The CyberSeQ homepage opens with a promise that reads less like marketing and more like a stopwatch: ninety percent faster than traditional crypto audits [CyberSeQ website, retrieved 2026]. Click into the product and the framing sharpens. This is a tool that crawls an enterprise's codebase, finds every place an old cipher is hiding, and starts rewriting them for a world where today's public-key cryptography no longer holds. The interface is spare, the verbs are technical, and the implied customer is a CISO who has been told by a regulator, a board, or a nervous auditor that the post-quantum clock has started.
Founded in 2021 in Hamburg by Mark Tehrani and Mahkame Houmani [Dealroom.co, retrieved 2026], CyberSeQ is making a focused bet on one of the least glamorous and most consequential migrations in enterprise IT. Quantum computers capable of breaking RSA and elliptic-curve cryptography are not here yet, but the cryptographic plumbing inside large organizations (banks, hospitals, telcos, government systems) was written across decades and is genuinely difficult to inventory, let alone refactor. NIST has finalized post-quantum standards. The harder problem is finding every certificate, every hardcoded key exchange, every dependency, and swapping them out without breaking production.
The bet
CyberSeQ's wedge is what it calls CADI discovery paired with automated refactoring [CyberSeQ website, retrieved 2026]. In plain terms: scan first, then rewrite. The discovery layer builds a cryptographic bill of materials, the kind of artifact regulators are starting to ask for. The refactoring layer is where the AI claim sits, proposing or applying replacements with quantum-safe equivalents. Dealroom describes the company as a modular platform helping organizations transition to post-quantum cryptography [Dealroom.co, retrieved 2026], and the modularity matters. Most enterprises will not buy a single monolithic migration tool. They will buy the discovery piece first, prove value, then expand.
The September 2025 partnership with Quantum Brilliance and Luxembourg's LuxProvide is the most concrete signal of CyberSeQ's positioning to date [HPCwire, retrieved 2026]. The three companies announced an integration combining Quantum Brilliance's certified randomness hardware with CyberSeQ's PQC architecture, hosted on LuxProvide's infrastructure. For a pre-seed company in Hamburg to land inside a press cycle alongside a quantum hardware maker and a national supercomputing center is not nothing. It suggests CyberSeQ is being treated as the cryptographic-migration layer in a stack that other quantum-adjacent vendors want to plug into.
Why it could be big
The market shape favors specialists. Post-quantum migration is not a feature large security incumbents can ship overnight, because the work requires deep cryptographic expertise crossed with the unglamorous discipline of static analysis across legacy codebases. Regulators are accelerating the timeline. The U.S. has set federal migration deadlines, the EU is moving in parallel through ENISA guidance, and financial-sector supervisors in Germany and France have begun asking institutions for PQC roadmaps. Every one of those mandates produces a buyer with a budget and a deadline.
CyberSeQ also benefits from where it sits. Hamburg is not a quantum capital, but Germany has a deep base of industrial enterprises (Siemens, Deutsche Telekom, the Sparkassen network, the automotive tier-ones) that will need exactly this kind of audit, and that prefer to buy from European vendors when the data being scanned is their own source code. Startup City Hamburg lists the company among the city's deep-tech cohort [Startup City Hamburg, retrieved 2026], and the local ecosystem has been increasingly active in cybersecurity.
The team
Mark Tehrani is Founder and CEO [HPCwire, retrieved 2026]. He holds a PhD from The George Washington University and is an Adjunct Professor of Cloud Security at GWU [LinkedIn, retrieved 2026], a credential that matters more than usual in a category where customers will quiz the founder on lattice-based cryptography in the first sales call. Co-founder Mahkame Houmani rounds out the founding pair [Dealroom.co, retrieved 2026]. The traction visible publicly is the Quantum Brilliance and LuxProvide partnership announced in October 2025 [The Quantum Insider, retrieved 2026], which is the kind of validation pre-seed companies usually have to manufacture.
Claimed audit speedup vs traditional | 90 | %
The honest counterfactual
What bears will say is straightforward: post-quantum migration is a category where the largest cybersecurity vendors (Palo Alto, IBM, the major cloud providers' security arms) have both the relationships and the cryptographic talent to build competing tools, and enterprises tend to buy security from incumbents they already trust. A two-person founding team in Hamburg, operating at pre-seed scale per PitchBook's profile [PitchBook], is racing a clock that favors whoever gets to the CISO first. What bulls answer is that incumbents have been slow to ship actual PQC migration tooling, that the work is technically specialized enough that a focused team with academic credentials can move faster than a security platform team inside a 30,000-person company, and that the partnership with Quantum Brilliance and LuxProvide suggests CyberSeQ is already being slotted into the European quantum-security stack [Quantum Brilliance, retrieved 2026]. The next twelve months will determine which read is right.
What to watch
Three things. First, a named enterprise customer, ideally a German bank or industrial, that will go on the record about using CADI discovery in production. Second, a seed round, which the partnership momentum and regulatory tailwinds should support. Third, evidence that the automated refactoring claim holds up at the scale of a real enterprise codebase, not just a demo. If those land, CyberSeQ stops being a promising deep-tech project in Hamburg and starts being the European answer to a migration every CISO will eventually have to budget for.
The cultural question CyberSeQ is implicitly answering is whether the slow, invisible work of rewriting infrastructure before it breaks can be made interesting enough, and fast enough, to actually get done before the deadline arrives.