Today, Alter closes a $4.8M Seed Round led by Fortify Fund. This is the funding we needed to finish building the authorization layer that agentic AI has been missing since the first LLM wrapper shipped a GitHub OAuth token in plain text.
What we built, and why it took this long
The problem Alter solves is not new. Credential management has been a solved problem for human users for over a decade — Okta, Azure AD, and a dozen other identity platforms handle it well. The gap appeared when companies started deploying AI agents that behave like users but are granted permissions like services.
An AI agent running on LangChain or AutoGen can make 400 API calls a day. Each call might request a fresh OAuth token. Each token has a lifecycle that nobody manages. After 60 days, most teams cannot tell you which tokens are still active, what scopes they carry, or whether the agent that minted them is still running. That is not a theoretical risk — it is a real condition we found in every production agentic system we audited during our pre-launch research.
We started writing Alter's first prototype in August 2024, five months before we incorporated. The prototype was a proxy that sat between a LangChain agent and GitHub's API. It intercepted every OAuth request, checked it against a YAML policy, minted a short-lived token if the request was within scope, and logged the event. That was it. Embarrassingly simple. We showed it to three engineering teams we knew, and all three asked when they could use it in production.
Why Fortify Fund led this round
Fortify Fund focuses on early-stage security infrastructure. They backed companies that became the standard tooling in their categories — and they invest before the category has a name. When we talked to them in November 2024, "OAuth for AI agents" was not yet a phrase people used. The category was invisible because the problem was so new that most teams had not yet been burned by it.
What convinced them was not our slide deck. It was a single Datadog log export from a customer's production environment showing 1,200 active OAuth tokens from agents that had been decommissioned three months earlier. Every one of those tokens was still valid. Every one had full repo write access to a GitHub organization with 40 engineers.
That is the problem Alter exists to close. Fortify understood it immediately. The Seed Round gives us the runway to build the full policy engine, expand our integration library beyond GitHub and Slack, and staff the security research team that will keep us ahead of the attacks that come when AI agents become ubiquitous in production systems.
The funding: what we're actually spending it on
Four areas, in priority order:
Policy engine depth. Our current YAML-based scope policy works for teams that want to write rules manually. We are building a policy engine that learns from actual agent behavior and suggests minimum-privilege policies automatically. An agent that has only ever used read access should not carry a token with write access — but enforcing that today requires manual review. We are automating the detection and the downgrade.
Integration coverage. We ship with first-class support for GitHub, Slack, Google Workspace, Salesforce, Notion, and Linear. The next 30 integrations are queued: Jira, Confluence, HubSpot, Zendesk, Stripe, Twilio, and others that come up repeatedly in customer conversations. Each integration requires testing against the real OAuth implementation, not just the spec — providers vary significantly in how they handle scope inheritance and token refresh.
SIEM connectors. We export audit events to Splunk, Datadog, and any webhook target today. We are building native integrations with Elastic SIEM, Microsoft Sentinel, and IBM QRadar so security teams can treat Alter's event stream the same way they treat any other security telemetry. Token events should show up in the same dashboard as firewall drops and failed logins.
Team. We are hiring three engineers: one for the policy engine, one for integrations, and one for the audit pipeline. We are also hiring a security researcher whose job is to find the ways Alter can be bypassed before attackers do. If you are reading this and you work in applied security research, our contact page is always open.
What stays the same
We are not changing pricing, not changing our API surface, and not changing the fact that Alter requires no SDK. You point your agent at the proxy endpoint, configure your policies, and you are done. Every token your agent mints after that point is short-lived, scoped, audited, and revocable from a single admin panel.
The companies currently in our beta will keep their accounts. The pricing we quoted them during beta will be honored when we go generally available. We made commitments and we intend to keep them.
On the category
We expect the OAuth-for-agents category to get crowded in 2025. That is fine. The problem is large enough for multiple solutions, and competition tends to sharpen everyone's thinking. Our view is that the teams who embed security into the protocol layer — rather than bolting it on after the fact — will be the ones who matter in five years.
Alter's architectural bet is that the proxy layer is the right place to enforce policy. Not the agent framework. Not the OAuth provider. Not a post-hoc audit tool. The proxy is where you have the least latency, the most context, and the most control. That is where we are building.
Get access
We are accepting new customers on a rolling basis. If you have AI agents making OAuth requests today — against GitHub, Slack, Google, or any other provider — we want to talk. Setup takes under 20 minutes. No infrastructure changes required. We can run in proxy mode alongside your existing credential setup while you evaluate, and you can pull us out without any agent code changes if we are not the right fit.
The demo request form is on our contact page. We respond within one business day. Srikar reads every inbound himself for now — that will probably change as the team grows, but right now it is the fastest path to an honest conversation about whether Alter solves your specific problem.
Why now
The window for getting AI agent security right is not unlimited. Every month that production systems run without proper credential lifecycle management is another month of accrued risk. Tokens accumulate. Scopes expand. The blast radius of a breach grows. The teams that fix this now will be the ones that get to talk about it calmly in a post-mortem three years from now instead of explaining it to their board after an incident.
We raised $4.8M to make it easier to be one of those teams. The work starts now.