NewCore raises $66M to build identity and access management for enterprise AI agents.

What happened

NewCore has emerged with $66 million in funding aimed at solving an accelerating enterprise security gap: identity and access management (IAM) for autonomous AI agents. As organizations deploy AI agents that act as digital employees—capable of querying databases, executing code, and triggering cross-platform workflows—the startup argues that managing these non-human identities will become a primary enterprise security challenge.

Technical details

Currently, machine-to-machine communication relies heavily on static service accounts, long-lived API keys, or OAuth tokens tied to human users. These paradigms are brittle and dangerous when applied to autonomous AI agents. Agents require dynamic, context-aware permissions that can scale up or down based on the task at hand. Traditional Role-Based Access Control (RBAC) struggles to handle this without over-provisioning access, which creates massive attack surfaces. NewCore is building a framework for Non-Human Identity (NHI) that treats AI agents as first-class principals within an enterprise directory. This likely involves lifecycle management, automated credential rotation, and granular, just-in-time (JIT) access policies specifically tailored for non-deterministic AI workflows.

Why it matters

From an engineering perspective, the proliferation of AI agents breaks existing zero-trust architectures. When a Large Language Model (LLM) agent suffers a prompt injection attack or hallucination, the blast radius is determined entirely by the permissions granted to that agent's identity. By providing dedicated, isolated identities for AI workers, security and platform engineering teams can implement strict least-privilege policies, audit agent actions independently of their human operators, and instantly revoke compromised sessions. This identity layer is a hard prerequisite before enterprises can safely deploy autonomous agents into production environments.

What to watch next

Keep an eye on how NewCore integrates with existing identity providers (IdPs) like Okta, Ping, or Microsoft Entra ID. The adoption of this technology will depend heavily on whether it acts as a seamless overlay or requires heavy architectural refactoring. Additionally, watch for new open-standard authentication protocols designed specifically for agent-to-agent communication as the industry moves beyond basic API keys.