Oasis Security Raises $120M, AppViewX Acquires Eos: AI Agent Identity Security Gets Two Major Bets in One Day

Two companies declared themselves the leader in AI agent identity security on March 19. Oasis Security closed a $120 million Series B led by Craft Ventures with Sequoia Capital, Accel, and Cyberstarts participating. Hours later, AppViewX announced its acquisition of Eos, an AI-native Identity Control Plane for agent workloads.

Both are chasing the same category: Non-Human Identity (NHI): managing access permissions, credentials, and trust boundaries for AI agents and service accounts operating inside enterprise environments.

Oasis Security: $195M Total, 5x ARR Growth

The $120 million round brings Oasis Security’s total funding to $195 million. CEO Danny Brickman told Bloomberg that “every organization deploying AI agents is taking on access risks they can’t yet see.” The company’s annual recurring revenue grew 5x over the past year, according to its disclosure, a growth rate that suggests enterprise demand for agent identity management has moved well past the pilot stage.

Morningstar reported the round included participation from all existing investors, indicating that early backers doubled down rather than diluted.

The investor lineup — Craft, Sequoia, Accel — represents the same firms that placed early bets on Palo Alto Networks, CrowdStrike, and SentinelOne in previous cybersecurity cycles. Their convergence on NHI signals a thesis that agent identity is the next major security category, not a niche within existing IAM products.

AppViewX + Eos: Consolidation Through M&A

AppViewX took a different route to the same destination. The company, already established in machine identity management (TLS certificates, PKI automation), acquired Eos to add AI agent identity to its platform. Eos co-founder Archit Lohokare will serve as CEO of the combined entity.

The acquisition positions AppViewX to sell a unified identity management layer covering both traditional machine identities (servers, containers, APIs) and the newer category of AI agent identities (autonomous software that acts on behalf of humans or other systems). The pitch to enterprise buyers: you already manage machine certificates through us, now manage agent permissions through the same platform.

Why Both Happened on the Same Day

The timing isn’t coincidental. Both moves respond to the same market signal: enterprises deploying AI agents have created a new attack surface that existing identity tools don’t cover. An AI agent with broad permissions can access internal databases, execute API calls, send emails, and modify systems. If those permissions aren’t managed with the same rigor applied to human user accounts, the agent becomes a lateral movement vector.

This week provided the case studies. Four OpenClaw CVEs disclosed today included an allowlist bypass in agent guardrails, demonstrating the kind of access-control failure that NHI tools are designed to prevent.

Oasis and AppViewX are betting that NHI becomes a mandatory enterprise purchase, not a nice-to-have but a requirement before any AI agent gets deployed in production. The $120 million and the acquisition are the market’s answer to a question enterprises have been asking since agents started running in production: who controls what the AI can access, and who’s accountable when it accesses too much?