Post-quantum cryptography (PQC) roadmaps tend to focus primarily on upgrading servers and public key infrastructure (PKI), but under the radar, the need remains to protect endpoints at the edge, particularly at sites that handle sensitive data.
A new quantum-resistant data diode developed by startup Forward Edge-AI promises to protect operational technology (OT) endpoints from quantum attacks.
Called Isidore Quantum, the small hardware device ensures sensitive data can flow only one way out of critical systems, so nothing can be sent back in, and it encrypts that data with standards-based algorithms designed to withstand decryption by future quantum computers. It was co‑developed with the US government, with Microsoft as a key cloud and artificial intelligence partner. The gateway device offers businesses a way to block cyberattackers now, rather than letting them harvest encrypted information that they would later decrypt once quantum methods become available.
Isidore Quantum Ross Coffman, a former deputy commanding general of the U.S. Army Futures Command and now the president of Forward Edge-AI, says Isidore Quantum has been validated through 23 government pilots.
“It’s been with the Army, Navy, Air Force, all the departments, including the U.S. Space Force,” he says. “It’s currently in space, on an autonomous vessel circumnavigating the globe. We are literally at the start of the race.”
While it is not known when, or if, a quantum processor capable of breaking standard AES encryption will emerge, various research groups now argue that such a machine could brute‑force today’s common algorithms, such as RSA‑2048 and elliptic‑curve crypto, sometime between roughly 2030 and the mid‑2030s—well within the useful lifetime of sensitive data being stored or intercepted today.
Consequently, the U.S. government is warning agencies to inventory and replace systems that use traditional encryption. The latest White House guidance, updated last June in an executive order, points to the early 2030s for most civilian systems to adopt quantum‑safe protocols, and the NSA’s CNSA 2.0 roadmap requires national‑security systems to complete their transition by 2035.
According to Coffman, the device is also intended to protect organizations that handle private or confidential information, such as research labs, utilities, manufacturing plants, energy production facilities, satellite operators, financial institutions, and other high-value edge endpoints, against quantum attacks.
Forward Edge-AI, founded in 2020 through the U.S. Small Business Administration’s Small Business Innovation Research (SBIR) program, now has 50 employees worldwide and claims to have positive earnings. The San Antonio-based company came out of stealth over a year ago with the introduction of Isidore Quantum. The company offers a certification program, run by Forward Edge-AI, the National Security Agency (NSA), Lumen Technologies, and partners from Japan and South Korea, that builds on a small group of trained specialists capable of integrating, deploying, and managing quantum-safe networks in mission-critical environments. Employees from WiseCube, a partner in South Korea, and from Forward Edge-AI Japan were the first to complete the Isidore Quantum certification program.
Role of Data Diodes
Data diodes are unidirectional network devices designed to ensure data can flow in only one direction, creating a barrier that prevents incoming traffic rather than just filtering it. Isidore enables NSA’s CNSA 2.0-based encryption and supports the National Institute of Standards and Technology’s (NIST’s) ML-KEM and ML-DSA quantum-resistant encryption standards.
By functioning as a unidirectional gateway, Forward Edge-AI claims Isidore can protect sensitive data at the edge from quantum-based attacks. According to Forward Edge-AI, Isidore Quantum achieves <0.5 millisecond latency and up to 2 Gbps throughput—roughly the same delay and bandwidth as a typical Ethernet switch, but in a palm‑sized box that also enforces one‑way flow and post‑quantum encryption. The specs make this device suitable for front-end OT gear, field-edge nodes, or satellites without slowing them down or requiring a rack of power‑hungry hardware.
This fits well with specialized edge and cross‑domain data-sharing and security operations that other quantum‑security tools aren’t designed to handle.
“There’s not a one‑size‑fits‑all solution for quantum security, so this fits well into some very, very unique,” says Tom Barnett, director of strategic innovation at Lumen Technologies, an early Forward Edge-AI partner.
These data diodes are thermally designed, fanless, low-power (sub-8-W consumption), Size, Weight, and Power (SWaP)-optimized, credit-card-sized encryptors designed to protect operational technology endpoints from harvest-and-decrypt-later (HNDL) quantum-based attacks. This design aims to put quantum‑safe protection within reach of mainstream enterprises and public‑sector organizations by hardening specific high‑risk information, enabling them to plug in a small box instead of redesigning applications, networks, or cryptographic infrastructure from scratch.
Forward Edge-AI claims to be the first company to promote a quantum-resistant, low SWaP data diode. While data diode providers such as Owl Cyber Defense, OPSWAT and Waterfall Security Solutions also provide unidirectional gateways for OT endpoints, they aren’t touting their data diodes as post-quantum-ready or designed to protect against HNDL attacks.
Isidore Quantum achieved compliance with NIST’s FIPS 140-3 cryptographic security requirements last June. Forward Edge-AI was awarded a patent for its “Encryption Retransmission Industrial Internet of Things (IIoT) Device for Providing Resiliency Against Quantum-Computer Cyber-Attacks” and another patent, granted in December, covers its three-processor “Switch Isidore” architecture.
Two of the processors are encryption units (EUs) that enforce unidirectional data transfer using AES‑256 and ML‑KEM/ML‑DSA over dual tunnels. The third is a network interface device (NID) that runs machine learning models to learn attack patterns and uses AI to respond to anomalies by automatically changing protocols, routes, or behaviors.
Eric Adophe, the founder and CEO of Forward Edge-AI, says the NID is what connects to the outside world. “What is unique is there’s a hardware and logical break between those two processors,” Adophe explains. “That’s important because it becomes impossible to do a side channel attack or man-in-the-middle type of attack to get to whatever is being protected, because you can’t traverse that trust boundary.”
Acts Like a “Perfect Firewall”
Adophe also says that the NID acts as if it’s a “perfect” firewall. “It will not talk to anybody else, but its cryptographically bound pair,” he says. “So anybody trying to come in, it’ll just drop the packet, and then the double-encrypted payload is sent over a dual tunnel to this pair, and nothing is exchanged outside a tunnel. No PKI, no KMI, no key loaders. All the keys are generated ephemerally, so you don’t have any problems with certificates, signatures — all those issues that the logistics tail is associated with these devices go away for us.”
Everything that comes into Isidore is encrypted and can be sent to the NID over any network, including satellite, Wi-Fi, copper, and fiber. Further, the NID’s machine learning algorithms are designed to learn patterns in the communications channel to detect anomalies that may portend an attack. Forward Edge-AI trains its algorithms with over 8 trillion attack vectors provided by Microsoft.
“It will learn your network, and it will learn that channel, and when it sees an attack, it can execute the immune system response,” Adophe says.
Now that the U.S. military has validated it, Forward Edge-AI wants to broaden its reach. In December, National Central University (NCU) in Taiwan became the first known international organization to take delivery of Isidore. The university is deploying it to protect sensitive data it shares from its labs with external research partners and to safeguard its data against HNDL attacks.
Forward Edge-AI says what’s unique about Isidore is that it enforces one-way data flow while enabling PQC-based encryption over copper and fiber optic cables without distance limitations. Lumen Technologies is using Isidore for its managed security service via its Next Generation Network Cryptography program, which offers network operations center (NOC) and security operations center (SOC) monitoring to enterprises worldwide for use in technologies such as satellites in space and remote equipment, such as cameras and control systems, in the field.
“We can provide them that NOC that they’re going to need, and we can manage these products for the software updates, all those things that we do from our network operation centers,” Barnett says. “We treat this like any network we’re setting up for customers, but it’s a security network.”
