LayerV is a preemptive cybersecurity platform that makes infrastructure invisible to attackers. We implement the OpenNHP (Network Hiding Protocol) standard from the Cloud Security Alliance. Instead of detecting attacks after they start, we prevent them by eliminating the attack surface entirely.

How does LayerV work?

LayerV uses a 5-step authentication flow: (1) Knock - encrypted request sent, (2) Verify - identity and policy validated, (3) Grant - temporary tunnel opened, (4) Connect - resource visible only to authenticated user, (5) Audit - access logged. Protected resources have zero network presence until authentication succeeds.

No. VPNs encrypt traffic but servers remain visible and scannable. LayerV makes servers completely invisible - they have zero network presence until authentication succeeds. This is a fundamentally different approach called Network Hiding.

LayerV is generally available. Free tier includes 500 qURLs/month for developers. Enterprise plans with custom SLAs are available. Try the interactive playground at layerv.ai/qurl/playground — no signup required.

What identity providers does LayerV support?

LayerV integrates with major identity providers including Okta, Azure AD (Entra ID), Google Workspace, Auth0, and Ping Identity. Any OIDC or SAML-compatible provider can be integrated.

A qURL is an identity-bound, single-use, expiring access object — the primitive replacing the URL for the agent era. It is minted by LayerV on the OpenNHP (Network Hiding Protocol) standard, and the resource it points to does not respond on the network until the qURL is presented and identity is proven. Try the interactive qURL Playground at layerv.ai/qurl/playground.

LayerV Product Feature

qURL

Your Infrastructure Doesn't Exist Until You Prove Who You Are

A qURL (Quantum URL) is the Cloud Security Alliance's Network Hiding Protocol, encapsulated in a link. Cryptographic, single-use, identity-bound — your infrastructure stays invisible until the moment of access, and the link is spent the instant it's used. If it leaks, it's already worthless.

Create a qURL Sign Up Free

Technology

How qURL Works

Each qURL encapsulates a complete OpenNHP exchange — ‘authenticate before connect’ delivered as a single link

Authenticate

User authenticates via your identity provider (Okta, Azure AD, etc.)

Generate qURL

LayerV issues a cryptographically unique qURL for the specific resource

Access

User accesses the resource — the qURL is consumed and can never be reused

Audit

Access event is logged with full identity context for compliance

Capabilities

qURL Security Features

Every aspect of qURL is designed to eliminate the attack surface of traditional URLs

Single-Use Access

Each qURL works exactly once. After someone uses it, the link is dead — it can never be replayed, shared, or scraped from logs.

Time-Decay Failsafe

Unused qURLs automatically expire. Even if intercepted, attackers have a narrow window before the credential becomes worthless.

Zero Persistence

No static URLs to scrape from logs, share in Slack, or replay in attacks. The access credential IS the access event.

Scoped Authorization

Each qURL grants access to a single resource for a single action. No broad permissions, no lateral movement.

Applications

qURL Use Cases

Replace persistent access patterns with self-destructing credentials

Contractor & Auditor Access

Give your SOC 2 auditor access to your dashboard for exactly one session. No account creation, no shared passwords, no lingering permissions.

Invisible Staging Environments

Your staging servers have zero open ports. Developers authenticate via Okta, get a qURL, and the environment appears for their session only.

Securing MCP Servers & AI Agents

Your agent’s API endpoints are invisible by default. Each tool call gets a single-use qURL. No standing credentials, no credential rotation.

Replacing VPN for Remote Access

Remote employees access internal tools through time-limited links instead of always-on VPN tunnels. If the link leaks, it’s already dead.

Compliance-Ready File Sharing

Share a sensitive report with a board member. The link works once, expires in 1 hour, and the access is logged with their identity for audit.

Industries

qURLs for Your Industry

See how organizations in your sector use invisible infrastructure

Healthcare

Patient portals that don’t exist on the internet. HIPAA-compliant by architecture, not just policy.

Financial Services

Trading APIs invisible to scanners. PCI-DSS compliant access with per-session audit trails.

Federal & Government

NIST 800-207 zero trust at the network layer. No persistent endpoints for adversary recon.

SaaS & DevOps

Internal tools, staging environments, and admin panels invisible to the internet. Deploy in hours alongside your existing stack.

AI & Machine Learning

Secure MCP tool servers and model endpoints. Per-request authentication with automatic credential expiry.

Cloud Security Alliance Standard

qURL encapsulates the CSA's Network Hiding Protocol

Every qURL carries a complete OpenNHP exchange — identity verification, cryptographic authentication, and scoped authorization — packaged in a link your users already know how to use. The protocol does the security work; the link makes it adoptable. Even after authentication, the credential cannot be weaponized: single-use, time-bound, cryptographically scoped.

Cryptographic binding to user identity
Configurable time-to-live (TTL) from minutes to hours
Single resource, single action scope
Full audit trail for compliance (SOC 2, HIPAA, PCI-DSS)

Example qURL

https://qurl.link/a1b2c3d4

Single-useExpires in 30 minScoped to: dashboard

Developers

Build with the qURL API

From playground to production in minutes

Try the Playground

Create real qURLs, inspect their lifecycle, and see the API in action—no signup required.

Open Playground

Sign Up Free

Self-service sandbox credentials to start integrating the qURL API into your applications.

API Reference

Full OpenAPI documentation with schemas, examples, and authentication details.

View Docs

FAQ

Common Questions

How qURLs compare to what you already know

What is a qURL?

A qURL (Quantum URL) is a cryptographic, identity-bound, single-use link. It encapsulates a complete Network Hiding Protocol exchange so the resource behind it stays invisible on the network until the qURL is presented and the holder's identity is proven.

How does a qURL relate to NHP?

NHP is the Cloud Security Alliance's Network Hiding Protocol — the cryptographic standard for “authenticate before connect” networking. A qURL is that protocol packaged as a link: every qURL carries a full NHP exchange so your team can adopt network hiding without writing protocol code.

How is a qURL different from a signed URL?

Signed URLs (like AWS pre-signed URLs) are replayable within their TTL — anyone with the link can use it multiple times. qURLs are single-use: the first access consumes the link permanently. They also require identity verification before generation, so there's no anonymous sharing.

How is this different from an OAuth token?

OAuth tokens grant ongoing access until they expire or are revoked. qURLs grant access to a single resource for a single action. There's no token to steal, rotate, or revoke — once used, it's gone.

Ready to make your infrastructure invisible?

Start for free — 500 qURLs/month, no credit card required.

Try the Playground Sign Up Free

qURL

Your Infrastructure Doesn't Exist Until You Prove Who You Are

qURL encapsulates the CSA's Network Hiding Protocol

Cryptographic binding to user identity

Configurable time-to-live (TTL) from minutes to hours

Single resource, single action scope

Full audit trail for compliance (SOC 2, HIPAA, PCI-DSS)