ProBackend
ai agent security safety
1 week ago10 min read

Arcade.dev Raises $60 Million to Secure AI Agents

Arcade.dev raises $60M Series A to solve enterprise AI agent authorization challenges with an authentication runtime layer. Learn how the platform enables secure, auditable AI agent operations.

Finley Carter

Arcade.dev has raised $60 million in Series A funding as it tackles the thorny problem of securely managing which actions AI agents are authorized to take in enterprise apps, databases and tools.

The funding round was led by SYN Ventures, with participation by strategic investors Morgan Stanley and Wipro, a multinational technology services and consulting company. Arcade last year raised $12 million in a seed round led by Laude Ventures.

Related: Another AI infrastructure company, Jedify, raised $24M in Series A funding to build context graphs for AI agents

The Problem: Agents Can't Take Real Actions

Most AI agents never make it past the demo phase. They all hit the same three walls: authorization, reliability, and governance.

The fundamental challenge is that AI agents need to act on behalf of real users with real permissions, not shared tokens or hardcoded credentials. This requires dedicated security infrastructure and the team to build it—which is precisely what Arcade.dev provides.

The Three Walls Blocking AI Agents

Authorization Challenges: Why Enterprise AI Stalls at the Door

The first and most critical wall is authorization. When building AI agents that interact with enterprise systems, developers face a daunting security dilemma:

  1. Shared credentials: Using shared tokens means any compromised agent puts the entire system at risk
  2. Hardcoded passwords: Embedding credentials in code creates serious security vulnerabilities and makes rotation nearly impossible
  3. Manual permission management: Without a proper system, administrators must manually configure permissions for each agent

These challenges create a bottleneck that prevents most AI agents from ever reaching production environments where they can deliver real business value.

Imagine a customer service AI agent that needs to access CRM data, update support tickets, and send emails. Each of these actions requires proper authentication and authorization. Without Arcade's infrastructure, developers must build complex security layers from scratch—complexity that often leads to security gaps or abandoned projects.

Reliability Issues: When AI Agents Break APIs

The second wall is reliability. AI agents frequently fail when interacting with APIs because:

  • API documentation gaps: Real-world API behavior often differs from documented interfaces
  • Context mismatch: AI models interpret user intent differently than what the API expects
  • Rate limiting and timeouts: Production APIs have stricter limits than development environments

Without proper tooling, these issues lead to expensive retries, wasted compute resources, and frustrated users who lose trust in the AI system.

Governance Gaps: The Compliance Problem

The third wall is governance. Even when agents work correctly, enterprises need to answer critical questions:

  • What action did this agent take? Every tool call must be traceable
  • On behalf of which user? Authentication context matters for security and compliance
  • In which system? The target system determines the risk profile

Without comprehensive logging and audit trails, organizations cannot meet regulatory requirements or investigate security incidents. In industries like finance and healthcare, these compliance gaps can be deal-breakers.

What Arcade.dev Does

Arcade builds a runtime layer between AI agents and every system they need to reach. The platform handles:

  • Authentication: Agents act as real users with dynamic permissions based on identity providers
  • Authorization: Controls which actions agents can perform in enterprise systems
  • Governance: Full audit logging of every tool call
  • Reliability: Reduces hallucinations and expensive retries from broken APIs

By abstracting these concerns into a dedicated infrastructure layer, Arcade lets developers focus on building agent capabilities rather than security plumbing.

Key Features Deep Dive

Agent Authorization: Secure Identity for Every Agent

Your agents act as real users with dynamic permissions. Your existing identity provider (IDP) plugs right in, credentials never leave the runtime, and your team never builds auth infrastructure again.

This means:

  • Single Sign-On (SSO) integration with existing enterprise identity systems
  • Dynamic permission assignment based on user roles and context
  • Credentials stored securely in the runtime, never exposed to agents
  • Automatic credential rotation without code changes

Compliance-ready: Enterprise Security by Default

SOC 2 compliant with SSO, RBAC (Role-Based Access Control), and full audit logs out of the box.

Enterprise security requirements include:

  • SOC 2 Type II compliance: Meeting strict standards for data security and privacy
  • Single Sign-On (SSO): Integration with major identity providers
  • Role-Based Access Control: Fine-grained permission management
  • Complete Audit Trails: Every action logged for compliance and forensic analysis

Deploy on Your Terms: Flexibility Without Compromise

Cloud, on-prem, air-gapped, or hybrid. You control where your data lives and how it's secured.

