Artificial Intelligence & Machine Learning
,
Governance & Risk Management
,
Identity Governance & Administration
Israeli Startup Maps Enterprise Entitlements Beyond Traditional Identity Providers

An identity startup led by a serial entrepreneur emerged from stealth with $60 million to address longstanding challenges in visibility, governance and automation.
See Also: Edge Transformation: Top 5 SASE Predictions and Trends
The Accel, Greylock Partners and CRV-led seed funding will help Tel Aviv, Israel-based Oak solve persistent identity problems with artificial intelligence while simultaneously creating entirely new identity types, including AI agents, that require organizations to rethink identity management, said CEO Shai Morag. The funding will enable Oak to simultaneously invest in product development, engineering, research and go-to-market activities.
“Everything with AI right now changes the world completely,” Morag told ISMG. “There is a real opportunity right now to disrupt a lot of the old categories like identity governance, identity security. There have been problems there forever, and it will be very hard to solve a lot of the problems. And I think right now with AI, you finally can solve a lot of the problems.”
Oak, founded in January, and has been led since its inception by Morag, who most recently sold cloud security startup Ermetic to Tenable in October 2023 for $243.8 million, and stayed on at Tenable for two years after the deal, rising to chief product officer. Prior to that, Morag sold endpoint detection and response startup Secdo to Palo Alto Networks in April 2018 for $82.7 million (see: Tenable to Buy Startup Ermetic for $265M to Safeguard Clouds).
What Makes Oak Different From Traditional Identity Governance
Traditional identity governance platforms often rely on manual processes, periodic certifications and incomplete visibility into enterprise identities, Morag said. Oak instead is building an AI-native platform designed around continuous risk assessment, automation and comprehensive visibility that’s capable of managing human users, machine identities, service accounts and AI agents through a unified approach.
“Everything should be more autonomous,” Morag said. “It should cover not just humans but also non-humans like service accounts and AI agents. Everything should be as continuous as possible, risk-based and not just compliance-based or operational-based. All of that we can change with AI.”
Rather than simply collecting identity records, Oak continuously gathers detailed information about user activity, entitlements, application permissions, resource access and relationships among identities, he said. This intelligence layer enables organizations to understand their complete identity attack surface, identify privileged accounts, map ownership relationships and make more informed risk decisions.
“We can integrate and cover everything that you have, and you can get even full coverage of your applications,” Morag said. “If you want to see the full identity attack surface, you really want to understand, ‘What’s the authorization and entitlements inside the apps?’ and not just what you see in the identity provider or in the IGA.”
AI-assisted development reduces connector creation from months to hours, enabling organizations to integrate virtually every application within their environment. Broader integration provides significantly better visibility into authorization models, entitlements and identity relationships, ultimately improving governance and reducing security blind spots that often exist in legacy identity platforms, Morag said.
“With the framework of AI agents, with the context, we can take a lot of the burden and give the identity teams the ability to focus only on the top 5% that is much, much, much, much more interesting, and make sure that they are not being crushed under too much manual burden or professional burden, not getting to the most important stuff,” Morag said.
How Human, Service Account, AI Agent Identities Are Different
Morag said AI agents are designed to eliminate much of the manual effort currently required for identity governance tasks such as user access reviews, entitlement certifications and compliance audits. Oak’s AI agents analyze contextual information – including peer comparisons, actual application usage and entitlement risk – to recommend or automatically make the vast majority of access decisions, he said.
“We also built a framework of AI agents that work for you as a force multiplier,” Morag said. “They can find issues and risks for you. They can close it again and work for you. They can remove some of the operational burden for you.”
Human identities operate relatively slowly and often require approval workflows, while service accounts typically execute deterministic code with highly predictable behavior, allowing organizations to tightly restrict privileges, Morag said. AI agents introduce a new challenge because they combine autonomous decision-making with machine-speed execution, requiring different governance controls, Morag said.
“We believe, at the end of the day, that the next generation identity platform should not be separated between human platform, service accounts platform, AI agents platform,” Morag said. “There is also connection and relationship between the different types of identities.”
Morag says SailPoint and Saviynt are Oak’s most common competitors, noting that newer vendors entering the market before the rise of generative AI like Veza continue to face many of the same architectural limitations as legacy platforms. Many enterprises remain greenfield opportunities because they still lack mature identity governance solutions altogether, providing Oak with easy opportunities.
“Everyone understands right now that 90% of breaches at the end of the day use identity and use entitlements, and that’s probably the biggest attack surface that you have in your org, especially after we left the perimeter and everything is cloud,” Morag said.
