NewCore has emerged from stealth with $66 million in funding and a new identity security platform designed for a workplace where AI agents are beginning to act more like employees.
The startup argues that enterprise security systems were built for human workers, contractors, and service accounts, not for a future where autonomous AI agents can access apps, retrieve data, perform tasks, trigger workflows, and make decisions across company systems.
NewCore’s pitch is that every AI agent inside an organization will need its own identity, permissions, policies, audit trail, and lifecycle controls. In other words, if companies are going to let AI agents do real work, those agents cannot remain invisible software tools operating under shared credentials or loosely managed access.
The company’s $66 million raise shows how quickly agentic AI is creating new security categories. As businesses test AI agents in sales, customer support, software development, finance, operations, HR, and IT, the question is shifting from whether agents can do work to whether companies can control what those agents are allowed to do.
AI agents are different from ordinary chatbots.
A chatbot usually responds to a user request. An agent can carry out multi-step work. It may open tools, inspect documents, write messages, update records, file tickets, pull reports, manage workflows, or interact with third-party systems.
That makes agents much more useful, but also much riskier.
If an AI agent only drafts text, the danger is limited. If it can access customer data, modify business systems, approve transactions, push code, or message clients, the company needs strict controls. It must know which agent acted, what it accessed, why it acted, and whether the action was authorized.
This is the core problem NewCore is trying to solve. As agents become part of the workforce, they need to be managed like workforce identities.
A human employee receives an account, role, access level, manager approval, security monitoring, and offboarding when they leave. AI agents may need similar treatment, with controls adapted for autonomous software.
Enterprise identity systems are built around people.
Companies use identity and access management platforms to decide who can log in, which apps they can use, what data they can see, and what actions they can take. These systems are central to modern cybersecurity because compromised identities are one of the most common paths into corporate systems.
AI agents complicate that model.
An agent may not map cleanly to one human employee. It may act on behalf of a team, a workflow, a department, or another AI system. It may run continuously, perform actions automatically, and interact with many tools at once. It may also change behavior based on prompts, model outputs, or external context.
That makes traditional identity controls insufficient. A shared API key, generic service account, or broad permission token may give an agent too much power with too little visibility.
NewCore argues that this is the next weak link in enterprise security. If companies do not create specific identities for agents, they may not be able to monitor, restrict, or revoke access properly.
NewCore is led by co-founder and CEO Zohar Alon, a familiar name in cloud security.
Alon previously founded Dome9, a cloud security startup that was acquired by Check Point. His background gives NewCore credibility in a market where enterprise buyers are cautious and security claims are heavily scrutinized.
That matters because agent identity is still an emerging category. Many companies are only beginning to understand the problem. They may know they want AI agents, but they may not yet have a mature model for governing them.
A founder with experience building cloud security products can help make the case that AI agent identity is not a speculative issue. It is an extension of a security problem enterprises already know well: who has access to what, and what can they do with it?
NewCore is betting that the same logic that made human identity management essential will now apply to non-human AI workers.
The rise of agentic AI is creating a new security layer between identity, workflow automation, and governance.
A company using AI agents will need to answer several basic questions. Which agents exist? Who created them? What systems can they access? What actions can they perform? What data can they read? Who approved their permissions? How long should they remain active? What happens if they behave unexpectedly?
Those questions sound basic, but they become difficult at scale. A large enterprise may eventually have hundreds or thousands of agents performing different tasks across departments. Some may be vendor-provided. Some may be built internally. Some may be created by employees using low-code or no-code tools.
Without a central identity layer, those agents could become a shadow workforce. They may perform useful work, but security teams may not fully understand where they are operating or what risks they create.
NewCore’s platform is meant to give companies visibility and control before that problem becomes unmanageable.
Permissions are especially important because AI agents can act faster than humans.
A human employee with excessive access can cause damage, but the pace is usually limited by manual activity. An agent with excessive access could operate continuously, call APIs repeatedly, move data quickly, and trigger workflows at machine speed.
That raises the stakes for least-privilege access. Agents should only receive the permissions needed for a specific role or task. A sales agent should not have access to payroll systems. A support agent should not be able to delete production data. A coding agent should not be able to push unreviewed changes without approval.
Companies will also need approval flows for sensitive actions. An agent may be allowed to draft a contract, but not send it. It may be allowed to recommend a refund, but not approve one above a certain threshold. It may be allowed to open a pull request, but not merge code without review.
