Cloud Native Automated Moving-Target Defense for Applications and Devices

animated GIF of Hopr AMTD and rotation with cloud machines

By 2025, the worldwide cost of cyber crime is estimated to exceed $10 trillion annually.

92% of API attacks reported were against public-facing API endpoints.

84% of API attacks against financial/insurance APIs were authenticated, but were actually threat actors.

The API data breach rate in 2023 is on pace to exceed more than one billion data records.

61% of IT professionals say that the theft or misuse of machine identities is a serious concern.

By 2026, more than 90% of enterprises will operate in multiple clouds, and face increased complexity.

Secure Your Applications, APIs, Devices, and Data with Hopr's WoSP

Hopr's Workload Security Proxy (WoSP) offers unparalleled protection for your containerized applications, APIs, and data. With our Automated Moving Target Defense, you can ensure secure and trusted access for every communication session.

Learn More
Learn more
A graphic image of a blue box container wrapped in text

We solve significant  cyber defense challenges

The Hopr WoSP is the 'building block' to achieve Zero Trust, quantum-proof, application networking across all cloud environments. It shrinks and animates the enterprise attack surface using Runtime Microsharding™ and protects each shard with an
Automated Moving Target Defense (AMTD).

Vulnerable and large attack surface

  • Increasingly sophisticated threats can bypass static defenses to rapidly exploit vulnerabilities.
  • The attack surface is continually expanding and growing in complexity, too.
  • Traditional perimeter-based and signature-driven defenses are proving insufficient for multi-cloud architectures.
  • The attack surface is no longer a defined perimeter but a constantly evolving, amorphous entity

Hopr's solution:

Runtime Microsharding™ is a novel Hopr mechanism that breaks a large attack surface into many small pieces (microshards) and animates them to make them appear as a mirage to attackers. What they think is accessible disappears when they try to reach it.

Buy Now
Learn more
Animated GIF graphic of shards of an attack surface that appear and disappear
Learn How It Works

Abuse of static access credentials

  • Access to applications and APIs use credentials that are static and seldom change.
  • Static credentials are easy targets for threat actors.
  • Compromised or stolen access credentials cannot be immediately discovered on misuse.
  • API endpoints repeatedly leak sensitive data.

Hopr's solution:

Hopr's WoSP rapidly 'hops' the access credentials for containerized apps to disrupt a threat actors ability to find and misuse them. Only trusted applications can know the correct credentials to gain access.

Buy Now
Learn more

Untrusted identities of workload

  • Containerized applications (workloads) and devices (machines) use static identity credentials called 'certificates'.
  • Certificates are issued to workloads and devices automatically by centralized 'authorities' without first vetting for trust.
  • A 'chain of trust' exists only with the certificate authority and not the workload or machine.
  • By 2026, it’s estimated that new  devices  will connect to the Internet at a rate of 5,000 per minute!

Hopr's solution:

Hopr's WoSP manages a dynamic Machine Identity credential (a MAID™) that is issued with high trust, is repeatedly verified for trust at each communication session, and builds a chain of trust in workloads and machines.

Buy Now
Learn more
Abstract graphic icon of a containerized workload with uncertain identity trust
Learn How It Works
Learn How it Works

Complex data sharing   across clouds  

  • Cloud environments have identity and crypto boundaries create 'seams' that impede data sharing across environments.
  • Methods to securely share data across cloud boundaries are complex, require high skills, are time-consuming, and error-prone.
  • Encryption of data transport is vulnerable to key intercept and data loss at cloud seams.

Hopr's solution:

Hopr's WoSP enables seamless application networking across clouds with comprehensive, end-to-end-encrypted communication channels (without exposing a key in an exchange).

Buy Now
Learn more
image of computer code for hopr's "Codes Hidden in Plain Sight" technology
Click the image to watch

See the WoSP in operation

Click the image at left to watch a 3:36 (min:sec) recorded demo of Hopr WoSPs protecting workload endpoints, end-to-end encrypting messages, and refusing access from untrusted connections.
Watch the Demo

The Magic of the WoSP

WoSPs are small, lightweight, networking proxies that incorporate three unique and patented security technologies and protocols

Innovations designed to defeat cyber threats

Hopr's uniue and patented innovations are desiged to preemptively disrupt cyber threats before an attack can be launched. They meet Zero Trust Network Access principles and are future proof to quantum and AI-driven attacks. They also shrink and animated the attack surface.
API Threat Protection Icon
01
Codes Hidden In Plain Sight (CHIPS™)

CHIPS™ technology uses an algorithm to generate a cryptographic secret. The magic of CHIPS is that two identically configured WoSPs can generate an identical secret if their algorithms run at nearly the same time.

motorcycle with sidecar
02
Synchronous Ephemeral Encryption (SEE™) protocol

The SEE™ protocol uses the CHIPS™ secret to build an end-to-end-encrypted communication channel at the start of a communication session between two WoSPs, eliminating the vulnerability of a key exchange.

app with sidecar
03
Machine Alias ID (MAID™) credential

A MAID™ is a decentralized dynamic machine identity credential that is issued by a Hopr control plane, identity provider, and trust verifier.

The MAID™ is managed and rotated by the WoSP and verified for trust by an external Trust Verifier at the start of each communication session .

app with sidecar tested
04
Automated Moving Target Defense (AMTD)

In runtime, the AMTD breaks the attack surface into very small shards and makes it nearly impossible for threats to recon, map, and attack. A new AMTD is formed around pairs of workloads and devices each time they communicate.

Access control at endpoints

  • Threat actors have proven abilities to bypass perimeter security controls.
  • They can identify critical endpoints, avoid detection, and launch attacks.
  • Annual losses from unauthorized access amount to billions of dollars.

