RSAC 2026 Innovation Sandbox – Glide Identity: Building a Next-Generation AI Passwordless Authentication Platform
Company Profile
With the rapid development of artificial intelligence technology today, identity and access control have leapt from a simple security component to the core control plane of the digital world.
RSAC 2026 Innovation Sandbox – Glide Identity: Building a Next-Generation AI Passwordless Authentication Platform
Company Profile
With the rapid development of artificial intelligence technology today, identity and access control have leapt from a simple security component to the core control plane of the digital world. Against this backdrop, Glide Identity, a startup shortlisted for the 2026 RSA Conference Innovation Sandbox, stands out. The company is committed to breaking down traditional authentication barriers and building a next-generation digital identity platform based on cryptography, telecommunications networks and hardware-level trust for the era of artificial intelligence.
Glide Identity was founded in 2024 and is headquartered in San Francisco, California, USA. It also has a core R&D and operations branch in Tel Aviv, Israel [1]. As a forward-looking cybersecurity startup, Glide Identity’s core vision is to eliminate fraud in digital commerce while building instant, secure and frictionless trust between humans, physical devices and artificial intelligence agents (AI Agents).
Figure 1: Glide Identity official website
Glide Identity’s technical depth and commercial foresight are largely due to the deep background of its founder and CEO Eran Haggiag. Haggiag is a senior expert with more than 20 years of experience in software development, algorithmic trading, blockchain and telecommunications underlying networks. His career trajectory fits perfectly with Glide Identity’s strategic vision of trying to merge telecommunications infrastructure and cryptography [2]. In addition, Glide Identity’s core team brings together top engineers and operator experts from the fields of telecommunications, banking, cybersecurity, cloud infrastructure and fintech. This cross-border integrated team background enables it to jump out of the mindset of traditional security vendors and find innovative solutions from the bottom of the infrastructure.
Figure 2: Eran Haggiag, founder of Glide Identity
On October 13, 2025, Glide Identity announced the completion of a Series A financing of more than US$20 million. Together with previous early funds, its cumulative financing amount has exceeded US$25 million. With this financing, Glide Identity has ample ammunition to expand its authentication and verification platform designed for the AI era globally in response to escalating cyberattacks[3].
Industry Background and Core Pain Points Solved by Products
To deeply understand the innovation of Glide Identity solutions, we must first analyze the problems facing the current digital ecosystem. By interpreting its official vision, we can summarize the following pain points that the company is committed to solving:
Failure of traditional authentication mechanisms
Traditional identity authentication is based on “knowledge factors” (such as passwords) and “ownership factors” (such as the mobile phone used to receive verification codes). However, the latest data from the US Federal Trade Commission shows that in 2024 alone, American consumers lost up to $12.5 billion due to various frauds, a year-on-year surge of 25% [3].
Systemic vulnerability of SMS OTP: One-time passwords were not designed to protect against advanced persistent threats (APT) or organized financial crime. SMS is transmitted in plain text via the SS7 signaling protocol and is easily intercepted. More seriously, the attackers used social engineering to deceive telecom operator customer service and perform “SIM card hijacking (SIM Swapping), transferring the victim’s number to a blank SIM card held by the attacker. Once successful, the attacker can receive reset verification codes from all banks and social platforms, causing the account to be completely taken over within minutes.
Credential Phishing and Man-in-the-Middle Attacks: Even app-based dynamic passwords (such as Google Authenticator) cannot protect against man-in-the-middle phishing attacks. The attacker captures the password and dynamic verification code entered by the user in real time through a forged proxy login page, and then takes over the session (session cookie).
The AI era brings the threat of fraud and “machines against humans”
Generative AI has revolutionized the threat landscape. Traditional security systems rely on things like “security questions” or “manual verification of customer service calls” as a last line of defense, with the core assumption that “the attacker is human and difficult to imitate on a large scale.” The growing development of generative artificial intelligence completely destroys this assumption.
Deepfake and voice cloning: Attackers can use a few seconds of recording to perfectly clone the victim’s voice, deceive banks’ voiceprint recognition systems, or bypass liveness detection through deepfake technology in video calls.
Scaled social engineering: Using large language models, attackers can generate flawless and highly targeted phishing rhetoric that even makes it difficult for half of professionally trained security personnel to escape. When AI becomes a hacking tool, any authentication layer that lacks the “hard protection of underlying cryptography” is vulnerable [4].
The security paradox of business development and user experience
For companies, there is often a serious confrontation between the security department and the business growth department. In order to fix vulnerabilities, companies have superimposed more and more verification steps on the login and checkout processes (requiring strong passwords, mandatory two-factor authentication, verification code image recognition, etc.), which are criticized by the industry as redundant designs of “security theater”, causing huge friction for legitimate real users.
The avalanche of checkout conversion rates: According to statistics, up to 70% of online shopping carts are abandoned [5]. This is not only because users have changed their minds, but more because of the complicated checkout process, tiring password input and delayed SMS verification codes.
