Phorvex Request a briefing
Design-complete, GPU validation in progress
02Product / AI Inference

Moving-target defense, extended onto the GPU.

AI inference created a whole new class of persistable attacker state: models, KV-caches, LoRA adapters, GPU partitions, inference routes. Phorvex is the first MTD brain that can see and evict all of them.

Partner with us on GPU validation Read the validation plan
00:00 / 00:24
Stated plainly: the AI inference product is real, mock-tested code. Its effectiveness figures are pending validation on real GPU hardware. We label this clearly, and we never publish a GPU number we have not measured.
02The new attack surface

Attacker state that survives a pod restart.

Model theft through side-channels. Prompt-injection persistence that outlives a restart. Poisoned fine-tuned adapters. GPU side-channels and co-residency. Pod-level tools address none of it.

/01

Cache and session eviction

Flush a poisoned prefix or KV cache in place, without a restart. The foothold dies. The service does not.

/02

Adapter rotation

Evict a poisoned LoRA adapter while preserving the clean base model, reloading only from a trusted, pinned source.

/03

Request draining and guardrail rotation

Evict in-flight footholds and rotate the safety tier underneath an attacker mid-session.

/04

MIG re-binding and warm model swap

Re-bind GPU partitions and warm-swap models. Change the GPU ground under the attacker.

/05

A completeness invariant

A proof obligation that every class of persistable serving-stack state has an evictor. No orphaned attacker state, by construction.

/06

An AI-aware kill-chain

Models the attacker stages unique to AI serving and times moves to preempt the next one.

All mechanisms built behind mockable interfaces and CI-tested. GPU efficacy pending.

03Status, stated plainly

Implemented. Tested. Not yet claimed.

Every mechanism above is implemented and tested with mock serving stacks. The magnitudes, meaning how much each move actually disrupts a real attacker on real GPUs, are validated on hardware with DCGM telemetry as part of our roadmap. They are not claimed until measured.

Why partner on validation?

Design partners get the first measured GPU results on their own serving stack, direct influence on the validation matrix, and the same honesty guarantee. If a number is not measured on your hardware class, we will not claim it.

The same brain. A new battleground.

One decision core defends both your clusters and your inference fleet. We will prove the second the same way we proved the first.

Talk to us Kubernetes product