NewCore Emerges with $66M to Solve the AI Agent Identity Crisis
Table of Contents
The Shift from Software Tools to Digital Employees
For years, the enterprise world viewed AI as a sophisticated set of tools—think of a calculator or a spreadsheet. But a fundamental shift is occurring. We are moving from ‘AI as a tool’ to ‘AI as an agent.’ These agents don’t just suggest text; they execute workflows, access databases, commit code to repositories, and interact with other software independently. This transition transforms AI from a utility into a coworker.
This shift creates a massive security vacuum. Most companies currently manage non-human access via ‘service accounts’—static credentials shared across applications that rarely change and are notoriously difficult to audit. When an AI agent is given a service account, it essentially has a ‘master key’ to a specific part of the house, but the company has no way of knowing exactly which ‘room’ the agent is in at any given second, or if the agent has suddenly decided to open a door it shouldn’t.
Enter NewCore. The cybersecurity startup has emerged from stealth with $66 million in seed funding to treat AI agents as first-class identities. Instead of hiding an agent behind a generic system account, NewCore assigns it a unique identity with its own permissions, lifecycle, and revocation triggers—essentially giving the AI a corporate employee ID badge.
- The Core Problem: Legacy identity providers (IdPs) were built for humans typing passwords into boxes. They aren’t designed for autonomous agents making 1,000 API calls per minute.
- The Solution: A dedicated identity layer that separates human and machine credentials while providing a unified governance plane.
- The Stake: As AI agents outnumber humans in tech-heavy firms, the lack of granular control over these identities becomes a primary attack vector for breaches.
Breaking the Legacy Identity Monolith
The current landscape of identity and access management (IAM) is dominated by giants like Okta and Microsoft Entra. While these platforms are indispensable for managing human logins, they are struggling to adapt to the ‘agentic’ era. Zohar Alon, NewCore’s co-founder and CEO, argues that adding AI capabilities to these 20-year-old architectures is like adding a jet engine to a horse carriage; the fundamental frame cannot support the speed and scale.
The technical friction lies in the ‘lifecycle’ of an identity. A human employee is onboarded, granted access, and then offboarded. An AI agent, however, might be spun up for a specific three-hour task, execute a series of high-privilege actions, and then be deleted. If that agent’s credentials persist in a legacy system, they become ‘ghost credentials’—perfect targets for hackers who can hijack an unused but high-permission account to move laterally through a network.
NewCore’s approach is to build a ground-up identity system where AI agents are governed by a different set of rules than humans, yet visible in the same dashboard. This allows a CISO (Chief Information Security Officer) to see exactly which agent is accessing which database and revoke that access in real-time via a mobile app, rather than digging through complex JSON policies in a cloud console.
The Technical Architecture: Split-Keys and Agentic Skills
To move beyond the vulnerabilities of traditional IAM, NewCore is implementing a split-key architecture. In a standard setup, if an identity provider is breached, the attacker gains the keys to the kingdom. NewCore divides critical identity credentials between the customer’s own environment and the NewCore platform. Neither party holds the full key alone, effectively eliminating the identity provider as a single point of failure.
Beyond the plumbing of identity, NewCore is focusing on the ‘last mile’ of integration through what they call Agentic Skill packages. This is specifically designed for the most aggressive adopters of AI: developers using coding assistants like Claude Code, OpenAI’s Codex, or Cursor.
Currently, most developers grant these tools broad access to their local environment or GitHub tokens. NewCore replaces this ‘all-or-nothing’ access with managed identities. If Claude Code needs to read a specific production log to debug a crash, NewCore grants a temporary, audited identity specifically for that task. Once the task is complete, the identity expires. This transforms the security model from ‘Permanent Trust’ to ‘Just-in-Time Access.’
