%22%20d%3D%22M459%20412A256%20256%200%200%200%20456%2096L256%20256z%22%2F%3E%3Cpath%20fill%3D%22%23fff%22%20d%3D%22M123.2%2037.1a256%20256%200%201%200%20310.2%2034.3l-85%2088.5a133.4%20133.4%200%201%201-161.6-18z%22%2F%3E%3Cpath%20fill%3D%22url(%23b)%22%20d%3D%22M458.7%2099.6a256%20256%200%201%200%20.5%20312.1l-97.3-74.6a133.3%20133.3%200%201%201-.3-162.6z%22%2F%3E%3Cdefs%3E%3CradialGradient%20id%3D%22b%22%20cx%3D%220%22%20cy%3D%220%22%20r%3D%221%22%20gradientTransform%3D%22rotate(113%20286%20327.3)scale(724)%22%20gradientUnits%3D%22userSpaceOnUse%22%3E%3Cstop%20stop-color%3D%22%2338c3ee%22%2F%3E%3Cstop%20offset%3D%22.5%22%20stop-color%3D%22%2369f1f6%22%2F%3E%3Cstop%20offset%3D%22.9%22%20stop-color%3D%22%23207d8b%22%2F%3E%3C%2FradialGradient%3E%3ClinearGradient%20id%3D%22a%22%20x1%3D%22513%22%20x2%3D%22-1%22%20y1%3D%22256.5%22%20y2%3D%22255.5%22%20gradientUnits%3D%22userSpaceOnUse%22%3E%3Cstop%20offset%3D%22.2%22%20stop-color%3D%22%23217684%22%2F%3E%3Cstop%20offset%3D%22.5%22%20stop-color%3D%22%2356d3db%22%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3C%2Fsvg%3E){kind=small}
%22%20d%3D%22M205.7%20294.7c-22.4%2022.4-84.9-3.7-139.4-58.3C11.7%20182-14.4%20119.4%208%2097c7.4-7.4%2019.2-9.5%2033.6-7%205%2029.2%2028.7%2069.3%2065.3%20105.8%2036.5%2036.6%2076.6%2060.4%20105.9%2065.3%202.4%2014.4.3%2026.2-7.1%2033.6%22%2F%3E%3Cpath%20fill%3D%22url(%23b)%22%20d%3D%22M212.8%20261.1c-29.3-5-69.4-28.7-106-65.3S46.6%20119.2%2041.7%2090c-2.5-14.3-.4-26%207-33.5s19.2-9.5%2033.6-7c5%2029.2%2028.7%2069.3%2065.3%20105.8%2036.5%2036.6%2060.3%2076.7%2065.3%20106%22%2F%3E%3Cpath%20fill%3D%22url(%23c)%22%20d%3D%22M246.3%20254c-7.4%207.5-19.2%209.6-33.5%207.1-5-29.2-28.8-69.3-65.3-105.9C110.9%20118.6%2087%2078.6%2082.2%2049.3c29.2%205%2069.3%2028.7%20105.9%2065.3s60.3%2076.7%2065.3%20105.9c2.4%2014.4.3%2026.2-7.1%2033.6%22%2F%3E%3Cpath%20fill%3D%22url(%23d)%22%20d%3D%22M286.9%20213.5c-7.4%207.4-19.2%209.5-33.5%207-5-29.2-28.8-69.3-65.3-105.9C151.5%2078%20111.4%2054.3%2082%2049.3c-2.4-14.3-.3-26%207.1-33.5%2022.5-22.4%2084.9%203.7%20139.5%2058.2%2054.6%2054.6%2080.6%20117%2058.2%20139.5%22%2F%3E%3Cpath%20fill%3D%22%23d8f1f3%22%20d%3D%22M228.7%2074q-7.8-6.5-15.8-12.6-8.2-6-16.3-11.7-16.5-11.3-34.3-20A146%20146%200%200%200%20126%2016.8a58%2058%200%200%200-17.6-.8q-3.8.5-7.4%202-3.1%201.5-5.5%203.9c-5.9%206-5.9%2018.3-3%2029.7a126%20126%200%200%200%2015.6%2033.7%20371%20371%200%200%200%2022.6%2032Q143%20132.7%20156%20148a499%20499%200%200%201%2048.7%2066.4q5.4%209.3%209.7%2019a110%20110%200%200%201%208%2026.6%2081%2081%200%200%201%20.4%2017.6q-.7%206.4-3.3%2012.3-2.9%206