%22%20d%3D%22M459%20412A256%20256%200%200%200%20456%2096L256%20256z%22%2F%3E%3Cpath%20fill%3D%22%23fff%22%20d%3D%22M123.2%2037.1a256%20256%200%201%200%20310.2%2034.3l-85%2088.5a133.4%20133.4%200%201%201-161.6-18z%22%2F%3E%3Cpath%20fill%3D%22url(%23b)%22%20d%3D%22M458.7%2099.6a256%20256%200%201%200%20.5%20312.1l-97.3-74.6a133.3%20133.3%200%201%201-.3-162.6z%22%2F%3E%3Cdefs%3E%3CradialGradient%20id%3D%22b%22%20cx%3D%220%22%20cy%3D%220%22%20r%3D%221%22%20gradientTransform%3D%22rotate(113%20286%20327.3)scale(724)%22%20gradientUnits%3D%22userSpaceOnUse%22%3E%3Cstop%20stop-color%3D%22%2338c3ee%22%2F%3E%3Cstop%20offset%3D%22.5%22%20stop-color%3D%22%2369f1f6%22%2F%3E%3Cstop%20offset%3D%22.9%22%20stop-color%3D%22%23207d8b%22%2F%3E%3C%2FradialGradient%3E%3ClinearGradient%20id%3D%22a%22%20x1%3D%22513%22%20x2%3D%22-1%22%20y1%3D%22256.5%22%20y2%3D%22255.5%22%20gradientUnits%3D%22userSpaceOnUse%22%3E%3Cstop%20offset%3D%22.2%22%20stop-color%3D%22%23217684%22%2F%3E%3Cstop%20offset%3D%22.5%22%20stop-color%3D%22%2356d3db%22%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3C%2Fsvg%3E){kind=small}
%22%20d%3D%22M205.7%20294.7c-22.4%2022.4-84.9-3.7-139.4-58.3C11.7%20182-14.4%20119.4%208%2097c7.4-7.4%2019.2-9.5%2033.6-7%205%2029.2%2028.7%2069.3%2065.3%20105.8%2036.5%2036.6%2076.6%2060.4%20105.9%2065.3%202.4%2014.4.3%2026.2-7.1%2033.6%22%2F%3E%3Cpath%20fill%3D%22url(%23b)%22%20d%3D%22M212.8%20261.1c-29.3-5-69.4-28.7-106-65.3S46.6%20119.2%2041.7%2090c-2.5-14.3-.4-26%207-33.5s19.2-9.5%2033.6-7c5%2029.2%2028.7%2069.3%2065.3%20105.8%2036.5%2036.6%2060.3%2076.7%2065.3%20106%22%2F%3E%3Cpath%20fill%3D%22url(%23c)%22%20d%3D%22M246.3%20254c-7.4%207.5-19.2%209.6-33.5%207.1-5-29.2-28.8-69.3-65.3-105.9C110.9%20118.6%2087%2078.6%2082.2%2049.3c29.2%205%2069.3%2028.7%20105.9%2065.3s60.3%2076.7%2065.3%20105.9c2.4%2014.4.3%2026.2-7.1%2033.6%22%2F%3E%3Cpath%20fill%3D%22url(%23d)%22%20d%3D%22M286.9%20213.5c-7.4%207.4-19.2%209.5-33.5%207-5-29.2-28.8-69.3-65.3-105.9C151.5%2078%20111.4%2054.3%2082%2049.3c-2.4-14.3-.3-26%207.1-33.5%2022.5-22.4%2084.9%203.7%20139.5%2058.2%2054.6%2054.6%2080.6%20117%2058.2%20139.5%22%2F%3E%3Cpath%20fill%3D%22%23d8f1f3%22%20d%3D%22M228.7%2074q-7.8-6.5-15.8-12.6-8.2-6-16.3-11.7-16.5-11.3-34.3-20A146%20146%200%200%200%20126%2016.8a58%2058%200%200%200-17.6-.8q-3.8.5-7.4%202-3.1%201.5-5.5%203.9c-5.9%206-5.9%2018.3-3%2029.7a126%20126%200%200%200%2015.6%2033.7%20371%20371%200%200%200%2022.6%2032Q143%20132.7%20156%20148a499%20499%200%200%201%2048.7%2066.4q5.4%209.3%209.7%2019a110%20110%200%200%201%208%2026.6%2081%2081%200%200%201%20.4%2017.6q-.7%206