NewCore

Cybersecurity Dual-Use Technology Priority Signal Founded 2025

Last updated: Jul 13, 2026

NewCore is an Israeli cybersecurity company building a security-first enterprise identity platform that discovers, secures, and governs human, machine, and AI-agent identities under a single architecture, replacing legacy web-era identity providers for the agentic enterprise.

Visit Website

Company Overview

**Product and problem.** NewCore is a Tel Aviv- and San Francisco-based identity-security company that emerged from stealth in June 2026 with a platform designed to rebuild enterprise workforce identity for what it calls the "agentic era." The company's thesis is that the identity layer—now the de facto control plane of the modern enterprise—rests on 15-year-old architectures (SAML, OIDC federation, single-signing-key identity providers) that were designed for human employees logging into web applications, not for a workforce that now blends humans, machine/service accounts, and autonomous AI agents. NewCore argues this architectural mismatch is the root cause behind a wave of high-profile identity-driven breaches (it explicitly references incidents at MGM, Change Healthcare, and Snowflake customers), where attackers abused federation trust, replayed tokens, or exploited orphaned and ungoverned credentials. The concrete problem NewCore solves is giving CISOs a single system of record and control that continuously discovers every identity—including shadow and orphaned credentials and ungoverned AI agents—and enforces cryptographically hardened authentication and lifecycle governance across all of them.

**Core technology and how it works.** NewCore's platform is assembled from several distinct technical components disclosed at launch. Its **Secure Split Key (SSK)** mechanism removes the single point of failure inherent in SAML/OIDC identity providers by splitting the signing key so that no single compromised component can forge assertions, directly targeting "Golden SAML" forgery and token-replay attacks. **Agentic Identity Management** treats AI agents as first-class identities with their own lifecycle, trust scoring, and revocation, and ships with integrations for developer agents including Claude Code, OpenAI Codex, and Cursor—reflecting the reality that coding agents now hold powerful credentials inside enterprises. **VisualMFA** provides an out-of-band, visually verifiable authentication factor intended to resist relay and social-engineering attacks that defeat conventional push-based MFA. **Hardware-Bound Credentials** anchor identity to TPM and Secure Enclave hardware roots of trust, replacing phishable factors. Rounding out the stack are **Continuous Discovery**, which maps all human and non-human identities, and **Agentic Migration**, a zero-downtime cutover path that preserves existing federations so enterprises can adopt NewCore without ripping out their current identity provider. Together these form a defense-in-depth identity fabric rather than a single point product.

**Market, customers, and go-to-market.** NewCore targets enterprise organizations—reported as companies with roughly 500 or more employees—and sells directly to CISOs, positioning itself against the incumbent identity-provider stack rather than as an add-on. The company is entering one of the most contested and best-funded segments of cybersecurity: workforce identity and the fast-emerging category of non-human and AI-agent identity governance. Its go-to-market leans on the founders' enterprise relationships and on the "system of record" framing that lets it displace or wrap legacy IdPs via the Agentic Migration path. NewCore made the platform available to enterprise customers as of June 2026 and demonstrated at Identiverse (June 15–18, 2026), the industry's principal identity conference, signaling an aggressive early commercial push rather than a prolonged closed beta. Management has publicly projected generating "tens of millions of dollars in revenue within the next 18 months," an aggressive target that is a claim to be diligenced rather than a proven result.

**Traction, funding, and third-party validation.** NewCore exited stealth with a total of $66 million raised roughly one year after founding, at a reported valuation of about $300 million. The capital came in two tranches: a $16 million pre-seed led by Index Ventures and Cyberstarts, followed by a larger seed round led by Evolution Equity Partners, with Cyberstarts and Index Ventures continuing to participate. The cap table is a notable validation signal in its own right: angel and strategic backers reportedly include Assaf Rappaport (co-founder/CEO of Wiz), Yevgeny Dibrov (co-founder/CEO of Armis), Ofer Ben-Noon (Palo Alto Networks, ex-Talon), Yotam Segev (co-founder/CEO of Cyera), Ofir Ehrlich (Eon), and Sharin Fisher (Startpoint Capital). Backing from the founders of several of Israel's most valuable current cybersecurity companies is a strong ecosystem endorsement. The company reported more than 50 employees across Israel and the United States at launch.

