The infrastructure identity company. It replaces VPNs, shared passwords, and long-lived SSH keys with short-lived cryptographic identity - for humans, machines, and now, the AI agents you keep hiring.
That is the boring, beautiful future Teleport has spent eleven years engineering. It is so quiet it feels like nothing happened. Which is, of course, exactly the point.
Teleport is the company - and the open-source project - that sits between the people who build software and the infrastructure they need to reach. Servers. Databases. Kubernetes clusters. Internal web apps. Windows desktops. Increasingly, AI agents calling production APIs at 3 a.m. with no human in the loop. All of it now flows through a single identity plane that issues cryptographic credentials with the lifespan of a soft cheese.
A credential gets stolen. Sometimes it's a password in a Slack DM. Sometimes it's an SSH key on a laptop in a coffee shop. Sometimes it's an API token committed to a public GitHub repo on a Friday at 4:55 p.m. by an intern named Brad.
For decades, the security industry's answer was to add layers. Another VPN. Another bastion host. Another password vault. Another rotation script that runs at midnight and fails silently on Tuesdays. Each layer added a step for engineers. Each step added a workaround. Each workaround added a vulnerability.
By the mid-2010s, the math had gone sideways. The Verizon Data Breach Investigations Report kept making the same observation, year after year, with the patience of a kindergarten teacher: the vast majority of breaches involved stolen or misused credentials. The industry kept building bigger vaults. Teleport's founders looked at the same data and asked a different question.
It is the kind of question that sounds obvious once asked, and impossible the moment you try to build it. Which is what made it interesting.
The bet was placed in 2015 by Ev Kontsevoy, Alexander Klizhentas, and Taylor Wakefield. Kontsevoy had already done this once - he was the CEO and co-founder of Mailgun, the email-API company that ended up inside Rackspace. He could have done a lot of things with his second act. He chose infrastructure plumbing, which is the kind of decision that tells you something.
The original company was called Gravitational - a name the legal documents still use, in the way old families still keep the manor's original spelling. The initial product was, in a strict sense, not Teleport at all. It was a system for packaging and shipping Kubernetes applications into customers' private clouds. Teleport was a small piece of that, a way for engineers to actually reach the infrastructure they had just deployed.
The small piece kept eating the big piece. By 2019, the small piece was the company.
Previously sold Mailgun to Rackspace. Math degree, occasional essayist on identity. The public face of the company.
Writes the kind of Go that other Go programmers read for pleasure. Quiet architect of the protocol layer.
Runs the operating system around the operating system. The reason customers get invoiced correctly.
The product is technically called the Teleport Access Platform. Internally it has four pillars, each of which solves a problem that used to require its own quarterly procurement cycle.
SSO and short-lived certificates for SSH, Kubernetes, databases, web apps, and Windows desktops. The bit that replaces the VPN.
Just-in-time approvals. Access requests. Access lists. The bit that makes your auditor smile.
A live map of who can reach what. The bit that finds the over-privileged service account from 2019.
Cryptographic identity for CI/CD, microservices, and AI agents. The bit that retires static API keys.
A useful way to understand the platform: every connection it brokers is signed by a certificate that already knows when it will die. No quarterly rotation jobs. No password vault to compromise. No two-week incident response when a laptop disappears at SFO.
It is one thing to have a thesis. It is another to have a thesis that NASDAQ, Snowflake, Doordash, Worldcoin, Elastic, Moody's, and a few thousand other organizations route their production access through. Teleport has the second one.
The capital trail tells a similar story. From a Y Combinator seed in 2016 to a Series C eight figures deep, the rounds have come from people who count for a living: Kleiner Perkins, Bessemer Venture Partners, Insight Partners. The most recent valuation, set in May 2022, came in at $1.1 billion - the punctuation mark on a years-long pivot from packaging Kubernetes apps to running the identity layer beneath them.
The open-source repository tells the unfunded version of the same story. Tens of thousands of stars on GitHub. A regular cadence of releases. A community that answers each other's questions in the discussions tab, often before the company has to.
Above: the company's last decade, rendered as four rectangles. The fourth rectangle is large because Bessemer participated.
There is a particular kind of engineering ambition that aims, deliberately, at boredom. It is the same ambition that built TCP/IP, that built TLS, that built the parts of computing nobody writes essays about because they simply work. Teleport is in that lineage.
The mission, stated formally, is to make the world's infrastructure secure and easy to access by unifying identity for humans, machines, and AI. Stated informally, it is to make access so uneventful that no one has to think about it - which is exactly when security actually starts working.
It is a mission that sounds modest until you notice what it implies. No VPN concentrators. No bastion farms. No password vaults rotating credentials at 2 a.m. No quarterly access reviews printed onto spreadsheets. No tickets to give Sandra in marketing read access to the analytics database for an afternoon. Just identity, verified once, scoped to the task, expired before the meeting ends.
The next decade's infrastructure problem is not the laptop in the coffee shop. It is the AI agent that has been delegated a corporate credit card, a Snowflake account, and the authority to deploy code on a Saturday. Multiply that agent by a few hundred. Then multiply by a few hundred customers doing the same thing.
Each of those agents is a privileged user. None of them respond to two-factor SMS prompts. All of them need identity, scope, and an audit trail that will hold up in a courtroom or a board meeting, whichever comes first.
Teleport's bet is that the same protocol layer it built for human engineers becomes the identity layer for non-human ones. Same certificates. Same expirations. Same audit log. New, much busier, customer.
Back in Manhattan, the engineer closes her terminal. The certificate she used a minute ago has already expired. The connection it brokered is logged, attributed, and tied to a specific request. Tomorrow morning her compliance team will pull a report that will not contain a single shared password, a single static key, or a single VPN session.
The login screen that did not exist did its job. The infrastructure was reached. Nothing was stolen, because nothing was lying around to steal. Somewhere in Oakland, a team of two hundred and fifty people would consider this a quiet, ordinary, successful Tuesday.
Which, when you have spent a decade engineering it, is the loudest result you can ask for.