Criminals not knock on the door; they abuse the keys that firms can not management. Offroad seeks to supply that management.
New York- and Tel Aviv-based Offroad emerged from stealth with seed funding of $7 million, led by Ibex Buyers and Skywell Capital. Offroad helps organizations transfer from identification visibility to identification decision – it claims to research, govern, remediate, and confirm identification dangers.
The agency makes use of agentic AI to seek out and examine the problems. It gathers context from fragmented programs. after which fixes them autonomously, both by reporting particulars to a human within the loop, or by autonomous motion wherever protected.
It was co-founded in Might 2025 by CEO Dan Bendler and CTO Philip Shteyn (previously a Captain at Unit 8200, Israeli Army Intelligence).
“Enterprises now function throughout a consistently altering mixture of human customers, machine identities, and AI brokers,” explains Bendler. “The context wanted to know and resolve identification threat is unfold throughout dozens of programs and workflows, whereas safety groups are nonetheless anticipated to research and remediate points manually. That mannequin is turning into more and more tough to maintain.”
Shteyn provides, “Most identification programs had been designed round assumptions that not maintain. AI brokers function throughout programs in any respect hours and at a scale people by no means might, which makes conventional behavioral baselines far much less dependable. Safety groups want programs able to repeatedly investigating and reasoning by way of identification exercise, not merely producing extra findings.”
The identification drawback will worsen. The variety of identities, programs, workflows, and autonomous brokers inside organizations will proceed to develop. Illustrating the present drawback, Offroad has produced and printed (out there from its website) an in depth audit report of two,890 public OAuth functions on Google Workspace Market and GitHub Market.
The audit finds that 918 apps (32%) carry no less than one structural publicity sign: from scopes wider than the app’s said perform, AI with write entry, threat-intel flags, useless writer web sites, buyable or pending writer domains, and brand-leading app names printed by third events.
In tandem with this report, Offroad has additionally launched ohauth.ai, described as “A group catalog of OAuth apps with over-privileged scopes, useless writer domains, and silent permission drift.”
The corporate warns that some identification dangers emerge in realtime, when identities misbehave. Others construct quietly over time by way of privileges that outlive their function, entry that’s saved after roles change, third-party apps with permissions no one can justify, machines with an excessive amount of energy, and AI brokers working throughout programs.
Offroad’s resolution to this identification drawback is to make use of its personal autonomous brokers to seek out the difficulty, collect the context obligatory to know the issue, after which repair it.
Associated: The Credential Disaster: How Stolen Credentials Defeat Fashionable Safety
Associated: 1Password Groups With OpenAI to Cease AI Coding Brokers From Leaking Credentials
Associated: The Blast Radius Downside: Stolen Credentials Are Weaponizing Agentic AI
