Zach Herbert, Co-Founder and CEO of Foundation – Interview Series

Zach Herbert, Co-Founder and CEO of Foundation, is a longtime advocate for Bitcoin self-custody, open-source security, and decentralized technologies. Before launching Foundation in 2020, Herbert held multiple leadership roles at Skynet Labs, where he helped oversee operations tied to the decentralized cloud storage network Sia and the Obelisk ASIC mining hardware business. His background combines hardware manufacturing, operational scaling, and privacy-focused infrastructure, all of which now shape Foundation’s mission to build tools that give users direct control over their digital assets and online security. Herbert has become particularly known within the Bitcoin ecosystem for promoting sovereignty-focused hardware products assembled in the United States and designed around transparency and open-source principles.

Foundation is a Boston-based company focused on developing Bitcoin-centric hardware and software for self-custody and digital security. The company’s flagship products include Passport Core, an air-gapped Bitcoin hardware wallet, Passport Prime, a broader “Human Authority Hardware” platform for authentication and encrypted storage, and the Envoy mobile wallet designed to simplify Bitcoin management while preserving privacy and user control. Foundation emphasizes open-source development, sandboxed applications, secure firmware architecture, and minimizing dependence on centralized platforms or cloud-based trust models. Its products are aimed at users seeking stronger control over Bitcoin, identity verification, authentication keys, and sensitive digital information in an increasingly AI-driven and interconnected world.

You’ve been involved in Bitcoin since 2013, from selling hardware wallets early on to leading operations at Skynet Labs before founding Foundation in 2020. What gaps did you see in the market that convinced you to start Foundation, and how did those early experiences shape your vision for the company?

I kept seeing the same gap from different angles. Bitcoin gives individuals direct control over money, but the tools around it were still too opaque, too difficult, and too dependent on trusted third parties. A lot of hardware wallets had open-source firmware, but the hardware was still closed or poorly documented. Many products were built for expert users, not normal people trying to take self-custody seriously for the first time.

My time at Nebulous/Skynet and Obelisk also made the hardware lesson very real. It is one thing to design a secure product; it is another to manufacture it, ship it, support it, manage the supply chain, and earn trust from a technical community. Foundation came out of that experience. The original goal was simple: build open, secure, American-assembled hardware and software that makes self-custody feel approachable without asking users to trust a black box.

Foundation spent years refining Bitcoin self-custody hardware before expanding into broader digital security. At what point did you realize the same cryptographic principles could be applied beyond Bitcoin to identity, AI agents, and enterprise authorization?

It was gradual. Bitcoin was the first hard version of the problem because the stakes are obvious: if a transaction is wrong, there is no support ticket or chargeback. That forces a very disciplined model. The computer can prepare the transaction, but the human verifies and signs on dedicated hardware.

Over time it became clear that this was not only a Bitcoin problem. 2FA and security keys are authority over accounts. Encrypted storage is authority over data. AI agents introduce authority over actions: sending messages, accessing files, deploying code, moving money, or using credentials. The common thread is human authorization. The question is: what proves that the human actually approved the specific action?

Your flagship device, Passport Prime, is positioned not just as a hardware wallet but as a full personal security platform. What fundamentally differentiates it from traditional hardware wallets on the market today?

Traditional hardware wallets are mostly signing appliances. They do one job well: protect crypto keys and sign transactions. Passport Prime starts there, but the architecture is much broader. It is a dedicated security computer with KeyOS, Bitcoin wallet functionality, 2FA/FIDO2, encrypted storage, seed vault workflows, QuantumLink, and a path for third-party apps through the SDK and app ecosystem.

The biggest difference is that Prime is programmable and sandboxed. Apps do not get global access to the device. Each app can have its own permissions and keys. That means we can move beyond “add another coin app” and toward a real platform for high-stakes authorization: money, accounts, identity, credentials, and eventually AI-agent actions.

A major innovation behind Passport Prime is KeyOS, your custom microkernel operating system written in Rust. What advantages does building an OS from scratch provide compared to adapting existing systems like Android or Linux?

Android and Linux are incredible general-purpose operating systems, but that is also the problem. They are huge, complex, networked, and built to run almost anything. That is not what you want as the final root of authority for Bitcoin keys, identity credentials, or AI-agent approvals.

KeyOS is purpose-built for security and human authority. A microkernel architecture lets us keep the trusted core small, isolate apps from one another, use message passing instead of broad shared access, and make permissions part of the operating system rather than an afterthought. We are also improving KeyOS so actions can be evaluated against a policy table at the kernel level. That is much harder to retrofit cleanly into a general-purpose OS.

