HomeCompaniesAlter

Alter

Y Combinator LogoSummer 2025
Active
aiops
artificial-intelligence
developer-tools
devsecops
security
New York

Secure access control and authorization platform for agent workflows

Alter is a zero-trust identity and access control platform purpose-built for AI agents. It wraps every tool call in strong authentication, fine-grained authorization, and real-time guardrails, so agents can move fast without breaking things. Each request is verified at the parameter level, authorized against granular policies, executed with least-privilege access, and fully audited in real time. Unsafe actions, whether it’s a rogue DROP TABLE or a payment above policy limits, are blocked before they touch production. Behind the scenes, Alter manages credentials, issuing ephemeral, scope-narrowed access for every interaction, then rotating or expiring it in seconds. The result: no long-lived secrets, no blind spots, and no surprises in audit. With Alter, teams can move fast on AI agent initiatives while staying fully compliant with SOC 2, HIPAA, GDPR, and internal security standards. A CISO-ready dashboard delivers real-time visibility, detailed audit logs, and compliance-ready controls, removing silos, eliminating excessive permissions, and providing complete oversight of every agent workflow.
Active Founders
Srikar Dandamuraju
Srikar Dandamuraju
Twitter account
 
Co-Founder & CEO
Co-Founder & CEO of Alter (YC S25), a zero-trust identity and access control platform for AI agents. Former Platform Lead at Goldman Sachs, where I scaled GSAM’s post-trade infrastructure from single to multi-cluster and helped launch the GM Card. Before that, software engineer at Addepar and Clear Street.
Kevan Dodhia
Kevan Dodhia
 
Co-Founder & CTO
Co-founder and CTO of Alter (YC S25), a zero-trust identity and access control platform for AI agents. Previously technical co-founder of Compute.ai, where we built a compute engine 5x faster than EMR Spark and sold into highly regulated enterprises like LSEG. Compute.ai was acquired by Terizza in 2025.
Company Launches
Alter – Identity and Access Control Platform To Secure Agents
See original launch post

TL;DR

Alter sits in the middle of every AI agent interaction, verifying identity and applying fine-grained RBAC & ABAC to check every parameter against policy. It instantly rejects dangerous actions and provides clear audit trails logging every request/response and decision.

Interested? Learn more and request beta access at alterai.dev

Don’t want to read? Here is a video explaining what we do in a nutshell

Identity And Access Control Platform To Secure Agents | Alter (YC S25)

The Problem

Dangerous: Long-lived credentials and over-scoped service accounts mean a single leak can give an agent the keys to production letting it run destructive commands, exfiltrate sensitive data, or trigger costly transactions.
Opaque: Scattered logs and siloed security make it impossible to trace “which agent did what, with which parameters” when something goes wrong, leaving teams blind in audits or incident response.
Slow: Security reviews drag on for weeks because least-privilege and policy checks are hard to implement at scale, delaying projects and eroding velocity.
Overexposed: Agents often get blanket root access, with no guardrails to stop prompt-injection or malicious payload swaps, so one bad input can become a catastrophic action.
The result: enterprises face agents that can and do take unsafe actions in production, forcing teams to choose between unacceptable risk or shelving AI initiatives entirely.

Our Solution

Alter is the safest way to run AI agents in production without giving them blanket credentials or risking compliance breaches. From one central control layer, organizations can:

  • Host or connect to all their tools. We support MCP and Native tools (A2A coming soon)
  • Approve or deny any agent request in real time, with identity verification baked into every call.
  • Apply parameter-level RBAC & ABAC so dangerous actions like drop table commands in prod, during a freeze never reach production.
  • Instantly grant seconds-lived, scope-narrowed tokens so agents get only the access they need, only for that task.
  • Remove the need for long-lived API keys entirely, eliminating one of the biggest security liabilities.
  • See exactly what every agent did, when, and with what parameters, all in one CISO-ready dashboard.
  • Pass SOC 2, HIPAA, and GDPR audits without slowing down because compliance controls run automatically in the background.
  • Scale to any number of agents and tools without creating security silos or over-permissive access.

The Team

We are Srikar and Kevan.

We previously built enterprise-grade infrastructure at ComputeAI and Goldman Sachs, powering mission-critical systems for the London Stock Exchange and the Apple Card launch. Now we’re using that experience to make AI agents safe for production by giving them only the access they need and only for as long as they need it.

Our Ask

We’re looking to connect with:

  • Engineering and security leaders running AI agents in production
  • Enterprises in regulated industries (finance, healthcare, government) with strict compliance requirements
  • Startups building AI-first products that need zero-trust access controls
  • Infosec teams looking to eliminate long-lived credentials and enforce least-privilege by default

As a bonus, we have also partnered with former OpenAI cybersecurity experts to provide you with ongoing red teaming, catching prompt-injection, data exfiltration, and other exploits before attackers can.

If you or someone you know is interested, please reach out to us at founders@alterai.dev or book a time to chat.

Alter
Alter
Founded:2025
Batch:Summer 2025
Team Size:2
Status:
Active
Location:New York
Primary Partner:Jon Xu
 
X (Twitter) logo