Rebuilding the Foundation of Software Security
Would you let a stranger hold your wallet? That’s what your computer’s processes are doing.
Despite decades of progress in cloud computing, AI, virtualization, and zero-trust architectures, one foundational part of computing has remained status quo since 1985: Processes still share one giant, unprotected memory space… with dozens of miscellaneous executable libraries in it. Compiled by complete strangers with no provenance.
The root cause for most modern supply-chain compromises, library hijacks, return-oriented-programming exploits, privilege escalations, and keys leaking from processes is in-process exploitation.
Applied Enclaves is building the first practical solution: hardware-enforced sub-process isolation integrated directly into the compiler, linker, loader, and runtime. Every executable and library runs in its own SGX-backed enclave, with encrypted function calls and verifiable trust boundaries inside the process.
This isn’t a security product.
It is a new execution architecture.
A category-defining platform with the potential to become a new industry baseline.
Datablock
| Category | Information |
|---|---|
| Company Name | Applied Enclaves LLC |
| Legal Structure | Delaware Limited Liability Company (LLC) – Single member |
| Founded | November 2025 |
| Stage | Pre-seed |
| Current Employees | No employees. The founder is the only member and not drawing a salary. |
| Technical Foundation | Create an enclave-aware toolchain using Intel’s SGX technology |
| Dilution / Cap Table | No dilution; 100% founder-owned |
| Intellectual Property | 3 U.S. and 1 PCT patent filings: 1 patent has been accepted. 1 is in review. 1 is being rewritten. |
| Product Status | Proof of concept: Done – January 2025 Prototype toolchain modifications in progress |
| Market | Big tech, confidential computing, cybersecurity, DevSecOps, enterprise security, government/defense, general purpose computing |
| Problem Solved | Enables sub-process isolation and hardware-backed trust boundaries. Eliminates blind trust inside processes. |
| Solution Summary | A new execution architecture where every executable and library runs in its own secure memory enclave; eABI; provenance-based execution; private-by-default memory model |
| Competitive Advantage | Nobody’s doing this. Not in patents. Not in academia. I’m working on securing the patents now. |
| Revenue Model | 1. License to a big tech firm 2. Develop our own high-security Linux distribution |
| Traction / Validation | Research published at IEEE CSR 2025; multiple patent applications; prototype in progress; competitive scholarships via the Schidler College of Business |
| Funding Sought | Between 500K and 3M. Staggered, based on milestones. |
| Use of Funds | 1. Funding to hire the engineering talent we need to get through the initial phases of development (Link to Commercialization Path) 2. Expand patent protection: File additional CIPs to broaden our portfolio |
| Founder Background | Navy veteran, NSA-Hawaii Research Liaison, Visiting Professor, Intel engineer, HP Networking Lab Manager, Ph.D. candidate in computer science (trusted execution). |
| Location | Honolulu, Hawaii (operations), Delaware (legal) |
| Vision | Establish sub-process isolation as a fundamental security primitive for general-purpose computing. |
| Target Customers | Big tech firms: OS vendors, compiler/toolchain teams, cloud providers, cybersecurity vendors, government/defense, critical infrastructure. |
| Go-to-Market Strategy | Strategic partnerships; integration with Linux distributions; enterprise pilots; secure toolchain licensing. |
| Technology Readiness Level (TRL) | TRL 3–4 (research prototype → early proof of concept). |
| Why Now | TEEs are mainstream; supply-chain attacks escalating; OS trust model failing; zero-trust architectures missing intra-process boundaries. Urgent: We need Intel to maintain and expand SGX |
| Exit Possibilities | Acquisition by big tech company, or sold to an IP holding company |
| Regulatory Considerations | No export control restrictions on core architecture (unless future SGX equivalents expand scope). |
| Risks & Mitigations | Hardware dependency, OS vendor cooperation, standardization timelines; mitigated by backward compatibility + toolchain-first approach. Blatant patent infringement; license to a patent litigation fund. |
| Moat | Patent portfolio + technical complexity + enclave-aware toolchain integration + high switching cost + first-mover advantage. |
A $200B Problem Hidden in Plain Sight
Software today cannot answer the most important question in security:
“Can I trust the code I’m about to load?”
Operating systems blindly load unsigned, unverified library binaries written by third parties — often strangers — with full access to your memory. Even a single compromised library compromises the entire process. And if the OS is compromised, every secret in every process is exposed.
Modern breaches—from SolarWinds to XZ Utils—are not infrastructure failures.
They are failures of the executable trust model.
Applied Enclaves solves this at an architectural level.
Our Innovation: Sub-Process Isolation as a First-Class Primitive
Why This Matters
Applied Enclaves dramatically raises the cost of every class of attack involving:
- buffer overflows, stack smashing, use-after-free, etc.
