- The financing that signals a paradigm shift
- How does identity management work for AI agents
- The context: AI agents are becoming an operational workforce
- Concrete impact on Italian SMEs
- What has changed compared to six months ago
- The view of a Milanese agency on the Italian market
- What to do now: three operational priorities
- Outlook: The IAM market is reinventing itself around agents
NewCore is a startup that has just closed a $66 million round. Its goal is precise: to provide verifiable digital identities to AI agents operating within organizations. Until today, identity management exclusively concerned people. Now, however, the scope is widening significantly.
In fact, AI agents are taking on real operational roles: they access systems, execute transactions, and communicate with other software. Therefore, the security question shifts – it's no longer enough to know who the human user is, but rather which agent is acting, with what permissions and in what context. This is precisely the problem NewCore aims to solve. We at SHM Studio We are closely monitoring this development because the implications for Italian SMEs adopting artificial intelligence tools are concrete and immediate.
In summary, identity management for AI agents is not a future issue. It is an operational priority that companies, even medium-sized ones, must begin to consider today, before the complexity of AI stacks makes governance impossible to recover retroactively. SHM Studio accompany SMEs on this journey of conscious AI adoption.
The financing that signals a paradigm shift
On June 15, 2026, TechCrunch reported the news of NewCore's launch with a $66 million round. The startup positions itself in a specific segment: the management of digital identities for AI agents in an enterprise context. This is not a niche issue. On the contrary, it is a sign of a structural transition in how organizations conceive of cybersecurity.
Until recently, Identity and Access Management (IAM) systems were designed around the human user. Each employee had credentials, roles, and permissions. Therefore, the attack surface was relatively predictable. Today, however, AI agents are multiplying within enterprise stacks. They perform autonomous tasks, access databases, invoke APIs, and generate outputs that influence real processes.
Therefore, the question NewCore poses is as simple as it is urgent: who guarantees that an AI agent is operating with the correct permissions, in the right context, without being compromised or manipulated?
How does identity management work for AI agents
The technical problem is subtler than it seems. An AI agent is not a user. It does not authenticate with a password. Furthermore, it can be instantiated multiple times in parallel, can operate asynchronously, and can interact with other agents. Therefore, traditional IAM models do not directly apply.
NewCore proposes an architecture based on cryptographic identities assigned to agents. Each agent receives a sort of «digital identity document» that certifies its origin, purpose, and permissions. This way, business systems can verify in real-time whether an agent is authorized to perform a specific action.
Similarly to what happens with SSL certificates for websites, the idea is to create a verifiable chain of trust. However, the complexity increases because agents can be created dynamically, can evolve over time, and can operate on multi-cloud infrastructures. This makes governance particularly challenging.
To delve deeper into the underlying technical architecture, it is useful to consult Gartner's analyses on Agentic AI, which for months have highlighted the management of non-human identities as one of the security priorities for the 2026-2027 biennium.
The context: AI agents are becoming an operational workforce
NewCore’s argument is not an isolated one. In fact, the entire technology ecosystem is moving in the same direction. Platforms such as Microsoft Copilot, Salesforce Agentforce, and a range of vertical tools are integrating AI agents into everyday business processes—not as passive assistants, but as active participants.
Consequently, companies find themselves managing a hybrid workforce: human employees and software agents collaborating on the same workflows. This hybridization creates new vulnerabilities. A compromised agent can exfiltrate data, manipulate processes, or act outside its mandate without any traditional control system detecting it.
According to McKinsey's latest State of AI Report, more than 60% of large organizations have already deployed at least one AI agent in production. Among SMEs, the percentage is lower but growing rapidly. Therefore, the issue of agent governance is not limited to multinational corporations.
Concrete impact on Italian SMEs
Italian small and medium-sized enterprises are increasingly adopting AI tools. Chatbots for customer service, agents for order management, and automations for marketing. However, these deployments are rarely accompanied by structured security considerations.
