Netrun KEEP: Calling the Core Launch Team — Help Us Fund the External Cryptographic Audit

We Built It. Now We Need to Prove It.

Netrun KEEP exists because of what happened to LastPass in 2022.

When attackers stole encrypted vault backups from LastPass, they got everything — and the encryption protecting those vaults was weaker than it should have been. PBKDF2 with only 100,100 iterations. URL fields stored unencrypted. Code written in memory-unsafe languages vulnerable to the kind of exploits that gave attackers access in the first place.

We looked at that breach and asked: what if a password manager was designed from day one to make every one of those attack vectors impossible?

That question became Netrun KEEP.

What We've Built (Phase 2 — Complete)

KEEP is built entirely in Rust — not as a marketing bullet point, but because Rust's ownership system eliminates buffer overflows, use-after-free, and data races at the language level. These are the vulnerability classes that enable code-level exploits in password managers written in C, C++, or JavaScript.

The cryptographic core is finished and validated:

• AES-256-GCM authenticated encryption — all vault data AND metadata (including URLs) encrypted before leaving your device
• Argon2id key derivation with 600,000 iterations and 64 MiB memory-hard — making GPU-based brute force attacks impractical, unlike the weak PBKDF2 that made LastPass vaults crackable
• HKDF-SHA512 key expansion into 4 purpose-specific keys (encryption, MAC, authentication, metadata)
• 109+ tests passing with 100% coverage on all cryptographic code
• Zero vulnerabilities — internal security review rated STRONG
• Zero unsafe code outside audited platform FFI boundaries

Phase 2 was completed in 12 calendar days versus 8 weeks budgeted — a 26x development velocity achieved through agentic AI development.

What's Next: The External Cryptographic Audit

Here's where we need your help.

We've done everything we can internally. Our architecture follows NIST standards. Our code is memory-safe. Our crypto uses battle-tested libraries (ring, aes-gcm, argon2). But internal validation isn't enough — and we refuse to pretend it is.

Phase 5 of our roadmap is Security Hardening, which includes:

1. External Cryptographic Audit — A third-party security firm (we're targeting NCC Group, Trail of Bits, or Cure53) reviews our entire cryptographic implementation, key management, and vault architecture
2. Penetration Testing — Professional adversarial testing of the complete application
3. Compliance Validation — Independent assessment against SOC 2, ISO 27001, and HIPAA requirements

Estimated cost: $25,000–$40,000.

This isn't optional. It's the difference between "we think it's secure" and "a world-class security firm confirmed it's secure." We will not claim audit status we haven't earned.

The Core Launch Team

The Core Launch Team is our founding group of users who join KEEP before the external audit is complete. Here's what that means:

What You Get

• Free 90-day access to the full KEEP platform
• Lifetime early-adopter pricing — locked in at Core Launch rates, permanently
• Direct influence on the roadmap — your feedback shapes what we build next
• Transparency reports — you'll see the audit results before anyone else
• The knowledge that your subscription directly funds the security audit that validates the product for everyone

What We Ask

• Honest feedback — tell us what works and what doesn't
• Understanding — you're using pre-audit software, and we're transparent about that
• Patience — we're a small team building something right, not fast

What Your Subscription Funds

Every dollar from Core Launch subscriptions goes directly toward the security hardening roadmap:

We're not venture-backed. We're not burning investor cash on growth before the product is proven. We're building revenue the honest way — by earning trust from real users who believe in what we're building.

Why This Matters

The password management market is a $2.05 billion industry growing at 15% annually. Yet only 37% of SMBs use enterprise password management. The gap exists because the options are either:

• Too expensive — 1Password and Keeper charge $10–20/user/month for enterprise features
• Too compromised — LastPass has had multiple breaches (2015, 2022) and still uses weak key derivation
• Too limited — Bitwarden's open-source model is great for individuals but lacks MSP multi-tenancy and Azure-native integration

KEEP fills the gap: enterprise security at 25–40% less cost, built on Rust for memory safety, designed for Azure environments and MSPs, with a compliance roadmap that starts at architecture — not as an afterthought.

But none of that matters without independent validation. That's what the Core Launch Team makes possible.

Join the Core Launch Team

If you believe password managers should be built to withstand the attacks that already happened — not just the ones vendors prepare for — join us.

Apply for Core Launch Access →

Free for 90 days. Lifetime pricing after. Your subscription funds the audit that proves the architecture.

We built KEEP to be unbreachable by design. Help us prove it.

Daniel Garza, Founder & CEO, Netrun Systems

Netrun KEEP is currently in Core Launch (pre-audit) status. It has passed internal security review with a STRONG rating, 109+ tests, and zero vulnerabilities — but has not yet completed external cryptographic audit. We are transparent about this because we believe you deserve to know exactly where your security tools stand.