Stytch & Latacora: A Security Partnership Retrospective

  • icon May 22, 2026
  • icon 4 minutes read
  • icon 752 Words

Securing the future of authentication: a retrospective

From growing startup to Twilio integration

Stytch and Latacora worked side by side to ensure that the developers and end users relying on Stytch’s platform benefited from a security program built for the sensitivity and criticality of the data involved. This journey, which began in February 2021, saw Stytch evolve from an ambitious startup revolutionizing passwordless authentication into a robust security powerhouse acquired by Twilio.

Given Stytch’s product, you would correctly assume that security is a critical piece not only for the Stytch team, but also its customers who rely on Stytch for authentication in their applications. As we prepare to conclude our partnership, we want to reflect on the milestones that defined this collaboration and the security program built to protect customer and end user data, applications, and trust.

Securing the foundation

Upon founding, Stytch was focused on providing developer-friendly authentication infrastructure, including passwordless login and multi-factor authentication (MFA) services. Latacora stepped in as an extension of the team, providing a comprehensive suite of security services to ensure customers received the secure service they were expecting.

“Building for Scale.” was a key theme during these early years. Latacora worked closely with Stytch leadership and engineering teams to ensure Stytch’s security posture could keep pace with a rapidly growing customer base. This included rigorous architecture reviews, threat modeling exercises, and vendor reviews, all of which ensured security protections were in place before implementation.

Expanding security protections

Later, Latacora and Stytch implemented Security Information and Event Management (SIEM), Managed Detection and Response (MDR), and Incident Response (IR) services to continually improve and expand security capabilities internally and for Stytch customers. For Stytch, this included establishing 24/7 monitoring and response capabilities, with fine tuned detections and documented workflows proactively prepared in advance of potential incidents. This practice was informed by a deep understanding of Stytch’s environment and was carefully tuned to surface meaningful security signals and alerting, helping to prevent incidents and maintain customer trust.

Furthermore, Latacora and Stytch continued our tight-knit partnership while working together to respond to, and protect the Stytch services against the 2025 SAML vulnerabilities and the persistent supply chain attacks in recent years. This collaboration ensured the Stytch services were hardened against new variants before they emerged.

The partnership reached a significant milestone in late 2025 with Twilio’s formal acquisition of Stytch. Maintaining uninterrupted security coverage through a corporate transition required deliberate planning and coordination while integrating with a global leader’s standards.

Operations continued without interruption as Twilio personnel were onboarded into the shared security environment, including detection and response tooling and communication channels used for real-time alert triage, monitoring, detection, and incident response. Zero alerts went unreviewed, no coverage windows lapsed, and the security controls protecting Stytch customers and end users remained fully in force throughout. Because Latacora maintains a rigorous set of internal security practices designed to support clients as they mature their own security capabilities, accounts and licenses are provisioned to ensure clients can seamlessly take ownership of these tools. For Stytch customers, the transition was invisible by design.

Partnership lessons

The strongest security programs, as well as the success of the Stytch security program, aren’t built by any one team or tool, they’re built by the right combination of platform expertise and security specialization, collaborating and working toward a shared definition of success.

Over the course of the engagement, that definition was consistent: a customer building on Stytch’s platform should benefit from a security posture as rigorous as the service they’re consuming. Our internal reviews consistently showed that Latacora recommendations aligned with Stytch’s objectives, and the team felt empowered to reach out for advice at any stage of the journey.

The final chapter

The sign of a successful security partnership is what remains when the engagement winds down: mature programs, embedded practices, and customer protections that continue functioning regardless of who operates them. That is what the Latacora and Stytch collaboration produced together - a security foundation strong enough to carry Stytch’s customers through growth, scale, and now into Twilio’s broader ecosystem without missing a step. Latacora and Stytch are incredibly proud to have built that foundation jointly, and prouder still of what it means for the customers who trust Stytch and their services. Latacora is deeply appreciative of the five-year partnership with Stytch, and we look forward to witnessing the continued success and impact of the secure foundation we built together as Stytch moves forward within Twilio.