Here is a sentence that would have sounded absurd two years ago. A cybersecurity startup just raised 66 million dollars to give your AI agents employee identities. Not to build the agents. To manage who they are, what they can touch, and how fast you can shut them off.
The company is NewCore. The round was led by Cyberstarts, with Index Ventures and Evolution Equity Partners, at a 300 million dollar valuation before it has sold the thing at scale, as TechCrunch reported. The investors are not betting on agents being useful. That is settled. They are betting on agents being a governance problem.
The Quiet Number Behind the Round
McKinsey now runs about 25,000 AI agents alongside its 60,000 people. Read that ratio again. A professional services firm has one software worker for every two and a half humans, and the line is moving in one direction.
Every one of those agents needs to log in somewhere. It needs permission to read a database, send an email, move a record, call an API. In identity terms, each agent is a new employee who never sleeps, works across ten systems at once, and can be cloned a thousand times by lunch. The badge systems most companies use were built for humans who do none of that.
NewCore's co-founder Zohar Alon said it cleanly. "The scale and complexity that those things are going to add to 15- or 20-year-old identity platforms will break them." He is not describing a feature gap. He is describing infrastructure that was never designed for the load it is about to carry.
This is why the same week brought Salesforce buying the AI customer service company Fin for 3.6 billion dollars and folding it into Agentforce, its platform for building business agents. The agent layer is consolidating into something companies will run by the thousand. And anything you run by the thousand, you have to govern by the thousand.
Identity Is the Control Plane Nobody Budgeted For
Most leadership conversations about AI agents are still about capability. What can it do, how much work can it absorb, where does it cut cost. The harder question is the one NewCore is selling against. When an agent has standing access to your systems, who decided that, and how fast can you take it away?
A human employee who leaves gets deprovisioned. Badge off, accounts closed, access gone. Now picture an agent that was spun up by one team, copied by another, given an API key that got pasted into a script, and is still running with full permissions three months after the project ended. That is not a horror story. That is the default state of most companies adopting agents right now.
I wrote earlier about the new plumbing beneath the agentic web, the protocols that let agents talk to systems and to each other. Identity is the layer that decides whether that plumbing is safe to turn on. Without it, every integration is a door you cannot find later to lock.
The reason this matters commercially, not just technically, is liability. A non-human identity with forgotten permissions is a breach waiting for an audit. When the model running your billing process can be impersonated or hijacked, the cost is not a slow workflow. It is a regulatory event with your name on it.
There is a speed problem hiding in here too. When something goes wrong with an agent, a leaked key, a prompt injection that turns it hostile, a runaway process spending money, your first question is who can turn this off and how fast. If the answer is an engineer hunting through scripts at 2 a.m., you do not have governance. You have hope. Identity is what turns that 2 a.m. scramble into a single revoke.
What Operators Should Do Before They Scale Agents
Start with an inventory. Most companies cannot name how many agents, scripts, and service accounts already hold credentials in their stack. You cannot govern what you have not counted, so count it first. That single audit usually surprises the people who ordered it.
Then treat every agent like a hire. It gets an identity, a defined scope of access, an owner who is accountable for it, and an expiry. If a human would not get permanent admin rights on day one with no manager, neither should a software worker. The discipline is old. The subjects are new.
And decide this now, while you have ten agents, not later when you have ten thousand. I argued that agents will not replace whole jobs yet, and that is still true. But they are quietly becoming the largest population of workers in your systems, and they arrived without an HR department. The companies that build one early will spend the next two years scaling. The ones that do not will spend it cleaning up.
None of this requires a new department or a six-month project. It requires deciding that a software worker with access to your systems is an identity you own, not a convenience you forget. The companies that internalize that now will not be the ones reading about an agent breach with their own name on it next year.
The badge is back, just for a different kind of worker. Give your agents one before something else decides who they are.