In-depth Analysis of Core Products: Reconstructing Digital Trust Throughout the Life Cycle
Faced with the above challenges, tinkering at the software level is no longer helpful. Glide Identity turned its solution to the world’s largest distributed physical network: telecommunications infrastructure. There are more than 5 billion smartphones in the world, and each SIM card is hard-coded with an encrypted private key issued by a carrier.
In recent years, the global telecommunications industry has launched a revolutionary program to expose core network capabilities: GSMA Open Gateway. The framework is currently supported by operators that account for 65% of the global mobile connection share (such as AT&T, Telefónica, Vodafone). Meanwhile, the CAMARA open source project led by the Linux Foundation is responsible for developing standardized APIs for these capabilities (such as number verification API and SIM card change detection API). In the past, this cyber intelligence was only used within operators. Today, Glide Identity is a technology aggregator that encapsulates these decentralized and complex underlying telecommunications interfaces into developer-friendly API services [6-7].
Glide Identity is not a single-function software provider, but has created a comprehensive authentication platform covering the entire user life cycle (registration, login, transaction, recovery, and even offline physical interaction) through four core products-MagicalAuth, SuperPasskey, Glide-Out and Glide-In.
MagicalAuth
MagicalAuth is a passwordless authentication solution for the Glide Identity platform. It is the first SIM card verification service based on T-Mobile and Verizon networks in the US market. The core mechanism of the technology is called “Silent Network Authentication (SNA)”.
When users try to register or log in, the application background does not need to send any 6-digit verification code. In contrast, Glide Identity’s server directly intercepts users’ mobile data connections through operators. The operator will launch a cryptographic challenge to the SIM card in the user’s mobile phone. The SIM card generates a signature response using its private key. After the operator verifies that it is correct, it returns the “authentic verification” status to Glide Identity and then passes it to the application.
Figure 3&4 Traditional verification code and MagicalAuth
Defense against phishing and man-in-the-middle attacks: Since there are no readable passwords or text verification codes displayed on the screen, attackers cannot induce users to “hand over” their credentials even if they set up a perfectly fake login page.
Hardware-level anti-SIM card hijacking (Swap-Proof): When the system verifies the number, it will call CAMARA SIM Swap API to extract the signaling data of SIM card changes. If it detects that the number has been transferred to a new physical SIM card in a very short time (a typical hijacking feature), MagicalAuth will immediately block authentication requests, which traditional SMS OTP cannot do at all.
SuperPasskey
There is a serious vulnerability in the current Passkeys ecosystem: although daily logins are extremely secure (based on device biometrics and security enclave), once users buy new phones, reset operating systems, or need to restore account permissions across platforms, most systems have to fall back to sending SMS verification codes or verification emails to take care of availability.
SuperPasskey deeply combines FIDO2’s device-level public key cryptography with the network-level security of telecom operators. When the system needs to verify high-risk device changes or account recovery, SuperPasskey will use the network API to verify whether the SIM card in the current device is the original card that has been legally used for a long time. New FIDO2 credentials can only be issued or account control restored if the SIM card is verified. In addition, the system integrates data such as “SIM card change duration” and “device identification change” on the network side in the background as multi-dimensional trust scores.
Figure 4: SuperPasskey
Glide-Out
In e-commerce and digital transactions, “checkout friction” is the main culprit for lost revenue. Glide-Out is a deeply optimized authentication solution specifically for payment scenarios, designed to minimize user friction while maximizing payment security and merchant revenue. When the user clicks the “Pay” button, Glide-Out uses the underlying secure SIM signal to complete identity and risk assessment without invoking any verification code input box or triggering cumbersome secondary verification pages such as 3D Secure. Through deep integration with telecom operators, Glide-Out can automatically pull and fill in accurate user identity information (such as real name and billing address) from the network side after obtaining the user’s front-end authorization. This saves users the pain of manually entering lengthy information on their phones, greatly speeding up the purchase process.
Solve the problem of “abandoning purchase” and “false rejection”: By eliminating passwords and OTP delays, Glide-Out can increase checkout speed by 2 times and save shopping carts abandoned due to cumbersome processes. At the same time, due to its hardware-based verification, it greatly reduces the “false rejection” caused by the anti-fraud risk control model of the payment gateway system and protects the legitimate merchant flow.
One-click payment within the application: avoiding users being forced to jump out of the current application to check text messages when paying, maintaining an immersive interactive experience, which is extremely suitable for high-frequency impulse consumption scenarios such as takeout, taxi calling, and in-game purchases.
Figure 5: Glide-Out
Glide-In
If the aforementioned products mainly solve electronic authentication, Glide-In is a non-contact identity verification product created by Glide Identity for offline physical scenarios.
