AI Agents Are Becoming 'Employees' — NewCore Launches With $66M to Give Them Identities

NewCore, an Israeli-American security startup, emerged from stealth on June 15, 2026 with a $66 million seed round led by the cybersecurity-focused fund Cyberstarts — with Index Ventures and Evolution Equity Partners also participating — at a reported post-money valuation of $300 million, on a single, increasingly urgent bet: that companies will soon have to manage AI agents the same way they manage human employees. As reported by TechCrunch, the company is building identity and access infrastructure designed specifically for a mixed workforce of people, machines and autonomous AI agents. If that thesis is right, the phrase "employee identity" stops meaning one person with one login — and the security teams responsible for who-can-access-what suddenly have a far larger, far stranger population to govern. This article explains what NewCore does, who is behind it, why the problem it targets is real, and what remains unproven. All figures, names and quotes below are attributed to TechCrunch's reporting and have not been independently verified by comparee.ai.

What NewCore actually does

According to TechCrunch, NewCore provides identity and access management (IAM) built specifically for AI agents operating alongside human employees inside an organization. The core idea is to treat each AI agent not as a script borrowing a person's credentials, but as a first-class identity in its own right — with its own permissions, its own lifecycle controls, and its own revocation mechanism. In practice, that means an agent could be provisioned, scoped to a narrow set of actions, monitored, and switched off the moment it misbehaves or is no longer needed, much the way a company onboards and offboards a human worker.

That framing matters because of how AI agents tend to get access today. In many early deployments, an autonomous agent is handed an API key, a service account, or even a human user's session token so it can do useful work — reading a database, sending an email, filing a ticket, moving money. Those credentials are often long-lived, broadly scoped and poorly tracked. NewCore's argument, as relayed by TechCrunch, is that this approach does not scale and does not stay secure once an enterprise is running not one agent but hundreds or thousands of them, each potentially spinning up sub-agents and acting at machine speed. Giving every agent a managed identity is meant to bring the same discipline enterprises already apply to human accounts — least privilege, auditing, fast revocation — to a workforce that never sleeps and never logs off.

Why "non-human identity" is suddenly a hot category

The deeper context behind NewCore's launch is a shift the security industry has been bracing for: the rise of "non-human identities," or NHIs. For years, the dominant identity problem was human — the employee, the contractor, the partner — and a generation of companies, from Okta to Microsoft Entra, built large businesses around managing those users. But machine identities (service accounts, API keys, workload credentials) have quietly multiplied, and AI agents represent a new and especially tricky class of them: software that can reason, take initiative, chain actions together and operate with a degree of autonomy that a static service account never had.

That combination — autonomy plus access — is what makes the problem urgent. A human who is phished can do damage, but they act at human speed and within human working patterns. An agent with broad standing privileges can be manipulated through prompt injection or a poisoned tool, and then execute a long series of consequential actions in seconds, with no obvious moment for a person to intervene. As enterprises move from experimenting with chatbots to deploying agents that actually do things on their behalf, the question of who an agent is, what it is allowed to do, and how to shut it down cleanly stops being academic. NewCore is one of several companies racing to own that question, and its $66 million seed — unusually large for a stealth-stage launch — reflects how much investor appetite there is for an "identity layer for agents."

Who is behind NewCore

NewCore's pitch is bolstered by a founding team with deep roots in enterprise security and infrastructure, as detailed by TechCrunch. The CEO is Zohar Alon, who previously co-founded Dome9, a cloud security company acquired by Check Point — giving him direct experience building and exiting a security business that sold into large enterprises. The chief technology officer is Amihai Neiderman, described as a former research leader in Israel's elite Unit 8200 signals-intelligence corps and the founder of Nym Health; his background sits squarely in offensive and applied security research. Rounding out the leadership is chief commercial officer Erez Yarkoni, a former chief information officer of T-Mobile USA and Telstra, who brings the buyer's-side perspective of a large-enterprise CIO who has had to wrangle identity and access at scale.

That mix — a serial security founder, a hands-on offensive-security technologist, and a veteran enterprise CIO — is the kind of profile that helps explain a $300 million valuation before the company has meaningful revenue. Investors in this category are frequently betting on the team's ability to navigate long enterprise sales cycles and earn the trust of security organizations as much as on the specific product. Cyberstarts in particular has a track record of backing Israeli cybersecurity companies early and helping them reach enterprise buyers, which fits NewCore's profile closely.

