LayerV is a preemptive cybersecurity platform that makes infrastructure invisible to attackers. We implement the OpenNHP (Network Hiding Protocol) standard from the Cloud Security Alliance. Instead of detecting attacks after they start, we prevent them by eliminating the attack surface entirely.

How does LayerV work?

LayerV uses a 5-step authentication flow: (1) Knock - encrypted request sent, (2) Verify - identity and policy validated, (3) Grant - temporary tunnel opened, (4) Connect - resource visible only to authenticated user, (5) Audit - access logged. Protected resources have zero network presence until authentication succeeds.

No. VPNs encrypt traffic but servers remain visible and scannable. LayerV makes servers completely invisible - they have zero network presence until authentication succeeds. This is a fundamentally different approach called Network Hiding.

LayerV is generally available. Free tier includes 500 QURLs/month for developers. Enterprise plans with custom SLAs are available. Try the interactive playground at layerv.ai/qurl/playground — no signup required.

What identity providers does LayerV support?

LayerV integrates with major identity providers including Okta, Azure AD (Entra ID), Google Workspace, Auth0, and Ping Identity. Any OIDC or SAML-compatible provider can be integrated.

QURL stands for Quantum URL. It is a cryptographic, time-limited access link that hides a server's real address behind identity verification. QURLs are single-use credentials that self-destruct after access or expiration — eliminating persistent URLs that can be scraped, shared, or replayed. Try the interactive QURL Playground at layerv.ai/qurl/playground.

← All Use Cases

Contractor & Vendor Temporary Access

Give Contractors Exactly the Access They Need, for Exactly as Long as They Need It

The Problem

Every mid-size company works with outside contractors, consultants, and vendors. The database admin who needs access to Postgres for an afternoon. The design agency that needs to review the staging environment for a week. The auditor who needs to access financial systems for a month. The standard process: create a VPN account, provision credentials, set a calendar reminder to revoke access when the engagement ends. In practice, the calendar reminder gets missed, the VPN account stays active, and six months later a forgotten contractor account becomes an entry point for attackers. Gartner estimates that 60% of organizations have experienced a security incident involving a third-party vendor. The root cause is almost always persistent access that outlived its purpose.

The Current Approach

How organizations typically handle contractor access: 1. **VPN account**: Create credentials, share them (often via email or Slack), set a reminder to revoke. Reminders get missed. Credentials persist. 2. **Shared credentials**: Give the contractor a team login. No individual attribution. No audit trail. No automatic expiration. 3. **Jump box / bastion host**: Better isolation, but the bastion itself is visible on the internet and requires credential management. 4. **Vendor-specific portals**: Custom-built access portals. Expensive to build and maintain. Still requires account lifecycle management.

The LayerV Solution

Create a QURL for the specific resource the contractor needs. Set the expiration to match the engagement — 4 hours for a quick fix, a week for a sprint, a month for an ongoing project. When the time expires, the QURL self-destructs and access is automatically revoked. No VPN account to create or forget to revoke. No credentials to share over Slack. No calendar reminder. The access is self-managing — it expires on its own. Each contractor gets their own QURL, tied to their identity (verified through your IdP or via email-restricted access policies). Every access attempt is logged with identity attribution. And the contractor only sees the specific resource you shared — not your network, not other services, not anything else. For vendors who need recurring access, generate a new QURL for each engagement. There is no standing access between engagements.

Key Benefits

Automatic expiration

Access self-destructs when the engagement ends. No credentials to revoke, no reminders to set.

Per-contractor attribution

Every contractor gets their own QURL. Full audit trail of who accessed what, when.

No VPN overhead

No VPN accounts to provision, manage, or decommission. Contractors access resources via browser.

Scoped to one resource

Contractors see only the specific resource you shared. No visibility into anything else.

Ideal For

Companies working with IT contractors and managed service providers
Organizations with external auditors requiring periodic system access
Teams giving design and development agencies access to staging environments
Healthcare organizations sharing system access with third-party specialists
Any company tired of managing VPN accounts for external partners

See It In Action

Try the QURL Playground — no signup required.

Try the Playground Sign Up Free