A cybersecurity startup just raised $120 million to solve a problem most companies don't even know they have yet: their AI agents are a security nightmare.

The Summary

  • Oasis Security raised $120 million from Sequoia and Accel to manage non-human account access, particularly AI agents
  • The raise signals VCs are betting infrastructure for agent security is critical before agent deployment scales
  • Companies are spinning up AI agents without unified frameworks for access control, creating massive attack surfaces

The Signal

Here's what the Oasis raise tells you about where we actually are in the agent economy: we're building the plane while flying it, and the security bills are coming due before most companies have even deployed meaningful automation.

Traditional identity and access management was built for humans logging in from browsers. But AI agents don't log in once at 9am and out at 5pm. They fire thousands of API calls across dozens of systems, often with privileged access, running continuously. Each agent is a potential attack vector. Each credential is a skeleton key if compromised.

The $120 million number matters because it shows tier-one VCs believe this isn't a feature, it's a category. Sequoia and Accel don't write checks this size for point solutions. They're betting that every enterprise deploying agents will need dedicated infrastructure to manage non-human identities at scale. That implies they see agent deployment accelerating faster than security teams can adapt with existing tools.

What Oasis is really selling is visibility and control in a world where your employee count and your "account count" are diverging rapidly. You might have 500 humans and 5,000 agents by next year. Most companies can't even inventory their current non-human accounts, let alone secure them properly. That's the gap Oasis is filling, and the funding size suggests it's a canyon, not a crack.

The Implication

If you're building or deploying AI agents in an enterprise context, expect security teams to start asking hard questions about credential management, audit trails, and access scoping within the next six months. The tooling is getting funded now because the problem is already here. Don't wait for a breach to figure out which agents have access to what.

Source: Bloomberg Tech