H33 publishes post-quantum attestation standard for verifiable evidence

H33.ai on June 10 published H33-PQ Verified, a continuous post-quantum attestation standard aimed at helping organizations prove cryptographic readiness, governance, privacy protections and evidence preservation with machine-verifiable proof. The company said the open standard is designed to replace self-attestations and questionnaires with independent verification across security, procurement, audits, insurance and regulation.

Why it matters: - Post-quantum cryptography is becoming a near-term business issue as governments, standards bodies and technology vendors push migration planning. - H33-PQ Verified is designed to help organizations prove readiness with evidence that third parties can independently verify, rather than relying on self-reported claims. - The standard is aimed at security, procurement, audit, insurance, regulatory and board-level decisions that increasingly require defensible proof.

What happened: - H33.ai, Inc. published H33-PQ Verified on June 10, 2026. - The standard is available now at the post-quantum verified standard. - H33 describes H33-PQ Verified as a continuous post-quantum attestation standard that produces portable, machine-verifiable evidence. - The company says the standard is not a cybersecurity badge, but a continuously updated signal of cryptographic posture and verification capability.

The details: - H33-PQ Verified evaluates five pillars: cryptography, evidence, governance, privacy and verification. - The cryptography pillar covers quantum-resistant signing, verification, key exchange, privacy-preserving computation and proof generation. - The evidence pillar requires portable artifacts that preserve decisions, events and outcomes over time. - The governance pillar requires verifiable records of authority, approvals, policy decisions and accountability. - The privacy pillar focuses on protecting sensitive information while still supporting computation, analysis, compliance and verification. - The verification pillar requires independent third-party validation of results, evidence and outcomes. - The standard examines operational artifacts including TLS configurations, certificate inventories, signing systems, key management systems, software bills of materials, cryptographic libraries, evidence systems, governance records, verification artifacts and post-quantum migration status. - H33 says every measurement produces evidence, every evidence artifact can be independently verified, and every result can be reproduced by a third party. - The standard is implementation-neutral, while H33’s HATS runtime serves as the reference implementation. - The company said organizations can earn Assessed, Verified and Certified states as they move through the lifecycle. - Each state transition produces portable cryptographic evidence that can be validated without contacting H33 or the participating organization. - H33 said any third party can use the open h33-verify command-line tool to replay an attestation. - H33 said the same evidence should produce the same conclusion regardless of who performs the verification. - H33 is the first participant and has applied the standard to itself with downloadable evidence bundles for every pillar. - The company has also published a self-attestation at H33’s self-attestation, along with the reference runtime, the open verifier and the standards index.

Between the lines: - The release frames post-quantum migration as a trust problem as much as a technical one. - H33 is positioning independent verification as an alternative to vendor questionnaires, screenshots, spreadsheets and marketing claims. - The separation between the standard and the runtime appears meant to address concerns about vendors that define, evaluate and verify their own claims. - H33’s decision to test the standard on itself is meant to signal credibility for a product built around proof.

What’s next: - H33 says organizations can use the standard to monitor migration progress continuously rather than through annual reviews. - The open verifier and implementation-neutral standard suggest third-party adoption is intended to extend beyond H33’s own tools. - Broader adoption would give procurement, audit and regulatory teams a common framework for comparing cryptographic readiness.

The bottom line: - H33-PQ Verified tries to turn post-quantum readiness into something organizations can prove, replay and verify, not just claim.