AI Governance in Practice: When Identity Goes Autonomous
Shai Morag doesn't mince words.
"Right now, the whole process is too manual, and it's operations-based, not risk-based," he says, cutting through the noise around identity access management (IAM) in a world where AI agents now move billions of micro-requests per hour. The problem isn't just scale—it's velocity. Legacy IAM tools were designed for human rhythm: approval cycles measured in minutes, hours, or at best, days. Today, a rogue permission can be abused—and removed—before the next scheduled review.
Enter Oak, an AI-native control plane born in stealth and emerging today with $60 million in seed funding led by Accel, CRV, and Greylock Partners. Co-founded by Morag (serial entrepreneur, former CPO of Ermetic, and architect behind the $265 million sale to Tenable) and Tal Marom (ex-Salesforce, Israeli military veteran), Oak strips IAM back to first principles and rebuilds it for agents: not humans clicking buttons, but autonomous entities executing tasks at machine speed.
It's a subtle pivot that carries heavy implications for how enterprises finally learn to govern AI. Because when every agent behaves like a human user and every permission flows like live transaction data, identity becomes the only sane place to enforce control.
This is where AI governance isn't theoretical anymore—it's operational. And Oak's bet is that control must live inside the data flow, not alongside it.
For deeper context on how IAM fits into broader access management practices, see our overview of identity governance for AI.
What Is AI Governance? The Identity Layer That Makes It Real
Before diving into Oak's architecture, it helps to understand what AI governance actually means in practice—and why identity sits at its core.
At its simplest, AI governance is the framework of policies, controls, and technical mechanisms that ensure autonomous systems operate within defined boundaries. It answers questions like: Who authorized this agent? What data can it access? When should its permissions be revoked? And how do we detect when something goes wrong?
But here's where most enterprises stumble: traditional governance models assume human actors. They rely on periodic reviews, manual approvals, and static role-based access controls (RBAC). These mechanisms work fine when humans are the primary actors—when a person requests access, gets approved by a manager, and uses it within defined parameters.
AI agents break that model entirely. They don't wait for approval cycles. They don't follow human schedules. They execute thousands of requests per second, often across multiple systems simultaneously, with permissions that may have been granted weeks or months ago for a completely different purpose.
This is why identity has become the critical governance layer. As McKinsey's research on Agentic AI security emphasizes, autonomous systems amplify the impact of any single failure. A misconfigured agent with stale credentials can cascade into a wide-sweep breach—not because the model is flawed, but because the identity layer failed to constrain it.
AI governance, then, isn't about locking things down. It's about setting guardrails at runtime and letting intelligent systems move within them. It requires:
- Real-time visibility into who (or what) is accessing what, when, and why
- Behavioral baselines that detect anomalies faster than human reviewers can respond
- Automatic enforcement that revokes or challenges permissions without manual intervention
- Audit trails that capture every decision for compliance and forensics
Oak's approach treats identity not as a gatekeeper that blocks access, but as an intelligent controller that continuously validates it. That's the distinction between legacy IAM—where you check permissions at login—and AI-native governance, where permissions are continuously re-evaluated based on actual usage patterns.
When you ask "what is AI governance," the answer increasingly points to identity. Because without real-time control over who can do what, even the most sophisticated AI security measures become theater.
For a broader look at how enterprises are grappling with this challenge, see our analysis of the governance vacuum in enterprise AI.
The AI-Native Control Plane
What exactly is Oak building? Think of it as an identity layer that lives inside the application stack, watching every permission as it flows between services.
Instead of periodically reviewing who has access (as legacy IAM vendors like IBM and others still recommend), Oak watches the stream of actual usage and revokes permissions automatically when they go unused—or worse, when they're used in ways that violate behavior patterns.
The architecture has three pillars:
-
Real-time entitlement mapping — Every access event feeds into a central telemetry graph, updating who can do what, where, and why.
-
Behavior-based triggers — Anomalous patterns (e.g., off-hours access, unusual data volume) prompt automatic revocation or challenge flows, not manual tickets.
-
Autonomous revocation — Permissions don't linger past their usefulness; they're removed in near real time, reducing the blast radius of any compromise.
Crucially, this isn't bolted on top of legacy IAM. Oak is purpose-built to speak the same language as cloud APIs, OAuth flows, and service meshes—because if your identity platform doesn't run at the speed of the thing it's securing, you've already lost.
