Pangolin

Cover Block

PUBLIC

Name	Pangolin
Tagline	Identity-aware VPN and proxy for remote access to private networks
Headquarters	San Francisco, CA, USA
Founded	2025
Stage	Seed
Business Model	Open Source / Commercial
Industry	Security
Technology	Software (Non-AI)
Geography	North America
Growth Profile	Venture Scale
Founding Team	Co-Founders (2)
Funding Label	Undisclosed

Links

PUBLIC

• Website: https://pangolin.net
• GitHub: https://github.com/fosrl/pangolin
• Y Combinator: https://www.ycombinator.com/companies/pangolin

Executive Summary

PUBLIC

Pangolin is an open-source remote access platform that uses WireGuard to provide secure tunnels and clientless browser access to private infrastructure, a bet that enterprises will trade convenience for the control of self-hosted, identity-aware networking [Y Combinator, 2025]. Founded in 2025 by Milo Schwartz and Owen Schwartz, the company emerged from Y Combinator with an undisclosed seed round, positioning itself as a challenger to established players like Cloudflare and Zscaler by emphasizing on-premises deployment and zero-trust principles [Fondo, 2025]. The core product differentiates by layering identity and access controls onto a proven tunneling protocol, aiming to serve IT, operational technology, and edge computing environments where data sovereignty and custom failover are priorities [pangolin.net, 2025]. The founding team's backgrounds are not detailed in public sources, leaving their operational experience in enterprise security and sales as an open question for due diligence. The business model follows a common open-core path, with the core platform freely available and a managed hosting service offered through a partner, Elest.io, starting at $14 per month [Elest.io, 2025]. Over the next 12-18 months, the key signals to monitor will be the first named enterprise deployments, the evolution of the commercial offering, and the team's ability to translate open-source adoption into a sustainable sales motion against deeply funded incumbents.

Data Accuracy: YELLOW -- Product claims are sourced from company and YC materials; funding details and team backgrounds lack independent corroboration.

Taxonomy Snapshot

Axis	Classification
Stage	Seed
Business Model	Open Source / Commercial
Industry	Security
Technology Type	Software (Non-AI)
Geography	North America
Growth Profile	Venture Scale
Founding Team	Co-Founders (2)

Company Overview

PUBLIC

Pangolin was founded in 2025, a new entrant in the remote access security space. The company is headquartered in San Francisco, California [Y Combinator, 2025]. Its founding story, as presented in early launch materials, centers on providing an open-source, self-hosted alternative to established cloud-based tunnel services [Fondo, 2025].

Key milestones are limited to its early-stage development. The company participated in Y Combinator, though the specific batch is not publicly disclosed [Y Combinator, 2025]. Its product was launched publicly, with a GitHub repository and documentation site established the same year [GitHub, 2025] [Pangolin Docs, 2025]. A third-party managed hosting option became available through Elest.io, indicating initial ecosystem development [Elest.io, 2025].

As of early 2026, the company is actively hiring for founding engineering roles, signaling a build-out of its core technical team [Y Combinator Jobs, 2026] [Pangolin Docs, 2026]. No subsequent funding rounds, major customer announcements, or product version releases have been documented in public sources.

Data Accuracy: YELLOW -- Company details confirmed via Y Combinator listing and company website; founding timeline and milestones are self-reported.

Product and Technology

MIXED

Pangolin's product is defined by its architectural choice: an open-source platform built on WireGuard to provide secure tunnels for remote access to private networks [Y Combinator, 2025]. The company positions this as a direct alternative to established tools like Cloudflare Tunnels and Ngrok, with a core differentiator being identity-aware access control baked into the connection layer [Fondo, 2025]. This means access policies can be tied to user identity, moving beyond simple IP allow-listing toward a zero-trust model.

The platform offers two primary access methods. Users can connect via a traditional VPN client, likely leveraging the underlying WireGuard protocol for performance, or through a clientless browser for accessing specific web applications without installing software [Y Combinator, 2025]. A key feature emphasized by the company is the self-hosting capability, which allows deployment in a cloud-hybrid or fully on-premises configuration, giving enterprises control over data transit and failover coordination [pangolin.net, 2025]. This focus on deployer control appears to be the initial wedge against cloud-only SaaS competitors.

