AI agents call real-world tools without API keys

Per-agent identity. Per-agent policy. Per-agent audit.

Agent Example
const agent = await Agent.quickstart();

await agent.call("payments:createCharge", {
  amount: 100,
  currency: "USD"
});
Try xLink See Documentation
207
ACIs Available
5 min
Automated Deployment
288×
Faster Provisioning
See How It Works
XorIDA threshold sharing in action
The Problem
One leaked API key compromises all agents

API keys were designed for humans making API calls. AI agents make 100x more calls, spawning parallel fleets that share credentials. When one agent's key leaks, you can't revoke it without restarting all agents. No per-agent policy. No audit trail. No containment.

The Solution
Ephemeral identity per agent
Per-Agent Identity

Every agent gets its own cryptographic identity. No shared secrets.

Per-Agent Policy

Set limits per agent. Rate limits that actually work at AI scale.

Full Audit Trail

"Which agent made this call?" becomes answerable. Attribution guaranteed.

Instant Revocation

Shut down one rogue agent without touching the other 999. No cascades.

Three Entry Points
Same identity layer. Pick your use case.
PATH 1: AI Agents + Microservices

xLink

Machine-to-Machine Identity
API Keys Are a Single Point of Failure
Give every AI agent its own identity. Revoke one without touching the rest.

Why API Keys Fail at AI Scale

AI agents make 100x more API calls than humans and spawn parallel fleets that need credentials. Your API key infrastructure wasn't built for this:

1
Key Rotation Chaos

AI agents need credentials that outlive individual sessions but refresh faster than quarterly. Designed for humans, breaks at agent scale.

2
Rate Limiting Breaks

Per-key limits designed for humans fail when one AI spawns 1,000 parallel connections. Your infrastructure can't distinguish between agents.

3
Audit Explosion

"Which AI made this call?" becomes unanswerable when keys are shared across agent fleets. No attribution, no accountability.

4
Revocation Impossible

Shutting down one rogue agent means rotating keys for all 1,000 others. Cascade failures, service disruption, operational chaos.

Private.Me gives every AI agent its own cryptographic identity.

No shared API keys. No rotation chaos. No cascade failures. Just ephemeral identity that scales to millions of agents.

Already have API keys?

Run Private.Me parallel to existing infrastructure. Zero downtime. Shift traffic at your pace. Deprecate keys when ready.

Quick Answers
See xLink Documentation →
PATH 2: On-Prem + Billing Control

Full Control

Data Sovereignty Without Trade-Offs
Mathematical Billing Enforcement
No DRM. No telemetry. No trust. Just math.

Traditional Licensing Can't Handle On-Prem

Enterprises demand on-premises deployment (HIPAA, FedRAMP, ITAR). Vendors need payment control. Every existing licensing mechanism fails:

1
License Keys Are Strings

Copied, shared, or posted online. One license activates unlimited instances. No enforcement.

2
Air-Gapped Systems Can't "Phone Home"

Government classified networks, industrial OT/ICS, healthcare HIPAA zones prohibit external connectivity. "Must connect to activate" eliminates enterprise buyers.

3
VM Cloning Breaks Everything

Docker containers, Kubernetes pods, VMware snapshots duplicate entire environments. One purchase, infinite deployments. Hardware dongles bypass vendor control.

4
$150B+ in Blocked Deals

Cloud-only vendors lose government, healthcare, finance contracts. On-prem vendors can't bill usage. Both sides walk away.

PRIVATE.ME replaces trust with cryptography.

Code splits into 2 shares. Share 1 deploys to customer infrastructure. Share 2 delivered only when payment clears. Both required to execute. Neither useful alone. Information-theoretically guaranteed.

Built for regulated industries

Government (FedRAMP, ITAR), Healthcare (HIPAA), Finance (SOC 2), AI vendors (on-prem models), Industrial OT/ICS (air-gapped control systems).

See Full Control Documentation →
🆔
PATH 3: The Foundation Layer

xID (Identity Infrastructure)

Both xLink and Xpass build on xID — the identity layer that makes keys obsolete. If you're building identity infrastructure directly, start here.

DID Generation
~50 microseconds

Ephemeral Identity

Per-verifier DIDs from XorIDA-split master seed. Cross-repo unlinkable. eIDAS 2.0 compliant.

Self-Converging Identity

K-of-N threshold from 8 signal types. ISO 24745 cancelable biometrics. No seed at rest.

AI Agent Identity

Verifiable DID per agent. No static tokens. Cryptographic accountability.

