Descope Secures $35M for AI Agent Identity Management and Governance Solutions

Descope, an identity security startup, has successfully raised $35 million to enhance its offerings in protecting AI agents that operate autonomously across digital ecosystems. Led by Rishi Bhargava, the startup aims to bolster the security measures surrounding AI-powered agents, ensuring their functions align more closely with organizational security protocols.

This latest funding round is a strategic extension of seed financing, and is expected to facilitate the development of lifecycle management, precision access control, and integration with emerging protocols such as the Mode Context Protocol (MCP). Bhargava noted that these advancements aim to address critical governance issues, including auditing and secure integration of AI agents within enterprise systems.

“CISOs are increasingly concerned about a probabilistic model where agents have more restricted permissions compared to their human counterparts,” Bhargava stated in an interview with Information Security Media Group. “As organizations gain trust in these AI systems, we will gradually increase their permissions.”

Founded in 2022, Descope has already raised a total of $88 million, with the most recent investment round led by Lightspeed Venture Partners and GGV Capital. The company’s leadership, comprised mainly of former executives from Demisto—acquired by Palo Alto Networks—has focused on integrating AI modernities with user security frameworks.

Evolving Challenges in AI Agent Security

The new funding will enable Descope to confront evolving challenges, particularly with respect to dynamically adjusting agent permissions and providing full support for autonomous agents. Bhargava emphasized the need for continuous innovation, as the security landscape surrounding AI agents requires ongoing adaptation to secure their operations effectively.

Unlike traditional machine identities that operate in predictable manners, agentic identities, which leverage large language models, can behave in more unpredictable ways. “The shift from deterministic to probabilistic behaviors marks a significant challenge for security frameworks,” Bhargava explained, highlighting the potential for misinterpretations of commands that may lead to unintended data loss.

These security vulnerabilities include risks posed by hallucinations or misinterpretations, making a case for new identity and permissioning structures that adapt to the specific operational context of AI agents. Bhargava asserted that organizations must implement robust controls, stating, “Machine identities traditionally facilitated interactions between applications, whereas agentic identities necessitate a more nuanced security approach.”

Descope’s Strategic Approach to Governance of MCP Servers

Descope’s Agentic Identity Hub is designed to oversee the entire lifecycle of AI agents, from initial registration to access control and eventual deactivation. The premise revolves around restricting permissions to ensure that agents do not gain capabilities beyond what is necessary for their functions. For instance, if a sales agent is permitted to read CRM data, it should not necessarily be able to update or delete records.

Understanding which agents can access which tools under specified conditions is crucial for maintaining a secure operational environment, particularly in dynamic contexts where permissions might inadvertently lead to mass edits or data deletions. “The goal is to control agent permissions to safeguard organizational assets,” Bhargava stated.

CISOs frequently express concerns about governance deficiencies regarding AI implementations, prompting many organizations to establish AI governance teams. Descope is positioned to assist in managing security risks and ensuring compliance with necessary policies in an evolving digital landscape.