Offroad, an agentic identity security startup, has emerged from stealth with $7m in seed funding to help enterprises move beyond manual investigation of access risks across human, machine, and AI identities.
The round was led by Ibex Investors and Skywell Capital Partners. Rather than delivering alerts or dashboards, Offroad’s AI agents autonomously gather context from fragmented enterprise systems, surface both real-time threats and underlying posture risks, and resolve them — either by taking direct action where it is safe to do so, or by routing the issue to the relevant person with the context needed to act.
To illustrate the scale of the identity risk problem, Offroad audited 2,890 public OAuth applications listed across the Google Workspace Marketplace and GitHub Marketplace as of May 2026. The company found that roughly one in three apps, collectively accounting for more than 1.85 billion installs, displayed serious structural security concerns that a thorough security analyst would likely reject during manual review. OAuth applications are among the hardest categories of identity risk to govern: they can receive broad, persistent access to systems such as Google Workspace or GitHub — including email, files, code, and calendar data — yet security teams often cannot determine who owns that access, whether it remains justified, or what risk it creates. Alongside its audit findings, Offroad is launching ohauth.ai, a free OAuth security catalogue designed to help teams assess app permissions, governance risks, and security concerns.
Offroad was founded in 2025 by CEO Dan Bendler, who previously built two AI startups that together raised over $45m, and CTO Philip Shteyn, a former Unit 8200 captain who contributed to the development of Palo Alto Networks’ Cortex platform. The company operates across New York and Tel Aviv.
Offroad co-founder and CEO Dan Bendler said, “Identity is no longer just a workforce access problem. Enterprises now operate across a constantly changing mix of human users, machine identities, and AI agents. The context needed to understand and resolve identity risk is spread across dozens of systems and workflows, while security teams are still expected to investigate and remediate issues manually. That model is becoming increasingly difficult to sustain.”
Offroad CTO Philip Shteyn said, “Most identity systems were designed around assumptions that no longer hold. AI agents operate across systems at all hours and at a scale humans never could, which makes traditional behavioral baselines far less reliable. Security teams need systems capable of continuously investigating and reasoning through identity activity, not simply generating more findings.”
Copyright © 2026 FinTech Global