**Founders and team.** NewCore's founding team is unusually credentialed. CEO **Zohar Alon** is a three-time cybersecurity founder with nearly three decades in the industry, best known for co-founding Dome9, the cloud-security posture-management pioneer acquired by Check Point (reported at ~$175 million). CTO **Amihai Neiderman** is a veteran senior security researcher from Unit 8200—the Israeli military's elite signals-intelligence formation—and founder of Nym Health, with a reputation in offensive security and AI-focused research. CCO **Erez Yarkoni** is a former Chief Information Officer at T-Mobile USA and Telstra, bringing large-enterprise buyer-side and operational scale experience that complements the two technical founders. This combination of a repeat security founder with a clean exit, an elite offensive-security technologist, and a Fortune-scale ex-CIO is precisely the profile that top-tier cyber investors underwrite, and it materially de-risks execution relative to a typical seed-stage team.

**Competitive dynamics.** NewCore enters a crowded field. Legacy and incumbent identity providers (Okta, Microsoft Entra ID, Ping Identity) own the workforce-SSO control plane NewCore seeks to modernize or displace, and they are themselves racing to add agent-identity features. A dense cohort of Israeli and global startups now targets non-human and machine identity (Astrix Security, Token Security, Oasis Security, Silverfort, Aembit) and adjacent AI-agent security (Onyx Security, Capsule Security). NewCore's differentiation rests on: (1) a full-stack "rebuild" rather than a bolt-on, unifying human and agent identity in one architecture; (2) cryptographic hardening (Secure Split Key, hardware-bound credentials) aimed at the specific forgery/replay failure modes behind recent breaches; (3) a zero-downtime migration path that lowers switching cost against entrenched IdPs; and (4) founder pedigree and a strategic angel base that accelerate enterprise access. The central competitive risk is that incumbents close the agent-identity gap fast enough to blunt the "rip-and-replace" thesis, leaving NewCore to compete as a feature rather than a platform.

**Defense, security, and resilience dual-use relevance.** Identity has become the primary attack surface for nation-state and criminal actors alike, and identity compromise underpins many attacks on critical infrastructure, defense-industrial-base contractors, healthcare, and government agencies. NewCore's platform is dual-use in the sense that hardening the identity control plane directly serves national-resilience and defense-adjacent objectives: preventing federation forgery and token replay, governing machine and service-account identities that proliferate in OT and industrial environments, and imposing lifecycle control and revocation over autonomous AI agents that increasingly hold privileged access. The CTO's Unit 8200 background and the company's explicit framing around breach classes seen in critical sectors reinforce this adjacency. That said, dual-use here is adjacency, not a fielded defense capability: NewCore is a commercial enterprise-security vendor, not a defense contractor, and it has disclosed no government or military deployments. Its strategic value to allied resilience is real but indirect—raising the cost of identity-based intrusions across the enterprises and infrastructure operators that adopt it.

**Growth stage, trajectory, and key risks.** NewCore is an early-stage company: founded 2025, out of stealth mid-2026, ~50 employees, product just entering general availability, and no publicly verified revenue or reference customers yet. Its trajectory is unusually accelerated for its age—$66 million and a ~$300 million valuation at roughly one year old—which reflects investor conviction in the team and category more than proven commercial traction. The principal diligence risks are: (1) **traction verification**—the "tens of millions in 18 months" projection is unproven and named production customers are not yet public; (2) **incumbent response**—Okta and Microsoft can add agent-identity primitives natively; (3) **category crowding**—many well-funded startups are converging on non-human/AI-agent identity; (4) **displacement friction**—identity providers are deeply embedded and slow to replace despite the migration story; (5) **valuation risk**—a ~$300M pre-traction mark sets a high bar for the next round; and (6) **security-product burden**—an identity control plane must itself be exceptionally hardened, since a compromise of NewCore would be catastrophic for its customers. On balance NewCore is a high-quality, high-conviction early-stage bet whose thesis, team, and backing are strong, but whose commercial proof is still ahead of it.