You’ve emphasized open-source hardware and software as a core principle. In a world increasingly dominated by closed ecosystems, how do you balance transparency with the need to maintain strong security guarantees?

For us, transparency is part of the security model. Closed systems ask users to trust the vendor completely. That may work for some consumer products, but it is a weak foundation for Bitcoin self-custody and high-stakes digital authority. If the device protects money, credentials, identity, or AI approvals, users and researchers should be able to inspect what it is doing.

Open source does not mean “anything goes.” Security comes from the full design: small attack surface, secure boot, signed firmware, sandboxed apps, protected keys, audited code, careful component selection, and manufacturing discipline. Publishing the design lets the community verify the model; it does not give an attacker the private keys or physical authority held by the device.

Passport Prime introduces sandboxed applications with isolated cryptographic keys. How important is this architecture as we move toward a future where multiple AI agents and applications may need secure, permissioned access to user data?

It is critical. If Passport Prime is going to be a platform, apps and agents cannot get global access just because they are running on the device or talking to it. A Bitcoin wallet app should not be able to read 2FA secrets. A password or credential workflow should not be able to pull a seed. An AI approval app should not silently inherit every authority the user has.

That is why sandboxing, derived keys, and policy matter. Each app should get the minimum authority it needs, and high-risk actions should be evaluated explicitly. The agent can request access, but the OS and hardware decide whether that capability exists, whether policy allows it, and whether the human needs to approve it.

Foundation is already integrating post-quantum encryption and secure Bluetooth protocols into its devices. How real is the quantum threat today, and why is it important to address it at the hardware level now rather than later?

I do not think people need to panic that quantum computers are breaking Bitcoin tomorrow. But security hardware has a long life, and some data is worth protecting for a long time. “Harvest now, decrypt later” is a real concern for certain encrypted communications, and hardware products are difficult to redesign after they are in the field.

QuantumLink is our answer to a very practical version of that problem. We do not trust Bluetooth. The Bluetooth chip is treated as an untrusted transport, and sensitive communication is encrypted and authenticated above it with a post-quantum design. Doing this at the hardware and OS level matters because the radio, the keys, the pairing flow, and the approval surface all need to be designed together. You cannot safely bolt that on at the end.

One of the longstanding challenges in self-custody has been usability. How did your team approach designing a device that remains secure for advanced users while still being intuitive enough for newcomers?

From the beginning, we wanted Passport to be approachable for someone coming from an exchange, while still serious enough for advanced users running multisig or more complex setups. That is why we spent so much time on the physical design, navigation, copy, setup flow, and companion app. Security that people cannot use correctly is not very useful.

With Passport Prime, the same philosophy applies but the product is broader. We want advanced users to have open source, verifiability, sandboxed apps, Keycards, manual backup options, and deep control. But we also want normal users to have a clean touchscreen interface, simple onboarding, Magic Backups, mobile app integration, and recovery flows that do not require them to become security engineers. The hard part is not choosing security or usability. The hard part is refusing to sacrifice either one.

You’ve spoken about a “post-trust world” where individuals control their own data, identity, and assets. What role do you see hardware-based security playing as AI systems become more autonomous and embedded in everyday workflows?

As AI systems become more autonomous, the important question is not just what the model says. It is what the model can do. Agents will have browser sessions, API keys, files, wallets, cloud tools, and long-running state. If final approval lives on the same phone, laptop, browser, or cloud account the agent can touch, then the human is not really the root of authority.

Hardware gives us a clean separation. Software can propose an action, but dedicated hardware should verify and authorize the action when the stakes are high. That might mean approving a Bitcoin transaction, releasing a credential, signing into an account, authorizing a production change, or allowing an AI agent to use a sensitive tool. The goal is not to slow everything down. It is to make sure the decisions that matter still belong to the human.

Looking ahead, do you see Foundation evolving primarily as a Bitcoin-native company, or as a broader security platform provider for the entire digital ecosystem, including AI, identity, and enterprise infrastructure?

Both, but in the right order. Foundation is Bitcoin-native, and that matters. Bitcoin is where we learned the discipline of self-custody, open hardware, adversarial UX, and irreversible authorization. It is still our wedge because Bitcoiners understand final approval better than almost anyone.

But the principle is bigger than Bitcoin. If you believe individuals should control their money, you should also believe they should control their accounts, credentials, data, identity, and AI agents. Passport Prime and KeyOS are the bridge: Bitcoin first, 2FA and encrypted storage now, SDK and app ecosystem next, and a broader Human Authority Hardware platform over time.

Thank you for the great interview, readers who wish to learn more should visit Foundation.