Building the invisible infrastructure for the agentic era.
Great security infrastructure disappears. Developers shouldn't think about it. Users shouldn't see it. But when something goes wrong, it should be omnipresent—catching threats, logging evidence, and recovering safely.
"Your agents move unseen. Your audit trail doesn't."
This is the Phantom promise. Agents execute freely within safe boundaries, but every action is tracked, every decision is auditable, and every violation is caught instantly.
Phantom doesn't add complexity to your codebase. It removes it. No more scattered permission checks, no more manual policy enforcement, no more cleanup logic after failures. The infrastructure vanishes—leaving only clean, focused business logic.
Martin Casado, co-founder of Nicira (acquired by VMware for $1.26B), identified the core issue: authentication is solved, but authorization remains a nightmare.
1. Identity Provider (Auth0, Clerk, WorkOS)
Tells you WHO the user is. But it knows nothing about what they own or what they can afford.
2. Application Database (Postgres, MongoDB)
Knows what resources exist and who owns them. But it doesn't track subscription status or billing limits.
3. Billing System (Stripe, Chargebee)
Knows if the user's subscription is active and how many credits they have. But it doesn't understand resource ownership or identity relationships.
Developers manually connect these three sources in hundreds of if statements scattered across API endpoints. When subscriptions change, resources are deleted, or teams are reorganized, keeping everything in sync becomes an impossible maintenance burden.
We maintain a unified permission graph that automatically syncs with all three sources in real-time. Developers query one place: Phantom. Behind the scenes, we handle the complexity of keeping identity, ownership, and entitlements perfectly synchronized.
Traditional authorization was built for humans clicking buttons in web apps. Agents break all the assumptions.
When Nick Fellingham described "agent swarms" becoming the default way software works, he highlighted the need for new authorization primitives. You can't manually approve every action when 10,000 agents are operating simultaneously. You need intent-based policies, automatic verification, and durable execution.
During the Gold Rush, most miners went broke. The people who got rich sold picks and shovels.
We're not building the AI agents. We're building the infrastructure every AI company needs to deploy agents safely at scale.
Every company building agent systems—from customer service bots to autonomous research assistants—faces the same authorization nightmare. Phantom solves it once, for everyone.
Start with AI companies where the authorization pain is acute and urgent.
Become the authorization layer for all software, not just agents.
Network effects: more integrations = more value = harder to replace.
Phantom operates silently in the background. Developers add one decorator or wrapper, and all permission logic disappears from their codebase. But when a security event occurs, Phantom is front and center—alerting, blocking, and logging.
Never assume an agent will behave correctly. Verify every action against intent, permissions, and entitlements. If an LLM hallucinates or gets prompt-injected, Phantom catches it before damage occurs.
Every permission check, every blocked action, every approved mission—logged with full context. When regulators or security teams ask "What happened?" you have a complete, timestamped answer.
When things go wrong (and they will), Phantom ensures agents can't cause lasting damage. Durable missions allow automatic rollback. Ghost tokens expire instantly. Compensating actions clean up side effects.
If authorization is too hard to use, developers skip it or implement it incorrectly. Phantom prioritizes DX because easy-to-use security is actually secure. Hard-to-use security gets bypassed.
We're building the Global Authorization Layer for the age of AI agents.
Become the default authorization layer for AI agents. Every agent framework, every AI startup, every enterprise deploying agents—all using Phantom.
Expand beyond agents to become the authorization layer for all software. Replace the custom permission logic that every SaaS company builds and maintains.
Own the canonical graph of who can access what, across every application. Like how Auth0 owns identity, Phantom owns permissions—but 10x more valuable because permissions are more complex.
The market for authorization is massive and growing. Google built Zanzibar. Airbnb built Himeji. Carta built their own system. Every large company reinvents this wheel. We're providing the solution they all need, starting with the hardest use case: AI agents.
We're assembling a world-class team to build the authorization infrastructure for the next decade of software. If you're passionate about security, distributed systems, or developer tools, we want to talk.