See xID Documentation →
Platform Capabilities
Built for AI Agents & Automation
For AI Agents

AI-Optimized Purchase Flow

Structured errors • High rate limits • Retry guidance
AI agents can purchase and deploy ACIs autonomously. RFC 7807 structured errors provide field-level validation feedback. 60 req/min rate limit for AI clients (6× higher than humans). Idempotency keys prevent duplicate purchases.
  • Structured field-level errors (AI-parseable)
  • 60 requests/minute for AI agents
  • Idempotency key support (duplicate prevention)
  • Automatic retry guidance (Retry-After header)
Purchase API Docs
Zero Touch

Automated Deployment

5-minute provisioning • 288× faster • No human intervention
From purchase to production in 5 minutes. Cryptographic billing enforcement eliminates manual verification. Share 2 delivery triggers automatically on payment confirmation. Zero DevOps overhead.
  • 5-minute end-to-end provisioning
  • 288× faster than 24-hour manual process
  • Automatic Share 2 delivery on payment
  • Cryptographic billing enforcement (no license servers)
See Full Control

Customer Fast Deploy

15 seconds to production-ready Full Control setup

Deploy to Vercel Deploy on Railway Deploy to Render
Included in your deployment:
• Production Xpass (pre-configured)
• No expiry, no trial limits
• K-of-N enforcement enabled
• Air-gapped support ready
• VM-clone protection active
• $150B deal-ready infrastructure
Requires active subscription • Contact sales to get started
Two Steps. Every System.
For developers (40-80 seconds)
1
Connect to Service
const conn = await
  connect('payments')
Zero-config discovery
2
Send Securely
await conn.value.agent
  .send({ to, payload })
Signed • Encrypted

connect → send

Zero-config pattern for AI agents, microservices, and IoT. Advanced users can use Agent.create() for full control.

Entity 1
did:key:z6Mk...
Ed25519 + ML-DSA-65
identity, not keys
Entity 2
did:key:z6Mn...
X25519 + ML-KEM-768
share 1
share 2
share 3
0 keys 0 secrets 0 tokens
All 207 ACIs use this same flow. Pick your entry point above.
How XorIDA Works

Split. Distribute. Reconstruct.

Threshold secret sharing over GF(2). Any K shares reconstruct. Fewer than K shares reveal zero bits. Information-theoretically guaranteed.

48 65 6C 6C 6F "Hello" original data 48 65 6C 6C 6F "Hello" reconstructed split 2-of-3 share 1 share 2 share 3 compromised — 0 bits leaked A3 F9 2E 8B 1C attacker intercepts → Intercept any single channel — attacker gets zero bits of information
Real-World Impact
From seed custody to email security — identity infrastructure in production.
Patent US 11,972,000 B2

Xecret: Seed Custody

Hardware wallet seed split across 3 email addresses. Threshold reconstruction (2-of-3). Lose your phone → recover via email. Lose one email → still access your wallet.

Information-theoretic security. One share alone reveals zero bits. HMAC verification before reconstruction. No custodian, no single point of failure.

Built on PRIVATE.ME

Xail: Email Client

Lightweight email client with split-channel secure messaging. Regular email (1 address) or secure Xail-to-Xail (2+ addresses, threshold-protected). Both modes coexist in one inbox.

Visual security tiers. Blue border (2-of-2 secured). Green border (2-of-3 secured + fault tolerant). Enterprise compliance for regulated industries.

Team
Executive leadership and strategic advisors.
AJ Esmailzadeh

AJ Esmailzadeh

Founder

Founder and president of Private.Me and Private.Co. Creator of revolutionary patented cloud-based platform for data dispersal where the end user is the only trusted party.

Jacques Kempin

Jacques Kempin

CEO

Innovator and entrepreneur. Co-Founded VeePee, a Cloud Solutions Service Provider. Created three secure file sharing applications. Former teacher at ENSAD and University of Paris V. Partner at Zeno Capital.

Paul Hershenson

Paul Hershenson

Chief Technical Officer

Co-Founder of Art & Logic, Inc. Grew company to 75 developers serving over 900 clients including Apple, Google, Motorola, Disney, and SpaceX. Pioneer in digital audio editing techniques.

Dr. Stan Stahl

Dr. Stan Stahl

Chief Information Security Officer

Pioneer in information security since 1980. Secured teleconferencing at the White House, databases inside Cheyenne Mountain, and nuclear weapons communications. President of Citadel Information Group.

David Lam

David Lam, CISSP

Chief Information Officer

30+ years of IT experience with 27 years in Information Security. Focus on securely managing information across enterprise systems.

Ted Harrington

Ted Harrington

Advisor

Strategic advisor on cybersecurity and business development. Expertise in enterprise security architecture and go-to-market strategy.

Robert Neivert

Robert Neivert

Advisor

CEO for two venture-funded startups. Led startups in mobile and enterprise software. Four successful company exits. Leadership positions in products, marketing, and operations.

Tim Toohey

Tim Toohey

Advisor

Chief Privacy Officer for Private.me. Partner and Head of Cyber, Privacy and Data Security Team at Morris Polich & Purdy LLP. Author on privacy and data protection.

S

Ask Sol

Platform Sales Agent

Questions about xLink, Xpass, xID, pricing, implementation, or compliance? Ask me anything about the PRIVATE.ME platform.

Sol can make mistakes. Verify important information.