Public documentation and community posts indicate the technology stack includes Go (inferred from job postings for founding engineers requiring systems programming experience) and likely involves significant networking and systems-level development to manage the WireGuard integration and tunnel orchestration [Y Combinator Jobs, 2026]. The product is described as enabling secure exposure of internal services, such as Grafana dashboards or development environments, to authorized users regardless of location [Fondo, 2025]. There are no public announcements of a product roadmap or upcoming feature releases.

Data Accuracy: YELLOW -- Core product claims are consistent across the company's website and Y Combinator listing, but detailed technical specifications and performance benchmarks are not publicly available.

Market Research

PUBLIC The need for secure, granular access to distributed infrastructure has become a foundational operational requirement, not a niche security problem, as enterprises commit to hybrid and edge deployments.

A precise total addressable market (TAM) for identity-aware remote access platforms is not publicly available from primary sources. However, the broader zero-trust network access (ZTNA) market, which Pangolin's product directly addresses, is a relevant analog. According to Gartner, the worldwide ZTNA market was projected to reach $2.1 billion in 2023, growing at a compound annual growth rate of 31% through 2026 [Gartner, 2023]. This growth is driven by the architectural shift away from traditional VPNs, which lack the identity and context-aware controls required for modern, perimeter-less environments.

Demand is anchored by several converging tailwinds. The expansion of operational technology (OT), Internet of Things (IoT), and edge computing creates networks of non-traditional endpoints that cannot be protected by legacy security models. Simultaneously, the rise of developer self-service and the need to expose internal tools, like Grafana dashboards or staging environments, requires a security layer that is both robust and user-friendly [Fondo, 2025]. The open-source model itself acts as a demand catalyst, allowing technical teams to evaluate, customize, and deploy the software without initial vendor commitment, which is particularly appealing for cost-sensitive or highly regulated sectors.

Adjacent and substitute markets include the broader secure access service edge (SASE) and software-defined perimeter (SDP) categories, where large vendors like Zscaler and Palo Alto Networks operate. The core substitute remains the traditional corporate VPN, a multi-billion dollar market that ZTNA solutions are systematically displacing due to security and usability shortcomings. Regulatory forces, particularly data sovereignty laws and industry-specific compliance frameworks (e.g., NIST, FedRAMP), are accelerating adoption by mandating stricter access controls and audit trails, which favor solutions with built-in identity governance.

Metric	Value
ZTNA Market 2023	2.1 $B
Projected CAGR 2023-2026	31 %

The projected growth rate for the ZTNA market underscores the structural shift underway, though Pangolin's specific capture of that growth will depend on its ability to differentiate from both commercial giants and other open-source alternatives.

Data Accuracy: YELLOW -- Market sizing is based on an analogous category report from a major analyst firm; company-specific SAM/SOM is not disclosed.

Competitive Landscape

MIXED Pangolin enters a mature market for secure remote access by positioning its open-source, self-hostable platform as a direct alternative to both established enterprise services and popular developer tools.

Company	Positioning	Stage / Funding	Notable Differentiator	Source
Pangolin	Open-source, identity-aware VPN/proxy for self-hosted remote access.	Seed (2025), Y Combinator.	Full self-hosting with optional cloud coordination for high availability.	[Y Combinator, 2025] [pangolin.net, 2025]
Cloudflare Tunnels	Cloud-based, zero-trust network access (ZTNA) as part of Cloudflare One.	Public company (NET).	Deep integration with global CDN, DNS, and DDoS protection services.	[Y Combinator, 2025]
Zscaler ZPA	Cloud-native zero-trust platform for enterprise application access.	Public company (ZS).	Purpose-built for large-scale enterprise security and IT policy enforcement.	[Y Combinator, 2025]
Ngrok	Developer-focused ingress platform for exposing local servers.	Venture-backed.	Simplicity and developer experience for quick, secure sharing of dev environments.	[Y Combinator, 2025]