The "split-key" architecture and the trust problem

One technical detail TechCrunch highlights is NewCore's "split-key" approach, which divides critical credentials between the customer and the platform so that neither side alone holds enough to be a single point of compromise. The logic is straightforward: if a security vendor is going to sit at the center of how an enterprise's agents authenticate and gain access, that vendor becomes an extremely attractive target. A breach of the identity provider could, in the worst case, hand an attacker the keys to every agent — and by extension every system those agents can touch. Splitting keys so that the vendor never holds complete credentials is a way to limit the blast radius if NewCore itself were ever compromised.

This points to a broader tension in the entire non-human-identity space. The companies promising to secure agents are, by design, accumulating enormous concentrated trust. They must convince skeptical security teams that adding a new identity broker reduces risk rather than creating a fresh, high-value attack surface. Architectural choices like split-key are partly a security measure and partly a trust-building argument aimed at exactly the cautious buyers NewCore needs to win. Whether such designs hold up under real-world scrutiny is something independent security researchers — not vendors — will ultimately determine, and that verdict is not yet in.

Where NewCore stands today

For all the ambition, NewCore is at an early stage, and it is worth being precise about that. Per TechCrunch, the company has fewer than 10 paying customers and more than 10 design partners — organizations working closely with NewCore to shape the product, often without paying full freight yet. It employs more than 50 people across the United States and Israel, and it expects to begin charging customers in the summer of 2026. In other words, this is a well-funded, well-staffed company with a credible team and a timely thesis, but one whose product is still being validated in the field rather than proven at scale.

That early-stage reality is not a knock; it is typical of an ambitious seed-stage launch, and the large round buys NewCore runway to build before it has to prove out a business model. But it does mean the most important claims — that legacy identity platforms will genuinely "break" under agentic load, that enterprises will pay for a dedicated agent-identity layer rather than extending existing tools, and that NewCore's particular architecture is the right answer — remain hypotheses. The market is also crowded with established identity vendors and other startups all positioning to own non-human identity, so commercial success is far from guaranteed even if the underlying problem is real.

Why security teams should be watching

The takeaway for anyone responsible for enterprise security is less about NewCore specifically and more about the trend it represents. The number of AI agents acting inside organizations is rising quickly, and many of them are being granted access through ad hoc, hard-to-audit means. Even teams that have no intention of buying from NewCore would be wise to start asking the questions the company is built around: How many agents are operating in our environment right now? What can each of them access, and under whose authority? How quickly could we revoke a compromised agent's access, and would we even notice if one went rogue? Those are governance questions that existing identity and access programs were never designed to answer for autonomous software.

NewCore's emergence is best read as a signal that "identity" in the enterprise is expanding beyond people. Whether the winning solution comes from a focused startup like NewCore, from incumbents extending their platforms, or from open standards that have not yet matured, the underlying shift looks durable: as agents take on more of the work, they will need to be identified, scoped and controlled like the consequential actors they are becoming. The companies that get ahead of that — by inventorying their agents and tightening how those agents get access — will be better positioned regardless of which vendor ultimately wins. That is the part worth paying attention to today, well before the market settles on an answer.

NewCore at a glance (as reported)

The table below summarizes the core facts from TechCrunch's reporting. These figures are as reported and have not been independently verified by comparee.ai.

The bottom line

NewCore is making a clear and timely wager: that the next great enterprise identity problem will not be human. As organizations deploy AI agents that can read data, send messages and take real actions on their behalf, the loose, credential-borrowing patterns of early agent deployments start to look like a serious security liability. NewCore's answer is to give every agent a managed identity — provisioned, scoped, audited and revocable — backed by a $66 million round, a heavyweight security team, and an architecture designed to keep the company itself from becoming a single point of failure.

What is not yet proven is whether enterprises will buy a dedicated agent-identity layer, whether legacy platforms will really buckle under agentic load, and whether NewCore's specific approach beats a crowded field. Those answers will come over the next year or two as the company starts charging customers and independent researchers probe its claims. But the direction of travel is hard to argue with: AI agents are increasingly acting like employees, and employees — human or not — need identities someone can control. For security teams, the smart move is to start treating their agents that way now, regardless of which vendor ultimately wins the category.

Disclaimer: based on reporting by TechCrunch, linked below. Figures, names, quotes and product details are as reported and have not been independently verified by comparee.ai.