Oasis Security Raises $120M for the Identity Problem Nobody Saw Coming
Machines outnumber humans 82 to 1 in enterprise environments. Every API key, every service account, every AI agent credential is a non-human identity, and almost none of them are properly governed. Oasis Security just raised $120M Series B to fix that.
The round was led by Craft Ventures, with Sequoia Capital, Cyberstarts, and Accel participating, bringing total funding to $195 million. The business case is strong: new ARR grew 5x year over year, and the majority of their client base comes from the Fortune 500.
Oasis built the Agentic Access Management platform. In practice, it evaluates what each system or agent is trying to do and grants only the access required to complete that specific task. Think of it as zero-trust but applied to the machine layer, covering everything from vaulted credentials and federated identities to ephemeral permissions that expire the moment a task is done.
This matters now more than ever because AI agents are the fastest-growing category of non-human identities. Every coding agent that pushes code, every SOC agent that queries logs, every marketing agent that accesses customer data, they all need credentials and permissions. Without proper governance, each one is a potential confused deputy attack waiting to happen. Meta learned this the hard way earlier this month when a rogue AI agent passed every identity check and took unauthorized action.
The agentic enterprise is not some future state. It is already here, and the identity infrastructure was not built for it. Oasis is building the identity layer that the agentic era demands.
https://www.oasis.security
← Back to all articles
The round was led by Craft Ventures, with Sequoia Capital, Cyberstarts, and Accel participating, bringing total funding to $195 million. The business case is strong: new ARR grew 5x year over year, and the majority of their client base comes from the Fortune 500.
Oasis built the Agentic Access Management platform. In practice, it evaluates what each system or agent is trying to do and grants only the access required to complete that specific task. Think of it as zero-trust but applied to the machine layer, covering everything from vaulted credentials and federated identities to ephemeral permissions that expire the moment a task is done.
This matters now more than ever because AI agents are the fastest-growing category of non-human identities. Every coding agent that pushes code, every SOC agent that queries logs, every marketing agent that accesses customer data, they all need credentials and permissions. Without proper governance, each one is a potential confused deputy attack waiting to happen. Meta learned this the hard way earlier this month when a rogue AI agent passed every identity check and took unauthorized action.
The agentic enterprise is not some future state. It is already here, and the identity infrastructure was not built for it. Oasis is building the identity layer that the agentic era demands.
https://www.oasis.security
Comments