In April 1940, a Hungarian chemist named George de Hevesy had a problem that no amount of clever engineering could solve in the conventional way.
Two Nobel Prize medals — solid gold, engraved with the names of their owners — were sitting in Niels Bohr's Institute of Theoretical Physics in Copenhagen. They belonged to German physicists Max von Laue and James Franck, who had smuggled them out of Nazi Germany, where owning gold was effectively a capital offense. The medals were supposed to be safe in Copenhagen. Then the Nazis invaded Denmark.
De Hevesy had hours before German soldiers searched the institute. Bohr's first instinct was to bury the medals in the garden. De Hevesy pointed out the Germans would dig. Hiding them was futile — a pair of gold medals engraved with the names of wanted men isn't something you tuck behind a filing cabinet.
So he did something that, if you think about it long enough, contains the entire philosophy of modern data protection in a single afternoon.
He dissolved them.
The Chemistry of Disappearance
Gold is almost entirely unreactive. There's one exception: aqua regia — three parts hydrochloric acid, one part nitric. Separately, neither can touch gold. Together, they dissolve it completely.
While Nazi soldiers marched through Copenhagen, de Hevesy combined the acids and dropped in the medals. The gold disappeared into a bright orange liquid indistinguishable from any other beaker in a working laboratory. He placed the flask on a shelf among hundreds of other bottles and waited.
When the Nazis searched the institute, they were thorough. They did not pick up the beaker of orange liquid. They were looking for gold medals, and gold medals no longer existed.
Here's the part that makes it a perfect metaphor rather than just a good anecdote: after the war, de Hevesy reversed the chemistry. He precipitated the gold back out of solution, sent it to Stockholm, and the Nobel Foundation recast the medals. Von Laue and Franck got their prizes back in 1952. The information wasn't destroyed. It was temporarily inaccessible, then reconstituted by the authorized party when it was safe.
What De Hevesy Actually Did
Photo: Nobel Foundation Archive
Strip away the chemistry and look at the operational logic.
De Hevesy wasn't hardening a perimeter. He wasn't detecting intruders. He wasn't writing an incident response runbook for when the Nazis arrived. He assumed the breach. He assumed the search would be thorough. And he acted in advance to make sure that when the adversary got what they came for, they'd get nothing of value.
That's exactly what analysts like Gartner now call preemptive cyber defense — a category that inverts the assumption almost every security control you've ever bought is built on. Detection, response, EDR, SIEM, most "Zero Trust" implementations all assume the attacker eventually gets in, and the job is to find them fast and limit the damage. Preemptive cyber defense says something different: assume they're already in, and make sure what they find is worthless.
That's the difference between Bohr's instinct — bury the medals in the garden — and de Hevesy's. Bohr was defending a perimeter. De Hevesy was neutralizing the prize.
"Harvest now, decrypt later" is already an active strategy. Adversaries exfiltrate ciphertext today, bet on quantum catching up tomorrow. Every threat of that shape has the same logic: get in, take something, monetize later. Detect-and-respond is reactive by definition. By the time you've detected and responded, the thing they came for is already gone.
At some point the answer has to stop being "we'll find them faster" and start being: they get nothing.
What Dissolving Medals Looks Like Today
At HyperSphere, we don't build better vaults. We dissolve the medals.
Our technology segments data into frames and encrypts each frame with keys that exist only for the instant they're needed — the moment of encryption or decryption. Then they're gone. Never stored. Gone, like gold dissolved in acid.
The keys are real. Just as the gold atoms still existed in de Hevesy's beaker, ephemeral keys are real cryptographic keys doing real cryptography. What we eliminate is the persistence — the state in which keys sit around in recognizable, targetable, stealable form. No persistence, no vault to breach, no code to crack. That's not a hardening improvement. It's a category change.
This is what a preemptive cyber defense control for data at rest looks like. Attackers get in. They have valid credentials, cloud access, whatever elevated posture they've engineered. They go looking for the data. What they find is a shelf full of orange liquid.
De Hevesy didn't build a vault. He didn't harden a perimeter. He made sure that when the adversary arrived, the thing they came for wasn't there to be taken.
The medals aren't buried in the garden. They've been dissolved.
HyperSphere's zero-management architecture
HyperSphere's ephemeral key encryption platform is a preemptive cyber defense control for data at rest. Data is transformed into a non-reconstructable state. Valid credentials and cloud access don't yield usable information. Like the dissolved medals, the data is present in storage but requires proper reconstruction capability — not a stored key — to restore.
