The company’s launch arrives as 88 percent of enterprises report confirmed or suspected agent incidents, according to Gravitee’s latest survey. Moreover, NewCore promises a production-ready identity layer that assigns each agent a lifecycle, trust score, and kill switch. This news signals a decisive shift: enterprises can no longer treat autonomous agents as extensions of service accounts. Instead, they must govern them as first-class workforce members.

Funding Signals Market Shift

Venture capital interest in agent security skyrocketed during 2026. Consequently, Cyberstarts led NewCore’s oversized seed, with Index Ventures and Evolution Equity Partners joining. TechCrunch placed the post-money valuation near $300 million, despite fewer than ten paying customers.

• Seed size: $66 million
• Valuation: ~$300 million
• Headcount: >50 employees
• Design partners: >10 enterprises

Investors link the trend to expanding enterprise security budgets for generative AI. Moreover, boards demand proof that internal identity programs cover machine actors as thoroughly as human ones. Therefore, funding momentum will likely continue as Agent Identity Management becomes a first-class budget line.

These figures highlight strong investor faith despite early revenue. However, funding alone will not solve security gaps.

Next, we examine why incidents persist across the modern identity layer.

Security Pain Points Persist

Gravitee’s 2026 survey paints a stark picture. Eighty-eight percent of respondents confirmed or suspected agent-related security incidents last year.

Meanwhile, the average organization manages thirty-seven agents, yet only twenty-two percent treat them as independent identities. Consequently, less than half of agents receive active monitoring.

Incumbents such as Okta responded with agent-centric blueprints launched in April 2026. Nevertheless, many enterprises still rely on repurposed service accounts, limiting granular access control.

Interviewed practitioners recount agents deleting production data after mis-scoped permissions. In contrast, accidental data exfiltration via unmanaged plugins appears even more common. Additionally, regulators now question whether existing SOC controls satisfy enterprise security obligations.

These concerns escalate when software agents act on behalf of the firm.

Incident frequency underscores urgent risk. Therefore, understanding identity gaps becomes critical before selecting solutions.

The following section explores functional reasons agents require distinct identities.

Why Agents Need Identities

Autonomous agents execute code, call APIs, and move funds without direct supervision. Therefore, each agent deserves the same rigor applied to human staff.

Agent Identity Management enforces least-privilege, audit trails, and rapid revocation. Moreover, assigning unique credentials prevents the lateral movement often enabled by shared tokens.

An identity layer purpose-built for agents also supports trust scoring. Consequently, suspicious behavior can trigger automated suspension before damage spreads.

Traditional access control assumes slow human click paths. Conversely, agent orchestration operates at machine speed, issuing dozens of API calls each second. Consequently, every policy decision must evaluate context without introducing bottlenecks.

The business case stretches beyond compliance to tangible risk reduction. However, implementation requires robust technical safeguards, which NewCore claims to provide.

We now dissect the vendor’s core mechanics.

Inside NewCore Split Key

NewCore positions its Secure Split Key architecture as the centerpiece of its identity layer. The model divides signing material between customer vaults and the platform, removing single points of compromise.

Additionally, NewCore exposes “Agentic Skills” that wrap popular coding assistants like Claude Code, Codex, and Cursor. Consequently, enterprises can decorate each skill with scoped tokens and policy.

A mobile oversight app supplies human-in-the-loop approvals. Meanwhile, continuous discovery hunts for rogue agents across cloud estates.

Professionals can validate advanced competencies through the AI Security Level 2 certification. The program covers key concepts addressed by Agent Identity Management platforms.

According to the founders, SSK integrates with SAML and OIDC flows already deployed in large enterprises. Furthermore, NewCore logs every cryptographic operation to provide immutable audit events required by enterprise security frameworks.

NewCore’s design promises layered defense without sacrificing speed. Nevertheless, technical merit is only half the battle.

Competitive dynamics reveal how standards and incumbents shape the identity layer landscape.

Competitive Identity Layer Battle

Okta, Microsoft Entra, and several startups now frame identity as the agent control plane. In contrast, some orchestration vendors push for Model Context Protocol registries instead of identity-centric policy.

Standards bodies such as NIST’s NCCoE acknowledge gaps in identification, authentication, and auditing for autonomous agents. Furthermore, OWASP drafts illustrate open issues around prompt-injection and delegated access control.

Consequently, enterprises face fragmented guidance when selecting platforms. They must evaluate maturity, interoperability, and vendor lock-in risk.

Market watchers predict consolidation around a pluggable identity layer that can attach to any agent runtime. Nevertheless, no consensus API exists yet, and interoperability hackathons scheduled for Identiverse may shape early drafts.

Market competition accelerates innovation but complicates decision making. Therefore, adoption strategies require clear priorities and phased pilots.

The next section addresses those execution hurdles.

Adoption Challenges And Gaps

Legacy IAM stacks rarely expose machine-speed policy APIs. Subsequently, integrating agent capabilities often forces brittle workarounds.

Moreover, shadow projects spin up unmanaged agents in development sandboxes. Without continuous discovery, security teams lack visibility until an incident emerges.

Cultural adoption also lags. Nevertheless, framing Agent Identity Management as an enabler of experimentation rather than a blocker can win developer support.

Budget alignment poses another hurdle. Moreover, finance leaders often treat agent spending as experimentation rather than core enterprise security investment.

Technical and cultural headwinds slow transformation. However, pragmatic steps can accelerate progress.

The final section offers actionable recommendations.

Strategic Recommendations Ahead

Start with an inventory of all autonomous agents, including those embedded in SaaS plugins. Consequently, you can map privileges against data sensitivity.

• Enable unique credentials per agent
• Implement continuous discovery alerts
• Use split-key or hardware-bound signing
• Establish human approval workflows
• Pilot with low-risk workloads first

Furthermore, align policies with emerging NIST guidance to future-proof compliance. Professionals should pursue structured learning to bridge knowledge gaps.

Therefore, we recommend the previously mentioned AI Security Level 2 credential for specialists architecting Agent Identity Management solutions.

Organizations should also publish internal playbooks titled “Agent Identity Management Minimum Standards” to align teams. Additionally, consistent terminology reduces misconfiguration across clouds.

Finally, measure success with metrics such as agent mean time to revoke. Track the percentage of policies enforced by Agent Identity Management tooling.

These steps drive quick wins while setting the stage for scalable governance. Consequently, enterprises can reduce risk without stifling innovation.

The concluding section distills the broader impact.

Agent Identity Management now sits at the center of enterprise security strategy. NewCore’s $66 million launch illustrates investor confidence and technical ambition, yet high incident rates prove the challenge remains unsolved. Moreover, standards are still forming, and integration hurdles persist across legacy stacks. Nevertheless, organizations that inventory agents, deploy fine-grained access control, and adopt split-key signing can dramatically shrink attack surfaces. Additionally, upskilling staff through credentials like the AI Security Level 2 certification ensures long-term operational maturity. Therefore, commit to Agent Identity Management today and secure the next generation of software agents.