.4-3.3%2012.3-2.9%206.4-7.8%2011.1t-11.4%207q-6%202.1-12.2%202.5-11.4.4-22.4-2.7c-14-3.8-26.5-10.2-38.3-17.5a238%20238%200%200%201-32.7-24.7q-7.6-6.9-14.8-14.1-7.1-7.4-13.6-15Q73.9%20243%2082%20249q8%206%2016.3%2011.7%2016.5%2011.3%2034.2%2020.1a181%20181%200%200%200%2018%207.7q9%203.4%2018.3%205.1a58%2058%200%200%200%2017.7.9q3.8-.5%207.4-2%203-1.5%205.4-4c6-6%206-18.3%203-29.5-3-11.3-9-22.8-15.8-33.7Q176%20209%20164%20193.4a872%20872%200%200%200-25.1-31A499%20499%200%200%201%2090%2096.3q-5.6-9.3-9.8-19.2A109%20109%200%200%201%2072%2044.7q-.4-6%20.3-11.8.8-6.4%203.3-12.3%202.8-6.4%207.8-11%205-4.8%2011.4-7Q100.7.3%20107%200q11.3-.6%2022.3%202.6c14%203.9%2026.6%2010.3%2038.3%2017.5A239%20239%200%200%201%20200.4%2045q7.5%206.8%2014.8%2014a305%20305%200%200%201%2013.5%2015%22%2F%3E%3Cdefs%3E%3ClinearGradient%20id%3D%22a%22%20x1%3D%22-2.1%22%20x2%3D%22195.6%22%20y1%3D%22107.2%22%20y2%3D%22304.8%22%20gradientUnits%3D%22userSpaceOnUse%22%3E%3Cstop%20stop-color%3D%22%232acbd2%22%2F%3E%3Cstop%20offset%3D%221%22%20stop-color%3D%22%23262d41%22%2F%3E%3C%2FlinearGradient%3E%3ClinearGradient%20id%3D%22b%22%20x1%3D%22-20.5%22%20x2%3D%22331.4%22%20y1%3D%2220.8%22%20y2%3D%22333.5%22%20gradientUnits%3D%22userSpaceOnUse%22%3E%3Cstop%20offset%3D%220%22%20stop-color%3D%22%2360eff1%22%2F%3E%3Cstop%20offset%3D%22.2%22%20stop-color%3D%22%2358d5d9%22%2F%3E%3Cstop%20offset%3D%22.5%22%20stop-color%3D%22%2345939d%22%2F%3E%3Cstop%20offset%3D%22.9%22%20stop-color%3D%22%232b4758%22%2F%3E%3C%2FlinearGradient%3E%3ClinearGradient%20id%3D%22c%22%20x1%3D%22-17.5%22%20x2%3D%22334.3%22%20y1%3D%22-48.6%22%20y2%3D%22332.8%22%20gradientUnits%3D%22userSpaceOnUse%22%3E%3Cstop%20stop-color%3D%22%2300abb3%22%2F%3E%3Cstop%20offset%3D%221%22%20stop-color%3D%22%23d2f2f4%22%2F%3E%3C%2FlinearGradient%3E%3ClinearGradient%20id%3D%22d%22%20x1%3D%22-25.5%22%20x2%3D%22338.3%22%20y1%3D%22-110.3%22%20y2%3D%22241.3%22%20gradientUnits%3D%22userSpaceOnUse%22%3E%3Cstop%20offset%3D%22.3%22%20stop-color%3D%22%2300b4bb%22%2F%3E%3Cstop%20offset%3D%22.5%22%20stop-color%3D%22%2300b9bf%22%2F%3E%3Cstop%20offset%3D%22.7%22%20stop-color%3D%22%231cc6cc%22%2F%3E%3Cstop%20offset%3D%22.9%22%20stop-color%3D%22%2346dce0%22%2F%3E%3Cstop%20offset%3D%221%22%20stop-color%3D%22%2360eff1%22%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3C%2Fsvg%3E){kind=small}
