© 2025-2026 NEBULONIUM INC. · PROOFREGISTER™ · HACKERVERSE® · PATENTS PENDING
PROOF OF SECURITY EFFICACY

Security vendors
make claims.
We prove them.

ProofRegister™ is the world's first decentralized security efficacy verification platform — cryptographically anchored, independently verifiable, immutably on-chain.

BROWSE THE REGISTRY → HOW IT WORKS
VERIFY
XIROPROOF™ TESTS
ATTEST
BLOCKCHAIN ANCHORS
TRADE
$Q ECONOMY
PR-2025-00901·TREND MICRO·DETECTION EFFICACY·VERIFIED ✓
PR-2025-00847·TESTSAVANT.AI·OWASP LLM TOP 10·VERIFIED ✓
PR-2025-00823·SPYDERBAT·CONTAINER RUNTIME·VERIFIED ✓
PR-2025-00791·PLEXTRAC·PENTEST MANAGEMENT·VERIFIED ✓
PR-2025-00756·VALIDIA·DEEPFAKE DETECTION·VERIFIED ✓
PR-2024-00712·GRAYLOG·SIEM — DOMAINATRIX·VERIFIED ✓
PR-2025-00901·TREND MICRO·DETECTION EFFICACY·VERIFIED ✓
PR-2025-00847·TESTSAVANT.AI·OWASP LLM TOP 10·VERIFIED ✓
PR-2025-00823·SPYDERBAT·CONTAINER RUNTIME·VERIFIED ✓
PR-2025-00791·PLEXTRAC·PENTEST MANAGEMENT·VERIFIED ✓
PR-2025-00756·VALIDIA·DEEPFAKE DETECTION·VERIFIED ✓
PR-2024-00712·GRAYLOG·SIEM — DOMAINATRIX·VERIFIED ✓
6
VERIFIED VENDORS
127
PROOFS ON-CHAIN
5
PROOF TYPES
100%
CRYPTOGRAPHICALLY SEALED
SHA-256
PROOF-OF-WORK ANCHORING
THE PROBLEM

The security industry
runs on unverified claims.

Marketing decks, analyst reports, and vendor demos are not proof. Until now, there was no independent, tamper-proof record of what a security product actually does.

📊
Vendor-Reported Efficacy
Security vendors self-report detection and blocking rates with no independent methodology, no reproducibility, and no cryptographic attestation.
"We detect 99% of threats" — but against what? Under what conditions? Tested by whom?
🔍
No Tamper-Proof Record
Test results live in PDFs, shared drives, and email threads — editable, deletable, and impossible to independently verify after the fact.
If you can't verify it on-chain, you can't trust it.
⚖️
Detection ≠ Blocking
A product may detect 95% of threats but block only 60%. This critical distinction is routinely collapsed in vendor marketing — obscuring real-world risk.
ProofRegister™ treats detection and blocking as fundamentally different proof types.
🏛️
Compliance ≠ Security
Compliance frameworks measure process adherence, not actual threat detection capability. The industry conflates the two — at enormous cost when breaches occur.
Passing an audit doesn't mean your stack works.
HOW IT WORKS

Verify. Attest. Trade.

Three steps from claim to cryptographically immutable fact.

01
STEP 01 — VERIFY
XIROproof™ Tests the Claim
Vendors submit their product to the ArenaTwin™ digital sandbox. Real attack campaigns — mapped to MITRE ATT&CK, ATLAS, and OWASP — are launched against it. Detection and blocking outcomes are independently recorded.
XIROproof™ generates a signed proof envelope containing campaign ID, TTP coverage, efficacy scores, and raw evidence hash.
02
STEP 02 — ATTEST
Blockchain Anchors the Proof
The proof payload is SHA-256 hashed and mined into the ProofRegister™ Chain — a custom PoW blockchain where every block links cryptographically to its predecessor. The root hash is anchored publicly for independent verification.
Proof ID: PR-YYYY-NNNNN · Block hash immutable · Merkle-anchored · Publicly auditable via Chain Explorer.
03
STEP 03 — TRADE
$Q Economy Assigns Value
Verified proofs enter the $Q token economy. Vendors stake $Q against their claims — accurate vendors earn, inaccurate vendors lose. Security engineers, analysts, and buyers access verified proof data by paying $Q.
Proof staking · Citation-based value accrual · Challenge mechanism · DAO governance of the proof taxonomy.
PROOF TYPES

Five distinct
categories of truth.

