Skip to main content

About Butterfly

The recovery layer for identity infrastructure.

Identity is the operational substrate of every modern enterprise. Losing it – to misconfig, ransomware, accidental delete, or an audit gap – is existential. Butterfly is the backup, drift detection, and preview-restore layer that keeps it recoverable.

Founded by Mick Johnson after five years managing Okta internally and three years on the Okta product team, now building the recovery layer identity infrastructure never had.

Origin

Mick spent five years managing Okta internally and three years on the Okta product team, including time around Tier 3 escalations – the queue where Fortune 500 regulated workloads land when nothing else has worked, usually with a compliance officer on the bridge. That means he has seen both sides of the fence: operating Okta under real enterprise pressure and helping shape the product customers depend on.

The pattern across that time was the same. An accidental delete. A bad push from a config-as-code pipeline. A compromised admin token. An automation that ran a thousand mutations before anyone noticed. The recovery path was always the same: rebuild from documentation. People on calls at 2am, copying values out of screenshots, trying to remember what a group rule said before someone overwrote it. That is an unacceptable failure mode for the system that gates every other system.

Butterfly is the layer those incidents kept asking for. Continuous backups of the tenant. Preview-first restore that diffs every change before anything touches production. Drift detection that catches the bad push the moment it lands, not the next morning. Compliance evidence the auditor actually accepts. Built solo, shipped first, sold second.

The bet

Identity is now the blast radius. Ransomware crews have shifted from encrypting endpoints to wiping or hijacking the identity provider, because owning the IDP means owning every downstream SaaS, every cloud account, every privileged path. The 2023 MGM, Caesars, and Okta support-system incidents made that playbook public; the 2024–2025 wave made it routine.

IAM has sprawled past what a console-driven operator can hold in their head. A mid-market Okta tenant is now 40+ resource types, tens of thousands of group rules, dozens of authentication policies, and a graph of inline hooks and workflows that mutate each other. Change happens constantly, mostly via automation, and almost no one diffs it before it lands.

The compliance frame has caught up. SOC 2, HIPAA, PCI DSS, NIST 800-53, ISO 27001, and CIS Controls v8 all now expect documented IDP backup posture, tested restore, and evidence of drift control. For regulated buyers, "we use Okta" is no longer an answer to "what is your identity recovery plan?"

Butterfly is the bet that the recovery layer is its own product category – not a feature the IDP vendor will ship, not a script an MSP will maintain, not a line item in a backup tool that also does VMs. A purpose-built layer, run by a team that lived the incident on the other side of the phone.

Founder

Mick Johnson, founder of Butterfly Security

Mick Johnson

Founder & engineer · San Francisco

Five years managing Okta internally and three years on the Okta product team, with firsthand exposure to regulated customer escalations, internal enterprise operations, and the identity failure modes that turn into late-night bridges.

Shipped Butterfly solo: 40+ Okta resource types under continuous backup, drift detection, preview-first restore, six-framework compliance evidence, an OIN-listed API Service Integration, and an MCP server so Claude can drive recovery operations directly.

How we work

Evidence-gated, not vibes-gated.
Every claim about external state – a backup landed, a restore ran, a webhook fired – is gated behind an artifact on disk. Our CI runs an 81-step end-to-end suite against real infrastructure before anything reaches main. If we can't prove it happened, we don't ship the claim.
Customer-embedded.
Every paying customer has a direct line to the engineer who wrote the code path they're running. The Tier 3 muscle memory transferred: incidents get a person, not a ticket number.
Ship daily, in public.
The changelog is real. Resource coverage, restore primitives, compliance reports, and the Chrome extension all ship on a daily cadence – small commits, behind feature flags, verified end-to-end before they go live.
Solo by design, for now.
One founder + an aggressive agent-driven workflow has been cheaper, faster, and higher-quality than the equivalent early-stage team. We'll hire when a role pays for itself in week one, not before.

Where we are now

  • Listed in the Okta Integration Network as a vetted API Service Integration.
  • 40+ Okta resource types under continuous backup, with preview-first restore across the full graph.
  • In active outreach to regulated-industry prospects – healthcare, fintech, and SaaS Okta admins – with the canonical Butterfly QA tenant running against a real Okta org end-to-end every day.
  • Compliance evidence packs for six frameworks: SOC 2, HIPAA, PCI DSS, NIST 800-53, ISO 27001, and CIS Controls v8.
  • Built on Next.js 16 on Cloudflare Workers, Supabase, R2, and Stripe – same stack from local dev to production, with evidence-gated CI on every push.

Get involved

Butterfly is hiring its first engineers, talking to design-partner customers, and meeting investors who understand identity. If any of those is you – let's talk.

Get in touch