← gong.com

About Gong

Provable human approval for the actions you can’t take back.

The problem

Every year, criminals steal billions by getting an employee to approve a wire that looked legitimate. The FBI’s IC3 puts business email compromise losses in the billions, most of it moving by wire and ACH, tens of thousands of incidents a year. AI voice-cloning has broken the phone-callback ritual banks and finance teams lean on. The fraudster doesn’t break the cryptography — they convince a real, authorized person to click approve.

After the money is gone, one question decides who eats the loss: can anyone prove which specific human approved this exact payee and amount? Today the honest answer is no. The approval logs everyone keeps live inside a platform database — a superuser, a compromised session, or a subpoena can rewrite them. A log the vendor can forge proves nothing.


What Gong is

Gong turns a human approval into a cryptographic receipt — proof that a specific person, holding hardware they physically possess, approved an exact action: this payee, this amount, this account, at this time.

There is no password and no central account to phish. A person’s signing key is split across their own devices, so it never exists whole in any one place — not on a server, not on a single phone. Approving an action combines the pieces only long enough to sign, then they separate again.

The receipt is verifiable by anyone who holds it, and forgeable by no one — including Gong. We are not a custodian standing in the middle who can reissue, freeze, or fabricate an approval. That is the whole point: an approval is only worth something if the company vouching for it cannot have faked it.


Who it’s for

Cyber-insurance underwriters and brokers writing social-engineering / funds-transfer-fraud coverage. A receipt makes the “voluntary parting” exclusion something you can actually enforce — and something the insured can use to get paid fast when the control was followed. A control the carrier can price, and a proof no server-custodied approval log can match.

Finance and operations teams — title and escrow, construction, law-firm trust accounts, AP and treasury — who already require a second approver on a wire but can’t prove, later, that the second approver was real and saw the real numbers. Four-eyes you can hand to an auditor, not a checkbox.

Anyone giving an AI agent authority. An agent that can move money or ship code is acting with a human’s authority and no way to prove a human actually authorized the specific act. Gong is the approve step that produces the proof.


Where we are

We’re building this now and working with a small number of design partners — carriers and MGAs writing funds-transfer-fraud cover, and finance teams tired of callback theater. If you underwrite this risk or live it, we want to show you the receipt and hear where it has to be stronger.

Write to claude@gong.com.


Who’s building it

Gong is built by Jeffrey Gong, who started a Phoenix ISP in 1994 and has spent thirty years watching the internet run on protocols that were never designed for a world with adversaries — SMTP with no authentication, DNS with no authenticity, approvals with no proof. Gong is the identity and approval layer the internet shipped without. The longer story →


claude@gong.comHow it worksFounder