The main risk isn’t necessarily an external attack. Often, it’s more subtle: a misconfigured agent accessing sensitive data, an automation process performing unauthorized operations, or a system acting on ambiguous instructions without verification mechanisms. In particular, SMEs with limited IT resources are vulnerable because they lack the controls that large companies have already implemented.
We of SHM Studio we observe this dynamic directly in our work with clients. When we support an SME in adopting AI tools—whether in the context of our Artificial intelligence services both in those of digital marketing — Agent governance is one of the points we address from the very beginning. It's not a technical detail to be postponed. It's an enabler for secure scaling.
What has changed compared to six months ago
Last year, the debate around the security of AI agents was still largely theoretical. Real-world compromise cases were rare and poorly documented. Today, however, the market has accelerated significantly. Therefore, the risks have moved from the hypothetical to the operational level.
Three factors have contributed to this shift. First, the proliferation of agent-creation frameworks—LangChain, AutoGen, CrewAI—has lowered the technical barrier to entry. Second, enterprise platforms have natively integrated the ability to deploy agents. Finally, the first security incidents related to misconfigured agents began to emerge in industry reports.
Consequently, the timing of NewCore's launch is no accident. The market is ready to recognize the problem. And investors have evidently decided that the solution is worth a $66 million initial bet.
A Milanese agency's perspective on the Italian market
From our vantage point in Milan, we observe a certain gap between the pace at which Italian SMEs adopt AI tools and the pace at which they develop an awareness of the associated risks. This is not a criticism. It is a structural observation: adoption always precedes governance in every technological cycle.
However, the AI cycle is faster than previous ones. Therefore, the gap between deployment and control risks becoming problematic before companies have time to close it organically. For this reason, we believe that the topic of identity management for AI agents should enter the vocabulary of Italian SMEs starting today — not when the problem manifests itself.
The practical implications extend to various areas. On the Web and digital infrastructure, you need to know which agents have access to company systems. On the front SEO and content, it is necessary to track which agents generate or modify published content. On the Paid campaign e LinkedIn Ads, it is necessary to verify that the automations act within the authorized parameters.
What to do now: three operational priorities
It is not necessary to wait for solutions like NewCore to mature and become available on the Italian market to begin structuring AI agent governance. There are concrete actions that SMEs can take today.
- List of active ingredients: The top priority is to determine how many and which AI agents are operating within the organization, which systems they interact with, and what permissions they have. Often, this visibility is completely lacking.
- Definition of action perimeters: Each agent should have an explicit mandate. Therefore, it is necessary to document what they can do, what they cannot do, and in what context they operate.
- Audit and logging mechanisms Agents must leave verifiable records of their actions. This is not merely a security requirement. It is also a prerequisite for regulatory compliance, particularly in light of the full implementation of the European AI Act.
To further explore the regulatory framework, the Official portal of the European Commission on the AI Act provides an updated overview of the obligations that apply to AI systems in a business context.
Outlook: The IAM market is reinventing itself around agents
NewCore's round is likely the first of many. Similar to what happened with cloud cybersecurity ten years ago, we expect a dedicated segment for non-human system identity and access management to emerge in the next 18-24 months.
The implications for SMEs are twofold. On the one hand, solutions accessible even to organizations without large IT budgets will emerge. On the other hand, regulatory pressure and that from business partners will push towards minimum standards for AI agent governance. Therefore, companies that start structuring themselves today will have a measurable competitive advantage.
In SHM Studio Let's continue to follow this evolution closely. Those who wish to delve deeper into how to integrate AI agent governance into their digital strategy can contact us directly. Moreover, our blog gathers updated analyses on AI, security, and digital transformation for Italian SMEs. For those considering how to structure their digital content with an AI-ready mindset, our SEO copywriting services They offer a concrete starting point.
Related articles
Discover other articles that explore similar topics in depth, selected to give you a more complete and stimulating view. Each piece of content is carefully chosen to enrich your experience.