Flexibility options include:

  • Cloud deployment: Managed service with minimal operational overhead
  • On-premises: Deploy behind your firewall for maximum control
  • Air-gapped environments: For highly sensitive operations with no external connectivity
  • Hybrid architectures: Mix of cloud and on-prem resources

Team Background: Building the Foundation for Enterprise AI

The Arcade.dev team comes from Okta, Snowflake, Redis, Airbyte, and MongoDB. The founders authored the MCP (Model Context Protocol) tool authorization specification and sit on the steering committees for MCP security and governance.

Alex Salazar - Chief Executive Officer, former Okta executive with deep identity and authentication expertise. Salazar brings years of experience building enterprise-grade identity platforms at scale.

Sam Partee - Chief Technology Officer, former Redis engineer with experience building distributed systems at scale. Partee's expertise in high-performance infrastructure is evident in Arcade's architecture.

The team's background in building enterprise infrastructure at companies like Okta and Snowflake gives them unique insight into the security challenges organizations face when adopting AI agents. Their involvement in MCP specification standards positions Arcade as a foundational piece of the emerging AI infrastructure ecosystem.

Customer Usage: Production Agents in Action

Early customers are using Arcade to build production AI agents across various industries and use cases.

Snyk: Secure Developer Security

Snyk, a leading developer security platform, uses Arcade to authenticate users' accounts without worrying about refresh tokens or broken auth. The security-focused developer platform can now securely connect to multiple third-party services while maintaining strict security controls.

Sybill: AI Sales Agent with Real Actions

Sybill built an AI sales agent that can take secure actions on behalf of reps, turning a smart assistant into a revenue-driving powerhouse. The agent can create CRM entries, send emails, and update deal stages—actions that require proper authorization and audit trails.

Eddo Learning: AI for Teachers

Eddo Learning bypassed Google service integration complexity to build tools for AI assistants that teachers can actually use. The education technology company needed a solution that would work reliably in diverse institutional environments with varying security requirements.

Relevance AI: Secure MCP Platform

Relevance AI uses Arcade as the best platform to facilitate secure and interactive MCP. Their AI development platform relies on Arcade's infrastructure to provide reliable tool execution for their customers.

YUR: Production Agents at Scale

YUR built production agents with Arcade's runtime layer connecting to Google, Slack, and Salesforce. The company needed a solution that could handle high volumes of agent operations while maintaining security and reliability.

The Funding

Series A: $60 Million from Strategic Investors

The Series A round was led by SYN Ventures with participation from strategic investors Morgan Stanley and Wipro. This investment reflects confidence in Arcade's approach to solving enterprise AI security challenges.

Strategic investors bring more than capital:

  • Morgan Stanley: Financial industry expertise and enterprise customer access
  • Wipro: Global technology services and consulting capabilities

Seed Round: $12 Million from Laude Ventures

The seed round, led by Laude Ventures in March 2025, allowed Arcade to build its core platform and acquire early customers.

Company Timeline and Growth

  • March 2025: Seed round closes with $12 million from Laude Ventures
  • April 2025: Platform enters private beta with early adopters
  • June 2025: Public launch and general availability
  • Q4 2025: Enterprise deployments begin with Fortune 500 companies
  • June 2026: Series A announcement with $60 million raised

Why This Matters: The Enterprise AI Bottleneck

As AI agents become more autonomous and take real actions on behalf of users, security becomes paramount. Arcade.dev's approach solves the authentication bottleneck that has prevented most AI agents from moving beyond proof-of-concept stage.

The startup's work on the MCP security specification suggests its patterns may become industry standards for agent authorization. With the backing of major financial and technology institutions, Arcade is positioned to become a foundational piece of enterprise AI infrastructure.

Market Opportunity and Competitive Positioning

The global AI agent market is projected to grow significantly in the coming years. According to industry estimates:

  • Current adoption: Most AI agents remain in prototype or pilot phase
  • Production barriers: Security and authorization cited as top barriers to adoption
  • Market size: Enterprise AI infrastructure expected to reach billions in value

Arcade addresses the core technical challenge blocking enterprise adoption of AI agents—authorization. By solving this problem, Arcade enables a new wave of production AI applications.

