Armada verifies a client's actual security posture against real underwriting requirements, destroys the raw data, and leaves behind one thing: a signed attestation the underwriter can trust.
Three views from the producer console — the book, the simulator, and the record. Everything below runs on sample data, marked as such, because we don't fake traction and we don't fake posture.
Every scan is single-use by construction. There is no database of your clients' security data, because the architecture has nowhere to put one.
With the client's consent, posture is read directly from source systems into volatile memory. Read-only scopes. Nothing is written anywhere.
Controls are scored against a versioned catalog built from what carriers actually ask. Verified means verified — unchecked controls are labeled, never guessed.
The buffer is overwritten and released the moment evaluation completes. Zero bytes of raw telemetry survive the scan.
What persists is one cryptographically signed record — score, tier, and a hash chained to every scan before it. Tamper-evident by design.
Your whole book at a glance — every insured scored, tiered, and tracked against the requirements that decide whether an account binds.
Toggle a fix and watch readiness, tier, and market access move in real time. Walk into the client meeting with the answer, not a maybe.
Appetite modeling shows which markets an account clears today — and exactly which control gap is closing the door on the rest.
Every scan anchors to the one before it. The trail is verifiable by anyone, alterable by no one — including us.
Posture changes between scans are flagged by comparing signed results — surveillance-free monitoring, because re-verification is the monitoring.
The core promise, engineered rather than promised: collection, evaluation, and destruction in one breath. You can't leak what you don't keep.
Access flows through the client's own identity provider. They grant it, they see it, and they can revoke it any time — without asking us.
A control is pass, partial, fail — or explicitly "not verified by this scan." The platform structurally cannot invent a status it didn't check.
Attestations export in the shape underwriting actually reads — pre-answering the security section instead of adding another PDF to the pile.
Coverage grows one integration at a time — and until a source is wired, the controls it would verify are labeled "not verified," never estimated.
Armada is being built to SOC 2 control posture from the first commit — with an independent Type II audit on the roadmap, not claimed before it's earned. In the meantime, the architecture makes the strongest claims for us.
The platform can look. It can never touch, change, or administer anything in a client's environment.
Access is granted through the client's own identity provider — and revoked the same way, without asking us.
There is no table, field, or backup where client security data could accumulate. Structurally absent, not policy-forbidden.
Attestations are signed with keys that never leave the vault, and chained so history can't be quietly rewritten.
Software for insurance producers. It verifies a client's cyber security posture against the requirements carriers actually underwrite on, then produces a signed attestation the producer can use in a submission. It is not an insurance product, a policy, or a security service.
No. Posture data is read into memory, evaluated, and destroyed within a single scan. What persists is the result — a score, a tier, and a signed hash. The storage layer has no place for raw telemetry by design, so retaining it isn't a policy we follow; it's a capability we don't have.
The first integration verifies identity posture in Microsoft 365 environments — MFA registration, conditional access, and privileged role hygiene — the controls with the most underwriting weight. Controls the current integration can't reach are labeled as not verified, never estimated. Coverage expands integration by integration.
It's a simplified, clearly-labeled illustration using three controls. The product runs the full 13-control catalog with knockout logic, and the numbers there come from verified scans of real environments — never from a marketing page's math.
Not yet, and we won't pretend otherwise. Today the attestation is supplementary evidence: it pre-answers the security section, reduces subjectivities, and speeds quotes. Making it natively accepted by markets is the long game.
Armada is in active development, shaped directly by conversations with producers. If you write cyber and want to influence what gets built — or be first in line when it ships — request early access below.
We're working with a small group of producers before wider release. Tell us who you are — a founder reads every note.