Infisical CEO Vlad Matsiiako on scaling open-source secrets management from Reddit launch to $60M Series A

Ultra Drrome. We have Vlad from In in Physical. Am I pronouncing that correctly? I'm probably pronouncing it wrong, but we'll hear it from him directly. Welcome to the stream, Vlad. How are you doing? What's going on? Doing great. How are you guys? How do you pronounce it?

The name the name the name Vlad or in physical or Oh, it's in physical. Okay, great. In physical. Give us the intro. What are you guys doing? What are you working on? It's not the easiest name. It's it's definitely everyone is asking how to pronounce it and I've heard so many pronunciations and and ways of spelling it.

But what we do is we're an open source secrets management platform. So we help developers manage secrets across their infrastructure. And so what secrets are, it's all types of sensitive credentials that basically connect the systems together and uh that run software under the hood and no one else realizes that.

Very cool. You have to brute you have to work work on you have to become so successful that people are forced to figure out how to pronounce the name, right?

It's always it's always a it's always a challenge and then once you know once you hit that hundred million dollar run rate, everybody will will have a good sense of it. But um yeah, but yeah, talk uh give give us the backstory. I know you you announced a $60 million series A from Aad Gil on Friday. Very exciting.

Uh not not an easy uh guy to to get on board. Uh but break down maybe the history of the company and and getting to that point. Yeah. No, absolutely. We started in a very open-source manner, right?

We launched in physical open source project on Reddit and that's pretty much how it got viral and that's how it got lots of lots of developers on board and that's pretty much how it kept running afterwards and it you know like at first it was a lot of developers and it started transitioning to a lot of enterprises and very large customers and folks like LG or AI companies like hugging face that are using us um we went through the YC batch so this was kind of like the first stage of the company u this was around two years ago at this point so uh so much has happened ever since and uh yeah since then we've been focusing a lot on trust, a lot on security, a lot on helping companies figuring out how to make it simple and straightforward.

Um, yeah. Can you uh give me a sense of the shape of the problem? Uh, maybe some anonymized or non-anmized horror stories. How bad can this go when it goes wrong? I I mean, it's it's it could be terrible.

Actually most of the over 50% of all the security breaches that happen these days is because of mishandled credentials or some kind of identity issue that was either hard-coded or accidentally leaked by one of the developers or you know there there could be lots and lots of lots of different things.

A lot of the you know news articles that you see on on different media whether it's the crunch or or or whatever right a lot of them happen because of secrets management and the practices that a lot of organizations have you know they they are trying and a lot of organizations are trying to figure it out.

The problem is that the tooling out there is so complex to figure out and the infrastructure of these organizations is also so complex um that they can't really do this and and this is how they use in physical and so the the main benefits of this is first security but also reliability because it's kind of like hard to realize this but secrets basically connect all the different services and databases and and infrastructure and engineers together.

So if you are not able to access secret even for like a second, it could have lots of lots of lots of bad implications because then you're not a able your users not not able to use your products and software um and so on.

Yeah, such an interesting place to sit because I can imagine a bunch of uh knock-on effects aren't being that deeply integrated into like the dev tools chain. Um are you thinking about that stuff already? Uh do you have an idea of of of where this goes or what adjacent products might look like?

Um is it is it unreasonable to comp the business to like one password right now in terms of like business model and kind of shape of the product? Not quite. So one password is very much kind of like personal passwords and does very well and kind of like very kind of like userdriven.

What Invisle does is we power all the infrastructure basically. So everything that's related to software and infrastructure layer.

So it's indeed a very interesting base because we have to integrate with all the infrastructure tools right one password is very much a lot about kind of like the browser extension right oh yeah it doesn't need yeah they don't need to actually integrate with like Google for example but you do like we have to integrate with all the cloud cloud providers I'm sure GCP even like or railway whatever right but also all the different version control systems like GitHub and so on all the CI/CD systems basically all the infrastructure components that developers are using because otherwise if we can't integrate even with at least a single tool then it doesn't provide the full value.

Um so that's where a lot of complexity or what of what Invisle does um grows and and yeah and really kind of like what we're doing is we're building out a single platform for enterprises to manage access to manage secrets to manage all the sensitive information in one place and provision uh access controls authentication to all of those services.

Talk to me about the the the open source versus uh obviously you're a for-profit company. At least I think so if you're raising 16 million you never know these days like you don't know. It used to be a given if you went through YC uh but then one of the biggest companies of all time became a a nonprofit.

Uh but but what is it like and what is that like like give me the deeper level of that of that sales motion? Is it just marketing? Uh is there a clear kind of upgrade path? uh who are the best-in-class.

I always go to like Red Hat Linux did really well, but that was kind of a different thing because they were kind of like the company was built after Linux was already created. They didn't create it themselves.

Uh then you have like a stable diffusion as a company and there's a whole bunch of others like data bricks has taken an open source product and then move moved it so far forward that they have a differentiated product to offer and they make a ton of money.

uh what what talk to me about like the open-source business landscape the the pitfalls like how how it works like what what your strategy is it's super interesting question because a lot of open source business are very different so a lot of business like data bricks they basically take existing projects and then build things around them and typical is in this sense much more similar to folks like gitlab right where are actually building out and we are the owners of the open source project and really kind of like what the open source project is about is we want to make sure that any developer and and this is very interesting for the for the a lot of open source businesses, right?

