Research

How we think.
What we've solved.

Real engineering problems with real solutions. We publish what we learn — technical depth, not hype.

Principles

How we build software

📖

Research before code

Every product begins with deep study — reading RFCs and specifications, analyzing existing solutions, understanding where they fall short.

⚙ïļ

Build from specifications

RFC 6749, RFC 7519, SAML 2.0 Core, SCIM RFC 7644, SMART on FHIR. No wrappers. Full control over correctness.

⚡

Ship weekly, break nothing

Zero-downtime deployments, comprehensive testing, structured audit logging. Regulated workloads demand reliability.

🧠

AI is the architecture

Threat detection, semantic analysis, clinical intelligence. Not a marketing label. The actual engineering.

🔎

Go deep when it matters

eBPF for kernel auth at ~45Ξs. We don't reach for abstractions when the problem demands precision.

🌍

Open standards

We build on open protocols. Customers own their data, identity, and infrastructure. No lock-in.

Technical Depth

Problems we've solved

Systems ~45Ξs

Stateless JWT validation in eBPF bytecode

RS256/ES256 JWT verification compiled into eBPF programs at the socket layer. Per-packet auth at kernel level, ~45Ξs. No sidecars.

Identity 4 clouds

Cross-cloud credential exchange via OIDC

Single auth event → short-lived credentials for AWS STS, GCP Workload Identity, Azure, OCI. Zero static keys for humans and machines.

AI 4 layers

Behavioral threat detection across identity layers

Correlating app login, cloud IAM, service calls, and network signals. Impossible travel, credential stuffing, lateral movement.

Architecture ∞ tenants

Multi-tenant identity with per-tenant branding

Isolated OIDC config, custom branding, independent modules, separate audit streams — on shared infrastructure.

Protocol RFC-compliant

Full SAML 2.0 SP + IdP from specification

Assertion generation, signature verification, attribute mapping, relay state. SP-initiated and IdP-initiated flows from OASIS spec.

Code Intel In R&D

Semantic analysis beyond AST parsing

Code understanding that reasons about intent, cross-file relationships, and architectural patterns — not just syntax trees.

R&D

Exploring

Natural language → eBPF policy

"Only payments can reach billing DB" — compiled to kernel bytecode.

Continuous identity verification

Behavioral signals that verify users throughout sessions — not just login.

LLM-powered audit queries

"Who accessed prod credentials this week?" — from structured event data.

Semantic code understanding

Models that reason about intent across entire repositories.

AI clinical interoperability

Language models bridging healthcare data standards.

Stack

Technology

GoeBPF/CTypeScriptSveltePythonPostgreSQLRedisGCP Cloud RunCloudflare PagesTerraformDockerGitHub Actions

By the numbers

Protocols OIDC, SAML, SCIM, LDAP
SDKs 7 languages
eBPF latency ~45Ξs / request
Cloud providers AWS, GCP, Azure, OCI
Funding $0 — bootstrapped

How we use AI to ship fast

● AI-assisted code generation & review
● Automated testing & edge case discovery
● LLM-powered documentation generation
● AI-driven threat modeling during development
● Intelligent deployment & rollback decisions
● Natural language to infrastructure-as-code
"
If I had an hour to solve a problem, I'd spend 55 minutes thinking about the problem and 5 minutes thinking about solutions.

— Albert Einstein