Dual-Use Assessment

Military & Commercial Applications

NewCore's dual-use relevance runs through the identity control plane, which has become the primary attack surface for both criminal and nation-state actors and the common failure point in attacks on critical infrastructure, defense-industrial-base suppliers, healthcare, and government. Hardening enterprise identity—preventing SAML/OIDC assertion forgery and token replay (Secure Split Key), anchoring credentials to hardware roots of trust, and governing the lifecycle of machine, service-account, and autonomous AI-agent identities—directly serves national-resilience and defense-adjacent objectives, and the CTO's Unit 8200 signals-intelligence background reinforces the security depth. The dual-use here is genuine but is adjacency rather than a fielded defense capability: NewCore is a commercial enterprise-security vendor with no disclosed government, military, or classified deployments. Its strategic contribution to allied resilience is indirect—raising the cost and lowering the success rate of identity-based intrusions across the enterprises and infrastructure operators that deploy it—rather than a weapons-specific or operational military function.

Strategic Fit Assessment

Research priority signal

Priority signal means this entry may be worth researching within the Claw & Talon thesis. It does not mean investable, suitable, endorsed, available, or likely to produce returns.

NewCore is a high-conviction early-stage cybersecurity bet whose appeal rests on team, timing, and category rather than proven traction. (1) Team quality is exceptional: CEO Zohar Alon is a repeat founder with a clean exit (Dome9 to Check Point, ~$175M), CTO Amihai Neiderman is an elite Unit 8200 offensive-security researcher and prior founder, and CCO Erez Yarkoni is a former T-Mobile/Telstra CIO providing enterprise buyer credibility. (2) Category timing is strong: identity is now the enterprise control plane and the emergence of autonomous AI agents is forcing a genuine architectural reset that incumbents were not designed for. (3) Investor and strategic validation is unusually deep—$66M across a pre-seed led by Index Ventures and Cyberstarts and a seed led by Evolution Equity Partners, plus angels who are the founders of Wiz, Armis, and Cyera, an endorsement from the operators who built Israel's most valuable current cyber companies. (4) The product is a full-stack rebuild with defensible cryptographic differentiation (Secure Split Key, hardware-bound credentials) and a low-friction migration path. The counterweights are material and belong in any diligence: no publicly verified revenue or named customers yet, a ~$300M valuation at roughly one year old that presumes rapid execution, a crowded non-human/AI-agent identity field, and the risk that incumbents (Okta, Microsoft) close the gap natively. Legacy internal priority-signal only; not an investment recommendation.

Strategic Value to U.S.-Israel Alliance

NewCore's strategic value is threefold. (1) Control-plane leverage: identity is the single most consequential security layer in the modern enterprise, and a vendor that credibly modernizes it—unifying human, machine, and AI-agent identity—occupies a position with outsized influence over enterprise resilience. (2) Resilience and dual-use adjacency: because identity compromise underpins many attacks on critical infrastructure, defense suppliers, healthcare, and government, hardening it (forgery-resistant signing, hardware-anchored credentials, machine/agent governance in OT contexts) contributes to allied national resilience, even though NewCore is a commercial vendor without disclosed defense deployments. (3) Israeli ecosystem depth: NewCore exemplifies the Unit 8200-to-founder pipeline and the compounding advantage of a mature cyber ecosystem, drawing capital and strategic angels from the founders of Wiz, Armis, and Cyera. Its strategic weight is currently potential rather than realized—dependent on converting an elite team and strong backing into verified enterprise adoption in a contested category.

