Security for embedded systems: SANCTUARY Systems protects critical technology
Bild: Adobe Stock
SANCTUARY Systems: Three Darmstadt researchers make critical computers secure
The TUDa start-up SANCTUARY Systems develops security software for embedded systems – the invisible computers in cars, satellites, and production facilities. Founded in 2023 as a spin-off from system security research at TU Darmstadt, the 16-member team is holding its own in a fiercely competitive cybersecurity market, where thousands of providers around the world compete for customers, capital, and talent. Their clients already include organizations such as the European Space Agency as well as companies from the defense industry and Industry 4.0. Founders Dr. Emanuel Stapf, Dr. Ferdinand Brasser, and Dr. Patrick Jauernig rely on deep research expertise, close ties to the university – and a genuine enjoyment of solving highly complex security problems. Routine tasks? Not really SANCTUARY’s thing.
Successful in the cybersecurity business: The founders of SANCTUARY Systems, Dr. Emanuel Stapf, Dr. Ferdinand Brasser, and Dr. Patrick Jauernig (from left to right). Image: © SANCTUARY
The name says it all: SANCTUARY Systems builds sanctuaries – not for people, but for small computers. The Darmstadt start-up develops software that makes embedded systems more resilient against cyberattacks. These systems, for example, control brakes in cars, valves in factories, or onboard computers in satellites. If one of these systems fails, the consequences are more serious than just a simple restart.
The founders operate in a growing market. Worldwide, cybersecurity revenues have been increasing for years by high single- to double-digit percentages. Cloud computing, remote work, the Internet of Things – all of it needs protection. At the same time, thousands of providers are entering the market, from global platform corporations to tiny start-ups in niche areas. On top of that, there is a massive shortage of skilled professionals. Companies are competing not only for customers but also for every qualified developer and expert – a true “war for talent.” And right in the middle of it all: SANCTUARY Systems.
SANCTUARY Systems GmbH at the Space Tech Expo Europe 2025 in Bremen: David Koisser and Dr. Patrick Jauernig demonstrate the importance of security for Europe’s space infrastructure – in exchange with experts from aerospace, research, and safety-critical sectors. Image: © SANCTUARY
The young company is holding its own in this environment because it focuses on a challenging but crucial market niche: embedded systems with high security requirements. “We protect systems where a successful attack is not just annoying, but potentially dangerous,” says co-founder Dr. Emanuel Stapf. “It pays off that we have spent years researching exactly these issues.”
From PhD to Entrepreneurship
The story of SANCTUARY begins at the Department of Computer Science at TU Darmstadt. There, the three future founders complete their PhDs in the Systems Security research group: Emanuel Stapf, Ferdinand Brasser, and Patrick Jauernig. Their professor, Ahmad-Reza Sadeghi, is one of Germany’s leading experts in computer security. In 2019, as part of a research project, the three develop software designed to better protect embedded computers from attacks. The academic community responds positively, and industry takes notice.
Suddenly, the idea is on the table: this could be more than just a publication. “We realized that our ideas didn’t stay in the ivory tower—they solved real problems,” says Dr. Ferdinand Brasser. “The step to starting our own company was big, but it made perfect sense.”
This becomes possible thanks to the federal government’s StartupSecure funding program. The team receives financial support and coaching. In 2021, SANCTUARY wins a start-up competition, and in 2023, the official spin-off from TU Darmstadt follows: SANCTUARY Systems GmbH is founded. “Without the StartupSecure support, we would have started much more slowly,” says Dr. Patrick Jauernig. “It gave us the breathing room to turn research code into a robust product.”
How SANCTUARY Protects Systems
At the core of SANCTUARY’s offering is the “Zero-Trust Platform” (ZTP). It addresses a very specific problem: in modern vehicles, spacecraft, or machinery, numerous software components from different manufacturers run on the same hardware. If one of these components is hacked, it can, in the worst case, compromise the entire system. The ZTP strictly separates these components. Each runs in its own protected environment and is assigned a unique digital identity. The platform monitors communications, consolidates key functions such as software updates, and ensures that only authorized components can communicate with each other.
At the heart of the system is the Peregrine Hypervisor, an extremely lightweight, security-focused “mini operating system kernel” that isolates programs from each other and continuously monitors them. It is complemented by a security agent that manages keys for secure connections and keeps track of the overall system state.
The technology is highly complex, but that’s exactly what the team loves. “Standard requirements bore us,” says Jauernig with a smile. “We want problems that really challenge us—critical systems, limited resources, strict regulations. When it gets truly difficult, that’s when we’re in our element.”
Satellites, defense networks, factories
SANCTUARY takes its first major steps where the stakes are highest: in space. The company is working with the European Space Agency (ESA) on several projects, focusing on secure communication between satellites, protecting onboard computers, and emergency systems in case something goes wrong in spacecraft. “A satellite taken over by attackers is not just a broken computer,” says Stapf. “It’s infrastructure in space. If we can help there with our technology, that’s an enormous responsibility.”
SANCTUARY is also active in manufacturing companies. In industry, more and more machines are becoming interconnected – the buzzword is Industry 4.0. Many companies still document their connected devices and security status manually. This is slow, expensive, and prone to errors. That’s why SANCTUARY is developing another product: SANCTUARY Insight. The tool automatically identifies devices in factories, assigns them to categories, reads relevant security information, and assesses their condition. Vulnerabilities become visible before they can be exploited. The tool also helps close these gaps. It is currently being tested with research institutions and industry partners, with a market launch coming soon.
Research, Practice – and a Board from Academia
Proximity to academia remains a central element even after the spin-off. SANCTUARY originated at TU Darmstadt and continues to work closely with the university. Students write their theses in cooperation with the start-up, work as student assistants on the team, and bring new ideas from current research. “We may no longer be in the university building, but mentally we’re just five minutes away,” says Brasser. “TU is a huge pool of ideas and talent at the same time.”
Professor Ahmad-Reza Sadeghi advises the company. He brings not only scientific excellence but also experience from numerous industry projects—a crucial signal in a market where trust and reputation are key.
New office space found at the Technology and Innovation Center (TIZ): The founding team of SANCTUARY Systems GmbH has grown by 13 employees – more are urgently needed. Image: © Petra A. Killick
Team, Location, and the War for Talent
After its founding, SANCTUARY initially found a home in the HUB31 start-up and technology center. Today, the team is based in the Technology and Innovation Center (TIZ) on Robert-Koch-Straße in Darmstadt—still at the heart of an ecosystem of research, technology, and start-ups. Currently, 16 employees work for SANCTUARY Systems, many of them from the former research group. The company is constantly looking for more bright minds—full-time, part-time, or for theses.
The competition for talent is fierce. Millions of cybersecurity professionals are missing worldwide. Salaries are rising, and companies are outbidding each other. Here too, SANCTUARY competes directly with large corporations. “We can match corporate salaries,” says Stapf. “And we offer something many talents are looking for: real responsibility, visible impact, and an environment where they work at the cutting edge of technology.”
A Competitive Market, a Clear Focus
Why can a young team from Darmstadt hold its own in this environment? First: specialization. SANCTUARY focuses clearly on embedded systems and industrial as well as safety-critical applications—no broad, general “security for everything.” Second: depth. The founders have shaped the field of systems security in Germany over many years, published numerous papers at top conferences, and supported many industry projects. This expertise flows directly into their products. Third: references. Collaborations with organizations like the ESA build trust.
And last but not least: the momentum from funding. Support from StartupSecure, along with other awards and projects, has helped them manage certifications, compliance requirements, and first customers—hurdles that often trip up young providers. “There’s a lot of noise in the cybersecurity market,” says Jauernig. “We try not to be the loudest, but to solve the problems where failure is not an option.”
Where the Journey Is Headed
The threat landscape is becoming more complex. Attackers are using artificial intelligence, targeting entire supply chains, and striking critical infrastructure. At the same time, more and more connected devices are entering every aspect of life—from networked cars to chemical plants. SANCTUARY is already working on new projects such as PlantProtect, which combines the device and risk management of SANCTUARY Insight with an AI-based anomaly detection system to identify attacks on, for example, chemical facilities at an early stage.
Kickoff for cybersecurity in the process industry: Hessian Minister of Science Timon Gremmels personally hands over the funding contract for the research project “PlantProtect – Asset-Based Cyberattack Prevention and Detection for the Process Industry” to SANCTUARY Systems GmbH. Together with the University of Kassel, Department of Measurement and Control Engineering, the Darmstadt-based company will develop three new protection mechanisms for industrial production facilities as part of the LOEWE funding program. Image: © Petra A. Killick
International markets are increasingly in focus, with trade shows and collaborations set to further expand the business. “We come from research,” says Stapf. “But in the end, it’s about keeping facilities running, satellites controllable, and people safe. If we contribute to that, we’ve done our job.”
SANCTUARY Systems is thus more than just another start-up in a crowded market. It is an example of how university research, government funding, and entrepreneurial courage can work together—and how an idea in the lab can become a company that protects critical parts of our digital world.
Author: Heike Jüngst