The Economic Scale of the Digital Workforce
The funding for NewCore—led by Cyberstarts with participation from Index Ventures and Evolution Equity Partners—values the company at $300 million. This valuation reflects a growing belief among VCs that the agentic economy will scale faster than predicted. We aren’t just talking about a few bots; we are talking about a structural change in labor.
Consider the current trajectory: McKinsey reported that 25,000 AI agents are already working alongside its 60,000 human employees. Goldman Sachs has experimented with Devin, an AI software engineer, treating it not as a plugin, but as a team member. When an organization reaches a point where it has a 1:1 ratio of humans to AI agents, the administrative overhead of managing those agents manually becomes impossible.
| Identity Type | Legacy Approach (Service Accounts) | NewCore Approach (First-Class Identity) |
|---|---|---|
| Authentication | Shared API keys/secrets | Unique, agent-specific credentials |
| Lifecycle | Static (Permanent until manual delete) | Dynamic (Ephemeral/Task-based) |
| Governance | Broad permissions (Over-privileged) | Granular, least-privilege access |
| Audit Trail | ‘System’ performed action | ‘Agent-X’ performed action on behalf of ‘User-Y’ |
What This Means for the Enterprise
For the average IT manager, NewCore’s emergence signals that the ‘honeymoon phase’ of AI deployment—where companies simply gave AI tools wide access to get things moving—is ending. We are entering the Governance Era. The practical implications are three-fold:
1. Reduction of ‘Credential Sprawl’: By centralizing AI identities, companies can stop the dangerous practice of embedding API keys in code or sharing secrets across Slack channels to get agents to work.
2. Verifiable Compliance: In regulated industries like finance or healthcare, ‘the AI did it’ is not an acceptable answer for an auditor. NewCore provides the forensic trail necessary to prove who authorized an agent and what that agent accessed.
3. Human-in-the-Loop Control: The ability to revoke an AI agent’s access via a mobile app provides a critical ‘kill switch.’ As agents become more autonomous, the speed of revocation must match the speed of execution.
The Road to Agentic Dominance
The predictions made by NewCore’s leadership are echoed by industry veterans. N. Chandrasekaran, Chairman of TCS, has suggested that AI agents could eventually rival the size of traditional IT service workforces. If a company like TCS, with hundreds of thousands of employees, transitions to a hybrid human-agent model, the identity layer becomes the most critical piece of infrastructure in the building.
However, the challenge for NewCore will be displacement. Microsoft and Okta are not standing still. They are integrating ‘agentic’ features into Entra and their respective clouds. NewCore’s bet is that these incumbents are too tethered to their legacy architectures to truly pivot. By building for a world where the machine is the primary actor, NewCore is positioning itself as the ‘Active Directory’ for the AI age.
Frequently Asked Questions
What is a ‘first-class identity’ for an AI agent?
A first-class identity means the AI agent is treated as an individual entity in the security system, similar to a human employee. It has its own unique ID, specific permissions, and a traceable history of actions, rather than sharing a generic ‘service account’ used by multiple bots or apps.
How does a split-key architecture improve security?
A split-key architecture ensures that no single entity possesses the full credential required to access a system. By dividing the key between the client and the provider, NewCore ensures that even if their own servers were breached, the attackers would only have half the key, making it useless without the customer’s half.
Why are traditional service accounts insufficient for AI?
Service accounts are typically static and over-privileged. AI agents operate at a scale and frequency that makes static accounts dangerous; if an agent’s account is compromised, the attacker has permanent, broad access. AI agents need ephemeral, short-lived identities that expire after a task is finished.
Can NewCore be used with existing tools like ChatGPT or Claude?
Yes. NewCore provides integration packages (Agentic Skills) that allow these LLMs and coding assistants to interact with corporate systems as managed identities rather than using manually distributed and insecure API keys.
Who is the target audience for NewCore’s platform?
The primary targets are CTOs, CISOs, and DevOps leads at technology-forward companies that are deploying autonomous AI agents at scale and need to maintain strict security and compliance standards.
