Ory Corp. is a software infrastructure provider that builds a global zero-trust network for humans, robots, devices, and software services. Ory focuses on Identity and Access Management (IAM) solutions, making it easier and more secure for developers to build applications that handle user authentication, authorization, and access control. Pulse 2.0 interviewed Ory Corp CEO Jeff Kukowski to gain a deeper understanding of the company.
Formation Of The Company
How did the idea for the company come together? Kukowski said:
“As a founder, Aeneas Rekkas found himself solving the IAM problem for multiple companies and endeavors. Understanding that existing solutions were not built for the future with web scale, security, and flexibility in mind, Aeneas started a number of open source projects beginning with the most widely used OSS OAuth server (Hydra). The ensuing projects enabled engineers to solve domain-specific identity problems to add to their own systems, competitive systems, or to simply replace other Identity and Access Management (IAM) and Customer IAM (CIAM) systems in whole.”
Jeff Kukowski’s Background
Could you tell me more about your background? Kukowski said:
“My background is as a founder and a helper of founders to build sustainable and market-leading companies. My experience spans my own start-ups to venture-backed and private equity-backed scale-ups, in addition to a public company turnaround. All of these have involved next-generation technologies. Ory is my third IAM company.”
Core Products
What are the company’s core products and features? Kukowski explained:
“We’ve built the most composable identity ecosystem in the world, five products that can work together seamlessly or independently, integrating directly into whatever infrastructure a customer is already running:
- Ory Hydra is our OAuth2 and OpenID Connect server. It’s what powers login for ChatGPT’s 800 million users because it’s built for massive-scale, as well as machine-scale authentication from day one.
- Ory Kratos handles user management and authentication, managing identities, passwords, registration flows, and the complete user lifecycle that every application needs.
- Ory Polis is our enterprise single sign-on (SSO) for B2B and B2B2C SaaS apps. We bridge legacy SAML to modern OIDC standards and enable seamless user management through SCIM-based directory sync.
- Ory Keto is our authorization engine based on Google Zanzibar. It answers complex permission questions like “Can Alice edit this document?” or “Can this AI agent access this database?” using relationship-based access control for fine-grained permissions.
- Ory Oathkeeper is our identity and access proxy, which sits in front of APIs and services, automatically blocking bad requests and only letting through the ones that should have access.
Complete architectural flexibility is a core value proposition. Customers can deploy all five products together for a comprehensive identity solution, or use just Hydra for OAuth flows, for example, or only Keto for permissions management. Each product plugs directly into the customer’s existing stack, including their databases, APIs, and deployment patterns.”
Modern Identity And Access Management
When you say “modern” Identity and Access Management what does that mean, and how does it benefit today’s enterprise? Kukowski explained:
“Unlike traditional IAM or CIAM solutions that force companies into rigid architectures, Ory lets enterprises customize their identity stack to match their unique infrastructure needs. This means modularity and composability so customers can use the pieces they want when they need them without being beholden to today’s monolithic and inflexible solutions. It also means customers can choose the infrastructure strategy they want, whether that be self-hosted or fully managed SaaS. “Modern” architectures give customers unmatched flexibility and scale as well as a bridge to existing standards.”
“Ory’s modern IAM means infrastructure that serves their business needs and existing infrastructure requirements, while also addressing future needs such as identity management for agentic AI and machine-scale.”
Migrating From Legacy IAM Providers
How cumbersome is it for enterprises to migrate from legacy IAM providers to a modern player? Kukowski pointed out:
“While every enterprise can have specific corner cases, Ory makes it surprisingly simple to make the move. Whether the goal is to slowly migrate users to minimize disruption or migrate all users in one fell swoop, Ory has multiple real world examples and best practices to ensure a smooth transition.”
