identity posture in Microsoft 365 environments — MFA registration, conditional access, and privileged role hygiene — the controls with the most underwriting weight. Controls the current integration can't reach are labeled as not verified, never estimated. Coverage expands integration by integration.

It's a simplified, clearly-labeled illustration using three controls. The product runs the full 13-control catalog with knockout logic, and the numbers there come from verified scans of real environments — never from a marketing page's math.

Not yet, and we won't pretend otherwise. Today the attestation is supplementary evidence: it pre-answers the security section, reduces subjectivities, and speeds quotes. Making it natively accepted by markets is the long game.

Armada is in active development, shaped directly by conversations with producers. If you write cyber and want to influence what gets built — or be first in line when it ships — request early access below.

Early access

Be at the front of the line.

We're working with a small group of producers before wider release. Tell us who you are — a founder reads every note.

Opens your email client with the details pre-filled — no forms into the void.