$66 million is a heavy seed check for an identity startup, but NewCore is aiming at a larger shift: enterprises now need to govern humans, machines, and AI agents from the same security control plane.
The Israeli cybersecurity startup emerged from stealth with $66 million in seed funding from Cyberstarts, Index Ventures, and Evolution Equity Partners, according to SecurityWeek. NewCore says it has built a security-first identity platform designed for human users, machine identities, and agentic identities across enterprise environments.
NewCore exits stealth with $66 million for identity security across three identity classes
NewCore was founded by Zohar Alon, CEO, Amihai Neiderman, CTO, and Erez Yarkoni, CRO. SecurityWeek describes the Tel Aviv-based company as founded by cybersecurity veterans and Israeli intelligence alumni.
The pitch is direct: identity systems built mainly around employee access now have to handle service accounts, machine credentials, and AI agents that may act across production systems. NewCore says its platform discovers, secures, and governs those identities across an organization’s environments.
“Identity is broken, but it has become the control plane of the modern enterprise. We not only built NewCore for the workforce that actually exists today, one of humans, machines, and agents, but we built it security-first from day one. The goal isn’t just to manage identity better. It’s to remove categories of risk that the industry and our customers have lived with for too long,” Alon said.
The company’s core technical claim centers on Secure Split Key, or SSK, which NewCore says is built to reduce risks around SAML signing infrastructure. The company says SSK targets attack classes including adversary-in-the-middle session theft, Golden SAML, and token replay, a risk highlighted by the $1.9B phishing empire.
NewCore also says the platform includes an integration package for leading agents, including Claude Code, Codex, and Cursor. Those integrations matter because coding agents often need access to repositories, development tools, cloud resources, and internal workflows.
TechCrunch reported that the round values NewCore at $300 million after investment, and that the company has grown to more than 50 employees across the U.S. and Israel. TechCrunch also reported that the platform is being used by fewer than 10 customers and more than 10 design partners, with the startup expecting to begin charging customers this summer.
AI agents push NewCore beyond employee login security
NewCore’s timing is the point. Its NewCore identity platform is not being sold as another login layer for employees. The startup is framing identity as the place where AI adoption becomes an enterprise security problem.
AI agents, in this context, means software systems that can act with some autonomy inside business tools. That can include coding assistants or agents that interact with enterprise systems. The security challenge is not whether those tools are useful. It is whether companies can assign them permissions, track their actions, revoke their access, and keep them from inheriting sloppy credentials.
NewCore says its platform was designed with agentic governance as a core constraint. That phrase matters. It means AI agents are treated as first-class identities with their own control paths, rather than being buried inside service accounts or manually shared credentials.
| Identity type | NewCore’s stated focus | Security problem it targets |
|---|---|---|
| Human users | Workforce identity and verification | Phishing, session theft, social engineering |
| Machine identities | Credentials and access across systems | Orphaned accounts, unmanaged secrets, exposed access |
| AI agents | Agentic identity, governance, revocation | Ungoverned agents acting inside enterprise systems |
NewCore also says it continuously discovers and maps identities, including shadow accounts, orphaned credentials, and ungoverned agents. That claim goes straight at a problem security teams already know well: assets that are not visible do not reliably get governed.
The company says it can deploy in hours using an agent-driven coexistence model that migrates existing federations and policies with zero downtime. That is a strong claim, and enterprise buyers will likely test it hard. Identity migrations can touch authentication, authorization, user experience, internal apps, and security operations all at once.
For security teams weighing where identity data flows after login, XOOMAR has covered adjacent tooling pressure in Open Source SIEM Can Bleed Security Teams Dry Fast and Best SIEM Tools That Won't Drown Lean Security Teams. NewCore’s pitch sits upstream from that problem: reduce identity risk before it turns into detection noise.
NewCore faces a crowded identity market that won’t reward vague AI security claims
NewCore is entering a market where buyers already spend heavily on identity governance, privileged access, cloud identity, and non-human identity controls. The AI-agent angle gives the startup a sharp wedge, but it does not remove the hard questions.
Enterprise customers will ask what the NewCore identity platform can actually discover, how policies are enforced, and how it coexists with existing identity stacks. They will also want proof that AI-agent controls are built into the product, not wrapped around it as a marketing label.
TechCrunch reported that established identity providers including Okta and Microsoft Entra have begun adding capabilities for AI agents. Alon argued to TechCrunch that those efforts extend platforms built for human employees, while NewCore was designed from the start for a workforce made up of humans, machines, and AI agents.
“We know for sure that the scale and the complexity that those things [AI agents] are going to add to 15- or 20-year-old identity platforms are going to break them,” Alon told TechCrunch.
That is NewCore’s central bet. If AI agents become common workplace actors, identity systems will need lifecycle controls, trust scoring, revocation, and human oversight for software workers that may operate faster than standard review cycles.
The near-term test is less philosophical. NewCore needs customer references, deployment evidence, and measurable risk reduction. The startup has funding, experienced founders, and a timely thesis. Now it has to prove that NewCore funding bought more than a polished stealth launch.
The next markers to watch are concrete: broader enterprise adoption, clearer customer traction, how the platform handles existing identity providers in live environments, and whether companies actually treat AI agents as identities that need governance from day one.
The Bottom Line
- NewCore’s $66 million seed round signals strong investor demand for identity security built around humans, machines, and AI agents.
- The company is targeting risks in SAML signing infrastructure, including Golden SAML and token replay attacks.
- Its launch reflects a broader enterprise shift toward treating identity as the central security control plane.
Originally published on XOOMAR. For more news and analysis, visit XOOMAR.
Top comments (0)