- tampered dependencies, supply-chain compromises & malicious libraries
- privilege escalation
- OS compromise, kernel-level backdoors
- credential theft
- ROP gadget harvesting
This is not incremental security.
This is a new baseline for trust in software.
For high-assurance, high-value industries — defense, critical infrastructure, enterprise SaaS, cloud computing, financial services — the need for hardware-enforced trust is existential.
Why Now?
These trends make this moment perfect for an execution-layer disruption
<< Link to About#WhyNow anchor >>
Our Commercialization Path
This is a multi-decade, foundation-level upgrade to how software runs — with first-mover advantage and defensible IP.
We have identified several paths for commercialization:
- License this technology to a big-tech firm like Microsoft, Apple, etc.
- Sub-path: If the license is not exclusive, then license it to the Linux Foundation
- Build and sell our own Linux Distribution where as many executables as possible are compiled using Applied Enclaves technology.
- Similar to the Red Hat model
The Plan
Milestone 1 (Current) — Complete the Prototype and extend to an MVP
Develop a working enclave-aware compiler, loader, and runtime for C-based systems.
- Milestone 1a: The enclave-aware compiler and linker produces an enclave-aware executable (with a signed, but boilerplate/non-operational enclave)
- Note: We are currently working on an SGX-aware code-signing application
- Milestone 1b: The loader instantiates an enclave
- Milestone 1c: Pass the thread of execution in & out of the enclave at runtime (the enclave is still not-operational)
- Milestone 1d: Extend the toolchain to compile a main-like function with “proof of life” computation and get the thread of execution in/out of it
- Milestone 1e: Extend the toolchain to put all .text sections in enclaves. No data is protected by enclaves.
Milestone 2 — Inter-enclave calls
- Milestone 2a: Mature the toolchain to support imported and exported symbols
- Milestone 2b: Mature the toolchain to support trampoline code
Milestone 3 — Migrate the C standard library to the new ABI
- Milestone 3a: Prototype splitting the library into an enclave and pseudo-enclave for 4 fundamental system calls (open, read, write and close)
- Milestone 3b: Separate low-effort vs. high-effort system calls (like exec())
- Milestone 3c: Implement the majority of low-effort system calls
- The C standard library is substantially available to enclaves with a set of known gaps
Milestone 4 — Continue adding new functionality
- Milestone 4a — Make global variables enclave-aware
- Milestone 4b — Make local variables enclave-aware
- Milestone 4c — Fully implement Share-by-default and Private-by-default modes
- Milestone 4d — Fully implement PKI-based code signing and loading
- Milestone 4e — Fully implement Production Mode
- Milestone 4f — Fully implement multiple, adjustable-in-realtime, policy-based note encryption modes
- Milestone 4g — Implement kernel-side enclaves
At all times, we are exploring:
- Partnerships with OS vendors, Linux distributions, LLVM, GCC, and cloud providers.
- Deployment into high-assurance environments and national security systems.
- Positioning the eABI and enclave-aware toolchain as a new baseline for secure execution.
Potential Deals
- Microsoft – As they could integrate it into Windows using Visual Studio and create an exclusive “Ultra Secure” operating system that would provide a unique feature over its competitors
- Apple – They could either block Microsoft’s adoption of this technology, or have ARM license SGX from Intel and the integrate it into their operating systems via LLVM
- Intel – They could make this technology available to everyone, boosting their instruction set architecture or licensing SGX for a passive residual income stream
- Amazon – They could integrate it into their Nitro ecosystem or kill it so as to not interfere with Nitro
- Qualcomm – They could make an IP holding play
- VCs who speculate in suing for IP infringement
Backed by Deep Technical Research
Applied Enclaves arises from over ten years of research, multiple patent filings, and peer-reviewed publication at IEEE CSR 2025, supported by experience with:
- National Security Agency / US Cyber Command
- U.S. Navy
- University of Hawai‘i at Mānoa
- Intel
- Hewlett-Packard
- NATO School Oberammergau
- FBI
This is not academic theory — it is a working prototype and an emerging patent-backed platform. This will work.
Our Mission
To create the next evolution of secure computing by redesigning how executables trust each other.
We aim to make sub-process isolation as fundamental as address spaces and as ubiquitous as TLS.
For Investors and Strategic Partners
Applied Enclaves is actively engaging with investors, government programs, the press, chip manufacturers, and OS/toolchain maintainers who share our vision of a more trustworthy computing future.
If you’re interested in:
- participating in early pilot programs
- exploring strategic partnerships
- supporting standardization efforts
- evaluating the platform for national security use
- joining our seed round
We’d Like to Talk
→ Contact: [email protected]
→ Request a technical briefing
→ View our patent portfolio and research