§ 04 · COMPANY · MISSION

Paphwey is building the trust category for agent-authorized action.

We believe the next chapter of digital identity will be defined not only by who gets access, but by how trust is carried into the moments when software acts with real authority.

Speak with Paphwey See the flow ↗

Mission

Define the standard.

Human-centered, identity-backed authorization in the age of AI agents — a clear model for when, why, and how software can act on a person's behalf.

Our positioning is simple: the user, the wallet device, the AI agent, and the relying party are four distinct actors — each with its own key — and Paphwey is the gateway that makes that topology legible across the stack.

We build on open specs — W3C DID, W3C Verifiable Credentials, SD-JWT VC, and OpenID for Verifiable Credentials — so the trust we describe is also the trust the industry can verify.

UsersApprove deliberately, not blindly

BusinessesRely on outcomes under review

RegulatorsSupported through audit-grade receipts, not bypassed

MarketAdopt a shared trust primitive

§ · WHO'S BUILDING THIS From the founder

From the founder

I've spent years inside identity and fraud.

I'm James Marszalek — a solutions and presales consultant specialising in identity, KYC, and fraud-stack architecture, and a product owner and full-stack developer with a degree in computer science. For years I've helped regulated businesses design onboarding, verification, and fraud-decisioning systems, and I kept watching the same question arrive with AI agents: when software acts on a person's behalf, what authority is it acting under, and can the business prove it? Paphwey is the answer I wanted to be able to hand a customer.

Why this background matters

KYA lives or dies on whether a risk function can defend it.

I built Paphwey from the regulated side first — the artefacts it emits are designed to slot into the DORA, PSD2/PSD3, MLR, and NIST frameworks an MLRO, CISO, and auditor already read against.

§ 05 · Why Now Three principles

Why now

The market does not just need more automation. It needs automation people and enterprises can trust.

As AI systems move closer to initiating real requests and carrying out consequential actions, authorization becomes a strategic product, trust, and governance issue. That is the problem Paphwey is focused on.

Clarity over ambiguity

Users should understand what they are approving. Organizations should understand what they can trust.

Control over theater

Controls should be meaningful, not cosmetic. Confidence should come from structure, not slogans.

Trust as infrastructure

The future of agentic products will depend on trust layers as much as it depends on models, interfaces, and workflows.

§ 06 · What We Are Building Toward Three audiences

What we are building toward

A category-defining trust standard for AI-native organizations and high-assurance environments.

For end users

An experience where approval feels transparent, deliberate, and safe.

For enterprises

A way to let AI move faster without giving up governance, assurance, or accountability.

For the market

A stronger model for how identity and authorization should work as software acts with increasing autonomy.

§ · WHERE WE ARE Status & traction

Where we are

Honest about the stage — here's what's actually shipped.

We would rather state the stage plainly than imply more than is true. The items below are where Paphwey actually is today.

Shipped

v1 of the gateway, REST API, Python and Web SDKs, and the paphwey-mcp server are live and documented.

Standards-aligned

Built on W3C DID + Verifiable Credentials v2, SD-JWT VC, OIDC4VCI/VP, OAuth 2.1, and MCP.

Design partners

In early design-partner conversations with identity and fraud teams.

Funding & backing

Actively raising — open to investor conversations.

Built on and integrates with established third-party IDV and fraud providers.

Contact

Building in this category or exploring where it goes next? Let's talk.

hello@paphwey.com Open the demo