%22%2F%3E%0A%20%20%3Cpath%20d%3D%22M0%20133.5L103%20188.5L150.5%20162.5V106.5L206%20138.5V178.5L103%20238L0%20178.5V133.5Z%22%20fill%3D%22url(%23markGradient)%22%2F%3E%0A%20%20%3Cdefs%3E%0A%20%20%20%20%3ClinearGradient%20id%3D%22markGradient%22%20x1%3D%220%22%20y1%3D%22238%22%20x2%3D%22206%22%20y2%3D%220%22%20gradientUnits%3D%22userSpaceOnUse%22%3E%0A%20%20%20%20%20%20%3Cstop%20offset%3D%220%22%20stop-color%3D%22%231B7789%22%2F%3E%0A%20%20%20%20%20%20%3Cstop%20offset%3D%220.48%22%20stop-color%3D%22%2342D5DC%22%2F%3E%0A%20%20%20%20%20%20%3Cstop%20offset%3D%221%22%20stop-color%3D%22%2368F0F5%22%2F%3E%0A%20%20%20%20%3C%2FlinearGradient%3E%0A%20%20%3C%2Fdefs%3E%0A%3C%2Fsvg%3E%0A){kind=small}
1
Embed & encrypt
Your model produces a vector. The SDK encrypts it with your key before it ever leaves the device.
AES-256-GCM + SSE
The vector database
that never sees your data.
Similarity search directly on encrypted embeddings — self-hosted in your VPC or on-prem, with no decryption, no TEE exit, and no plaintext in memory.
<5ms
p95 encrypted query latency
100M+
vectors per index
Zero
data leaves your boundary
A query never touches plaintext.
Three hops, encrypted end-to-end. CyborgDB runs in your environment — Cyborg holds no keys, sees no vectors, and never receives your data.
2
Search on ciphertext
A trapdoor query is matched against the encrypted IVF index. No plaintext is ever materialised, in memory or on disk.
Encrypted IVF / HNSW
3
Decrypt top-k
Encrypted IDs come back to your client. Only your application has the keys to fetch and decrypt the original payloads.
Local key, local decrypt
Everything a production vector DB should do.
None of the privacy tradeoffs.
Encrypted ANN
Approximate nearest neighbor on ciphertext, with recall within 2% of plaintext baselines.
· IVF + HNSW backends
· k up to 1,000
· cosine, dot, L2
Metadata filters
Combine vector similarity with encrypted metadata predicates in one request. Hybrid keyword search is on the roadmap.
· AND/OR filter trees
· Equality + range on encrypted tokens
◐ Hybrid keyword — coming soon
Per-field keys
Different fields can use different keys. Revoke access to a field without re-indexing the rest.
· Independent key rotation
· Field-level audit log
· Partial revocation
Hot & cold tiers
Move indexes between NVMe and object storage with a single API call. Both tiers stay fully encrypted.
· S3 / GCS / Azure Blob
· Manual promote / demote
· Cold tier @ $0.001/GB/mo
BYOK + HSM
Bring your own key from AWS KMS, GCP KMS, Azure Key Vault, or an on-prem HSM.
· PKCS#11 HSM
· Envelope encryption
· Auto key rotation
Snapshots
Encrypted snapshots to your bucket on demand or on a schedule. Restore in-place or to a new index.
· Object-lock + WORM compatible
· Cross-region replication
· Restore in < 10 min
A vector DB API you already know.
