The Agentic Enterprise Identity Crisis: NewCore Lands $66M to Secure Digital Workers

The enterprise adoption of artificial intelligence has officially shifted from localized productivity tools to autonomous operational staff. As reported by TechCrunch , cybersecurity startup NewCore has emerged from stealth with a $66 million funding round aimed at solving the architectural vulnerabilities of deploying autonomous AI agents at scale. The funding round—comprising a $16 million pre-seed led by Index Ventures and Cyberstarts, followed by an expanded seed led by Evolution Equity Partners—values the Tel Aviv and San Francisco-based company at $300 million. This outsized capital injection underscores a broader realization among enterprise leaders that traditional Identity and Access Management (IAM) systems are ill-equipped to govern non-human, deterministic entities that execute multi-step workflows without continuous human oversight.

The scale of the corporate agentic workforce is growing rapidly. Macro indicators show that major enterprises are treating advanced AI models less like software packages and more like internal headcount. For instance, consulting giant McKinsey recently disclosed that 25,000 AI agents are already working directly alongside 60,000 human employees, while institutional firms like Goldman Sachs have heavily tested autonomous engineers like Devin within their production environments, as covered by Mezha.net. However, when an autonomous agent is granted a corporate login to interact with sensitive databases, legacy architectures struggle to log, audit, or limit its lateral movement, exposing companies to unprecedented data breach vectors and compliance liabilities.

By treating autonomous bots as official digital employees that require unique corporate identities, NewCore is strategically positioning itself to challenge entrenched identity giants. According to The Next Web, the startup is directly targeting market territory dominated by Microsoft and Okta by unifying human, machine, and agentic governance under a single architecture. With a founding pedigree including cloud-security veterans from Dome9 and intelligence leaders from Unit 8200, the firm’s sudden entry highlights a fundamental industry shift: the true bottleneck for scalable enterprise AI is no longer the reasoning capabilities of Large Language Models, but the security infrastructure required to let them act autonomously.

The Structural Collapse of Legacy IAM Infrastructure

Traditional enterprise security frameworks were engineered around static human parameters, relying on multi-factor authentication, session timeouts, and social verification to validate system entries. AI agents do not utilize these mechanisms; they interact with APIs at machine speed, handle distributed credentials manually, and execute processes across vast software ecosystems without taking breaks. Security analysts warn that forcing high-frequency autonomous agents through 20-year-old identity management platforms will inevitably cause operational collapse, creating massive security blind spots such as orphaned credentials and ungoverned shadow accounts.

Unified Governance and the Split-Key Model

To mitigate the risks of autonomous lateral movement, NewCore has deployed a security-first identity platform built from the ground up for hybrid workforces. Detailed technical breakdowns from SecurityWeek reveal that the platform features a split-key architecture and out-of-band user verification tied to hardware-bound credentials. This setup actively prevents relay, replay, and social engineering attacks aimed at digital systems. Crucially, the system continuously maps the corporate network to discover unmanaged bot accounts, allowing security teams to migrate existing federations and access policies with zero downtime.

Granular Human Oversight in the Agentic Economy

As autonomous multi-agent systems begin running complex operations in regulated sectors, retaining an active human-in-the-loop component remains vital for risk management. NewCore addresses this through a dedicated mobile application that allows human employees to view, grant, and instantly revoke permissions for active AI agents in real time. Rather than relying on rigid, permanently open API keys, the infrastructure treats an agent’s access privileges as a fluid dynamic, offering native integration skills for modern coding assistants like Anthropic's Claude Code, Codex, and Cursor, thereby enforcing strict boundaries on what an automated worker can execute.

Market Outlook and Competitive Realignment

The specialized funding flowing into agentic infrastructure indicates that the enterprise AI market has moved beyond the proof-of-concept phase into structural integration. Platforms addressing agent monetization, tracking, and identity are securing outsized seed rounds as venture capital follows the deployment bottleneck. With NewCore planning a general availability launch and rolling out its monetization strategy, the identity and access management market is entering a period of realignment. Incumbent software providers will either need to acquire native agentic governance technologies or risk obsolescence as companies transition from human-dominated operations to dense, machine-driven agent ecosystems.

The Hidden Vulnerability of Autonomous Workforce Deployment

What Most Reports Miss: The rush to secure AI agents focuses heavily on external hacks and code injections, but the true vulnerability is structural. When an enterprise authorizes an autonomous agent to execute complex multi-step workflows, it must grant that agent programmatic credentials. In practice, this often translates to engineers embedding raw, highly privileged API keys directly into agent environments. If an agent compromises its own environment through an unforeseen logic loop or a malicious prompt, those hardcoded keys can be instantly harvested, giving bad actors permanent, unmonitored backdoors into core corporate databases.

