David Carvalho's pitch is straightforward. Every laptop, server, router, and connected sensor on the internet is a potential point of failure. He wants to turn each one into a validator instead.
That is the bet behind Naoris Protocol, a Wilmington, Delaware company founded in 2017 by Carvalho and Monika Oravcova [PitchBook]. The product is a Layer 1 blockchain the company describes as a Sub-Zero security layer sitting beneath the rest of the decentralized stack, with post-quantum cryptography baked into the consensus mechanism [Naoris Protocol website]. Devices running the protocol act as nodes that continuously validate each other's security posture in real time. The company calls the consensus layer Decentralized Proof-of-Security, or dPoSec [OKX].
The bet
Naoris is selling infrastructure, not a SaaS dashboard. Its addressable buyer is anyone running Web2 or Web3 systems who is worried about two things at once: the brittleness of centralized security stacks, and the approaching obsolescence of current encryption standards under quantum computing. The company's framing is that single points of failure (a compromised admin credential, a poisoned software update, a centralized key vault) are the recurring failure mode in modern breaches, and that a mesh of mutually validating nodes removes that surface area [CoinMarketCap]. Layered on top is what the company calls Swarm AI, which uses Decentralized Swarm Intelligence principles to flag anomalous behavior across participating nodes and correlate it against known threat models [Blockonomi].
The post-quantum piece is the second wedge. Naoris describes its network as the world's first post-quantum DePIN, a decentralized physical infrastructure network purpose-built for cybersecurity, with every device acting as a secure validator using post-quantum cryptography [Blockchain Technology News]. That positioning matters because the U.S. National Institute of Standards and Technology has been finalizing post-quantum standards, and large enterprises are starting to ask vendors what their migration path looks like.
Why it could be big
The investor list is the most concrete signal that serious money takes the thesis seriously. Tim Draper's Draper Associates led a $11.5 million seed round that closed in July 2022, with participation from Holt Xchange, Holdun Family Office, Holdun Opportunity Fund, Brendan Holt Dunn, Level One Robotics, SDC Management, Uniera, and Expert Dojo [CoinDesk] [Crunchbase] [FinanceFeeds]. In May 2025, Naoris added a $3 million strategic round led by Mason Labs [The Block].
Seed (Jul 2022, Draper Associates lead) | 11.5 | $M
Strategic (May 2025, Mason Labs lead) | 3.0 | $M
Draper has a long record of writing early checks into crypto infrastructure that other generalist funds initially passed on, and the Holdun and Mason Labs participation gives the cap table a family-office and strategic flavor rather than a pure crypto-native one. That mix tends to be useful for a company whose ultimate buyers, if the thesis works, are enterprises and governments rather than DeFi protocols.
The market shape is favorable on paper. Cybersecurity spend continues to grow faster than overall IT, post-quantum migration is moving from a research-lab conversation to a procurement-checklist item, and the DePIN category has emerged as one of the few areas of crypto with a credible non-speculative use case. If Naoris can plausibly claim a defensible position at the intersection of those three currents, the upside is real.
The team
Carvalho is founder, CEO, and Chief Scientist. He has more than 20 years in cybersecurity, having worked as a Global Chief Information Security Officer and as an ethical hacker advising nation-states and critical infrastructure operators under NATO on cyber-war, cyber-terrorism, and cyber-espionage [Cointribune] [Global Risk Community]. Co-founder Monika Oravcova is COO [LinkedIn]. The two have said publicly that the company was conceived after a 2017 meeting with Kjell Grandhagen, the former Head of the NATO Intelligence Committee [Cointribune]. Constantinos Antoniou, who has more than seven years across Web3, DeFi, and cybersecurity, leads marketing and community [LinkedIn].
On execution, the public timeline shows a Token Generation Event concluded on August 1, 2025 [ICO Drops], with mainnet going live in 2026 [Crowdfund Insider]. Those are meaningful markers for a project that has spent most of its life in a pre-network research phase.
What bears say, what bulls answer
The most credible pushback is competitive density. Decentralized security and post-quantum infrastructure are crowded conceptual categories, with established cybersecurity incumbents racing to ship post-quantum offerings of their own and several crypto-native projects pitching adjacent DePIN security narratives. A skeptic would argue that enterprise buyers will default to a Palo Alto or a CrowdStrike with a post-quantum module before they will run validator software from a young Layer 1. The bull answer, supported by the cited product positioning, is that Naoris is not asking the enterprise to rip and replace its existing stack. It is selling a validation mesh that sits underneath, with the dPoSec consensus framed as a self-healing layer resistant to quantum attacks [OKX]. If that integration story holds in real deployments, the protocol becomes complementary rather than competitive to the incumbents.
What to watch
The next twelve months are the test. Mainnet stability following the 2026 launch, the first named enterprise or government deployments running validator nodes in production, and the scale of the developer ecosystem building on the sovereign L1 are the three milestones that will determine whether Naoris graduates from interesting infrastructure thesis to a category-defining piece of cybersecurity plumbing. A follow-on raise sized to enterprise go-to-market would be the logical capital event after mainnet proves stable.
The ambition is unambiguous. Carvalho is trying to build a security primitive that lives below the application layer, the cloud layer, and even the existing blockchain layer. The question for readers: when the first post-quantum breach makes headlines, will buyers reach for a validator mesh from a Wilmington startup, or for a module shipped by the vendor already on their procurement list?