Datavault maintains a cybersecurity risk management program designed to identify, assess, and manage material risks arising from cybersecurity threats. These threats include unauthorized access, disruption, or misuse of our information systems, networks, data, and the technology platforms we deploy for customers, such as our IDE, DataScore, DataValue, and related HPC and AI-driven solutions for data valuation, tokenization, digital twins, and secure monetization in Web 3.0 environments.

Our risk management processes are integrated into our overall enterprise risk management framework. We conduct ongoing assessments of cybersecurity threats, including those that could adversely affect the confidentiality, integrity, or availability of our systems or the data we process or store on behalf of customers. These assessments consider internal and external factors, such as evolving threat landscapes, regulatory requirements (including data privacy and security laws), and the sensitivity of the assets involved in our data ownership, credentialing, and monetization services. We also evaluate risks associated with third-party service providers that support our operations.

A core component of our cybersecurity strategy is the deployment of advanced, purpose-built infrastructure to protect our technology platform. We partner with Available Infrastructure to utilize its SanQtum platform (including SanQtum AI), a national security-grade, zero-trust cybersecurity Platform-as-a-Service. SanQtum serves as the cybersecurity vault for our operations, delivering:

Traditional public-key algorithms (such as RSA and elliptic-curve cryptography) that underpin most current internet and enterprise security are vulnerable to efficient attacks by cryptographically relevant quantum computers using Shor’s algorithm. NIST’s post-quantum standards are designed to resist such attacks while remaining computationally practical for real-world deployment.

This quantum-resilient layer directly counters the well-documented “harvest now, decrypt later” (“HNDL”) threat model, in which nation-state or other sophisticated actors collect encrypted data today with the intention of decrypting it once large-scale quantum computers become operational. By applying these NIST-approved algorithms at every layer of SanQtum’s zero-trust architecture—including our distributed micro-edge data centers, multi-path communication fabric (fiber, SATCOM, and self-healing mesh wireless), and IBM watsonx.ai-integrated AI workloads—we ensure the long-term confidentiality, integrity, and authenticity of customer data, proprietary AI models, tokenized assets, digital twins, and real-time scoring/tokenization processes. SanQtum’s implementation is explicitly engineered to meet or exceed DHS, CISA, and DoD-aligned zero-trust and post-quantum requirements, providing a sovereign, cloud-independent security foundation that scales with our national rollout.

We regularly assess emerging NIST guidance (including code-based backups such as HQC, which advanced in 2025) and maintain crypto-agility to incorporate additional standardized algorithms as they are finalized, ensuring our platform remains resilient as quantum capabilities evolve.

We have expanded our long-standing collaboration with IBM to run our flagship AI agents (DataScore and DataValue) and IDE solutions on the SanQtum AI platform, which integrates IBM’s watsonx.ai portfolio of AI products. This deployment creates a secured, multi-city edge AI network (initially activating in high-density markets such as New York and Philadelphia, with planned expansion to additional U.S. cities). It enables cyber-secure, ultra-low-latency data storage, compute, real-time scoring, tokenization at the point of creation, and monetization—without reliance on public cloud infrastructure—while supporting regulatory compliance for tokenized assets, digital twins, and responsible AI use.

These technologies and partnerships allow us to deliver enterprise-grade protection tailored to the demands of regulated industries (e.g., finance, insurance, healthcare, biotechnology) and to scale our sovereign edge cloud responsibly. We regularly review and test these controls through internal evaluations, third-party assessments where appropriate, and alignment with industry standards. We also maintain processes to oversee and identify material cybersecurity risks associated with third-party providers, including contractual requirements for security controls, periodic reviews, and incident-response coordination.

To date, we have not experienced any cybersecurity incidents that have materially affected, or are reasonably likely to materially affect, our business strategy, results of operations, or financial condition. We continue to invest in and evolve our program as our platform grows, consistent with our commitment to data privacy, integrity, and customer trust.

Datavault maintains a cybersecurity risk management program designed to identify, assess, and manage material risks arising from cybersecurity threats. These threats include unauthorized access, disruption, or misuse of our information systems, networks, data, and the technology platforms we deploy for customers, such as our IDE, DataScore, DataValue, and related HPC and AI-driven solutions for data valuation, tokenization, digital twins, and secure monetization in Web 3.0 environments.

Our risk management processes are integrated into our overall enterprise risk management framework. We conduct ongoing assessments of cybersecurity threats, including those that could adversely affect the confidentiality, integrity, or availability of our systems or the data we process or store on behalf of customers. These assessments consider internal and external factors, such as evolving threat landscapes, regulatory requirements (including data privacy and security laws), and the sensitivity of the assets involved in our data ownership, credentialing, and monetization services. We also evaluate risks associated with third-party service providers that support our operations.

A core component of our cybersecurity strategy is the deployment of advanced, purpose-built infrastructure to protect our technology platform. We partner with Available Infrastructure to utilize its SanQtum platform (including SanQtum AI), a national security-grade, zero-trust cybersecurity Platform-as-a-Service. SanQtum serves as the cybersecurity vault for our operations, delivering:

Traditional public-key algorithms (such as RSA and elliptic-curve cryptography) that underpin most current internet and enterprise security are vulnerable to efficient attacks by cryptographically relevant quantum computers using Shor’s algorithm. NIST’s post-quantum standards are designed to resist such attacks while remaining computationally practical for real-world deployment.

This quantum-resilient layer directly counters the well-documented “harvest now, decrypt later” (“HNDL”) threat model, in which nation-state or other sophisticated actors collect encrypted data today with the intention of decrypting it once large-scale quantum computers become operational. By applying these NIST-approved algorithms at every layer of SanQtum’s zero-trust architecture—including our distributed micro-edge data centers, multi-path communication fabric (fiber, SATCOM, and self-healing mesh wireless), and IBM watsonx.ai-integrated AI workloads—we ensure the long-term confidentiality, integrity, and authenticity of customer data, proprietary AI models, tokenized assets, digital twins, and real-time scoring/tokenization processes. SanQtum’s implementation is explicitly engineered to meet or exceed DHS, CISA, and DoD-aligned zero-trust and post-quantum requirements, providing a sovereign, cloud-independent security foundation that scales with our national rollout.

We regularly assess emerging NIST guidance (including code-based backups such as HQC, which advanced in 2025) and maintain crypto-agility to incorporate additional standardized algorithms as they are finalized, ensuring our platform remains resilient as quantum capabilities evolve.

Governance

​

Our Board recognizes cybersecurity as a critical enterprise risk and exercises oversight primarily through the Audit Committee, which receives regular updates on cybersecurity matters, including risk assessments, strategy implementation, incident response readiness, and the effectiveness of controls. The Audit Committee monitors our overall risk management program with a focus on strategic exposure to cybersecurity threats.

Our management and Board, including our Audit Committee, recognize the critical importance of maintaining the trust and confidence of our business partners and employees, including the importance of managing cybersecurity risks as part of our larger risk management program. While all of our personnel play a part in managing cybersecurity risks, one of the key functions of the Audit Committee is informed oversight of our risk management process, including risks from cybersecurity threats. The Audit Committee is responsible for monitoring and assessing strategic risk exposure, and our executive officers are responsible for the day-to-day management of the material risks that we face. In general, we seek to address cybersecurity risks through a cross-functional approach that is focused on preserving the confidentiality, integrity, and availability of the information that we collect and store by identifying, preventing, and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur.