Victims included journalists, cryptocurrency holders, and three political campaign managers in Southeast Asia.

"If we can delete a shadow session, we can delete a spy’s recollection of your password," he wrote. "We never use it. But if someone tries to break a dissident’s mind, we can break their memory of the attempt first."

As a senior protocol auditor for Surfshark, her job was to ensure the "Nexus" VPN kernel was immune to quantum decryption. But last Tuesday, while running a recursive hash scan, a subroutine blinked back a response it shouldn’t have.

Each trigger was small. 0.3 seconds here. 0.7 seconds there. Never enough to notice. But enough to make someone forget a safe combination. A passphrase. A face.

Someone—or something—had already been using it.

Maya ran a memory scan. The VM’s RAM contained no trace of the last 4.2 seconds. No logs. No cache. No cognitive residue.