AI Agents Get Employee IDs: NewCore Raises $66M

NewCore, an Israeli-American security startup, came out of stealth with a $66 million seed round aimed at a problem most companies haven't fully hit yet: what to do when some of your 'employees' are AI agents that need their own logins. The round was led by Cyberstarts, with Index Ventures and Evolution Equity Partners joining, and values the company at $300 million. Its platform manages humans and AI agents in one place, treating each agent as a 'first-class identity with its own permissions, lifecycle controls, and revocation mechanisms' rather than a borrowed human account or a loose API key.

The founders are a heavy security trio. CEO Zohar Alon previously built cloud-security firm Dome9, acquired by Check Point; CTO Amihai Neiderman is a former Unit 8200 research leader who founded healthcare-AI startup Nym Health; and CRO Erez Yarkoni was CIO of T-Mobile USA and Telstra. The company already has 50-plus employees across the US and Israel, fewer than 10 customers and more than 10 design partners, and plans to start charging in the summer of 2026.

Why agent identity is suddenly a problem

The context is that agents are quietly becoming headcount. McKinsey says it now runs about 25,000 AI agents alongside its 60,000 human employees; Goldman Sachs has tested the coding agent Devin as if it were a worker. Alon argues that the identity systems most companies already use can't take the strain: 'We know for sure that the scale and the complexity that those things are going to add to 15- or 20-year-old identity platforms are going to break them.' NewCore's answer includes a 'split-key' design that divides critical credentials between the customer and the platform, an 'Agentic Skill' package that lets tools like Claude Code, Codex and Cursor reach enterprise systems as managed identities, and a mobile app for granting, reviewing and revoking an agent's access on the spot.

Why it matters to you

Even if you'll never buy enterprise identity software, this is a useful signal about where AI is heading. The interesting startups right now aren't building another chatbot — they're building the boring plumbing that lets agents act on their own with real permissions, and the safety rails to switch them off. The reason that matters: an agent with a login can do real damage at machine speed, so the questions that used to be about people — who can this account touch, and how fast can we kill it — now apply to software too. My take is that 'can it be revoked instantly' is about to become the first question any sane team asks before letting an agent loose, and the tools that make that easy will win regardless of which model is underneath.