Competitive Landscape

While there are various tools in the AI agent space, Arcade's unique value proposition is:

  • Purpose-built for authorization: Not an afterthought but the core focus
  • Enterprise-grade security: Built with SOC 2 compliance in mind
  • MCP specification leadership: Influencing the standard for agent-tool communication

Next Steps and Roadmap

With the new funding, Arcade plans to:

  1. Scale the platform for enterprise deployments: Building out infrastructure to handle larger customer demands
  2. Expand support for additional enterprise systems and tools: Integrating with more third-party services
  3. Enhance security features including enhanced audit logging: Adding new compliance capabilities
  4. Grow the team to support increasing customer demand: Hiring engineering and customer success talent

The company's success suggests a promising future for AI agent security infrastructure and demonstrates how specialized tools are emerging to address the unique challenges of AI in enterprise environments.

The Technical Architecture Behind Arcade

Arcade's architecture is designed with security and scalability as core principles. At its foundation, the platform provides a runtime environment where AI agents can execute tool calls while maintaining proper authentication and authorization controls.

The platform consists of several key components:

  1. Runtime Engine: Executes agent tool calls with proper security context
  2. Identity Bridge: Connects to enterprise identity providers (Okta, Auth0, etc.)
  3. Permission Engine: Evaluates whether specific actions are allowed for each agent
  4. Logging Service: Records all tool calls with full context for audit purposes

This architecture enables organizations to deploy AI agents without compromising their security posture or compliance requirements.

The Role of MCP in Arcade's Strategy

The Model Context Protocol (MCP) is an emerging standard for communication between AI agents and tools. Arcade's team has been instrumental in shaping the security aspects of MCP through their work on the specification steering committees.

MCP provides a common interface that allows agents to interact with tools in a standardized way. Arcade extends this by adding authentication and authorization layers that ensure only authorized actions are performed.

The significance of Arcade's MCP involvement cannot be overstated:

  • Early influence: Arcade helps shape the security model from the start
  • Standard adoption: As MCP gains traction, Arcade's solutions become the default
  • Developer experience: Standard interfaces reduce integration friction for developers

This positions Arcade not just as a vendor, but as an infrastructure layer for the entire AI agent ecosystem.

Conclusion

Arcade.dev's $60 million Series A funding marks a pivotal moment for enterprise AI. By solving the fundamental problem of authorization, Arcade enables AI agents to move from experimental prototypes to production systems that drive real business value.

The involvement of strategic investors like Morgan Stanley and Wipro signals confidence in Arcade's approach to enterprise security. Combined with the team's deep expertise from Okta, Snowflake, and other infrastructure companies, Arcade is well-positioned to become the standard for AI agent security.

As organizations continue their AI transformation, tools like Arcade will be essential infrastructure—just as authentication platforms were crucial during the digital transformation era. The question is no longer whether AI agents will be part of enterprise operations, but how organizations can deploy them securely—and Arcade provides the answer.

Read more about AI funding trends in our coverage of Sarvam's $234M raise Explore AI agent security best practices

Arcade.dev Raises $60 Million to Secure AI Agents

Related blogs

ai agent security safety

AutoJack: How a Localhost Bypass Turned AutoGen Studio Into a Remote Code Execution Gateway

AutoJack is a three-flaw vulnerability chain in Microsoft AutoGen Studio enabling remote code execution via AI agents through localhost trust and unauthenticated MCP endpoints.

3 hours ago · 4 minai agent security safety

The ClawHub Breach: How Malicious AI Skills Are Weaponizing Agent Autonomy

Brynn Nguyen argues that the recent ClawHub malicious skill discovery highlights the severe vulnerabilities in AI marketplaces, urging a shift from static scanners to rigorous provenance verification and runtime behavior monitoring.

3 hours ago · 4 minai agent security safety

Langflow’s Unauthenticated File Write Flaw Is Being Actively Weaponized

A high-severity path traversal flaw (CVE-2026-5027) in the popular open-source AI development platform Langflow is being actively exploited. The vulnerability in the file upload endpoint allows unauthenticated attackers to write arbitrary files to server filesystems, with roughly 7,000 instances exposed online.

11 hours ago · 6 min
More engineering analysis and backend guidance from ProBackend.
More blogs