NewCore turns AI agents into managed identities

NewCore’s playbook turns AI agents into managed identities you can grant, review, and revoke.

I’ve been watching identity systems get dragged into AI work whether they wanted to or not. And honestly, they’ve been handling it like a legacy app that got told it’s now part of payroll. Humans were already messy enough. Then we started bolting on service accounts, shared API keys, and “temporary” credentials that somehow live forever. That’s the part that keeps bothering me: every new agent gets treated like a one-off exception, which is exactly how security debt turns into an outage.

What NewCore is trying to do feels like a direct answer to that mess. Not a shiny AI wrapper. Not another dashboard that says “agentic” and calls it a day. I mean actual identity plumbing for software workers that can act, request access, and be shut off without a scavenger hunt through three admin consoles. That’s the interesting bit. If AI agents really do become part of the workforce, then identity stops being a back-office concern and becomes the control plane.

So I read the TechCrunch piece by Jagmeet Singh at TechCrunch and started decomposing the idea like I would for my own team: what’s real here, what’s hand-wavy, and what would I actually copy into a product spec.

NewCore says it emerged from stealth with $66 million, led by Cyberstarts with participation from Index Ventures and Evolution Equity Partners. The company’s pitch is blunt: if agents are going to sit beside employees, they need identities, permissions, lifecycle controls, and revocation. That’s the frame I’m unpacking below.

Stop treating agents like fancy service accounts

“The startup says AI agents should be treated as first-class identities with their own permissions, life cycle controls, and revocation mechanisms, rather than as traditional service accounts or machine credentials.”

What this actually means is: stop stuffing agents into the same bucket as backend jobs and machine-to-machine tokens. That bucket was already overloaded. It works when you’ve got a cron job hitting an API. It breaks when the thing making requests can branch, retry, call other tools, and keep operating after the original human left for vacation.

I’ve seen this failure mode before. A team wants one coding agent in one repo, so they hand it a personal token or a shared integration credential. It works for two weeks. Then someone forgets where the token lives, another team copies the pattern, and now nobody can answer a basic question: who can this agent access, who approved it, and how do we shut it off fast?

NewCore’s core idea is to make the agent itself the object you manage. Not the API key. Not the script. The identity. That’s a much cleaner mental model because it lines up with how enterprises already think about access for humans.

How to apply it: if you’re designing your own system, define an agent as a named principal with an owner, scope, expiry, and revocation path. Don’t let it inherit a human’s long-lived credential. Don’t let it share a pool token with five other automations. Make the identity visible in logs, access reviews, and incident response.

Human identity systems are already creaking

NewCore’s founder, Zohar Alon, says the scale and complexity of AI agents will break 15- or 20-year-old identity platforms. That’s a strong claim, but I don’t think it’s wild. The old systems were built around employees, contractors, and maybe a few machines. They were not built for a world where software workers can spawn, collaborate, and request access on demand.

Alon also points to a painful real-world signal: he reviewed a company’s identity budget in 2023, saw the size of the bill, and assumed the customer must be happy. The customer wasn’t. That’s the kind of story I trust more than any pitch deck. It tells me the market is full of expensive tools that people tolerate, not love.

That matters because AI agents will amplify every weakness in identity. If your joiner-mover-leaver process is already sloppy for humans, agents will make it embarrassing. If access reviews are a quarterly checkbox exercise, agents will turn that into a security blind spot with a faster heartbeat.

The practical takeaway is simple: don’t wait for a dedicated “agent IAM” product to fix your process. Tighten the basics now. Clean up ownership metadata, remove stale accounts, standardize approvals, and make revocation measurable. AI doesn’t create the identity problem. It just makes the old mess more expensive.

• Inventory every non-human principal you already have.
• Mark which ones are human-owned, service-owned, or shared.
• Kill anything that has no owner or no expiry.