That's the "AI-native" claim: not that Oak uses AI in a marketing slide deck, but that it was written from day one to be an intelligent controller for identity in high-velocity environments.
According to co-founder Tal Marom, the team spent months talking to 100 CISOs and IAM leaders before building the product. The insight was consistent: outdated credentials and poor identity access management are common security vulnerabilities, and AI is expected to make them even easier for attackers to exploit. Oak positions itself as an "AI connector framework" that maps access to actual app usage and removes permissions in real time—rather than only during periodic reviews.
The solution is already generally available and deployed by enterprise clients, though Oak hasn't disclosed client names. That early traction suggests the market is hungry for a consolidated alternative to legacy tools that were already showing their limits.
For more on how CISOs are approaching this shift, read our piece on securing autonomous agents.
From Stealth to Scale: Oak's Journey and the $60M Bet
Oak didn't emerge from nowhere. Shai Morag's track record in cybersecurity made him a known quantity in the industry—and a compelling bet for investors.
Morag is a former army major who spent more than two decades in cybersecurity, with three exits along the way. Most notably, he sold his cloud identity and security startup Secdo to Palo Alto Networks in 2018. After public cyber company Tenable acquired his next venture, Ermetic, for $265 million in 2023, he stayed on as CPO. But after CEO Amit Yoran became ill and passed away, Morag left and told his wife he'd retire.
Instead of stepping back, though, Morag co-founded Oak with Tal Marom—a product team lead he'd met at Tenable who'd previously held similar roles at Salesforce and in the Israeli military. While in stealth, the two built a team of 50 people and are actively hiring, particularly in the U.S., where a majority of Oak's staff will soon be based.
The $60 million round was co-led by Accel, CRV, and Greylock Partners, with participation from AlphaDrive Ventures, Hetz Ventures, and angel investors. Morag told TechCrunch that VC interest was strong from the outset.
Accel partner Andrei Brasoveanu said Morag's track record alone was a strong argument. Accel had led Ermetic's Series A when it was pre-revenue; when Tenable acquired it, Accel gave Morag an informal standing offer to back whatever he built next. "I knew he had it in him to build another company, but this time even bigger and even better," Brasoveanu said.
With AI as "a democratizing force," Accel has been backing founders right out of high school, Brasoveanu said. But when it comes to identity management, experience still counts. "There's complexity in the product, and there's also complexity in the organizations you have to navigate to figure out how to sell something like this," he noted.
Both Brasoveanu and Morag expect Oak will face plenty of competitors trying to use AI as a catalyst for change in a space where vendor lock-in runs deep. That makes it critical for Oak to scale fast.
"Our vision is to be born as a giant," Morag told TechCrunch. He says he won't retire until he's given it everything he's got: "I will go big or go home."
The funding matches those ambitions. Oak plans to invest heavily in R&D and growth, signaling that this isn't an incremental improvement on legacy IAM—it's an attempt to redefine the category from scratch.
Securing Autonomy: What ML Teams Should Watch
If you're building or deploying autonomous agents, Oak's emergence shouldn't come as a surprise—it should come as a warning label.
There are already plenty of cautionary tales: agents that escalate privileges, abuse stale credentials, or run amok in unmonitored service accounts. McKinsey's research on Agentic AI security highlights exactly this: autonomous systems amplify the impact of any single failure, turning small misconfigurations into wide-sweep breaches.
Oak's lesson for ML and MLOps teams is simple: identity must be a first-class constraint in your pipeline.
-
Don't wait for IAM to upgrade — Start mapping your agents' permissions now, before scale hides drift.
-
Treat service accounts like humans — They get compromised, they deviate, they need reviews. Don't hide them in the noise.
-
Demand runtime visibility — If your IAM solution can't react faster than your agents move, it's just theater.
AI governance isn't about locking things down. It's about setting guardrails at runtime and letting intelligent systems move within them. Oak's bet is that identity, done right, becomes the guardrail itself—not a box to check before deployment.
In a world where autonomous agents do the work, your identity layer better move at the same speed. That's what Oak is trying to build.
Because if AI governance fails at the permission level, everything else collapses—and no amount of model tweaking can fix that.
To understand how this identity crisis is playing out across the industry, see our coverage of the agentic AI trap when autonomous agents outrun identity controls.