Centauri AI: Enhancing AI-Driven Fintech with Fine-Grained Authorization (FGA)

Centauri AI is a fintech startup that processes vast amounts of financial data through AI-powered document processing, providing its clients with in-depth financial analysis.

With their enterprise clients handling thousands of sensitive financial reports, secure and scalable authorization was non-negotiable.

Rather than build yet another in-house access control system, Centauri AI’s Co-Founder and CTO, James Wu, looked for a solution that would provide flexibility, security, and ease of integration.

This case study explores how Centauri AI leveraged Fine-Grained Authorization (FGA) with Permit.io, eliminating the burden of managing permissions in-house.

Watch the full case study here:

The Challenge: Managing Complexity Without Slowing Down Development

Financial institutions demand strict access controls, especially when handling confidential company reports and sensitive financial documents. For a fintech startup, this means implementing an efficient authorization layer into their product is a day-one requirement and the only way to adhere to the compliance standards required by this industry - making it a revenue-critical feature.

They needed to ensure their users could efficiently share reports, control access across teams, and maintain clear audit trails.

Initially, Centauri AI used a basic authorization system based on their Postgres schema to track resource ownership. This worked in the early stages, but as customer demands grew, so did the complexity of authorization rules.

More granular permissions—such as implementing secure document sharing between users and teams— led to a system that was increasingly time-consuming to maintain, not to mention prone to errors.

The team needed a solution that was flexible enough to handle these requirements. As James described it:

"At first, I thought, ‘Hey, we can build this in-house. I’ll probably turn it into a microservice.’ But then I realized that if I were to do that, someone else had probably already done the work for me”.

The Solution: Fine-Grained Authorization with Permit.io

In his process of looking for a solution, James outlined three guidelines to which the authorization implementation had to adhere:

1. It had to support complex authorization rules (role-based, attribute-based, and relationship-based access control) without adding excessive development overhead.
2. It had to provide a solution for access control auditing - no doubt a crucial feature when dealing with sensitive financial documents.
3. It needed to scale with the company as it grew both in the number of users and the complexity of access control requirements.

After exploring multiple options, Centauri AI found that Permit’s approach to Fine-Grained Authorization (FGA) offered the flexibility and scalability they needed. It provided the security their enterprise clients expected without forcing the team to build and maintain a complex permissions system from scratch. As James explained it:

"Permit isn’t so complex that it’s hard to understand, but it’s also advanced enough to let us build powerful features without implementing sharing logic ourselves".

With just a day of development, James had a proof of concept running locally, and it took just one more day to deploy it to staging and production.

"I started reading the documentation, downloaded the PDP container, and made a call to check if a user had permission to open a file. Once I had the proof of concept running locally, we proceeded to integrate it further. The entire process took just a day, plus another to deploy and test in production. It worked like a charm."

Instead of spending months on building permission logic in-house, Centauri AI centralized their authorization layer with Permit.io, meaning their engineers could focus on improving their AI-powered document processing platform rather than spending time maintaining access control rules.

The Impact: Security That Doesn’t Get in the Way of Progress

With a clear permissions system in place, Centauri AI ensured that sensitive financial reports were only accessible to the right users—without creating unnecessary development overhead.

By handling authorization externally, the team:

• Eliminated the need for custom-built access control logic, freeing up valuable engineering time.
• Provided enterprise customers with self-service permission management, reducing support tickets.
• Maintained low latency for authorization checks, ensuring performance was never compromised.

For fintech applications, performance is just as critical as security. Slow access control can create unnecessary friction, which is why keeping authorization checks fast was a priority.

"If security slows down the application, developers will be tempted to skip security measures altogether—which is an even bigger risk. That’s why having a local PDP is extremely important for us."

Permit.io’s local PDP deployment allowed Centauri AI to run authorization checks in single-digit milliseconds, ensuring users never experienced delays due to access control enforcement.

Now, as Centauri AI continues to scale, they don’t have to worry about whether their access control system can keep up. Permissions can be adjusted dynamically, new roles can be added without rewriting code, and compliance concerns are handled from day one.

Conclusion: Scalable Security Without the Overhead

For fintech companies, access control is a core requirement—but building it in-house is a costly distraction.

Centauri AI’s experience shows that externalizing Fine-Grained Authorization can be the smarter choice, allowing startups to focus on what makes their product great while still meeting enterprise security expectations.

"Permit will be with us for a very, very long time."

By integrating a flexible, scalable, and developer-friendly authorization solution, Centauri AI ensured that security never became a bottleneck—allowing their team to concentrate on delivering AI-driven financial insights without constantly managing permissions.