One control plane for humans and agents is the real bet

NewCore says it manages human and AI-agent identities in a single system. That’s the part I’d pay attention to. A lot of vendors are trying to bolt agent support onto human-first identity stacks. Maybe that’s enough in the short term. But if the agent population grows the way Alon predicts, you don’t want a sidecar product that lives outside your main access workflow.

Here’s the plain-English version: if an employee can approve access for an agent in the same place they review access for a contractor, then the organization gets one mental model. One audit trail. One revocation path. That’s cleaner than splitting policy between “real people” and “automation stuff” and hoping the gaps don’t matter.

I’ve run into this in orgs that had separate systems for app secrets, cloud IAM, and internal SSO. Every split created a place where nobody felt fully responsible. The minute an incident happened, the team started reconciling between systems instead of fixing the issue. That’s exactly the kind of drag NewCore is trying to remove.

How to apply it: if you’re building or buying this category, insist on a single source of truth for identity state. An agent should appear in the same directory, policy engine, and audit trail as the rest of the workforce. If the product can’t show me who owns the agent and what it can touch, I’m not interested.

Split-key architecture is about reducing blast radius

“NewCore uses what it calls a ‘split-key’ architecture that divides critical identity credentials between the customer and the platform, an approach designed to eliminate a single point of compromise.”

What this actually means is the vendor doesn’t get the whole secret. That’s smart. Too many identity and access systems turn into giant vaults of trust, which is convenient right up until the day they’re not.

The split-key idea is less about clever crypto theater and more about operational paranoia, which I respect. If one side of the system gets popped, the attacker still doesn’t have everything they need. That’s the kind of design choice that tells me someone has thought through the ugly part of enterprise security, not just the demo.

I’d still want to know the failure modes. What happens if the customer side is unavailable? What’s the recovery process? How are keys rotated? How do you avoid making the system so annoying that admins bypass it? Those are the questions that separate a nice architecture diagram from something I’d actually deploy.

How to apply it: if you’re designing access for agents, split trust where you can. Put approval, storage, and enforcement in different places. Make sure no single admin, app, or vendor can fully impersonate an agent without another control kicking in. And yes, write down the recovery path before anyone ships.

• Separate approval from credential custody.
• Require explicit revocation paths for every agent identity.
• Test what happens when one side of the trust model is offline.

Agent access needs a human approval loop

NewCore’s mobile app lets employees grant, review, and revoke access for AI agents. That sounds small, but it’s actually the piece I like most. The problem with autonomous systems is not just what they can do. It’s how quickly they can drift beyond what anyone remembers approving.

Putting review and revocation in a mobile workflow is a practical move because it acknowledges how people actually work. Nobody wants to log into a giant admin console every time an agent needs a new repo, dataset, or SaaS integration. They want a fast approval path that still leaves a trail.

I’ve seen teams fail here by making approvals so painful that people start rubber-stamping everything. That’s worse than having no process at all. If the approval loop is annoying, the process dies. If it’s too easy, the process is meaningless. So the challenge is to make it fast without making it fake.

How to apply it: design your agent approval flow like a lightweight incident response step. Show who is asking, what the agent wants, how long it needs it, and what happens if the request is denied. Then make revocation one tap, not a support ticket.

If you’re building this yourself, the UI is not the point. The state machine is. You need request, approve, expire, revoke, and re-review. If any of those are missing, you don’t have governance. You have a friendly-looking bypass.

Tool integrations are where this gets real

NewCore says its “Agentic Skill” package works with coding assistants like Anthropic’s Claude Code, OpenAI’s Codex, and Cursor. That’s the practical layer. This is where identity stops being abstract and starts touching actual developer workflows.

That matters because developers are already using these tools in the most sensitive places: repos, CI, cloud consoles, and internal docs. If those tools are authenticated through managed identities instead of manually copied credentials, you get a cleaner audit trail and fewer “who pasted this token where?” moments. Which, frankly, we all need less of.