.4-7.8%2011.1t-11.4%207q-6%202.1-12.2%202.5-11.4.4-22.4-2.7c-14-3.8-26.5-10.2-38.3-17.5a238%20238%200%200%201-32.7-24.7q-7.6-6.9-14.8-14.1-7.1-7.4-13.6-15Q73.9%20243%2082%20249q8%206%2016.3%2011.7%2016.5%2011.3%2034.2%2020.1a181%20181%200%200%200%2018%207.7q9%203.4%2018.3%205.1a58%2058%200%200%200%2017.7.9q3.8-.5%207.4-2%203-1.5%205.4-4c6-6%206-18.3%203-29.5-3-11.3-9-22.8-15.8-33.7Q176%20209%20164%20193.4a872%20872%200%200%200-25.1-31A499%20499%200%200%201%2090%2096.3q-5.6-9.3-9.8-19.2A109%20109%200%200%201%2072%2044.7q-.4-6%20.3-11.8.8-6.4%203.3-12.3%202.8-6.4%207.8-11%205-4.8%2011.4-7Q100.7.3%20107%200q11.3-.6%2022.3%202.6c14%203.9%2026.6%2010.3%2038.3%2017.5A239%20239%200%200%201%20200.4%2045q7.5%206.8%2014.8%2014a305%20305%200%200%201%2013.5%2015%22%2F%3E%3Cdefs%3E%3ClinearGradient%20id%3D%22a%22%20x1%3D%22-2.1%22%20x2%3D%22195.6%22%20y1%3D%22107.2%22%20y2%3D%22304.8%22%20gradientUnits%3D%22userSpaceOnUse%22%3E%3Cstop%20stop-color%3D%22%232acbd2%22%2F%3E%3Cstop%20offset%3D%221%22%20stop-color%3D%22%23262d41%22%2F%3E%3C%2FlinearGradient%3E%3ClinearGradient%20id%3D%22b%22%20x1%3D%22-20.5%22%20x2%3D%22331.4%22%20y1%3D%2220.8%22%20y2%3D%22333.5%22%20gradientUnits%3D%22userSpaceOnUse%22%3E%3Cstop%20offset%3D%220%22%20stop-color%3D%22%2360eff1%22%2F%3E%3Cstop%20offset%3D%22.2%22%20stop-color%3D%22%2358d5d9%22%2F%3E%3Cstop%20offset%3D%22.5%22%20stop-color%3D%22%2345939d%22%2F%3E%3Cstop%20offset%3D%22.9%22%20stop-color%3D%22%232b4758%22%2F%3E%3C%2FlinearGradient%3E%3ClinearGradient%20id%3D%22c%22%20x1%3D%22-17.5%22%20x2%3D%22334.3%22%20y1%3D%22-48.6%22%20y2%3D%22332.8%22%20gradientUnits%3D%22userSpaceOnUse%22%3E%3Cstop%20stop-color%3D%22%2300abb3%22%2F%3E%3Cstop%20offset%3D%221%22%20stop-color%3D%22%23d2f2f4%22%2F%3E%3C%2FlinearGradient%3E%3ClinearGradient%20id%3D%22d%22%20x1%3D%22-25.5%22%20x2%3D%22338.3%22%20y1%3D%22-110.3%22%20y2%3D%22241.3%22%20gradientUnits%3D%22userSpaceOnUse%22%3E%3Cstop%20offset%3D%22.3%22%20stop-color%3D%22%2300b4bb%22%2F%3E%3Cstop%20offset%3D%22.5%22%20stop-color%3D%22%2300b9bf%22%2F%3E%3Cstop%20offset%3D%22.7%22%20stop-color%3D%22%231cc6cc%22%2F%3E%3Cstop%20offset%3D%22.9%22%20stop-color%3D%22%2346dce0%22%2F%3E%3Cstop%20offset%3D%221%22%20stop-color%3D%22%2360eff1%22%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3C%2Fsvg%3E){kind=small}
