Offroad, an agentic identity security startup targeting modern enterprises, has emerged from stealth with $7m in seed funding.
The raise will support Offroad’s development of an autonomous identity security platform designed to replace manual investigation and remediation workflows. Rather than delivering dashboards or alert lists, the company’s agents gather context across fragmented systems, identify both live threats and underlying posture risks, and act on them independently — either resolving issues directly or routing them to the appropriate stakeholder with sufficient context to make a decision.
Offroad also revealed research findings that underscore the scale of the identity governance problem. The company audited 2,890 OAuth applications listed publicly on the Google Workspace Marketplace and GitHub Marketplace as of May 2026, finding that approximately one in three apps, accounting for more than 1.85 billion installs, displayed serious structural security concerns that a security analyst conducting manual review would likely flag for rejection.
These applications frequently held broad, persistent access to business-critical systems including files, email, code repositories and calendars, yet security teams often lacked visibility into whether that access remained justified, who held ownership of it, or what risk it represented. In parallel with this research, the company launched ohauth.ai, a freely available OAuth security catalogue enabling teams to assess app permissions, identify security concerns and evaluate governance risks.
The company was founded in 2025. CEO Dan Bendler previously founded two AI startups that together raised more than $45m, while CTO Philip Shteyn is a former Unit 8200 Captain who contributed to building Palo Alto Networks’ Cortex platform.
Offroad’s platform is designed to address a structural shift in how enterprises manage identity. Security teams have long struggled to keep pace with human user access across fragmented systems, but the emergence of AI agents and non-human identities has compounded that complexity significantly, operating at machine speed and scale through authorisation flows that were not built with autonomous access in mind.
Offroad co-founder and CEO Dan Bendler said, “Identity is no longer just a workforce access problem. Enterprises now operate across a constantly changing mix of human users, machine identities, and AI agents. The context needed to understand and resolve identity risk is spread across dozens of systems and workflows, while security teams are still expected to investigate and remediate issues manually. That model is becoming increasingly difficult to sustain.”
Offroad CTO Philip Shteyn said, “Most identity systems were designed around assumptions that no longer hold. AI agents operate across systems at all hours and at a scale humans never could, which makes traditional behavioral baselines far less reliable. Security teams need systems capable of continuously investigating and reasoning through identity activity, not simply generating more findings.”
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