Each proof type has its own evidence schema, staking requirement, and verification methodology. Detection and blocking are never combined.

🎯
TYPE 01
Detection Efficacy
Share of launched TTPs the product detected. Measured independently against real campaign telemetry.
🛡️
TYPE 02
Blocking Efficacy
Share of launched TTPs the product blocked. The stronger claim — carries higher stake requirement.
📋
TYPE 03
Compliance
Control-by-control attestation against NIST, SOC 2, ISO 27001 and other frameworks. Evidence-linked.
⚔️
TYPE 04
PenTesting
Findings from authorized offensive engagements. Cryptographically bound to scope, methodology, and evidence.
🔓
TYPE 05
Vulnerability
Disclosed CVE/CWE with affected product versions, severity scores, and remediation evidence.
REGISTERED VENDORS

The registry.

VIEW ALL VENDORS →
Trend Micro
DETECTION EFFICACY — PRIVATE
🔐 KEY REQUIRED
TestSavant.ai
LLM SECURITY — OWASP TOP 10
Spyderbat
CONTAINER RUNTIME — SILENTBOB
PlexTrac
PENTEST MANAGEMENT — APT41
Validia
DEEPFAKE DETECTION — VOICE & VIDEO
Graylog
SIEM — DOMAINATRIX CAMPAIGN
THE PROOFREGISTER™ CHAIN

Immutable.
Independently verifiable.

LIVE CHAIN — LATEST BLOCKS
BLOCK #0 — GENESIS
0000000000000000000000000000000000000000
PROOFREGISTER™ CHAIN INITIALIZED
BLOCK #3
00a4f2e8b1c7d3...
PR-2025-00823 — Spyderbat — 100% Efficacy
2025-01-12 · Nonce: 41782
BLOCK #5
0031a9c4e7f2b8...
PR-2025-00847 — TestSavant.ai — LLM01-09
2025-01-15 · Nonce: 67234
BLOCK #7 — LATEST
00b7d3f1a9c4e2...
PR-2025-00901 — [PRIVATE] — ENCRYPTED
2025-01-18 · Nonce: 89103
OPEN CHAIN EXPLORER →
🔗
SHA-256 Proof-of-Work
Every block requires a valid nonce producing a hash with the required PoW prefix. Tampering with any proof invalidates all subsequent blocks — mathematically guaranteed.
Dual-Chain Architecture
Proofs are stored on the private ProofRegister™ Chain and root hashes anchored publicly on MultiversX — giving independent parties the ability to verify without chain access.
🔐
AES-256-GCM Vault
Sensitive proof data is encrypted at rest. Authorized parties with vault keys can decrypt field-level details — public verifiability and confidentiality coexist.
🤖
AI-Powered Verification Agent
The ProofRegister™ Verification Agent (AWS AgentCore / Bedrock) enables natural-language proof queries: "Has Vendor X proven detection of T1059.004?"
SUPPORTED FRAMEWORKS & TAXONOMIES
MITRE ATT&CK
TTP MAPPING
MITRE ATLAS
AI/ML ATTACKS
OWASP TOP 10
WEB SECURITY
OWASP LLM TOP 10
AI SECURITY
CVE / CWE
VULNERABILITY
PR-DF TAXONOMY
DEEPFAKE
PROOFPROTOCOL™
UNIVERSAL STANDARD

Your claims belong
on the chain.

Join the registry. Submit verifiable proofs of your product's real-world capabilities.
The era of self-reported security metrics is over.

REGISTER A PROOF → BROWSE THE REGISTRY EXPLORE THE CHAIN