Fixing an Old Problem for a New Era

Oak, a cybersecurity startup based in Tel Aviv and San Francisco, emerged from stealth on July 15 with $60 million in seed funding to build what it calls an AI-native identity and access management system. The round was co-led by Accel, Greylock Partners, and CRV, with additional backing from Hetz Ventures, AlphaDrive Ventures, and strategic angel investors, according to the company’s announcement.

Oak was founded by Shai Morag, a repeat cybersecurity entrepreneur whose earlier startups — Integrity-Project, Secdo, and Ermetic — were acquired by Nvidia’s Mellanox, Palo Alto Networks, and Tenable, respectively. Co-founder Tal Marom previously led product teams at Tenable and Salesforce.

Why Identity Is Breaking

Oak argues that identity tools built for an era of human employees and cloud accounts can no longer keep pace with enterprises where humans, machine accounts, and autonomous AI agents all hold system access at once. According to Morag, most identity governance today is manual and “operations-based, not risk-based,” with no automatic response when, for instance, an account logs in from an unusual location.

The platform connects to an organization’s applications — on-premises, cloud, SaaS, or custom-built — and builds a live identity graph from raw access data. It then compares what each identity, human or otherwise, is entitled to against what it actually uses, flagging excess privileges and surfacing real-time risk decisions.

Built After Talking to 100 CISOs

Before writing code, the founders say they spent months interviewing 100 chief information security officers and identity leaders about where existing tools fall short, according to TechCrunch. The product is already generally available and in use at enterprise customers, though Oak has not disclosed customer names or revenue figures. The company grew to roughly 50 employees during its stealth period and is continuing to hire, primarily in the United States.

Identity and access management has become a growing concern as companies deploy AI agents that can independently take actions across internal systems, expanding the pool of “non-human identities” security teams must track alongside employee accounts.

Read also