%22%2F%3E%0A%20%20%3Cpath%20d%3D%22M0%20133.5L103%20188.5L150.5%20162.5V106.5L206%20138.5V178.5L103%20238L0%20178.5V133.5Z%22%20fill%3D%22url(%23markGradient)%22%2F%3E%0A%20%20%3Cdefs%3E%0A%20%20%20%20%3ClinearGradient%20id%3D%22markGradient%22%20x1%3D%220%22%20y1%3D%22238%22%20x2%3D%22206%22%20y2%3D%220%22%20gradientUnits%3D%22userSpaceOnUse%22%3E%0A%20%20%20%20%20%20%3Cstop%20offset%3D%220%22%20stop-color%3D%22%231B7789%22%2F%3E%0A%20%20%20%20%20%20%3Cstop%20offset%3D%220.48%22%20stop-color%3D%22%2342D5DC%22%2F%3E%0A%20%20%20%20%20%20%3Cstop%20offset%3D%221%22%20stop-color%3D%22%2368F0F5%22%2F%3E%0A%20%20%20%20%3C%2FlinearGradient%3E%0A%20%20%3C%2Fdefs%3E%0A%3C%2Fsvg%3E%0A){kind=small}
1
Embed & encrypt
Your model produces a vector. CyborgDB encrypts it with your key, within your own VPC or on-prem.
AES-256-GCM · in your VPC
The vector database
that stays encrypted even while it's searching.
Similarity search directly on encrypted data — self-hosted in your VPC or on-prem. Only the answer to a query is decrypted.
<5ms
p95 encrypted query latency
100M+
vectors per index
Zero
data leaves your boundary
Your storage never touches plaintext.
CyborgDB runs entirely in your environment — Cyborg holds no keys, sees no vectors, and never receives your data. Only the final candidates are ever decrypted.
2
Search on ciphertext
A trapdoor query runs against the forward-secure encrypted index. The backing store only ever holds ciphertext — on disk, in snapshots, and on the wire.
Encrypted IVF / HNSW
3
Rerank & return
Only the final candidates are decrypted to rerank, then results return over TLS. The per-operation key is zeroized after.
transient · zeroized
Everything a production vector DB should do.
None of the security tradeoffs.
Encrypted ANN
Approximate nearest neighbor on ciphertext, with recall within 2% of plaintext baselines.
· IVF + HNSW backends
· k up to 1,000
· cosine, dot, L2
Metadata filters
Combine vector similarity with encrypted metadata predicates in one request. Hybrid keyword search is on the roadmap.
· AND/OR filter trees
· Equality + range on encrypted tokens
◐ Hybrid keyword — coming soon
Per-field keys
Different fields can use different keys. Revoke access to a field without re-indexing the rest.
· Independent key rotation
· Field-level audit log
· Partial revocation
Hot & cold tiers
Move indexes between NVMe and object storage with a single API call. Both tiers stay fully encrypted.
· S3 / GCS / Azure Blob
· Manual promote / demote
· Cold tier @ $0.001/GB/mo
BYOK + HSM
Bring your own key from AWS KMS, GCP KMS, Azure Key Vault, or an on-prem HSM.
· PKCS#11 HSM
· Envelope encryption
· Auto key rotation
Snapshots
Encrypted snapshots to your bucket on demand or on a schedule. Restore in-place or to a new index.
· Object-lock + WORM compatible
· Cross-region replication
· Restore in < 10 min
A vector DB API you already know.