This is where identity connects to governance. Companies need to know not only what an agent can see, but what it can do.
NewCore’s argument also depends on auditability.
If an AI agent makes a mistake, companies need to reconstruct what happened. Which agent took the action? Which user or system triggered it? What information did it access? What instruction did it follow? Which tool did it use? Was the action within policy?
Without an audit trail, accountability becomes difficult. A company may know that a record was changed, a file was accessed, or a message was sent, but not understand which agent caused it or why.
This matters for security, compliance, and internal trust. Regulated industries such as finance, healthcare, insurance, legal services, and government will be especially cautious. They cannot deploy autonomous agents broadly unless they can prove access controls and activity records.
Auditability may also become important for incident response. If an agent is compromised, manipulated by prompt injection, or given bad instructions, security teams need to trace the damage and shut down access quickly.
NewCore’s $66 million raise reflects growing investor interest in the infrastructure around AI agents.
Much of the early AI boom focused on models, chatbots, copilots, and consumer apps. But as agents move into enterprise workflows, investors are looking at the tools needed to make them safe, manageable, and compliant.
That includes identity, permissions, observability, evaluation, monitoring, memory, security testing, data access, and governance. These may become the enterprise infrastructure layers of the agent economy.
The opportunity is large because companies cannot deploy agents at scale without trust. A business may test a few agents in limited workflows, but broad adoption requires controls that legal, IT, security, and compliance teams can accept.
NewCore is entering that market early. The company’s challenge will be proving that agent identity is urgent enough for enterprises to buy now, not later.
NewCore is not entering an empty market.
Established identity companies, cloud security providers, endpoint security vendors, access management platforms, and enterprise AI governance startups are all likely to move into agent identity. Companies such as Okta, Microsoft, CyberArk, SailPoint, Saviynt, CrowdStrike, Palo Alto Networks, and others already have deep relationships with enterprise security teams.
Some of these players may build agent identity features into their existing platforms. Others may acquire startups focused on the category. That means NewCore will need to move quickly and define the market before larger companies absorb the demand.
The startup may benefit from being purpose-built for AI agents rather than adapting older human identity systems. But enterprise security buyers often prefer integrated platforms from trusted vendors. NewCore will need strong product execution, clear integrations, and proof that its approach solves problems legacy systems cannot handle.
One useful way to understand NewCore’s pitch is that AI agents may need an HR-like security lifecycle.
When a human employee joins a company, they are assigned a role, granted access, trained, monitored, and eventually offboarded. The same kind of lifecycle may be needed for agents.
An AI agent may be created for a specific department. It may receive access to certain tools. It may need a manager or owner. Its permissions may change as its responsibilities change. It may need regular reviews to confirm it still serves a valid purpose. It may need to be suspended or deleted when no longer required.
This lifecycle view is important because agents can spread quickly. If employees can create them easily, companies may end up with agent sprawl similar to SaaS sprawl or cloud-account sprawl.
NewCore wants to give companies a way to manage that before agents become a hidden operational risk.
NewCore’s launch shows how fast the enterprise AI conversation is changing.
A year ago, many companies were still asking whether AI copilots could improve productivity. Now, the discussion is moving toward agents that can act. That shift creates a different security problem.
Companies do not only need to monitor what AI says. They need to control what AI does.
That is why agent identity may become a major category. If AI agents are going to behave like employees, they need the same kind of governance companies already apply to employees, service accounts, contractors, and vendors.
NewCore’s $66 million raise is a bet that this need will become urgent as agent adoption grows.
The startup still has to prove its platform in real enterprise deployments, and larger security companies will not ignore the space. But the direction is clear. The more companies give AI agents real responsibilities, the more they will need identity systems built for a workforce that is no longer entirely human.
Social media platforms are beginning to give users more direct control over the...
Peter Woods10 hours ago
Google has officially released Android 17, bringing a wider set of multitasking...
Noura Belkacem1 day ago
Anthropic’s long-running effort to frame itself as the careful AI company has ru...
Alexander Hughes3 days ago
Artificial intelligence is being used to help radiologists identify possible lun...
Grace Howard6 days ago
Google has cut the price of its budget AI subscription plan, signaling that the...
Noura Belkacem1 week ago
Meta has signed its first AI data center deal in India, partnering with Reliance...
Grace Howard1 week ago
Discussion