Is that you kind of like have to target the enterprise components, right? But you also have to make sure that every developer and like a very long tale of developers, not even from enterprise, but also students and and indie developers and, you know, for weekend projects, they're able to use your tool, right?

And and they're able to benefit from it and they are able to do lots of their own tasks with it. And so this is kind of like a fine balance that you have to navigate. And so how physical works is that all of the features that are needed by developers. They are available under MIT license, right?

So arguably the the most free license out there. Um and so they can use it for any purposes. They can reuse it. They can fork it. They can they can do whatever they want. The features that are actually monetizable, they are features that are primarily needed by large enterprises, right?

So it's all the different managerial functionality, different kind of like more much more advanced functionality when your team consists of thousands or or tens of thousands of developers, right?

And then you you actually have um the problems that you're facing are very very different and and um then you can use you can start with physical open source but a lot of organizations end up transitioning to a physical enterprise. Yeah.

Uh I have to ask because I'm sure people asked it during your series A process but uh is there an AI story here on your web on your website you you mentioned AI I think twice. One with a feature that maybe is AI powered two with hugging face which is obviously a customer.

So, I just asked because, you know, it's interesting. My my a lot of my kind of um immediate thoughts around what you're building are around like why build this now? Oftentimes there's great things to be built that nobody got around to building.

Uh but I'm but I'm curious to kind of understand uh the catalyst and and how you're maybe benefiting. Well, there's actually a few things, right?

So the fact that we are creating this kind of like uniform source of secrets and access and and basically all like a single data set right for all the access within the enterprises.

It it helps us create this type of like AI brain behind it right where we are able to provision access controls and identify different overprovisioned access and loopholes and and everything else that developers are using.

So this kind of like the one part uh that we're they're focusing and will be focusing even more with AI.

Uh the other part is how do all of the agents and how do all of the other AI workloads are actually able to operate secrets right because you know we are talking about like they're becoming much faster they're becoming much smarter in what they're actually doing but they kind of depend on how fast they're able to access secrets or databases or other resources that they need to be approved right and and right now a lot of it's provisioned very manually right so this is another area that in physical is really focusing on and how do you actually simplify it and how do you make sure that a lot of these workloads they can be more autonomous um in how they work.

Yeah. Yeah, that makes sense. Uh what's your guys's internal um AI software engineering stack? What what tools are you getting the most value from today? I mean, in terms of engineering, so people use all kinds of things. I mean, of course, cloud and and like basically like all the LLMs out there uh we are using.

It's kind of like a mix of whatever people feel most comfortable with and what they want to choose. That makes sense. Mhm. Cool. That was great. Well, very exciting. Uh, congrats on the milestone and, uh, I'm sure you already have people breathing down your neck ready to do the beat now that a lot is, uh, is in.

So, uh, good luck, uh, you know, pushing pushing those people off. Thank you. We'll talk to you soon. Have a great day. Fantastic. Uh, up next, we have a couple things. We have Alex Heath from The Verge jumping on at 2:30. Uh, that's in about 15 minutes.

I want to go through some poly markets about Apple to give us a little bit of a update on what people are expecting Apple to do over the next year. I also want to check in with our intern Tyler Cosgr, see how he's doing. But first, the jacket came off. Let me let me walk. He's rolling up the sleeves.

While uh while he's getting ready for his uh update, I want to run through some of these poly markets. Uh how much will the iPhone 17 cost? We're down. Will I drop one of these? Will you drop one of those? We uh we're down at 10% now for over $1,000.

It looks like most people are thinking the next iPhone is going to be $799 or $6. 99. Um not a lot of movement there, but it's moving downwards. People are getting uh more bearish on the idea of a $1,000 plus iPhone. Uh there's there's a small poly market out here uh about will Apple release a foldable iPhone in 2025.

Market launched at 12%, it's down at less than 2%. No indication from WWDC that a folding iPhone's coming. Uh interesting historical poly market. Do you want a foldable iPhone? No.

I was I was at the farmers market on Saturday and uh was uh I met another dad and uh he he pulled out his phone and it was a foldable phone and I and he and he just un he pulled the phone out. Yep. Unfolded it. did what he needed to do and I was like, "Wow, I didn't I've never seen one of these in the wild before.

" But, uh, it's kind of cool. Folds up. You know, it's pretty trying to find trying to find why you really need one. But I mean I mean uh I I saw I think it was Kais went to China and was looking at a trifold phone. The latest and greatest from the top Chinese smartphone company, probably Huawei. Trifold. Trifold.

So it So it it looks just like an iPhone. just like an iPhone in terms of like size and then it unfolds into something that's basically a tablet.

Uh and that is actually pretty pretty interesting and pretty you could imagine that actually catching on in terms of like you know you don't even need to bring the laptop with you on the plane because you're just going to f fold it out and have a much much bigger screen. You can use it when it's in its Oh yeah. Yeah.

You can use it as a phone and then you can use it as a tablet. So it's essentially both. And the hinge technology is getting to the point where it's reliable. The dust doesn't get in it. It actually folds completely flat.

The early phones, they would they would fold and there would be like a little gap because you couldn't you couldn't make the hinge fold flat. Imagine break. You'd see a crease information. It'd be amazing. It'd be amazing. Feel like they had a print edition. Okay. Um, other poly markets I want to run through.

Will Apple invest in OpenAI in 2024? This is a historical poly market. It was up at 72% at one point. Small market, but