Five lines to index and query. The service encrypts and indexes your vectors inside your environment, and searches encrypted vectors.
client.py
from cyborgdb import Client
client = Client(base_url="http://localhost:8000",
api_key="your-api-key")
# generate or load an encryption key
index_key = client.generate_key(save=True)
index = client.create_index(index_name="my_index", index_key=index_key)
# vectors sent over TLS, encrypted server-side
index.upsert([
{"id": "item_1", "vector": [0.1, 0.2, 0.3, 0.4], "contents": "Hello!"},
])
# search runs on ciphertext
results = index.query(query_vectors=[0.1, 0.2, 0.3, 0.4], top_k=10)
Designed for a strong adversary —
without holding your data.
CyborgDB is self-hosted; we never receive your vectors, payloads, or keys. The encryption model means an attacker with disk access to your cluster gets ciphertext only.
Defense in depth
Six guarantees that hold even if an attacker owns your disk, snapshots, and network.
- Encrypted search Embeddings stay encrypted through storage, transit, and index traversal. Only the final candidates are decrypted.
- Forward privacy New inserts reveal nothing about prior data; current queries can't be correlated with historical patterns.
- Inversion-resistant Encrypted embeddings defeat the ML reconstruction attacks that recover 99% of plaintext from standard vector DBs.
- Key isolation Encryption keys live in your KMS, HSM, or local store. CyborgDB operates with zero knowledge of them.
- Per-record randomization Unique IVs per record block cross-system metadata correlation, even with full disk access.
- AEAD on the wire TLS plus AES-256-GCM at the application layer. Endpoint compromise doesn't downgrade transport security.
The only residual exposure is the service process mid-query; it's
stateless and zeroizes on completion.
Compliance frameworks (SOC 2, HIPAA, GDPR, FedRAMP) apply to your
environment, not ours — CyborgDB is a binary you run inside your
existing controls.
Read the threat-model doc →
How CyborgDB stacks up.
Capability
CyborgDB
Qdrant
Weaviate
pgvector
Milvus
Encrypted at rest
●
●
●
●
●
Encrypted during search
●
○
○
○
○
Filtered search
●
●
●
◐
●
Filters on encrypted metadata
●
○
○
○
○
Per-field / per-tenant key isolation
●
○
○
○
○
Bring-your-own KMS / HSM at index layer
●
○
◐
◐
○
Key rotation without re-indexing
●
○
○
○
○
Crypto-shredding (delete = destroy key)
●
○
○
○
○
● full support · ◐ partial / conditional · ○ not supported
Encryption, without the tax.
Security doesn't have to mean compromising performance. CyborgDB keeps pace with unencrypted vector databases — and beats most of them.
| Database | Recall (%) | QPS |
|---|---|---|
| CyborgDB (encrypted) | 72.8 | 792 |
| CyborgDB (encrypted) | 76.3 | 744 |
| CyborgDB (encrypted) | 81.3 | 672 |
| CyborgDB (encrypted) | 85.9 | 638 |
| CyborgDB (encrypted) | 88.8 | 567 |
| CyborgDB (encrypted) | 91.8 | 499 |
| CyborgDB (encrypted) | 94.0 | 433 |
| CyborgDB (encrypted) | 96.2 | 351 |
| CyborgDB (encrypted) | 97.3 | 321 |
| CyborgDB (encrypted) | 98.2 | 266 |
| CyborgDB (encrypted) | 98.6 | 245 |
| CyborgDB (encrypted) | 99.0 | 220 |
| CyborgDB (encrypted) | 99.4 | 182 |
| CyborgDB (encrypted) | 99.8 | 151 |
| Qdrant | 89.5 | 113 |
| Qdrant | 95.2 | 89 |
| Qdrant | 97.8 | 68 |
| Qdrant | 99.1 | 45 |
| Qdrant | 99.4 | 35 |