Key Technologies

  • Secure Split Key (SSK) signing that removes the single point of failure in SAML/OIDC identity providers to defeat Golden SAML forgery and token replay
  • Agentic Identity Management treating AI agents as first-class identities with lifecycle, trust scoring, and revocation, including Claude Code / Codex / Cursor integrations
  • VisualMFA out-of-band, visually verifiable authentication resistant to relay and social-engineering attacks
  • Hardware-bound credentials anchored to TPM and Secure Enclave roots of trust to replace phishable factors
  • Continuous discovery mapping all human and non-human identities, including shadow, orphaned, and ungoverned agent credentials
  • Agentic Migration for zero-downtime cutover that preserves existing identity federations

Use Cases & Applications

  • Replacing or wrapping legacy identity providers (Okta, Entra ID, Ping) as the enterprise workforce-identity control plane
  • Governing autonomous AI coding and workflow agents (Claude Code, Codex, Cursor) as managed, revocable identities
  • Preventing identity-federation breaches (Golden SAML, token replay) of the class seen at MGM, Change Healthcare, and Snowflake customers
  • Discovering and remediating shadow, orphaned, and over-privileged machine and service-account identities
  • Enforcing phishing-resistant, hardware-bound MFA for high-privilege administrators and security teams
  • Securing machine and non-human identities proliferating across OT, industrial, and critical-infrastructure environments
  • Protecting defense-industrial-base contractors and regulated enterprises against identity-based intrusion
  • Providing continuous identity governance and audit for CISOs of 500+-employee organizations

Sources and verification

This profile is based on public-source research, Claw & Talon curation, and editorial judgment. Inclusion does not imply endorsement, partnership, investment, or a recommendation to transact. Readers should still confirm current status, customers, funding, and product claims before relying on this profile. The editorial policy explains how profiles are researched, where automated drafting is used, and how corrections work.

This record lists 7 public references used for company identity, status, positioning, or material-claim review.

Public sources

The links below are visible public references used for source discipline around company identity, status, funding, customer, acquisition, public-company, or other material claims where available.

Investor Lens

What this entry is

Private startup

Why it may matter

NewCore may matter as a Cybersecurity entry with not currently an investable standalone company for Israeli technology research.

How an independent investor should read this

Not currently an investable standalone company. Read this profile as a starting point for independent verification, not as a recommendation or suitability assessment.

Evidence to verify

  • Verify current status
  • Verify traction
  • Verify cap table/funding
  • Verify technical claims
  • Verify regulatory/export-control issues
  • Verify customer concentration

Main investor questions

  • Is the company currently active, independently financeable, and raising or not raising on terms you can verify?
  • What customer, revenue, product, and technical evidence supports the company story?
  • What valuation, cap table, rights, and follow-on assumptions would govern any private exposure?
  • Does the dual-use claim map to actual commercial and government/defense/resilience buyer evidence?
  • What evidence would change the thesis or show that the profile is stale?

What not to infer

  • Inclusion does not imply endorsement.
  • Inclusion does not imply allocation availability or current fundraising.
  • Scores do not indicate investment suitability or expected returns.
  • Strategic importance does not automatically imply venture return potential.

Diligence questions

  • What evidence verifies NewCore's current customer traction, deployment status, and revenue concentration?
  • Which technical claims are independently demonstrable today, and which remain roadmap or pilot-stage assertions?
  • Where does the product create real defense, intelligence, critical-infrastructure, or emergency-response value beyond ordinary commercial adoption?
  • How does the platform integrate into existing SOC, cloud, identity, or compliance workflows without adding operational burden?
  • What would disconfirm the priority signal: weak customer references, thin technical differentiation, poor capital efficiency, or limited allied-market access?

Related sector

See the Cybersecurity sector page for market context, related subcategories, and other Israeli companies in this part of the database.

Need a diligence readout?

Use the profile and related checklists as a starting point. If the decision needs more context, request a company screen, founder-call prep, diligence memo, or sector readout.