Ev Kontsevoy / Teleport
The engineer from Krasnoyarsk who decided the password was civilization's weakest link - and spent a decade building the replacement.
The argument Kontsevoy has been making for a decade is deceptively simple: the traditional approach to infrastructure security is built on secrets - passwords, SSH keys, private keys, shared credentials - and secrets are, by definition, things that leak. They get copied, forgotten, stolen, reused. Every major breach tells some version of this story.
His answer is cryptographic identity. Short-lived certificates that expire automatically. No stored credentials to steal. Every human, every machine, every service gets a unique cryptographic identity. Access is logged, auditable, revocable. The perimeter isn't a network boundary - it's an identity assertion.
He published this argument formally in an O'Reilly book co-authored with Sakshyam Shah and Peter Conrad: Identity-Native Infrastructure Access Management: Preventing Breaches by Eliminating Secrets and Adopting Zero Trust. It is, in effect, the theoretical backbone of the company he runs.
"Security theater is everywhere. Real zero trust requires eliminating secrets entirely - not just layering on more tools."
Ev Kontsevoy · CyberScoop Op-EdThe phrase "security theater" appears in a CyberScoop opinion piece he wrote - the careful bureaucratic rituals that make organizations feel protected without actually protecting them. Kontsevoy's hostility toward this isn't academic. It's the frustration of an engineer who watched it up close.
Co-authored by Ev Kontsevoy, Sakshyam Shah, and Peter Conrad. Published by O'Reilly Media. Subtitle: Preventing Breaches by Eliminating Secrets and Adopting Zero Trust.
This is not a product manual. It's the architectural argument for why the industry's current approach to infrastructure access is structurally broken - and what replaces it.
In January 2026, Kontsevoy introduced Teleport's Agentic Identity Framework - the company's answer to a question the industry wasn't quite asking yet: who is responsible for securing what AI agents can access?
"AI agents are definitively not human, but they're not service accounts or scripts either. They are a new identity category - and we need to treat them as such."
Ev Kontsevoy · Teleport Agentic Identity Framework, 2026The organizations Kontsevoy surveyed that described themselves as "confident" in their AI deployments had a 2.2x higher security incident rate than those who said they were cautious. Confidence, in this space, correlates with blind spots. It's the kind of finding that makes a cybersecurity CEO's argument for you.
His framework proposes that AI agents require the same identity-native approach as humans and machines: short-lived credentials, least-privilege access, complete audit trails, and the same cryptographic identity infrastructure. The same playbook. Extended to a new actor class.
From applied mathematics in Siberia to defining the security infrastructure of the AI era - Kontsevoy's career reads like a deliberate narrowing of focus toward a single problem.
Teleport started with an Apache 2.0 license. It was free, it spread, and engineers adopted it because it solved a real problem. The commercial product built on top of that adoption.
In December 2023, Kontsevoy changed the license to AGPLv3 - a shift that caused discussion in open-source circles. The reason wasn't philosophical. It was competitive. Hyperscalers can take Apache-licensed software, run it as a managed service, and never contribute back. AGPLv3 changes that equation.
The move is a window into how he thinks: pragmatic over principled, but with the principles visible in the structure. The open-source core is still available. Engineers can still verify what they trust. The business model just became more defensible.
"A unified identity layer is a prerequisite to deploying AI within enterprise infrastructure environments."
Ev Kontsevoy · Teleport Blog, 2026The details that didn't make the official bio but explain who he is.
Grew up in Krasnoyarsk fascinated by "the mystery and miracle of flight" - the kind of childhood observation that tends to turn into a career in systems engineering.
Has co-founded two companies with the same partner, Taylor Wakefield. Mailgun (2010). Teleport (2015). Rare in startups - usually the lesson from the first one is to work with someone different.
His degree is in Applied Mathematics, not Computer Science. Teleport is written 73.4% in Go - a language built for systems engineering by mathematically-minded programmers.
Two Y Combinator batches, a decade apart. W2011 as Mailgun CEO. S2015 as Teleport co-founder. YC describes this as a "rare double-founder" pattern.
The O'Reilly book subtitle is "Preventing Breaches by Eliminating Secrets." Teleport's product does exactly that. The book is the thesis; the company is the evidence.
Changed Teleport's license from Apache 2.0 to AGPLv3 in December 2023 - a rare public acknowledgment that open-source businesses need protection from the very hyperscalers that use their work.
"AI agents are definitively not human, but they're not service accounts or scripts either. They are a new identity category - and we need to treat them as such."
"Genuine zero trust requires eliminating secrets entirely - not just layering on more tools. Most of what companies call 'zero trust' is performance, not security."
"Engineers shouldn't have to worry about security and compliance issues every time they access computing resources. That friction is where breaches happen."
"A unified identity layer is a prerequisite to deploying AI within enterprise infrastructure environments. Without it, you're building on sand."
"79% of organizations are evaluating or deploying agentic AI. Only 13% feel highly prepared. That gap is the next major security crisis - and it's already here."
Conference talks, podcast interviews, and conversations about the future of infrastructure security.
Episode 53 - Kontsevoy in conversation with Replicated CEO Grant Miller on the evolution from competition to collaboration in the enterprise software world. June 2025.
Watch on YouTube ↗Closing remarks from Teleport's annual conference. Kontsevoy on identity attacks as the predominant infrastructure threat - and where the platform goes next. December 2024.
Watch at Teleport.com ↗Kontsevoy's early career, the origin of Teleport's opinionated approach to secure access, and why open-source is still the right foundation for security software. March 2022.
Listen to Episode ↗