Threat Model

Secubit’s threat model is based on a simple principle: do not trust networks or servers. Middle servers such as exchanges, WaaS providers, or custody orchestration layers are treated as potential points of compromise. They may relay information, but they are never relied upon for authenticating or safeguarding user intent.

Instead, all trust is anchored in cryptographic proofs and direct authentication between the user and the HSM. The user’s device, protected by biometrics and backed by secure hardware (such as a Secure Element or PassKey), signs every individual request. The HSM verifies these proofs before performing any sensitive operation, ensuring that only explicitly authorized actions are executed.

This means that one-time approvals cannot be reused or expanded into multiple actions. Every transaction, policy change, or cryptographic operation must carry its own fresh, user-bound approval. Replay attempts, insider misuse, and server-side compromises are neutralized because the HSM requires verifiable proof of user intent for every request.

By structuring the system around this model, Secubit ensures that even if servers or communication channels are compromised, attackers cannot impersonate users or bypass key security policies. The combination of per-request authentication and hardware-enforced policy checks makes cryptographic validation—not network perimeter defenses—the ultimate arbiter of trust.