| Qdrant | 99.7 | 27 |
| Qdrant | 99.9 | 17 |
| Weaviate | 77.2 | 840 |
| Weaviate | 83.4 | 737 |
| Weaviate | 86.9 | 715 |
| Weaviate | 91.3 | 600 |
| Weaviate | 93.3 | 533 |
| Weaviate | 95.9 | 430 |
| Weaviate | 97.5 | 349 |
| Weaviate | 98.6 | 266 |
| Weaviate | 98.9 | 224 |
| Weaviate | 99.4 | 176 |
| Weaviate | 99.8 | 108 |
| Milvus | 92.6 | 66 |
| Milvus | 96.7 | 61 |
| Milvus | 98.3 | 55 |
| Milvus | 99.1 | 47 |
| Milvus | 99.5 | 41 |
| Milvus | 99.7 | 29 |
| Elasticsearch | 81.4 | 303 |
| Elasticsearch | 83.4 | 293 |
| Elasticsearch | 89.6 | 278 |
| Elasticsearch | 90.8 | 276 |
| Elasticsearch | 94.6 | 241 |
| Elasticsearch | 95.2 | 240 |
| Elasticsearch | 96.6 | 218 |
| Elasticsearch | 97.5 | 198 |
| Elasticsearch | 97.8 | 184 |
| Elasticsearch | 98.7 | 161 |
| Elasticsearch | 99.2 | 131 |
| Elasticsearch | 99.2 | 129 |
| Elasticsearch | 99.4 | 120 |
| Elasticsearch | 99.4 | 117 |
| pgvector | 81.4 | 835 |
| pgvector | 89.2 | 497 |
| pgvector | 94.1 | 402 |
| pgvector | 96.7 | 283 |
| pgvector | 97.6 | 190 |
| pgvector | 98.5 | 130 |
| pgvector | 99.1 | 82 |
| pgvector | 99.5 | 47 |
| pgvector | 99.6 | 38 |
| LanceDB | 94.2 | 282 |
| LanceDB | 97.5 | 174 |
| LanceDB | 99.0 | 101 |
| LanceDB | 99.3 | 90 |
CyborgDB encrypted
Qdrant
Weaviate
Milvus
Elasticsearch
pgvector
LanceDB
DATASET wiki-all-1M · 768 dims · 1M vectors · top-k = 10
CyborgDB v0.17.0 DiskIVF encrypted 2m 32s
LanceDB v0.27.1 IVF-PQ 6m 06s
Qdrant v1.17.1 HNSW 20m 23s
Milvus v2.6.15 HNSW 28m 13s
Weaviate v1.37.0 HNSW 33m 30s
pgvector v0.8.2 HNSW 40m 05s
Elasticsearch v9.3.4 HNSW 65m 01s
lower = better
Single-threaded runs on the ann-benchmarks harness, c8g.4xlarge · May 2026.
Works with your existing stack.
CyborgDB is a binary you run inside the infrastructure you already operate. Nothing to migrate, nothing new to learn — just a privacy guarantee on top of the tools you already have.
Runtime
A drop-in Docker image.
Single container, multi-arch (amd64 / arm64). Helm chart for Kubernetes, Compose file for everything else. No TEE, no special silicon — runs anywhere Linux runs.
$ docker pull cyborg/cyborgdb:latest
$ helm install cyborgdb cyborg/cyborgdb
──────────────────────────────
linux/amd64 · linux/arm64
EKS · GKE · AKS · OpenShift · bare metal
FIPS 140-3 build available
Storage
Persists where you already do.
CyborgDB separates compute from storage. Point it at Postgres, MySQL, S3, GCS, Azure Blob, or any S3-compatible store. Your existing backup and DR plan covers it for free.
Postgres
AWS RDS
AWS S3
GCS
Azure Blob
MinIO
Cloudflare R2
Wasabi
Orchestration
Speaks the frameworks your team already uses.
First-party adapters for the orchestration frameworks. Same retriever interface, same indexing pipeline — swap the vector store and you're done.
LangChain
LlamaIndex
Haystack
Keys
Bring your KMS. Or your HSM.
Envelope encryption with the major cloud KMS providers and any PKCS#11 HSM. CyborgDB never sees your master key — only the data key, only at use, only in memory.
AWS KMS CMK + IAM
GCP KMS CryptoKey + IAM
Azure Key Vault managed HSM
HashiCorp Vault transit engine
Migrate your vector database.
Encrypted.
Already on Pinecone, Weaviate, or Milvus? Bring your workload to a thirty-minute call. We'll show you how CyborgDB performs against it. Free for up to 1M vectors.