If you're a IT leader or security leader, here's a number that should keep you up at night: 144.

That's how many nonhuman identities—API keys, service accounts, OAuth tokens, bot credentials—exist in your enterprise environment for every single employee. A year ago, it was 92:1. Next year? Probably 200:1.

Today, Israeli security startup Oasis Security closed a $120 million Series B led by Craft Ventures, with participation from Cyberstarts, Sequoia Capital, and Accel. That brings total funding to $195 million since the company's 2022 founding by former Israeli Intelligence Unit 81 members Danny Brickman and Ami Timarman.

The timing isn't coincidental. As enterprises accelerate AI agent deployments, they're creating a new class of security exposure that traditional IAM tools weren't designed to handle. And the numbers are staggering.

---

The Hidden Explosion: Why Machine Identities Are Multiplying Faster Than Employees

Let's start with the uncomfortable truth: Your enterprise has more bots than people—by a factor of 100+.

According to recent industry research, nonhuman identities (NHIs) have grown 44% year-over-year, reaching a ratio of 144 machine identities per human employee by mid-2025. In cloud-native environments, that ratio can hit 40,000:1.

What's driving this explosion?

1. Cloud infrastructure sprawl – Every microservice, container, and serverless function needs credentials
2. AI agent proliferation – Gartner predicts 40% of enterprise applications will embed AI agents by 2026, up from less than 5% in 2025
3. API economy – SaaS integrations, webhook callbacks, CI/CD pipelines—all create machine identities
4. Automation workflows – RPA, DevOps tooling, automated testing frameworks

The result: a massive, invisible workforce of nonhuman actors with full access to your most sensitive systems.

---

The AI Agent Security Gap: Why Traditional IAM Tools Are Failing

Here's where it gets interesting—and where Oasis Security's $120M bet makes sense.

Traditional Identity & Access Management (IAM) systems were built for human users. They assume:

• Periodic logins with MFA
• Manager approval workflows
• Annual access reviews
• Password rotation policies

AI agents break every one of those assumptions.

An AI agent with access to your CRM, email, and financial systems operates 24/7. It doesn't "log in." It doesn't have a manager. It doesn't change passwords quarterly. And if it's compromised—via prompt injection, data poisoning, or credential leakage—it can execute thousands of malicious actions per minute.

"An agent with full-blown access right now is as powerful as it gets," explained Oasis CEO Danny Brickman in a recent Bloomberg interview. "That creates even more pressure on the security leader."

---

How Oasis Security Solves the Problem: Discovery, Governance, and Lifecycle Management

So what does a $120 million Series B buy you in the nonhuman identity management space?

Oasis Security's platform addresses three critical gaps:

1. Discovery & Inventory

The platform auto-discovers all nonhuman identities across IaaS, SaaS, PaaS, and on-prem environments—AWS, Azure, GCP, GitHub, Salesforce, Office 365, ChatGPT, and more.

Within minutes, it creates a unified inventory showing:

• What machine identities exist
• Where they're deployed
• Who (or what) created them
• What resources they can access

2. Contextual Risk Assessment

Beyond raw discovery, Oasis provides AI-powered insights to:

• Identify dormant or orphaned identities
• Flag excessive permissions (privilege creep)
• Detect anomalous authentication patterns
• Map identity-to-resource relationships

The platform uses machine learning and heuristics to suggest owners, identify gaps, and prioritize risks based on severity.

3. Policy-Based Governance & Remediation

Oasis enforces adaptive, context-aware policies to:

• Automate credential rotation and secret management
• Apply least-privilege access controls
• Trigger alerts for policy violations
• Provide out-of-the-box remediation plans

The result: security teams can proactively govern machine identities instead of reacting to breaches.

Platform Capability	What It Does	Why It Matters
Auto-Discovery	Identifies all NHIs across cloud, SaaS, on-prem	Eliminates blind spots—you can't secure what you can't see
Ownership Mapping	Links identities to teams/systems using CMDB data + ML	Enables accountability and faster incident response
Threat Detection	Real-time anomaly detection (Oasis Scout + AuthPrint)	Catches account takeovers, leaked credentials, unauthorized access
Policy Enforcement	Automated rotation, least-privilege, compliance checks	Reduces manual toil and audit failures
Lifecycle Management	Provisioning → Monitoring → Decommissioning	Prevents "zombie" identities from lingering indefinitely

---

Why This Matters for finance leaders and Business Leaders

If you're not in security or IT, you might be thinking: "Why should I care about machine identities?"

