- Oak has raised $60 million in seed funding to address the security risks posed by autonomous AI agents.
- The startup focuses on 'non-human identities' (NHIs), which traditional IAM systems are ill-equipped to manage.
- Founded by Shai Morag, Oak aims to provide a governance layer that tracks and secures machine-to-machine interactions.
- The massive funding round signals that AI identity and trust are now critical bottlenecks for enterprise AI adoption.
The Ghost in the Machine: How Oak’s $60M Launch Aims to Solve the AI Agent Identity Crisis
As autonomous agents begin to act on our behalf, the boundary between human intent and machine execution is blurring—and the security stakes have never been higher.

Key Takeaways
In the current landscape of Large Language Models (LLMs), the industry is pivoting from passive chatbots to active, autonomous agents. These entities don’t just summarize text; they book flights, execute code, access sensitive databases, and move money. However, this rapid evolution has outpaced the infrastructure designed to secure it. As these agents begin to act as proxies for human users, a fundamental question arises: How do we verify the identity of a machine acting on behalf of a human?
This is the core problem that Oak, an Israeli identity management startup, is stepping out of stealth to solve. Backed by a staggering $60 million in seed funding—a figure almost unheard of for an initial round—Oak is positioning itself as the critical governance layer for the 'Agentic Era.' Led by veteran entrepreneur Shai Morag, the company aims to fix what it describes as an 'identity mess' that AI agents are making significantly worse.
Traditional Identity and Access Management (IAM) systems were built for humans. They rely on biometrics, multi-factor authentication (MFA), and predictable behavior patterns. AI agents, however, do not have fingerprints or faces. They are ephemeral, often spun up for a single task and then discarded. When an AI agent accesses a corporate cloud environment to perform a task, it often inherits the permissions of the user who triggered it—a practice that violates the fundamental security principle of 'least privilege.'
This creates a massive security vacuum. If an agent is compromised or suffers from a 'hallucination' that leads it to perform unauthorized actions, the traditional security stack often can't distinguish between the legitimate intent of the human and the rogue action of the agent. Oak’s emergence suggests that the industry is finally waking up to the reality that non-human identities (NHIs) are now the primary attack vector in modern enterprise environments.
The scale of Oak’s seed funding reflects the urgency of the problem. Investors are betting that the next bottleneck for AI adoption won't be model performance, but rather enterprise trust. Shai Morag, who previously co-founded the cloud security firm Ermetic (acquired by Tenable), brings a deep understanding of how complex cloud permissions can become. With Oak, he is targeting the intersection of AI and cybersecurity, a niche that is rapidly becoming the most valuable real estate in tech.
Oak’s platform is designed to provide visibility and control over what these agents are doing. This involves:
- Dynamic Identity Assignment: Giving every AI agent a unique, trackable identity that is linked to, but distinct from, the human user.
- Behavioral Monitoring: Analyzing the actions of agents in real-time to detect deviations from expected workflows.
- Automated Governance: Automatically revoking permissions the moment an agent completes its assigned task, reducing the 'identity sprawl' that plagues modern IT departments.
To understand why Oak is necessary, one must look at the technical limitations of current IAM solutions. Most legacy systems are static; they check a credential at the start of a session and then grant access for a set period. AI agents, however, operate at machine speed. They can cycle through thousands of API calls in seconds. A static permission model cannot keep up with this velocity.
Furthermore, agents often operate in 'chains.' One agent might call another agent, which in turn accesses a third-party service. This creates a 'transitive trust' problem. If the third-party service is compromised, the entire chain is at risk. Oak’s technology aims to create a 'zero-trust' environment for agents, where every single action is verified regardless of where the agent sits in the chain.
The implications of Oak’s launch extend far beyond cybersecurity. As we move toward a world where 'Agentic AI' handles the bulk of administrative and technical tasks, the concept of 'digital identity' must be redefined. We are moving away from a human-centric web toward a hybrid ecosystem where human and machine identities are inextricably linked.
For enterprises, the message is clear: You cannot scale AI without a robust identity strategy. The $60 million poured into Oak is a signal that the market views 'AI Identity' as a foundational infrastructure category. It is no longer enough to have a powerful LLM; you must have the guardrails to ensure that LLM doesn't become a liability.
As Oak moves from stealth to the global stage, its success will be a litmus test for the broader AI industry. If Oak can successfully manage the 'identity mess,' it will pave the way for a new generation of autonomous applications that are both powerful and secure. If the mess continues to grow, however, the 'AI Revolution' may find itself stalled by the very tools it sought to create.
Enjoying this article?
Get the daily AI briefing sent straight to your inbox.
Frequently Asked Questions
What is the 'identity mess' caused by AI agents?
AI agents often use human credentials to perform tasks, leading to over-privileged access and a lack of accountability. Because they act autonomously and at high speed, traditional security systems cannot distinguish between a human's intent and a machine's potential error or malicious action.
Why did Oak receive such a large seed funding round?
The $60 million round reflects the high priority enterprises are placing on AI security. As companies move from testing AI to deploying autonomous agents, the need for specialized identity infrastructure has become a billion-dollar problem that investors are eager to solve.
How does Oak differ from traditional cybersecurity companies?
While traditional firms focus on human users and network perimeters, Oak specifically targets the lifecycle and permissions of AI agents and non-human identities, providing real-time governance for machine-led workflows.
Comments
0Related articles

SpaceX Veteran Secures $65M to Revolutionize Aerospace Wiring
A new startup led by a SpaceX veteran has raised $65 million to overhaul the inefficient, decades-old methods used to wire rockets and satellites.

The Automated Wall: How AI Chatbots Are Breaking Customer Support
A recent rise in AI-driven customer support is leading to a crisis of accessibility, leaving users stranded when deliveries go missing or problems arise.

OpenAI Staffers Fund Anti-AI Lobbying Group in Internal Political Clash
A group of OpenAI staff has donated over $215,000 to a political action committee opposing a pro-AI lobbying group supported by company president Greg Brockman.