SandboxAQ wins FedRAMP Ready for AQtive Guard

SandboxAQ has secured FedRAMP Ready status for its AQtive Guard platform, positioning the AI and quantum cybersecurity firm for wider adoption across US federal agencies that are upgrading cryptographic systems and tightening controls on artificial intelligence.

The designation follows an independent third-party assessment and confirms SandboxAQ's eligibility for listing on the Federal Risk and Authorisation Management Programme (FedRAMP) Marketplace. FedRAMP provides a standard framework for assessing and monitoring the security of cloud-based products used by US government agencies.

FedRAMP Ready status signals that AQtive Guard meets baseline security and risk management criteria set out under the programme. It also signals that the product is prepared for more detailed evaluations by individual agencies that may seek full FedRAMP authorisation for operational use.

AI risk concerns

The milestone comes as public-sector and private-sector leaders report growing concern about the security implications of rapid AI adoption. The 2025 AI Security Benchmark Report, cited by SandboxAQ, indicates that 79% of organisations already run AI in production, while only 28% have completed a comprehensive AI risk assessment.

According to the same report, executives are "highly concerned" about AI-enhanced cyberattacks and the potential exposure of sensitive information within AI systems. Most organisations expect to increase spending on AI security in the near term.

SandboxAQ positions AQtive Guard as a platform that gives organisations visibility into AI agents and non-human identities, often described as machine or service accounts. The company focuses on environments where such identities operate at scale across mixed cloud and on-premises infrastructures.

The product also targets cryptographic weaknesses that may arise from legacy systems. It addresses risks associated with outdated encryption methods and the anticipated threat from quantum computing to current public-key cryptography.

Government buyers

For federal technology teams, the FedRAMP Ready milestone provides a defined path to assess AQtive Guard within an established process. Agencies can review the product against standard documentation and controls rather than relying on bespoke evaluations.

FedRAMP Ready differs from full FedRAMP Authorisation. It indicates that a product has undergone an initial security review and has been deemed suitable for agencies seeking to sponsor a complete assessment. The General Services Administration has signalled an intention to expand AI-related FedRAMP approvals, which may increase demand for tools that address AI and cryptography risk.

Jack Hidary, Chief Executive of SandboxAQ, said the designation aligned with government demand for higher security standards. "Earning FedRAMP Ready is about more than a designation - it's about trust," said Jack Hidary, CEO of SandboxAQ. "It reflects our promise to stand shoulder-to-shoulder with agencies as they protect critical infrastructure and advance the missions that matter."

Security certifications

FedRAMP Ready sits into a broader security and compliance effort at SandboxAQ. The company has obtained a SOC 2 Type I report for AQtive Guard. It has also received ISO/IEC 27001 certification, which applies across the whole organisation.

These certifications focus on controls for information security, availability, and confidentiality. They also address governance structures for managing security risks and incidents in software-as-a-service environments.

SandboxAQ, which spun out of Alphabet, develops tools that combine AI with quantum-inspired methods. It markets these tools to sectors including life sciences, financial services, and navigation. It is backed by investors such as funds advised by T. Rowe Price Associates, IQT, and the US Innovative Technology Fund.

Post-quantum planning

AQtive Guard plays into an emerging priority for security leaders: preparing for a transition to post-quantum cryptography. Standards bodies and national security organisations have warned that future quantum computers could break widely used public-key algorithms, which underpin secure communication and authentication across the internet and enterprise networks.

SandboxAQ states that AQtive Guard supports agencies that want to update legacy cryptography across multi-environment estates. The product identifies and prioritises cryptographic risks inside enterprise security programmes. It also structures planning for the adoption of new post-quantum algorithms.

Agencies can use AQtive Guard for automated cryptographic discovery and inventory. They can also use it for cryptographic posture management and to draft post-quantum migration plans. These features address compliance requirements as governments push for formal roadmaps away from vulnerable encryption schemes.

Next steps

With FedRAMP Ready status confirmed, AQtive Guard now appears in the FedRAMP Marketplace as a product available for consideration by federal programmes. The listing gives procurement and security teams a central reference point for documentation and risk assessments.

SandboxAQ expects that agencies which are looking at AI usage policies, non-human identity management, and post-quantum security will review the product under the FedRAMP framework. The company describes the designation as a starting point for deeper collaboration with defence and civilian organisations as they reassess cryptography and AI-related risks.

Hidary said the company viewed the new status as part of a long-term engagement with public-sector customers. "It reflects our promise to stand shoulder-to-shoulder with agencies as they protect critical infrastructure and advance the missions that matter."