When the user reaches the offline physical contact point, he only needs to use his mobile phone to tap the NFC sensing terminal (similar to Alipay’s touch) or scan the dynamic QR code to start the “Glide-In” process. A tap action will immediately trigger a SIM card cryptographic verification based on the mobile operator’s network in the background. After confirming that the identity is secure, the system will follow W3C’s “Verifiable Credentials” international standard to issue the confirmed identity status and permissions in the form of digital credentials and save them directly in the user’s local digital wallet (such as Apple Wallet or Google Wallet) for faster reuse later.
Figure 6: Glide-In
Comparison Btween Glide Identity and Traditional “one-click login” Solutions
At present, many domestic applications have also realized functions similar to “one-click login”. Although the front-end user experience of both seems to be “login with one click”, the system design behind them is different: The domestic “one-click login” is an excellent user experience tool, which greatly solves the pain point of users not being able to remember passwords in the mobile Internet era; MagicalAuth is a zero-trust infrastructure for the era of artificial intelligence. It integrates the underlying network intelligence of global telecom operators, the cryptographic chip of physical SIM cards and FIDO2 standards. The following table shows the comparison between “one-click login” and MagicalAuth in China:
One-click login with the local number of domestic apps
MagicalAuth
Technology Ecology and Standards
The three major domestic operators have also passed the GSMA Open Gateway certification; there are also third-party aggregation SDKs
Based on the GSMA Open Gateway unified standard of the Global System for Mobile Communications Association and the CAMARA open source interface construction of the Linux Foundation
Authentication anchor
Verify network sessions and IP addressing to confirm which mobile phone number corresponds to the request sent by the current network
Verify the cryptographic signature of the physical SIM card. Cryptographic Challenges and Responses Using Private Keys in SIM Cards
Prevent SIM card hijacking
Weak-If the hacker forges an identity and reissues a mobile phone card (SIM card hijacking), the one-click login will still be judged as “legal” and released directly when the hacker uses the mobile network on the new phone
Native Immunity-MagicalAuth will call the CAMARA SIM Swap API during authentication to check in real time whether the number has undergone abnormal card replacement or device changes recently. Once a risk is discovered, it will be blocked immediately
Payment and high-risk operation scenarios
One-click login only supports login, large transfers must evoke another verification method
Glide-Out: The system uses secure SIM signals to instantly complete identity and risk assessments in the background, without having to evoke cumbersome 3D Secure secondary verification pages or wait for text messages
Abnormal degradation mechanism (cellular network unavailable)
Automatically downgraded to “send SMS verification code”
Never fall back to SMS verification codes, switch to alternatives with the same level of security, such as SuperPasskey
Table 1: Comparison of domestic app “one-click login” and MagicalAuth
Summary
Through a detailed analysis of the establishment background, technical route and product matrix of Glide Identity in this paper, we find that it is not a regular IAM or MFA software supplier. Glide Identity represents a new underlying logic-to deal with the evolving AI fraud threat by reactivating the cryptographic potential of global telecommunications infrastructure.
Smallstep, one of the top 10 RSAC innovation sandboxes last year, is a security company focusing on zero trust, identity, and certificate management[8]. Unlike Glide Identity, Glide Identity focuses on TPM-based device authentication. This relies on an assumption: the device to be verified has a TPM chip. In previous articles, we introduced TPM-related technologies. Traditional TPM-based applications include trusted boot and integrity measurement. Interested readers can refer to [9-11]. Glide Identity directly uses the SIM chips built into 5 billion mobile phones around the world and the core switching network of telecom operators, greatly lowering the hardware threshold.
The emergence of Glide Identity not only provides a better login button, but also promotes the commercialization of “Telecom-as-a-Security-Service”. We will have to wait and see whether Glide Identity can stand out from the crowd of AI-focused startups.
Reference
[1] https://www.glideidentity.com/[2] https://www.linkedin.com/in/eran-haggiag[3] https://fintech.global/2025/10/14/glide-identity-raises-20m-to-secure-digital-identity/[4] https://www.securitysystemsnews.com/article/glide-identity-unveils-identity-solutions[5] https://baymard.com/lists/cart-abandonment-rate[6] https://www.gsma.com/newsroom/press-release/gsma-announces-strategic-partnerships-to-drive-innovation-and-connectivity-in-the-automotive-and-aviation-industries/[7] https://www.gsma.com/solutions-and-impact/gsma-open-gateway/[8] https://mp.weixin.qq.com/s/cCYh4ogG8X9KIJHTMuW67g[9] https://mp.weixin.qq.com/s/10CDEzaHEp-gUxbhq5CYvA[10] https://mp.weixin.qq.com/s/8BXuJJOh1BY3BHq75H1zgQ[11] https://mp.weixin.qq.com/s/showAKatT3TsN11aWRD9GQ
The post RSAC 2026 Innovation Sandbox – Glide Identity: Building a Next-Generation AI Passwordless Authentication Platform appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
*** This is a Security Bloggers Network syndicated blog from NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. authored by NSFOCUS. Read the original post at: https://nsfocusglobal.com/rsac-2026-innovation-sandbox-glide-identity-building-a-next-generation-ai-passwordless-authentication-platform/
About Author