I’d treat this as the adoption wedge. Nobody wakes up excited about identity management. They wake up annoyed by access friction. If NewCore can sit between the assistant and the enterprise system without making the workflow miserable, that’s the product.

How to apply it: start with one high-value tool and one narrow permission set. For example, let a coding agent open pull requests or read issue metadata, but not deploy to production. Measure how often humans need to intervene. Then widen the scope only after you trust the audit trail and revocation behavior.

Also, document the difference between “agent can act” and “agent can decide.” Those are not the same thing, and a lot of teams blur them until something bad happens.

The market is moving, but the buyer is still confused

NewCore says it has fewer than 10 customers and more than 10 design partners, and it expects to start charging this summer. That tells me the category is still early. Which is fine. Honestly, I’d be suspicious if it looked more mature than that.

The bigger signal is that companies are already talking about agents as workers. TechCrunch cites Goldman Sachs testing Devin as a new employee and McKinsey saying 25,000 AI agents already work alongside its 60,000 employees. Whether every company is ready for that framing is another question, but the direction is obvious.

That means the buyer is probably split into three camps: security teams who want control, platform teams who want less chaos, and developers who just want the agent to stop asking for passwords. NewCore has to satisfy all three without becoming a monster to administer.

How to apply it: if you’re evaluating this space, don’t ask whether the vendor “supports AI agents.” Ask whether it can answer these questions fast: who owns the agent, what can it access, when does access expire, and how do I revoke it right now? If the answer takes a meeting, the product is not ready.

My read is simple. NewCore is not really selling identity software. It’s selling a way to stop AI agents from becoming invisible employees with invisible privileges. That’s a problem worth solving, and I suspect a lot of teams are going to discover it the hard way if they wait too long.

The template you can copy

# AI Agent Identity Policy Template

## 1) Agent record
- Agent name:
- Business owner:
- Technical owner:
- Purpose:
- Environment: dev / staging / prod
- Start date:
- Expiration date:
- Review cadence:

## 2) Identity model
- Each agent must have a unique identity.
- No shared credentials across agents.
- No human personal tokens for agent use.
- No long-lived secrets without expiry.

## 3) Access request
For every request, capture:
- Agent name
- Requested system
- Requested permissions
- Reason for access
- Time limit
- Approval owner
- Fallback if denied

## 4) Approval rules
- Low-risk access: technical owner approval
- Sensitive access: business owner + security review
- Production access: explicit approval every time
- Emergency access: time-boxed and logged

## 5) Credential handling
- Split approval from secret custody where possible.
- Rotate credentials on schedule.
- Revoke on owner change, incident, or expiry.
- Log every credential issuance and revocation.

## 6) Monitoring
Track:
- Active agents
- Granted permissions
- Last use time
- Failed access attempts
- Revoked identities
- Overdue reviews

## 7) Revocation checklist
When shutting an agent off:
- Disable identity
- Revoke tokens
- Remove group memberships
- Cancel scheduled jobs
- Verify downstream access is gone
- Record incident or change ticket

## 8) Developer workflow gate
Before a coding assistant can access enterprise systems:
- It must be registered as an agent.
- It must use managed identity.
- It must have a scoped permission set.
- It must be reviewable and revocable by humans.

## 9) Review questions
- Who owns this agent?
- What can it touch?
- What breaks if it is compromised?
- How fast can we revoke it?
- What evidence do we keep for audit?

## 10) Approval note
Approved by:
Date:
Scope:
Expiry:
Revocation owner:

That template is my distilled version of the NewCore idea, not NewCore’s product spec. I’m using the article’s claims and turning them into something you can actually paste into an internal policy doc, security review, or product requirements file.

Source: TechCrunch’s article at https://techcrunch.com/2026/06/15/ai-agents-are-becoming-employees-newcore-emerges-with-66m-to-give-them-identities/. The analysis above is mine; the funding details, quotes, and product claims come from Jagmeet Singh’s reporting.