Five lines to encrypt, index, and query. The SDK transparently handles client-side encryption and trapdoor generation.
client.py
from cyborgdb import Client
client = Client(base_url="http://localhost:8000",
api_key="your-api-key")
# generate or load an encryption key — never leaves your environment
index_key = client.generate_key(save=True)
index = client.create_index(index_name="my_index", index_key=index_key)
# embeddings are encrypted before transit
index.upsert([
{"id": "item_1", "vector": [0.1, 0.2, 0.3, 0.4], "contents": "Hello!"},
])
# search runs on ciphertext — CyborgDB never sees the vector
results = index.query(query_vectors=[0.1, 0.2, 0.3, 0.4], top_k=10)
Designed for a strong adversary —
without holding your data.
CyborgDB is self-hosted; we never receive your vectors, payloads, or keys. The encryption model means an attacker with disk access to your cluster gets ciphertext only.
Defense in depth
Six guarantees that hold even if an attacker has full disk and memory access.
- In-use encryption Embeddings stay encrypted during search. Plaintext never materializes in memory, on disk, or on the wire.
- Forward privacy New inserts reveal nothing about prior data; current queries can't be correlated with historical patterns.
- Inversion-resistant Encrypted embeddings defeat the ML reconstruction attacks that recover 99% of plaintext from standard vector DBs.
- Key isolation Encryption keys live in your KMS, HSM, or local store. CyborgDB operates with zero knowledge of them.
- Per-record randomization Unique IVs per record block cross-system metadata correlation, even with full disk access.
- AEAD on the wire TLS plus AES-256-GCM at the application layer. Endpoint compromise doesn't downgrade transport security.
Compliance frameworks (SOC 2, HIPAA, GDPR, FedRAMP) apply to your
environment, not ours — CyborgDB is a binary you run inside your
existing controls.
Read the threat-model doc →
How CyborgDB stacks up.
Capability
CyborgDB
Qdrant
Weaviate
pgvector
Milvus
Encrypted at rest
●
●
●
●
●
Encrypted during search
●
○
○
○
○
Filtered search
●
●
●
◐
●
Filters on encrypted metadata
●
○
○
○
○
Per-field / per-tenant key isolation
●
○
○
○
○
Bring-your-own KMS / HSM at index layer
●
○
◐
◐
○
Key rotation without re-indexing
●
○
○
○
○
Crypto-shredding (delete = destroy key)
●
○
○
○
○
● full support · ◐ partial / conditional · ○ not supported
Encryption, without the tax.
Security doesn't have to mean compromising performance. CyborgDB keeps pace with unencrypted vector databases — and beats most of them.
| Database | Recall (%) | QPS |
|---|---|---|
| CyborgDB (encrypted) | 72.8 | 792 |
| CyborgDB (encrypted) | 76.3 | 744 |
| CyborgDB (encrypted) | 81.3 | 672 |
| CyborgDB (encrypted) | 85.9 | 638 |
| CyborgDB (encrypted) | 88.8 | 567 |
| CyborgDB (encrypted) | 91.8 | 499 |
| CyborgDB (encrypted) | 94.0 | 433 |
| CyborgDB (encrypted) | 96.2 | 351 |
| CyborgDB (encrypted) | 97.3 | 321 |
| CyborgDB (encrypted) | 98.2 | 266 |
| CyborgDB (encrypted) | 98.6 | 245 |
| CyborgDB (encrypted) | 99.0 | 220 |
| CyborgDB (encrypted) | 99.4 | 182 |
| CyborgDB (encrypted) | 99.8 | 151 |
| Qdrant | 89.5 | 113 |
| Qdrant | 95.2 | 89 |
| Qdrant | 97.8 | 68 |
| Qdrant | 99.1 | 45 |
| Qdrant | 99.4 | 35 |
| Qdrant | 99.7 | 27 |
