AI Agents Now Have Employee IDs — NewCore Just Raised $66M to Manage Them

TL;DR: NewCore just raised $66M at a $300M valuation to build enterprise identity governance for AI agents, treating them as employees with credentials, permissions, and audit trails. This is a threshold moment. When agents get corporate identities, the liability question flips. And structured no-code platforms, with their built-in auth and permissioning systems, have an architectural head start over raw agent deployments.

---

On June 15, a Tel Aviv and San Francisco startup called NewCore emerged from stealth with $66 million in seed funding and a $300 million valuation. The round, led by Cyberstarts, Index Ventures, and Evolution Equity Partners, wasn't for another AI wrapper or agent builder. It was for something stranger and, honestly, more interesting: identity and access management for AI agents.

NewCore's pitch is that AI agents are becoming employees, and employees need employee IDs. The platform discovers every identity in an enterprise (human, machine, and agentic) and governs them under one security architecture. It gives AI agents their own lifecycle, trust score, and revocation path. It does not treat them as service accounts. It treats them as workers.

This is a category-defining moment, and not just for cybersecurity. It changes how we should think about no-code.

What does NewCore actually do?

The technical stack is worth understanding, because it reveals how seriously the market is taking this. NewCore's platform has several pieces:

• Identity Discovery continuously maps every identity across the enterprise, pulling from Okta, Google Workspace, Microsoft Entra ID, BambooHR, and, pointedly, AI platforms like Claude, ChatGPT, Amazon Bedrock, and Microsoft Copilot Studio. It also finds shadow systems nobody documented.
• Secure Split Key (SSK) splits the signing key between NewCore and the customer's own perimeter. Neither side can sign a token alone. If NewCore gets compromised, attackers still can't forge credentials without the customer-side key.
• Visual MFA replaces the push notification number with an abstract image. A number can be read aloud over the phone by a social engineer. An image (a specific shape and colour the user recognises on sight) can't be described in a way that lets an attacker pass.
• Hardware-bound credentials anchor authentication in TPM and Secure Enclave hardware, removing phishable factors entirely.
• AI-generated account recovery sources challenge questions from the user's own calendar, HR, and activity data rather than sending them to a help desk.

All of this is designed for scale that legacy IAM wasn't built to handle. Human employees don't request access to production systems in seconds. AI agents do.

What changes when agents get employee IDs?

There's a legal and operational line that gets crossed when you issue something a corporate identity. "Service account" says utility. "Employee identity" says actor. Actors carry responsibility. Responsibility implies liability.

If an AI agent with an employee ID approves a fraudulent invoice, who's responsible? The person who deployed it? The team that configured its access? The vendor whose model hallucinated the approval? The identity platform that authenticated it?

These aren't hypotheticals. We're already seeing what happens when agent access goes ungoverned. We covered the 5,000+ vibe-coded apps leaking API keys and corporate data back in May. That was the canary. NewCore's existence is the confirmation: the enterprise is now building infrastructure to answer these questions with policy, not panic.

When a $300M-valued company is funded specifically to solve AI agent identity, we're past the point of asking whether agents need governance. We're into who builds it and how.

What does this mean for no-code builders?

Here's where the no-code angle gets concrete. Structured no-code platforms like Bubble, Webflow, Stacker, and Glide already have something raw agent deployments don't: built-in user authentication, role-based access control, and audit trails.

When you build a client portal in Stacker, the platform already knows who can see what. There's a permission model. There's a login. There's a record of who did what and when. If you deployed a raw AI agent via the OpenAI API and gave it a service account, you'd have none of that unless you built it yourself. And most people won't.

The architecture maps naturally. An agent identity is, functionally, a user identity with a different authentication method and a narrower scope of action. The structured platforms already understand users, roles, and permissions. Extending that model to agents (giving your customer's AI assistant a "read-only" role on certain tables, or requiring multi-party approval before an agent can modify a record) is a smaller conceptual leap than bolting governance onto a raw API deployment after the fact.

This isn't theoretical. Enterprise clients are already asking no-code agencies to integrate AI agents into their existing workflows. The ones who can answer the governance question — here's how we authenticate, scope, and audit the agent — are going to win those deals. The ones who say "we'll figure that out later" are going to lose them, or worse, win them and own the liability.

Why does the trust gap matter now?

We've been tracking a pattern across our coverage this year. First came the AI psychosis piece in early June: companies throwing agents into production without understanding the failure modes. Then the vibe-coded apps leaking corporate credentials because nobody thought to add authentication. The OWASP top 10 for LLM applications is real and growing, and the security industry is scrambling.

NewCore is the enterprise answer to that scramble. But the enterprise answer and the no-code answer don't have to be different things. In fact, the platforms that already solved identity for humans are better placed to extend it to agents than the companies starting from scratch.

The question isn't whether AI agents need identity governance. NewCore's $66M round answers that definitively. The question is whether no-code builders will use the head start they already have, or wait until a client's agent causes a breach and then start caring.

The takeaway

AI agents with corporate identities are coming. Not in a vague future sense, but in the sense that a well-funded startup just built the plumbing and enterprise customers are signing up. If you're deploying agents for clients on structured no-code platforms, you already have the authentication and permissioning primitives you need. Use them. Scope agent access the same way you'd scope a junior employee's. Audit what they do. Build revocation paths that work in one click, not one sprint.

The infrastructure for treating agents as employees is being built right now. The builders who understand that, rather than treating agents as magic black boxes, are the ones clients will trust.