From the perspective of Chief Information Security Officers, the rise of the non-human employee creates an accountability vacuum. Traditional access management systems rely on a clear correlation between an action and a human identity for audit trails. When an autonomous agent modifies a financial ledger or alters a cloud infrastructure configuration, standard logs simply attribute the activity to the generic service account hosting the LLM. This lack of granular visibility turns compliance auditing into a nightmare, as forensic teams cannot easily distinguish between a bug in an agent's reasoning loop and an active internal breach.

This challenge is further complicated by the reality of multi-agent orchestration, where an initial human request triggers a chain reaction of sub-agents hiring other sub-agents. In these dynamic environments, permissions must be inherited, delegated, and revoked across a fast-changing mesh of microservices in fractions of a second. Security teams are discovering that traditional role-based access control is far too rigid for this level of automation. Without a dedicated identity layer designed specifically for these digital workers, enterprises are forced to choose between crippling the productivity of their AI investments or accepting catastrophic security blind spots.

The strategic shift represented by this new wave of security funding marks the end of the experimental phase of enterprise AI. Early adopters treated autonomous bots as glorified software scripts, but today's platforms operate as genuine corporate actors capable of making financial and operational decisions. Securing this frontier requires a complete overhaul of how digital identity is defined, shifting focus from validating human identity at a single login checkpoint to continuously auditing the intent, behavioral boundaries, and exact lineage of autonomous code.

The Paradox of Autonomous Supervision

Reading Between the Lines: The enterprise narrative surrounding autonomous agents relies on a fundamental contradiction: companies are deploying AI to drastically cut human headcount, yet they are simultaneously investing millions into software designed to help human employees constantly watch over those very agents. The promise of the agentic workforce is frictionless, machine-speed efficiency operating at zero marginal cost. However, by introducing real-time human authorization apps and complex out-of-band verification loops, organizations are reintroducing the exact human-induced friction and labor bottlenecks they spent millions trying to automate away.

Furthermore, treating AI agents as official corporate employees with distinct digital identities creates a highly complex legal and operational gray area. Legacy corporate governance models assume that identity is tied to an individual or a specific, deterministic software license. An autonomous model that continuously learns, adapts its own workflows, and interacts with external APIs does not fit either category. If a securely authenticated agent makes a flawed operational decision that results in severe financial losses or regulatory fines, assigning accountability becomes almost impossible when the security platform confirms the identity was valid but the underlying model's reasoning simply failed.

This dynamic will likely trigger an intense architectural arms race between enterprise AI deployment teams and internal cybersecurity departments. As developers demand broader, uninhibited database access to unlock the full creative problem-solving potential of advanced models, risk-averse security teams will use tools like split-key architectures to severely constrict those permissions. The resulting friction risks creating a new wave of shadow IT, where frustrated departments bypass corporate identity platforms entirely to deploy ungoverned, highly privileged bots on localized servers just to maintain their competitive velocity.

Ultimately, the massive valuation multiples being handed to early-stage agentic security startups reflect a deep-seated anxiety rather than a proven market equilibrium. Venture capital is aggressively front-running an infrastructure problem that most enterprises have not even begun to face at true production scale. While these sophisticated identity layers will undoubtedly become a foundational requirement for the future enterprise stack, the immediate future will likely be defined by a painful trial-and-error period as corporations discover that managing twenty thousand digital workers requires far more human babysitting than the brochures originally promised.

"We are rapidly entering an era where corporations will feature lean, highly optimized human teams managing sprawling digital workforces of millions of autonomous agents, meaning the corporate ladder of the future will not be climbed by playing office politics, but by hoping your manager does not accidentally revoke your API token during a routine security sweep."

Artūras Malašauskas is an AI Systems Integrator with 20+ years of production-grade web engineering experience. He has designed, shipped, and scaled enterprise Python/PHP systems for logistics, SaaS, and public-sector clients. For the past year, he has focused exclusively on AI integrations: deploying open-source LLMs, building generative media pipelines (image, audio, video), and engineering multi-agent workflows for real production environments. His standard: reproducibility, security, cost-efficient inference—no vaporware. He documents and evaluates emerging AI tooling, separating verified capabilities from marketing noise. Technical editor at: muza-ai.eu, ai-verslas.lt, ai-naujinos.lt Connect on LinkedIn