| Qdrant | 99.9 | 17 |
| Weaviate | 77.2 | 840 |
| Weaviate | 83.4 | 737 |
| Weaviate | 86.9 | 715 |
| Weaviate | 91.3 | 600 |
| Weaviate | 93.3 | 533 |
| Weaviate | 95.9 | 430 |
| Weaviate | 97.5 | 349 |
| Weaviate | 98.6 | 266 |
| Weaviate | 98.9 | 224 |
| Weaviate | 99.4 | 176 |
| Weaviate | 99.8 | 108 |
| Milvus | 92.6 | 66 |
| Milvus | 96.7 | 61 |
| Milvus | 98.3 | 55 |
| Milvus | 99.1 | 47 |
| Milvus | 99.5 | 41 |
| Milvus | 99.7 | 29 |
| Elasticsearch | 81.4 | 303 |
| Elasticsearch | 83.4 | 293 |
| Elasticsearch | 89.6 | 278 |
| Elasticsearch | 90.8 | 276 |
| Elasticsearch | 94.6 | 241 |
| Elasticsearch | 95.2 | 240 |
| Elasticsearch | 96.6 | 218 |
| Elasticsearch | 97.5 | 198 |
| Elasticsearch | 97.8 | 184 |
| Elasticsearch | 98.7 | 161 |
| Elasticsearch | 99.2 | 131 |
| Elasticsearch | 99.2 | 129 |
| Elasticsearch | 99.4 | 120 |
| Elasticsearch | 99.4 | 117 |
| pgvector | 81.4 | 835 |
| pgvector | 89.2 | 497 |
| pgvector | 94.1 | 402 |
| pgvector | 96.7 | 283 |
| pgvector | 97.6 | 190 |
| pgvector | 98.5 | 130 |
| pgvector | 99.1 | 82 |
| pgvector | 99.5 | 47 |
| pgvector | 99.6 | 38 |
| LanceDB | 94.2 | 282 |
| LanceDB | 97.5 | 174 |
| LanceDB | 99.0 | 101 |
| LanceDB | 99.3 | 90 |
CyborgDB encrypted
Qdrant
Weaviate
Milvus
Elasticsearch
pgvector
LanceDB
DATASET wiki-all-1M · 768 dims · 1M vectors · top-k = 10
CyborgDB v0.17.0 DiskIVF encrypted 2m 32s
LanceDB v0.27.1 IVF-PQ 6m 06s
Qdrant v1.17.1 HNSW 20m 23s
Milvus v2.6.15 HNSW 28m 13s
Weaviate v1.37.0 HNSW 33m 30s
pgvector v0.8.2 HNSW 40m 05s
Elasticsearch v9.3.4 HNSW 65m 01s
lower = better
Single-threaded runs on the ann-benchmarks harness, c8g.4xlarge · May 2026.
Works with your existing stack.
CyborgDB is a binary you run inside the infrastructure you already operate. Nothing to migrate, nothing new to learn — just a privacy guarantee on top of the tools you already have.
Runtime
A drop-in Docker image.
Single container, multi-arch (amd64 / arm64). Helm chart for Kubernetes, Compose file for everything else. No TEE, no special silicon — runs anywhere Linux runs.
$ docker pull cyborg/cyborgdb:latest
$ helm install cyborgdb cyborg/cyborgdb
──────────────────────────────
linux/amd64 · linux/arm64
EKS · GKE · AKS · OpenShift · bare metal
FIPS 140-3 build available
Storage
Persists where you already do.
CyborgDB separates compute from storage. Point it at Postgres, MySQL, S3, GCS, Azure Blob, or any S3-compatible store. Your existing backup and DR plan covers it for free.
Postgres
AWS RDS
AWS S3
GCS
Azure Blob
MinIO
Cloudflare R2
Wasabi
Orchestration
Speaks the frameworks your team already uses.
First-party adapters for the orchestration frameworks. Same retriever interface, same indexing pipeline — swap the vector store and you're done.
LangChain
LlamaIndex
Haystack
Keys
Bring your KMS. Or your HSM.
Envelope encryption with the major cloud KMS providers and any PKCS#11 HSM. CyborgDB never sees your master key — only the data key, only at use, only in memory.
AWS KMS CMK + IAM
GCP KMS CryptoKey + IAM
Azure Key Vault managed HSM
HashiCorp Vault transit engine
Migrate your vector database.
Encrypted.
Already on Pinecone, Weaviate, or Milvus? Bring your workload to a thirty-minute call. We'll show you how CyborgDB performs against it. Free for up to 1M vectors.