Security Architects builds security products with a simple philosophy, unchanged since 1999: enforce good behaviour instead of chasing bad behaviour. Least privilege, explicit policy, no signature treadmill.
More products are on the way. For product inquiries, licensing, or evaluation requests, contact us.
Authinator3
Authinator is a web login gateway for firewalls: authenticate over HTTPS, click once, and your current IP address is granted passage through the firewall. Everyone else sees a wall.
It solves the classic remote-access dilemma. Leaving management ports (SSH, VPN, admin panels) open to the internet invites the whole world to knock; port-knocking schemes are brittle and awkward to use from a phone or a borrowed machine. Authinator replaces both with something anyone can operate: a login page.
Claudette
Claudette is a sandbox for running AI coding agents — like Claude Code — safely on your own machine. AI agents read web pages, READMEs, issue threads, and email while wielding real tools: your shell, your git credentials, your network. Claudette puts a security boundary around all of that, so an agent doing useful work can’t be turned into a liability by the untrusted content it reads.
It isn’t a research prototype. It’s the sandbox Security Architects uses to run AI coding agents in production, every day — including the work behind this very website.
Truepost
Truepost is an email client that finally feels like the messaging apps you actually enjoy using: conversations grouped by people, chat-style bubbles, one composer — no more digging through stacked threads to find the latest reply. It works with the email you already have: Gmail, Yahoo, and Outlook, connected via OAuth2 and IMAP.
Trust you can see
Truepost treats sender identity as a security surface, not a cosmetic one:
- The address is the identity; the display name is just a claim. A
spoofer sending
From: "Your Bank" <evil@attacker.example>gets a badge and identity derived from the address — the claimed name can never impersonate its way into the avatar. - Reputation-tinted sender tiles put a visible trust signal on every conversation — something mainstream clients simply don’t show.
- One-click block and report. Senders you don’t want hearing from are gone in a tap.
Privacy-first
Your mail stays yours: no server-side scanning, no selling data, no training models on your inbox. Optional end-to-end encryption between Truepost users is on the roadmap.
1lan
1lan (“One LAN”) makes machines stuck behind NAT and firewalls reachable again — home servers, lab boxes, appliances in the field — by having each one dial home with a persistent reverse SSH tunnel to a relay server you own. Once connected, every client is one SSH command away, and selected service ports (web UIs, media servers, APIs) are reachable through the relay’s hardened HTTPS front end.
It’s the self-hosted answer to commercial tunnel and overlay services: no third-party relay in your traffic path, no proprietary agent, no subscription. The moving parts are deliberately boring — plain OpenSSH, a shell script, and a systemd unit — because boring is auditable.
Ozone (Legacy)
Ozone is Security Architects’ heritage product: a Host Intrusion Prevention System (HIPS) for Windows 2000, XP, and Server 2003 that protected server and client machines from both known and unknown attacks — including the worm epidemics of its day (Blaster, Sasser, MyDoom, Witty).
The idea
Unlike reactive products such as anti-virus and intrusion detection systems, Ozone did not rely on constantly updated databases of “bad behaviour” signatures. Instead it enforced good behaviour: explicit policy describing what each computer, application, and user is allowed to do — and nothing else. A web server may listen on port 80 and serve pages; it may not execute arbitrary programs or open connections to arbitrary hosts.