Hopr's solution:

Our patented CHIPS™ technology enables rotation of  credentials at a high frequency to create a moving target defense that prevents threat actors from gaining the information they need for an attack.

Buy Now
Learn more
Abstract graphic icon of a threat actor obtaining access to a cluster of workloads
See the Use Case

Experts Agree on the Value of a Moving Target Defense

“I am a big fan of this defensive strategy.
Adversaries spend 90% of their time in attack planning, this prevents them from launching an attack.”
SVP Security, Global Financial Services

Learn about a new kind of cyber defense

Automated Moving Target Defense (AMTD) has been described by Gartner as “the future of cyber.” Hopr’s AMTD is a cloud native form that protects containerized workloads, APIs, and data in transit across all clouds. Read our FREE white paper to learn the basics of cloud native AMTD.
Read the White Paper
Learn more
Don’t become a threat statistic.

Add Cloud Native AMTD and Runtime Microsharding™ to your cybersecurity architecture.
Snapshot image of a Gartner research paper on AMTD
Hopr named a tech innovator in Gartner's
"Emerging Tech: AMTD Advances Proactive Cloud Defense"

Want more detail? Learn from our FREE resources.

We curated a collection of white papers, videos, and webinars in our ‘Discovery’ library. The resources are FREE with an email. We also have public resources available from the site navbar menu.
Get Free Discovery Resources

Business Value in Cloud Native AMTD

Exfiltrated API credentials 

Reduce Cyber Risk from a Cloud Native AMTD that verifies identity trust and prevents attacks on valuable resources and data.
Buy Now
Learn more

Exfiltrated API credentials 

Attack Surface Reduction capabilities shrink the attack surface and animate it to confuse and disrupt threats.
Buy Now
Learn more

Exfiltrated API credentials 

Improved Compliance from data security features that enhance privacy and prevent data loss.
Buy Now
Learn more

Exfiltrated API credentials 

Fast Time-to-Value with self-serve onboarding and simple “low-code” DevOps -friendly configuration and deployment. And changes to existing application or API code are  not required.
Buy Now
Learn more

Exfiltrated API credentials 

Lower Ownership Costs from “cert-free“ cloud native technology, reduced central cloud services costs, and simpler implementation and maintenance.
Buy Now
Learn more

Compelling Advantages

Capability

Others

DECENTRALIZED IDENTITY
With Hopr, workloads carry their own identity and secrets management system.
CENTRALIZED IDENTITY
Multiple external identity, key, and secrets management services constrain connectivity and increase costs.
ATTACK PREVENTION
‍Hopr rotates credentials at a high frequency to prevent theft and misus
VULNERABLE CREDENTIALS
Static credentials are discovered, stolen, and used in cyber attacks.
DATA SECURITY
Hopr achieves comprehensive end-to-end protection of data in transit
DATA EXPOSURE
TLS/mTLS encryption is discontinuous and vulnerable to session key intercept
ATTACK SURFACE REDUCTION
Hopr shards the attack surface and animates the shards in runtime.
LARGE ACCESSIBLE ATTACK SURFACE Mapable attack endponts and unfettered threat access.
See the complete list of Hopr features

Award Winning Innovations

Image of the gold and silver 2023 Globee Cybersecurity World Awards
High Frequency Credential Rotation. Access credentials to workloads and devices hop (rotate) at a high frequency to prevent discovery and disrupting threats before an attack can occur.

Exfiltrated API credentials 

Identity Trust Verification. Workload identity trust is established once at deployment and then verified frequently.
Buy Now
Learn more

Exfiltrated API credentials 

Synchronous Ephemeral Encryption (SEE™). End-to-end encryption (without a key exchange) assures data privacy and integrity of data in transit everywhere.
Buy Now
Learn more

Exfiltrated API credentials 

Token-free Authentication. Ingress messages must pass SEE™ decryption to be recognized (authenticated) as originating from a legitimate sender.
Buy Now
Learn more
Immediate Discovery of Stolen Keys. Stolen API keys that are presented by threats are immediately discovered and the API query is logged and rejected before reaching the API endpoint.
Learn How These Work

Our Latest Insightful Articles

Blue image of a surface broken into many small partitioned fragments

Runtime Microsharding Shrinks the Enterprise Attack Surface

July 8, 2025
Tom McNamara
Blue image of a surface broken into many small partitioned fragments

What Does Hopr Replace In An Enterprise Security Architecture?

May 30, 2025
Tom McNamara
Blue image of a surface broken into many small partitioned fragments

AI and the Crisis of Machine Credentials (and How to Avoid It)

April 24, 2025
Tom McNamara
Gartner, Emerging Tech: AMTD Advances Proactive Cloud Defense, Mark Wah, Lawrence Pingree, Rustam Malik, 2 January 2024. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Case StudiesHow It WorksUnique FeaturesAMTD ProductsPricingContact usSecurityWeb Retriever OSSAboutPrivacy policiesTerms of service
Hopr.co delivers Zero Trust, cloud-native, multi-cloud infrastructure purpose-built to protect high-value applications, APIs, and data across clusters, clouds, and organizations.

Hopr's Cloud Native Automated Moving Target Defense (AMTD) frequently hops workload access credentials and produces Runtime Microsharding™, a novel technique that shrinks and animates the attack surface—breaking it into very small, short-lived pieces (microshards)—that disrupt threat reconnaissance, block lateral movement, and render credential theft ineffective.

Hopr’s Workload Security Proxy (WoSP)—a lightweight, drop-in proxy—enforces Zero Trust at every transaction, and rejects all untrusted attempts to access a trusted workload.
copyright 2021-2025 | Hopr Corporation
CHIPS™, MAID™, and SEE™ are trademarks of Hopr Corporation
CHIPS™ and MAID™ technologies and the SEE™ protocol
are protected by US Patents and patents pending.