Your AI agents are running with your credentials. Every Claude Code session you kicked off this week, every Cursor tab, every Codex workflow — most of them authenticated using your personal OAuth token, a long-lived API key in a .env
file, or a service account with permissions that were never scoped to an agent. That is not an accident. It is the default. And it is a disaster waiting to happen at scale.
On June 15, NewCore emerged from stealth with $66 million in seed funding to build the identity layer that agent deployments have been missing. The company is purpose-built from scratch for hybrid human-AI workforces — not a retrofit of a platform designed to track human logins in 2008.
The Numbers Are Bad and Getting Worse #
The Gravitee State of AI Agent Security 2026 Report puts the scale of the problem in sharp relief. Eighty-eight percent of organizations reported confirmed or suspected AI agent security incidents in the past year. Only 14.4% of agents going live have full security or IT approval. And 45.6% of enterprises are still using shared API keys for agent-to-agent authentication.
Those are not edge cases. That is the industry average.
The consequences are already material. In January, Step Finance lost $27 to $30 million when compromised executive devices gave attackers access to AI trading agents with unchecked permissions to execute large fund transfers without human approval. A separate attacker used Claude Code and GPT-4.1 to breach nine Mexican government agencies — 195 million taxpayer records — exploiting agents that had no meaningful identity boundaries. The Vercel–Context.ai breach this spring showed how a single compromised OAuth token in one AI tool cascades through everything connected to it.
When 25.5% of deployed agents can spawn sub-agents of their own, the blast radius from a single compromised identity is no longer linear.
What NewCore Is Building #
NewCore is led by Zohar Alon, who previously built and sold Dome9 to Check Point, alongside CTO Amihai Neiderman and CCO Erez Yarkoni, formerly CIO at both T-Mobile USA and Telstra. The $66 million round was led by Cyberstarts, Index Ventures, and Evolution Equity Partners at a $300 million valuation.
The technical architecture is where NewCore makes its claim. Its Secure Split Key (SSK) system eliminates single points of failure in SAML and OIDC signing — blocking Golden SAML attacks, adversary-in-the-middle exploits, session theft, and token replay, which are the actual attack vectors hitting production agent deployments today. Credentials are hardware-bound to TPM and Secure Enclave, not just scoped tokens that can be exfiltrated from a config file.
Critically, agents get first-class identities. Not service accounts. Not shared API keys. Each agent has its own lifecycle, trust score, and revocation controls. Native integrations ship for Claude Code, Codex, and Cursor — the tools developers are actually using to build and deploy agents today.
Okta Is Already Here. That Is Not the Same Thing. #
Okta for AI Agents went generally available on April 30 and deserves credit for moving quickly. It adds identity security posture management, Universal Directory support for agent identities, and least-privilege enforcement. For organizations already deep in the Okta ecosystem, it is a legitimate starting point.
But Okta for AI Agents is an extension of infrastructure built in 2009. It understands human login events. It can store a record for an agent. Whether it truly models the non-deterministic, multi-hop behavior of an autonomous agent that spawns sub-agents, maintains sessions across overnight runs, and touches forty services in a single workflow is a different question. NewCore’s argument — and it is a reasonable one — is that agents are not slightly unusual humans. They are a categorically different class of identity that requires purpose-built infrastructure.
What Developers Should Do Now #
NewCore and Okta are enterprise products. They are not what you install this afternoon. But the underlying practices are available to every developer today:
- Stop sharing human OAuth tokens or personal API keys with agents. Issue dedicated, scoped tokens for each agent.
- Prefer short-lived tokens — minute-scale lifetimes, not long-lived secrets that persist across restarts.
- Move production secrets out of
.env
files and MCP config files. Static secrets in config files are the single most common vector in agent security incidents. - Use a real secret store: HashiCorp Vault, AWS Secrets Manager, or equivalent.
- Log every agent action against its specific identity — not “the application.”
- Implement human-in-the-loop checkpoints for high-impact operations: file writes, fund transfers, sending communications.
These are not advanced security practices. They are the minimum that any production agent deployment should be running on. Most are not. Descope’s AI agent credential management guide covers the full implementation path if you want to go deeper.
The Bigger Picture #
McKinsey has documented enterprises running 25,000 AI agents alongside 60,000 human employees. Goldman Sachs is testing agents as formal new hires with their own onboarding processes. Within two years, agentic identities will outnumber human identities at many technology organizations.
Identity infrastructure built for a world where every actor is a human logging in from a desk once a day is not going to hold. This is the next IAM category — the same transition that cloud IAM forced on on-premises identity systems in the 2010s. NewCore is betting $66 million that it owns the category before Okta and Microsoft finish retrofitting theirs. That is a reasonable bet. Whether or not NewCore wins it, the problem it is solving is real, it is causing material damage today, and developers building agent systems are making it worse every time they paste an API key into a config file.