Oasis Security raises $120 million Series B to secure the rise of AI agents

Oasis Security has closed a $120 million Series B round to build out what it calls the access management layer for the agentic enterprise. The round was led by Craft Ventures, with participation from existing investors Sequoia Capital, Accel, and Cyberstarts, bringing total funding to $195 million since the company was founded in 2022.

The New York-based startup pioneered what it calls Non-Human Identity management, and with this round is positioning itself as the foundational access control plane for enterprises deploying AI agents at scale. The timing is notable: Oasis published research just three weeks ago disclosing a critical vulnerability in OpenClaw called ClawJacked, which allowed malicious websites to hijack locally-running AI agents via a WebSocket attack. The vulnerability was patched within 24 hours.

The funding reflects a broader recognition that the identity systems enterprises rely on were built for people, not autonomous software. According to Palo Alto Networks, machine identities already outnumber human ones 82 to 1. As AI agents proliferate across enterprise infrastructure, that ratio is only going to shift further.

"Agent value is defined by access, and so is modern risk," said Danny Brickman, Oasis CEO, in the announcement. "Every organization deploying AI agents is taking on access risks they cant yet see. The organizations scaling AI fastest are the ones who treated access as a foundational requirement, not an afterthought."

Oasis says its annual recurring revenue grew 5x year over year, with most new ARR coming from multi-year enterprise agreements. The company counts a majority of its customers among the Fortune 500, and says it is increasingly being embedded directly into customers identity architecture as the access management layer for agentic infrastructure.

The product, called Agentic Access Management, evaluates what each system is trying to do and grants only the access required to complete that task, with no standing permissions. The platform handles vaulting, federation, and ephemeral permissions across hybrid environments, from AWS and Azure to GitHub, Salesforce, and Snowflake.

Michael Robinson, a partner at Craft Ventures, framed the investment in category terms: "As AI agents proliferate, organizations need a fundamentally new approach to managing non-human identities and agentic access. Oasis has emerged as the clear leader in this category."

The Series B will fund R&D for the AAM platform, expansion across AI agent frameworks and enterprise systems, and global sales expansion. Oasis was founded in 2022 by Brickman and Amit Zimerman.

The competitive landscape is forming quickly. Aembit, which positions itself as a full identity-first control plane for non-human workloads including AI agents, is another player in this space. Insight Partners called Agent IAM "the defining security topic for 2026." Security firm CyberArk noted in a recent blog post that by 2026, enterprises will be relying on AI agents in production, requiring a fundamentally different approach to identity and access.

For enterprises already running AI agents, the message from investors and security researchers alike is consistent: access governance is not optional. The question is whether teams will treat it as a foundational layer or an afterthought when something breaks.