LayerV is a preemptive cybersecurity platform that makes infrastructure invisible to attackers. We implement the OpenNHP (Network Hiding Protocol) standard from the Cloud Security Alliance. Instead of detecting attacks after they start, we prevent them by eliminating the attack surface entirely.

How does LayerV work?

LayerV uses a 5-step authentication flow: (1) Knock - encrypted request sent, (2) Verify - identity and policy validated, (3) Grant - temporary tunnel opened, (4) Connect - resource visible only to authenticated user, (5) Audit - access logged. Protected resources have zero network presence until authentication succeeds.

No. VPNs encrypt traffic but servers remain visible and scannable. LayerV makes servers completely invisible - they have zero network presence until authentication succeeds. This is a fundamentally different approach called Network Hiding.

LayerV is generally available. Free tier includes 500 QURLs/month for developers. Enterprise plans with custom SLAs are available. Try the interactive playground at layerv.ai/qurl/playground — no signup required.

What identity providers does LayerV support?

LayerV integrates with major identity providers including Okta, Azure AD (Entra ID), Google Workspace, Auth0, and Ping Identity. Any OIDC or SAML-compatible provider can be integrated.

QURL stands for Quantum URL. It is a cryptographic, time-limited access link that hides a server's real address behind identity verification. QURLs are single-use credentials that self-destruct after access or expiration — eliminating persistent URLs that can be scraped, shared, or replayed. Try the interactive QURL Playground at layerv.ai/qurl/playground.

Preemptive cybersecurity for the age of AI

You Can't BreachWhat You Can't See.

No permanent URLs. No always-on endpoints. Nothing for scanners to find. The first platform that hides your infrastructure behind time-limited, self-destructing links.

Single-use links·One API call·Zero infra changes

Built for AI agents·Works with your existing stack

Try It Free Book a Demo

Gartner: 50% preemptive by 2030 NIST 800-207 Aligned Aligned with Executive Cyber Strategy 2026

Use Cases

How You Can Use It

QURLs replace permanent URLs with time-limited, self-destructing access. Here's what that looks like in practice.

Invisible Staging Environments

Your staging servers have zero open ports. Developers authenticate via Okta, get a QURL, and the environment appears for their session only.

Secure MCP Servers & AI Agents

Your agent's API endpoints are invisible by default. Each tool call gets a single-use QURL. No standing credentials, no credential rotation.

Replace VPN for Remote Access

Remote employees access internal tools through time-limited links instead of always-on VPN tunnels. If the link leaks, it's already dead.

Contractor & Auditor Access

Give your SOC 2 auditor access to your dashboard for exactly one session. No account creation, no shared passwords, no lingering permissions.

Protect APIs from AI Crawlers

LLM crawlers and scrapers need a URL to start. QURLs don't give them one. Your documentation, APIs, and internal tools stay invisible.

Compliance-Ready File Sharing

Share a sensitive report with a board member. The link works once, expires in 1 hour, and the access is logged with their identity for audit.

AI-Era Security

Built for a world where the attacker is an AI agent.

QURLs protect against AI-powered threats and enable authorized AI agents — with the same architecture.

Defend Against Malicious AI

AI recon tools and LLM crawlers find nothing to index
Credential stuffing attacks have no endpoint to target
Automated vulnerability scanners meet zero attack surface
robots.txt is a suggestion. Network invisibility is physics.

Enable Authorized Agents

MCP servers invisible until authenticated agent requests access
Per-request QURL — zero standing credentials
Every agent action logged with identity and resource context
Machine-speed authentication, automatic expiry

See How Developers Integrate

How It Works

Three Steps. Zero Attack Surface.

QURLs flip the model: nothing exists on the network until someone proves they should see it.

Authenticate

User proves identity via your existing IdP — Okta, Azure AD, Auth0, or any OIDC provider. No new passwords, no new accounts.

Generate QURL

LayerV mints a time-limited, single-use access link scoped to one resource, one action, one session. One API call.

Access & Vanish

The resource appears for that session only. When the QURL is used, it's consumed. The link is dead. Nothing remains on the network.

Before authentication, your infrastructure has zero network presence. After the session ends, it vanishes again.

See the Full Technical Deep Dive

5 Minutes to Invisible

One API Call. That's It.

One POST. One required field. Your resource disappears.

12345678
curl -X POST https://api.layerv.ai/v1/qurls \
  -H "Authorization: Bearer $LAYERV_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "target_url": "https://internal.example.com/admin",
    "expires_in": "1h",
    "one_time_use": true
  }'

Response

1234567891011
{
  "data": {
    "resource_id": "r_k8xqp9h2sj9",
    "qurl_link": "https://qurl.link/at_abc123def456",Single-use access link
    "qurl_site": "https://r_k8xqp9h2sj9.qurl.site",
    "expires_at": "2026-03-07T14:00:00Z"Auto-expires in 1 hour
  },
  "meta": {
    "request_id": "req_abc123"
  }
}

Your origin stays dark. The QURL expires. Scanners find nothing. Every access is logged.

That's a real API call — POST /v1/qurls with one required field. The response is a live, single-use link that expires on schedule.

Try It in the Playground →Read the API Docs →

Trust & Standards

Built on Open Standards

Integrations

OktaAzure ADAuth0AWSCloudflare

Standards

CSA OpenNHPNIST 800-207IETF Internet-Draft13,800+ GitHub Stars

Compliance

SOC 2 (in progress)HIPAA (in progress)PCI-DSS (in progress)

What Teams Are Saying

From Visible to Invisible

“Finally -- a security approach that doesn't just add another layer of defense, but makes the target invisible entirely.”
CISOMajor Entertainment Company

“The QURL model is what zero trust should have been from the start. No permanent URLs means nothing to enumerate, nothing to brute force.”
VP of EngineeringHealthcare SaaS Platform

Your Infrastructure Is Being Scanned Right Now.

Make it disappear.

For Security Leaders

See the business case in 15 minutes.

Works as overlay — no DNS changes
NIST 800-207 aligned
SOC 2, HIPAA, PCI-DSS compliance mapping (in progress)
Per-session audit trail
Integrates with Okta, Azure AD, Auth0

Free evaluation — book a 15-minute briefing

Book a Briefing Executive Overview

For Developers

Try it. No signup required.

One POST endpoint, one required field
API key included with your free account
Playground walks through 6 steps
Full OpenAPI spec

curl -X POST https://api.layerv.ai/v1/qurls \
  -H "Authorization: Bearer $LAYERV_TOKEN" \
  -d '{"target_url":"https://internal.example.com/admin"}'

Free tier: 500 QURLs/month — no credit card

Open the Playground Read the Docs

Enterprises and government teams — request a custom briefing.

You Can't BreachWhat You Can't See.

No permanent URLs. No always-on endpoints. Nothing for scanners to find. The first platform that hides your infrastructure behind time-limited, self-destructing links.

Single-use links·One API call·Zero infra changes

Built for AI agents·Works with your existing stack

curl -X POST https://api.layerv.ai/v1/qurls \ -H "Authorization: Bearer $LAYERV_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "target_url": "https://internal.example.com/admin", "expires_in": "1h", "one_time_use": true }'

{ "data": { "resource_id": "r_k8xqp9h2sj9", "qurl_link": "https://qurl.link/at_abc123def456",Single-use access link "qurl_site": "https://r_k8xqp9h2sj9.qurl.site", "expires_at": "2026-03-07T14:00:00Z"Auto-expires in 1 hour }, "meta": { "request_id": "req_abc123" } }