NewCore Secures $66M for AI and Machine Identity Platform

NewCore Raises $66M for Security-First Identity Platform

NewCore, a cybersecurity startup, has officially emerged from stealth mode, announcing $66 million in funding to advance its security-first identity platform. The company’s stated mission is to safeguard the identities of humans, machines, and increasingly, AI agents. This significant investment underscores the growing industry recognition of complex identity challenges that extend beyond traditional user accounts, especially in hybrid and cloud-native environments, as reported by SecurityWeek.

The Evolving Landscape of Identity Management

Traditional identity and access management (IAM) systems primarily focused on human users. However, the proliferation of cloud services, microservices architectures, and automation has introduced an exponential growth in non-human identities. These include service accounts, APIs, serverless functions, containers, and IoT devices. Each of these machine identities requires robust authentication and authorization mechanisms to prevent unauthorized access and potential Lateral Movement within an organization’s infrastructure.

The challenge is compounded by the varying nature and permissions associated with these identities. Managing the lifecycle of machine identities, from provisioning to de-provisioning, and ensuring least privilege access, often represents a significant security gap. Many organizations struggle with challenges in securing machine identities in cloud environments, frequently relying on static credentials or overly broad permissions, which attackers can exploit to gain a foothold or escalate privileges. This makes a comprehensive approach, as proposed by NewCore, timely and necessary.

Addressing AI Agent Identity Management Challenges

A particularly salient aspect of NewCore’s focus is the inclusion of AI agents. As artificial intelligence models become more autonomous and integrated into critical business operations, their identities become a new attack surface. These AI agents, whether acting independently or on behalf of human users, require distinct security considerations. They interact with data, applications, and other systems, necessitating secure authentication and authorization protocols that go beyond those designed for humans or even typical machine identities.

Securing AI agents involves establishing clear identities for individual models or instances, monitoring their behavior for anomalies, and ensuring that their access to resources is strictly controlled based on their function. This area presents unique AI agent identity management challenges, including how to handle dynamic permissions, prevent impersonation, and integrate AI agent identities into existing security frameworks like Zero Trust architectures. The emergence of platforms specifically designed to address this highlights a critical, often overlooked, frontier in cybersecurity.

Implications for Security Professionals

For security professionals, NewCore’s funding and strategic focus signal a vital shift in the identity security paradigm. It reinforces the understanding that a holistic identity strategy must encompass all entities interacting within an environment – human, machine, and AI. A fragmented approach risks creating blind spots that sophisticated threat actors can leverage. Neglecting machine or AI identities could lead to breaches as significant as those stemming from compromised human credentials. Such breaches could result in data exfiltration, system compromise, or even Supply Chain Attack vectors if an AI agent used in development or operations is compromised.

Actionable Recommendations for Identity Security

Organizations should proactively review and enhance their identity security posture, considering the broader scope of identities now recognized as critical:

• Audit All Identities: Conduct a thorough audit of all human, machine, and AI identities within your infrastructure. Identify their purpose, permissions, and lifecycle management processes.
• Implement Least Privilege: Ensure that all identities, especially machine and AI agents, operate with the absolute minimum privileges required to perform their functions. Regularly review and revoke unnecessary permissions.
• Strengthen Authentication: Implement strong authentication mechanisms for all identity types. For machines and AI, this could involve certificate-based authentication, hardware security modules (HSMs), or secure API keys with robust rotation policies.
• Embrace Zero Trust Principles: Apply Zero Trust principles across your environment, assuming no identity, whether human or automated, can be inherently trusted without continuous verification.
• Monitor Identity Behavior: Leverage tools such as SIEM and EDR to monitor identity behavior for anomalies that may indicate compromise. Unusual access patterns or resource utilization by a machine or AI identity should trigger immediate investigation.
• Evaluate Next-Gen Identity Platforms: Stay informed about new solutions entering the market. Consider evaluating next-gen identity platforms that specifically address the complex requirements of securing diverse identities, including emerging AI agents. While NewCore is an early entrant in this specific niche, the market will likely see more innovation in this space.

By taking a comprehensive approach to identity security, organizations can better defend against increasingly sophisticated threats targeting all facets of their digital infrastructure.