Almost every breach you read about starts the same way: a credential. A leaked password, a stolen API key, a private key copied off a laptop, a token pasted into the wrong chat. The attacker didn't break the cryptography — they walked through the front door with a credential that was never really tied to anyone.
The root problem is that shared secrets are bearer tokens: whoever holds them is treated as the owner. To fix authentication, you have to stop relying on secrets that can be copied at all.
The trouble with secrets
Passwords get phished. SSH keys get copied to a dozen laptops and never rotated. API tokens leak into git history, CI logs and error trackers. The common thread is that all of them are portable — a credential that can be moved is a credential that can be stolen.
If a secret can be copied, assume it eventually will be.
Identity bound to hardware
Subnomic binds every actor to a key that lives in a hardware root of trust — a TPM, a secure enclave, or a hardware security module. The private key is generated on the device and never leaves it. Authentication happens by signing a challenge, not by transmitting a secret. There is nothing to phish, nothing to paste, nothing to copy off the disk.
# Bearer secret: copyable, replayable
client ──▶ "here is my password/token" ──▶ server
# Hardware-bound identity: prove, don't reveal
server ──▶ challenge ──▶ device signs in hardware
device ──▶ signature ──▶ server verifies the keyOne model for three kinds of actor
Modern infrastructure isn't just people logging in. It's services calling services and, increasingly, autonomous agents taking actions. They all need identity, and they should all use the same model.
- Humans — a hardware-backed key on a laptop or security key, optionally paired with a presence check, replaces passwords and copied SSH keys.
- Machines — each host and service gets its own hardware-rooted identity, so there are no shared service accounts to leak.
- Agents — automated and AI agents are first-class identities too, with their own scoped, revocable credentials and a full audit trail of what they did.
Revocation that actually works
Because identity is centrally registered and hardware-bound, revoking access is instant and complete. There's no scramble to rotate a shared key across fifty machines, no wondering whether an old copy is still floating around. You revoke the identity, and access is gone everywhere, immediately.
Identity as the foundation
Everything else Subnomic does — portless access, least-privilege RBAC, session recording — rests on knowing exactly who or what is on the other end of a connection. Without strong identity, those controls are scoped to a guess. With it, every action traces back to a verified, hardware-rooted actor.
Stop trusting strings
Authentication built on copyable secrets is authentication built on hope. Binding every human, machine and agent to a hardware root of trust removes the credentials attackers depend on — and turns "who did this?" from a forensic puzzle into a fact.
Want to see hardware-bound identity in practice? Book a demo or join the waitlist.