On the 19th of March 2026, Oasis security raised $120 million in a Series B funding for Non-Human Identity Security (NHI Security). Craft Ventures led the round, with Cyberstarts, Sequoia Capital, and Accel participating. This round highlights a development the security industry can no longer ignore.
For years, enterprises focused entirely on securing employee logins and passwords. Meanwhile, the machines running their systems, such as bots, AI agents, and API keys, collected access to sensitive data with no oversight. But now, Oasis Security is about to change that.
What are Non-Human Identities
To understand why this is a big deal, we must first learn the basics. A Non-Human Identity is any digital credential that lets a machine talk to another system. These include service accounts, API keys, OAuth tokens, and AI agents.
The magnitude of this particular problem is pretty alarming. Machine identities outnumber human identities by 82 to 1. Yet, most organizations have no system to track, monitor, or control them.
Unlike human accounts, NHIs have no multi-factor authentication (MFA). They rarely rotate credentials and often carry far more access than they need.
Furthermore, developers create these identities inside cloud platforms and CI/CD (Continuous Integration and Continuous Delivery) pipelines without telling security teams. As a result, 66% of organizations have suffered a cyberattack directly caused by compromised NHIs.
Why is Non-Human Identity Security Still a Blindspot
To put it simply, Older security tools were built for people, not machines. Standard identity tools enforce login verification, monitor user behavior, and flag unusual access. Machines do none of those things so those tools offer zero protection.
The consequences are visible in the breach record. The Cloudflare breach forced the company to rotate thousands of access keys and investigate systems across its entire global network.
Similarly, the New York Times lost 270GB of data from 5,000 code repositories through a single exposed access key. In total, attackers executed over 40 major NHI breaches in the past two years.
Beyond that, AI agents are making things worse. Machine identities now represent the primary source of privilege misuse and security teams overlook most of them. Consequently, more than 46% of organizations suffered an NHI breach in the last 12 months.
How Oasis Security Is Closing the NHI Security Gap
In 2022, Danny Brickman and Amit Zimerman founded Oasis around a core problem. The industry protected human identities carefully but has left machine identities almost entirely unprotected. So, they built a platform to fix that.
Today, Oasis finds every machine identity across a company’s systems, ranks them by risk, manages their access, detects unusual behavior, and guides teams through fixing problems. It covers every type of machine identity, from service accounts to AI agents.
Its standout capability is Agentic Access Management, which gives each machine only the access it needs for a specific task in real time. It gives no permanent access.
Because of this, Oasis grew new revenue 5x year over year with most deals from multi-year agreements with Fortune 500 companies.
What This Means for the Broader Industry
In short, NHI security is becoming a basic requirement. Every company needs it, most of them just do not know it yet.
Additionally, regulators are catching up fast. The Sarbanes-Oxley Act (SOX), the European Union Artificial Intelligence Act (EU AI Act), and the National Institute of Standards and Technology (NIST) standards are all expanding to cover machine identity oversight and audit trails.
Ultimately, the $120 million says one thing clearly. Machine identities are a serious security problem. The organizations that act now will stay protected while the ones that wait will pay the price.