Customer Success Stories
When asking Kukowski about customer success stories, he highlighted:
- OpenAI’s ChatGPT login workload went from a million sign-ups in five days to a scale that overwhelmed conventional CIAM. To keep pace and keep identity infrastructure in-house OpenAI replaced its rigid, black-box CIAM with a self-hosted, Ory Hydra enterprise deployment on the database backbone of CockroachDB. By early 2025, the service was already handling 400 million weekly active users. Recent press cites that traffic data figure doubled to over 800 million by June 2025. Ory’s solution gives OpenAI the deep telemetry they need for A/B testing, resilience for “unprecedented logins per second,” and the freedom to evolve without vendor lock-in, prompting OpenAI identity lead Benjamin Billings to call Ory “one of our best partners.”
- Axel Springer – the publishing giant, had outgrown its existing identity system that was unable to keep up with breaking-news spikes. Aiming for cloud-native scale without sacrificing the option to self-host, the company selected Ory Network, our fully managed solution. The migration delivered stability in extreme load tests, let teams roll out features like Google Sign-In and streamlined email activation far faster, and freed developers to build product innovations instead of patching IAM infrastructure. As CPO of Axel Springer, Robert Blanck, notes: Ory now provides “scalability and reliability under the most rigorous traffic demands,” positioning Axel Springer to embrace future standards such as Federated Credential Management (FedCM).
Authentication Coming Into Play With Agentic AI Acceleration
How does authentication come into play with the acceleration of agentic AI? Kukowski commented:
“Authentication becomes critical as AI agents increasingly act independently, performing tasks like scheduling meetings, accessing sensitive files, or handling financial transactions. Without proper safeguards, these agents can be manipulated through hidden instructions known as ‘prompt injection attacks’ to secretly harvest data or misuse credentials. Ory addresses this problem by pairing the Model Context Protocol (MCP) standard, which defines how AI agents securely communicate, with Ory Hydra, our battle-tested OAuth2 authorization server. With Ory Hydra, each agent action is explicitly authorized, limited in scope, and fully logged, effectively neutralizing prompt injection attacks before they can cause damage. In short, Ory Hydra turns AI agents into trusted assistants rather than security risks.”
Trusting AI Agents With Financial Transactions
Will we ever be able to trust AI agents with financial transactions? Kukowski emphasized:
“We’re not just building toward this future – we’re already enabling it. Through our Skyfire partnership, AI agents are getting their own digital wallets and verified identities right now. Here’s what makes it work: every transaction is cryptographically signed, every action has an audit trail, and we can instantly revoke entire delegation chains if something goes wrong. Imagine your AI sales agent offering 90 percent discounts due to a prompt injection. Without our ‘kill switch’ capability, it could process thousands of transactions before anyone would notice. With our infrastructure, you could stop it instantly.”
Revenue And Funding
When asking Kukowski about the company’s funding and revenue details, he revealed:
“Our funding to date is $42 million from Balderton, Insight Ventures, InQTel and now PHX Ventures. Our community numbers are public with tens of thousands of active projects, tens of thousands of github stars and trillions of transactions processed on a weekly basis, our revenue is growing dramatically.”
Total Addressable Market
What total addressable market (TAM) size is the company pursuing? Kukowski assessed:
“The company is addressing a massive TAM across workforce, B2B and Consumer IAM. The CIAM market alone is $24 billion and growing more than 8 percent per year.”
Differentiation From The Competition
What differentiates the company from its competition? Kukowski affirmed:
“Ory sets itself apart through its fully composable, open-source approach to IAM – meaning each product in our suite (Hydra, Kratos, Polis, Keto, and Oathkeeper) can be deployed independently or integrated seamlessly together. Unlike traditional IAM solutions that force companies into rigid “all or nothing” architectures, Ory lets enterprises customize their identity stack to match their unique infrastructure needs. Our solutions scale effortlessly (proven by powering login for ChatGPT’s hundreds of millions of users), support advanced use cases like agentic AI authentication, and ensure customers retain complete control over their data and architecture, whether self-hosted or via our cloud platform, Ory Network.”
Future Company Goals
What are some of the company’s future goals? Kukowski concluded:
Ory remains committed to making modern IAM solutions real for any person, company, machine, or agent that needs better, more secure, more flexible, and scalable identity capabilities. Our unique approach to market from free OSS, self-managed enterprise licenses, and fully managed capabilities on The Ory Network ensures there is a solution for every need and budget.”