The competitive map splits into three distinct segments. At the enterprise end, Zscaler and Cloudflare offer comprehensive, cloud-delivered zero-trust platforms that bundle remote access with broader security and networking services, targeting IT departments with large budgets and complex compliance needs [Y Combinator, 2025]. In the middle are challengers like Tailscale, which also use WireGuard but focus on mesh networking and simplicity. At the developer and SMB end, tools like Ngrok and Cloudflare Tunnels (in its free tier) prioritize ease of use for exposing services quickly, often with a freemium cloud model.

Pangolin's claimed edge rests on two pillars: its open-source codebase and its architectural choice to prioritize self-hosting. The open-source model provides a transparent wedge for security-conscious users in IT/OT and IoT environments who require auditability and control, a need less served by proprietary cloud gateways [Fondo, 2025]. The ability to run fully on-premises or in a hybrid cloud configuration for failover is presented as a key differentiator from purely cloud-hosted alternatives [pangolin.net, 2025]. This edge is durable if the company can build a community that contributes to and advocates for the project, creating a network effect around its code. However, it is perishable if larger incumbents open-source competing components or if the project fails to achieve critical developer mindshare.

The company's exposure is most acute in distribution and feature maturity. It lacks the embedded sales channels and brand recognition of public companies like Cloudflare and Zscaler, which can bundle remote access into larger enterprise deals. Ngrok owns significant developer mindshare for quick, ad-hoc tunneling, a use case where Pangolin's identity-aware controls may be perceived as overkill. Furthermore, Pangolin's product, as described, does not yet appear to match the breadth of policy engines, logging integrations, and threat intelligence feeds that define the enterprise-grade platforms it cites as competitors.

The most plausible 18-month scenario hinges on adoption within specific niches. If Pangolin successfully cultivates a strong open-source community and becomes the de facto standard for self-hosted tunnels in homelabs, IoT, and regulated industries, it could solidify a defensible position. In this case, Ngrok might be the "loser" for use cases that evolve beyond simple development tunneling into requiring more governance. Conversely, if adoption stalls and Cloudflare or Tailscale enhance their self-hosting or open-source offerings, Pangolin could become the "loser," relegated to a niche project while the broader market consolidates around better-funded platforms with more complete feature sets.

Data Accuracy: YELLOW -- Competitor identification sourced from company materials; competitor details are public knowledge. Pangolin's differentiation claims are from its own website and a third-party blog.

Opportunity

PUBLIC If Pangolin can establish its open-source, identity-aware access platform as a credible alternative to established enterprise gateways, the opportunity lies in capturing a meaningful share of the multi-billion dollar market for secure remote access and zero-trust network architecture.

The headline opportunity is for Pangolin to become the default self-hosted infrastructure for secure, identity-aware connectivity to private networks, particularly in hybrid and edge environments. This outcome is reachable because the company's wedge is already defined: an open-source core built on WireGuard with cloud-coordinated failover, targeting enterprises that prioritize control and data sovereignty over fully managed SaaS [Fondo, 2025]. The cited evidence points to a deliberate positioning against the limitations of pure-cloud offerings, suggesting a path to become the preferred tool for IT/OT, IoT, and security-conscious DevOps teams who find incumbent solutions either too opaque, too expensive, or insufficiently flexible for on-premises deployment.

Growth from this wedge could follow several concrete scenarios, each hinging on a specific catalyst.

Scenario	What happens	Catalyst	Why it's plausible
Open-source standard for hybrid IT	Pangolin's software becomes the de facto method for exposing internal services (like Grafana dashboards) in enterprises with hybrid cloud footprints.	A major cloud provider or DevOps platform (e.g., HashiCorp) integrates or endorses Pangolin as a recommended tunnel solution.	The product is designed for cloud-hybrid or fully on-premises deployment, a noted differentiator [Pangolin, 2025]. Managed hosting via Elest.io across nine cloud providers demonstrates early ecosystem support [Elest.io, 2025].
OT/Edge infrastructure wedge	The company gains deep adoption in operational technology (OT) and industrial IoT, where security requirements and network constraints favor self-hosted, high-availability solutions.	A publicly disclosed deployment with a major industrial or manufacturing firm.	The company's own materials explicitly target IT/OT and edge environments as a core use case [Perplexity Sonar PRO Brief, 2025]. Community guides already document setups for homelab and VPS-to-home tunneling, indicating applicability to constrained, private networks [RamNode, 2026].

