Agentic AI
,
Artificial Intelligence & Machine Learning
,
Governance & Risk Management
Identity Security Vendor to Expand AI Governance Tools Including MCP Server Defense

An identity security startup led by the CEO of SOAR vendor Demisto raised $35 million to better protect artificial intelligence-powered agents acting autonomously within digital systems.
See Also: AI Agents Demand Scalable Identity Security Frameworks
Descope said the seed financing extension will help the Silicon Valley-based company manage and secure agent identities through life cycle management, fine-grained access control and integration with the mode context protocol, said co-founder Rishi Bhargava. He said the funds will help Descope address access control, governance, auditing and secure integration with emerging protocols such as MCP.
“What I’m hearing from CISOs is a big concern on this probabilistic model, which is: We really want agents to get permissions that are more limited than what a human used to have,” Bhargava told Information Security Media Group. “And then slowly, over time, as we trust agents, then we can give more permissions.”
Descope, founded in 2022, employs 92 people and has raised $88 million, having last completed a $53 million seed funding round in February 2023 led by Lightspeed Venture Partners and GGV Capital. The company has been led since inception by Slavic Markovich, who started analytics and automation vendor Demisto in early 2015 and sold the company to Palo Alto Networks in 2019 for $560 million (see: Demisto Founders Launch Passwordless Authentication Company).
What Makes Agentic Identities, Machine Identities Different
The latest funding enables Descope to tackle next-generation challenges such as dynamically adjusting agent permissions, full support for fully autonomous agents and maintaining pace with evolving MCP specifications. Bhargava said Descope is still in the first phase of what is expected to be a long-term evolution in AI agent security, and continuous innovation is required to lead in this emerging field.
“I think the success of this round is for us to continue to innovate in the AI agent space, and continue to expand our customer base and build a strong lead in this agentic identity space,” Bhargava said.
While traditional machine identities are used to connect apps or services have predictable, deterministic behaviors, Bhargava said agentic identities are powered by large language models and act in a probabilistic and dynamic manner. Agentic identities operate on inferred intent, and could misinterpret an “update” instruction as “delete and re-create,” leading to unintended data loss, Bhargava said.
“The actions performed by one machine were very, very predictable. They were based on the APIs exposed by this other application,” Bhargava said. “Now it changes, because suddenly this deterministic world becomes probabilistic. When an agent starts to talk to an application, it’s going to try to do the task, and it’s probabilistic. So, suddenly what happens is your very deterministic security model changes.”
Hallucinations, misinterpretations or overly broad scopes can lead to catastrophic data errors, especially in sensitive systems including CRMs, finance tools or HR databases, Bhargava said. He said organizations need a new identity and permissioning stack to safely allow agents to operate in production.
“Machine identities were used to connect one app to another,” Bhargava said. “Actions were very predictable since they were triggered by a human or automated.”
How Descope Addresses Security Challenges for MCP Servers
Descope’s Agentic Identity Hub enables organizations to manage the full life cycle of an AI agent from registration and classification to access control and eventual deactivation, Bhargava said. Central to this approach is limiting agents’ permissions to only a subset of what a human user can do. For example, if a sales agent is allowed to read CRM data, it shouldn’t automatically get to update or delete records.
“The idea is being able to manage agents which are acting on behalf of a user,” Bhargava said. “Putting in the right controls and guardrails to give limited access to the agents on behalf of the user.”
The core identity challenge with MCP is determining which agents are allowed to invoke which tools, under what conditions and with what permissions, since without the right controls, an agent might gain access to tools that let it send mass calendar invites or delete records, Bhargava said. Descope keeps sensitive access tokens internal to the MCP server and control which agents can act on which tools.
“Why does identity play an important role? Step one: You want to figure out what tools can be used by LLMs and who approves the use of those tools,” Bhargava said. “Maybe the organization does not want agents to write and send invites out because, ‘What if the agent wakes up and sends 1,000 invites out?'”
Bhargava recommended that agents start with minimal privileges and gain additional permissions as they prove trustworthy or based on user approval per session or task. Enterprises currently lack tools to perform this type of governance, which is precisely why many CISOs are forming new AI governance teams. Descope aims to offer a way to manage risk, enforce policy and build trust in AI environments.
“Every conversation I have with a CISO, they come and tell us that lack of governance and controls is a big challenge for them,” Bhargava said. “Everybody says, ‘I’m building a new AI governance team.’ And what that points to is helping them figure out what controls to put on, so that they can adopt AI better and faster.”