AI Agents Need Passports Now: Why NewCore's $66M Bet Could Define Enterprise Security in 2026

The enterprise security industry spent decades learning how to manage human identities. Now it has to start over. As AI agents autonomously book meetings, execute code, process invoices, and access sensitive databases, the question of who — or what — is acting inside your organization has become genuinely urgent. NewCore's $66M raise isn't just a funding story. It's a signal that the agentic AI era has created a security gap large enough to build a company inside.

The Identity Problem Nobody Planned For

Here's the uncomfortable truth most enterprise software vendors won't say out loud: the current wave of AI agent deployments is happening faster than the governance frameworks designed to contain them.

When a human employee joins a company, there's a playbook. Background checks, provisioned credentials, role-based access controls, audit trails, offboarding procedures. It's imperfect, but it exists. When an AI agent gets spun up to handle customer support tickets or manage a procurement workflow, most organizations are essentially handing it a skeleton key and hoping for the best.

The problem compounds quickly. A single enterprise in 2026 might be running dozens of AI agents — some built internally, some embedded in SaaS tools they've licensed, some spun up by individual departments without central IT oversight. Each of these agents is making decisions, accessing systems, and generating outputs that carry real business consequences. But unlike human employees, they have no persistent identity, no verifiable history, and no standardized way to audit what they've done or why.

This is the gap NewCore is positioning itself to fill. And the $66M vote of confidence from investors suggests the market agrees this isn't a theoretical problem anymore — it's an active liability.

Why "Agent Identity" Is Harder Than It Sounds

You might reasonably ask: can't we just treat AI agents like service accounts? Give them a username, a password, some permissions, and call it done?

The answer is no, and understanding why reveals just how architecturally different agentic AI is from traditional software.

A conventional service account runs a defined, predictable process. It does the same thing every time. An AI agent, by contrast, is dynamic. It reasons, improvises, delegates to sub-agents, and takes actions that weren't explicitly anticipated when it was configured. The permissions you grant it at setup may be wildly insufficient — or wildly excessive — for the tasks it ends up performing three weeks later.

There's also the multi-model problem. A single agent workflow in 2026 might invoke GPT-5, Claude 4, and a specialized vertical model in the same pipeline. Each handoff is a potential security boundary. Who is responsible when a hallucinated output from one model triggers a damaging action downstream? Without a coherent identity layer threading through the entire workflow, attribution becomes nearly impossible.

NewCore's apparent thesis — that AI agents need persistent, verifiable identities the way humans do — is conceptually elegant. The execution challenge is enormous. They're essentially trying to build a passport system for entities that don't have a fixed form, can be cloned infinitely, and operate across organizational boundaries they didn't originate from.

The Regulatory Pressure Accelerating This Market

NewCore's timing isn't accidental. The regulatory environment in 2026 has started catching up to agentic AI in ways that create real compliance pressure for enterprise buyers.

The EU AI Act's provisions around high-risk AI systems have forced European enterprises to document what automated systems are making decisions, how, and with what authority. In the United States, sector-specific guidance from the SEC, OCC, and HHS has started referencing AI agent governance explicitly. For any enterprise operating in financial services, healthcare, or critical infrastructure, "we didn't know our AI agent had access to that" is no longer an acceptable answer to a regulator.

This is the commercial tailwind that transforms a compelling security idea into an urgent purchase. When compliance teams start asking CISOs for an inventory of active AI agents and their access privileges, and the CISO has no clean answer, budget gets freed up fast.

The parallel to the early identity governance market is instructive. Companies like SailPoint and Saviynt built substantial businesses solving the human identity governance problem after Sarbanes-Oxley created compliance pressure that made the problem unavoidable. NewCore — and whoever else emerges in this space — is betting that AI agent governance is following the same arc, just compressed into a much shorter timeline.

What This Means for Developers and Enterprises Right Now

If you're building agentic applications, the NewCore raise should prompt some immediate self-reflection. Are your agents operating with least-privilege access, or did you provision broad permissions to make development easier and never revisit it? Do you have audit logs that would let you reconstruct exactly what an agent did during a given session? If an agent misbehaves, can you revoke its access in real time, or does that require manually hunting down API keys across multiple systems?

For enterprise buyers, the message is similarly direct. Shadow AI is already a governance problem. Shadow agents — autonomous systems spun up outside IT oversight — are a governance crisis waiting to happen. Getting ahead of it means building an inventory of what agents are running in your environment before an incident forces the conversation.

For everyday users of AI-powered tools, this is a reminder that the AI doing your expense reports or scheduling your travel isn't just a chatbot. It's an actor inside your company's systems, with real access and real consequences. Knowing who's accountable when it gets something wrong matters.

The bottom line is this: the agentic AI era has created an identity and access management problem that the existing security stack wasn't built to handle. NewCore's $66M raise is evidence that smart money sees this gap clearly. Whether NewCore wins the category or gets acquired by a larger IAM player, the problem they're solving is real, it's growing, and in 2026, it's no longer optional to ignore.