Compounding for Pangolin would likely manifest as a classic open-source adoption flywheel. Initial deployments by engineers seeking a self-hosted alternative generate community contributions, tutorials, and integrations (as seen with the GitHub repository and Reddit community [GitHub, 2025] [Reddit, 2026]). This grassroots adoption lowers customer acquisition costs and builds credibility with enterprise security teams. Success in one segment, such as DevOps tool access, creates reference architectures that ease adoption in adjacent, higher-stakes areas like database or industrial control system access. The flywheel's fuel is the proprietary coordination layer for high availability and identity-aware controls; widespread use of the open-source agent would create natural pull toward the commercial management plane.

Quantifying the size of the win requires looking at comparable outcomes. Cloudflare, a public company whose Access product competes in the zero-trust access space, currently holds a market capitalization exceeding $30 billion. A more direct comparable is Tailscale, a WireGuard-based networking startup that raised a $100 million Series B in 2023 at a reported $1.3 billion valuation [TechCrunch, 2023]. If Pangolin executes on the "open-source standard for hybrid IT" scenario and captures a material portion of the self-hosted segment, an outcome in the high hundreds of millions to low single-digit billions of dollars in enterprise value is plausible (scenario, not a forecast). This range is anchored by the valuation multiples commanded by foundational infrastructure software companies with strong developer adoption. Data Accuracy: YELLOW -- Opportunity framing relies on company-stated positioning and comparable market outcomes; specific growth catalysts are not yet publicly evidenced.

Sources

PUBLIC

1. [Y Combinator, 2025] Pangolin: Identity-aware VPN and proxy for remote access to anything, anywhere. | https://www.ycombinator.com/companies/pangolin

2. [Fondo, 2025] Pangolin launches | https://fondo.com/blog/pangolin-launches

3. [pangolin.net, 2025] Pangolin | https://pangolin.net

4. [Elest.io, 2025] Pangolin | https://elest.io/open-source/pangolin

5. [GitHub, 2025] fosrl/pangolin | https://github.com/fosrl/pangolin

6. [Pangolin Docs, 2025] Introduction to Pangolin | https://docs.pangolin.net

7. [Y Combinator Jobs, 2026] Founding Engineer at Pangolin | Y Combinator | https://www.ycombinator.com/companies/pangolin/jobs/7DeBchl-founding-engineer

8. [Pangolin Docs, 2026] Join Us! - Pangolin Docs | https://docs.pangolin.net/careers/join-us

9. [Gartner, 2023] Market Guide for Zero Trust Network Access | https://www.gartner.com/en/documents/4583243

10. [Perplexity Sonar PRO Brief, 2025] Pangolin Startup Brief | https://www.perplexity.ai/imagine?query=Pangolin

11. [RamNode, 2026] Part 1: Pangolin Setup , VPS-to-Home Tunnels | Zero-Trust Homelab | https://ramnode.com/guides/series/zero-trust-homelab/pangolin-setup

12. [Reddit, 2026] r/PangolinReverseProxy on Reddit: I tried putting Pangolin's WireGuard site config on my home router to route all traffic through VPS | https://www.reddit.com/r/PangolinReverseProxy/comments/1nmvb3o/i_tried_putting_pangolins_wireguard_site_config/

13. [TechCrunch, 2023] Tailscale raises $100M at a $1.3B valuation for its zero config corporate VPN | https://techcrunch.com/2023/10/31/tailscale-raises-100m-at-a-1-3b-valuation-for-its-zero-config-corporate-vpn/