Here's why:

1. Compliance Risk

Regulations like SOC 2, ISO 27001, GDPR, and HIPAA require organizations to maintain an inventory of all system access—including nonhuman identities. Failing audits because you can't track API keys is embarrassing. Failing them because a leaked token exposed customer PII is expensive.

2. Operational Efficiency

Unmanaged identities create friction:

• DevOps teams waste time tracking down credentials
• Security teams manually rotate secrets
• Audit teams can't answer "who has access to what?"

Automation reduces overhead and accelerates workflows.

3. Business Continuity

A compromised service account can:

• Disable CI/CD pipelines (halting deployments)
• Delete production databases (catastrophic downtime)
• Exfiltrate IP or customer data (brand damage + legal liability)

The cost of not managing machine identities is measured in downtime, breaches, and lost revenue.

---

Market Timing: Why Oasis Is Raising Now

Oasis Security's $120M Series B isn't just about product development—it's a market timing play.

Consider these converging trends:

Trend	Data Point	Impact
AI Agent Adoption	40% of apps will embed AI agents by 2026 (Gartner)	Exponential growth in machine identities
Identity Proliferation	NHIs grew 44% YoY, now 144:1 ratio (Industry research)	Traditional IAM can't scale
Cloud Migration	79% of enterprises use AI in ≥1 function (PwC)	Attack surface expanding faster than security budgets
Fraud Detection Spend	AI-powered fraud tools will hit $10.4B by 2027 (Juniper)	Security investment following adoption curve

Translation: The market is ready. The pain is real. And Oasis is positioned to become the category leader in nonhuman identity management.

---

What Oasis Will Do With $120M: R&D, GTM, and Global Expansion

According to the company, the Series B will fund:

1. Expanded R&D – Enhanced AI-specific threat detection, deeper platform integrations, and improved ML-driven ownership attribution
2. Go-To-Market Scale – Accelerated sales hiring, partnerships with cloud providers and enterprise platforms
3. Global Expansion – Increased presence in North America, Europe, and Asia to meet international demand

The goal: make nonhuman identity management a standard enterprise security control—just like endpoint protection or SIEM.

---

The Bottom Line: Identity Management Is No Longer Just About People

Here's what technical and business leaders need to understand:

For IT leaders and security leaders:

• You're blind to 99% of your identities. Human IAM gives you control over employees. But if machine identities outnumber employees 144:1, you're only managing 1% of your access surface.
• AI agents amplify risk. A compromised human account can do damage. A compromised AI agent with access to CRM, finance, and email can execute thousands of malicious actions per minute.
• Traditional IAM won't scale. You need purpose-built tools for discovery, governance, and lifecycle management of nonhuman identities.

For finance leaders and Business Leaders:

• Compliance failures are expensive. Auditors will ask: "Can you show me every API key with access to customer data?" If the answer is "no," you're in trouble.
• Operational efficiency matters. Manual secret rotation, orphaned credentials, and access sprawl create friction. Automation reduces overhead.
• Business continuity depends on it. A single leaked service account can take down production systems, expose sensitive data, or enable ransomware deployment.

The question isn't whether to invest in nonhuman identity management—it's how fast you can deploy it before your competitors (or attackers) get there first.

---

What to Watch Next

As AI agent adoption accelerates, expect to see:

1. Consolidation in the NHI space – Oasis, CyberArk, HashiCorp, and others will compete for category leadership
2. Regulatory scrutiny – Expect new compliance requirements around machine identity governance
3. Integration plays – Cloud providers (AWS, Azure, GCP) may build native NHI management—or acquire players like Oasis
4. Board-level conversations – Nonhuman identity risk will move from "security leader concern" to "C-suite priority"

For now, the message is clear: If you're deploying AI agents, you need to secure their identities before they secure access to everything else.

---

About Oasis Security: Founded in 2022 by Danny Brickman and Ami Timarman (Israeli Intelligence Unit 81), Oasis Security provides a platform to discover, classify, and govern nonhuman identities across cloud, SaaS, and on-prem environments. The company has raised $195 million to date from Craft Ventures, Cyberstarts, Sequoia Capital, and Accel. Learn more at oasis.security.

Want to calculate your own AI ROI? Try our AI ROI Calculator — takes 60 seconds and shows projected savings, payback period, and 3-year ROI.

Continue Reading