How It Works

How a Shroud Identity Works

From first request to full cleanup — here's what happens under the hood.

You set a budget and any limits. The agent is authorized to spend only within those bounds.

Budget: $20.00Policy: Strict-Ephemeral

Signal TraceLatency: --ms

POST /v1/auth/provision
{ "grant_type": "identity_session", "limit": 20.00 }

The agent calls the Shroud API to request a fresh identity — one that has never been used before.

API CallLatency: 12ms

TLS 1.3 Handshake established with identity.infrastructure.shroud

A temporary email, phone number, and virtual card are created and ready in seconds.

MAILGUN.PRO

TWILIO.API

LITHIC.CARD

Inbound

SMS_GATEWAY

State

Provisioned

Node

AWS-US-EAST-1

The agent receives its credentials. Keys are rotated right away on delivery.

"bundle_id": "sh_8273_91kd",
"email": "agent-12@shroud.temp",
"phone": "+1 (555) 012-9923"

The agent uses the temporary credentials to sign up, log in, or check out on the target platform.

Form Injection Active

Shroud watches the inbox and phone number, then pulls out OTPs, verification codes, and magic links automatically.

Captured SMS

Your verification code is: 992-102

The extracted code is sent back to the agent so it can continue without any manual steps.

Syncing State...

Agent uses a virtual card with a pre-set merchant lock and exact balance to complete the transaction.

Shroud Virtual

**** **** **** 8821

Agent Identity

Sovereign_Node_02

LOCKED: MERCHANT_LIMIT

Once the task is done, the card is canceled, the phone number is released, and the inbox is wiped. Nothing left behind.

Wipe SequenceSuccess

PII ScrubbingCOMPLETE

Merchant TerminationCOMPLETE