Startups > Oasis Security

Oasis Security

Oasis secures machine identities and automates non-human identity governance at enterprise scale.

Series B $195M total Founded 2022 New York, New York 142 employees

Oasis Security is a platform for discovering, inventorying, and securing non-human identities (service accounts, API keys, secrets, tokens, certificates) across hybrid cloud environments. The platform combines automated discovery with contextual risk assessment and policy-driven remediation to enforce least privilege access without manual overhead. Founded by former Israeli intelligence operatives, Oasis has raised $195M and serves Fortune 500 enterprises including Chipotle, JLL, and Mercury Financial, achieving 5x ARR growth year-over-year.

Problem solved

Enterprise security teams lack visibility into non-human identities and credentials scattered across cloud, SaaS, and DevOps environments, creating unmanaged attack surface and compliance risk.

Target customer

Fortune 500 and large enterprise companies with hybrid cloud environments, complex identity sprawl, and strict compliance requirements (healthcare, financial services, logistics, manufacturing).

Website LinkedIn Crunchbase Twitter / X

Founders

Danny Brickman

CEO & Co-Founder

Former Head of Cyber R&D at Israeli Defense Forces (IDF) intelligence unit; winner of Israel Defense Prize.

Ami Timarman

CPO & Co-Founder

Former special operations team lead at Israeli Defense Forces intelligence unit; co-winner of Israel Defense Prize.

Funding history

Series A $40M January 2024 Led by Sequoia Capital · Accel, Cyberstarts, Maple Capital, Guy Podjarny (Snyk founder), Michael Fey (Island co-founder)

Series B $120M March 2026 Led by Craft Ventures · Sequoia Capital, Accel, Cyberstarts

Total raised: $195M

Industries

Identity Management Network Security Computer

Pricing

Enterprise SaaS with custom licensing. Annual contract values range $150K–$1M+ depending on number of non-human identities and identity stores. Tiered packages include 'Standard' visibility and 'Advanced' automated remediation. Minimum public reference: $50K for 12-month AWS Marketplace contracts. No self-service or published pricing tiers; 3–6 month enterprise sales cycles.

Notable customers

Chipotle, JLL, Mercury Financial, Fortune-50 healthcare provider, Fortune-500 logistics company, Fortune-500 insurance company, Fortune-300 CPG company, Fortune-200 manufacturing company

Integrations

AWS, Azure, Google Cloud, Kubernetes, GitHub, GitLab, HashiCorp Vault, Okta, Slack, Splunk, ServiceNow

Tech stack

jQuery (JavaScript libraries) core-js (JavaScript libraries) Vimeo (Video players) Open Graph LottieFiles (CMS) HubSpot Analytics (Analytics) Matomo Analytics (Analytics) Linkedin Insight Tag (Analytics) Hotjar (Analytics) Google Analytics (Analytics) Font AwesomeGoogle Font API Apple iCloud Mail (Webmail) Google Workspace (Email) Google Hosted Libraries (CDN) Marketo (Marketing automation) HubSpot (Marketing automation) Google Tag Manager (Tag managers) Webflow (Page builders) Salesforce (CRM) Amazon Web Services (PaaS)

Website

oasis.security/

Competitors

HashiCorp Vault

Open-source secrets management tool; lacks automated discovery, risk assessment, and policy-driven remediation across hybrid environments.

CyberArk

Broader privileged access management (PAM) platform; focuses on human identities and endpoint protection rather than machine identity lifecycle governance.

Delinea (formerly Thycotic)

PAM-focused with secrets management; less emphasis on automated discovery and contextual risk assessment for non-human identities at scale.

AWS Secrets Manager

Cloud-native secrets storage only; lacks cross-environment visibility, policy intelligence, and automated remediation capabilities.

Why this matters: Oasis Security addresses a critical blind spot in enterprise security—machine identity sprawl—with a purpose-built platform backed by $195M from top-tier investors (Sequoia, Craft Ventures) and founded by Israeli military cyber veterans. The 5x YoY ARR growth and Fortune 500 adoption signal strong product-market fit in a high-value security category that's only now getting dedicated platform attention.

Best for: Large enterprises managing hundreds or thousands of non-human identities across hybrid cloud infrastructure who need compliance-ready visibility and automated least-privilege enforcement without manual remediation overhead.

Use cases

Reducing HIPAA/PCI Breach Risk

A Fortune-50 healthcare provider used Oasis to discover all machine identities with database access, identified over-privileged service accounts, and eliminated critical exposures—avoiding a potential $3–5M HIPAA fine. Oasis's contextual ownership and usage data made it possible to safely decommission 40% of dormant identities.

Automating Credential Rotation

A Fortune-500 logistics company reduced secret-rotation effort by 35% by automating certificate and API key lifecycle management through Oasis policy-driven workflows. Previously manual rotation was error-prone and resource-intensive; automation enabled the team to focus on higher-value security initiatives.

Attack Surface Reduction During POV

A Fortune-300 CPG company reduced its non-human identity attack surface by 60% in days during a proof-of-value by identifying and decommissioning unused service accounts and overly broad API tokens. Oasis's anomaly detection (AuthPrint) confirmed which identities were truly unused, enabling safe decommissioning.

Production Outage Prevention

A Fortune-500 insurance company prevented an outage affecting 50% of production workloads by using Oasis Scout to detect unauthorized access attempts on critical service accounts, enabling rapid remediation before the attack escalated.

Alternatives

HashiCorp Vault Choose Vault if you need open-source, self-hosted secrets management with strong encryption; choose Oasis if you need automated discovery, risk assessment, and remediation across multi-cloud environments.

CyberArk Privileged Access Management Choose CyberArk for mature PAM with human identity focus and endpoint protection; choose Oasis for machine identity discovery, contextual risk scoring, and policy-driven lifecycle governance.

AWS Secrets Manager / Azure Key Vault Choose cloud-native secret stores for single-cloud, simple secrets storage; choose Oasis if you need cross-environment visibility, anomaly detection, and automated remediation across hybrid infrastructure.

FAQ

What does Oasis Security do? +

Oasis Security automatically discovers all non-human identities (service accounts, API keys, secrets, tokens, certificates) across your hybrid cloud environment and enriches the inventory with contextual risk intelligence. It then enforces least-privilege access policies and automates credential lifecycle management (rotation, migration, decommissioning) to reduce attack surface without manual overhead.

How much does Oasis Security cost? +

Pricing is custom, tiered by number of non-human identities and identity stores, with annual contract values ranging $150K–$1M+ for enterprise customers. Standard packages include visibility; Advanced packages add automated remediation. The only public price anchor is $50K for 12-month AWS Marketplace contracts. Expect a 3–6 month sales cycle and proof-of-value engagement before final pricing.

What are alternatives to Oasis Security? +

HashiCorp Vault (open-source secrets management), CyberArk (PAM platform), Delinea (secrets + PAM), cloud-native solutions like AWS Secrets Manager. Oasis differentiates by combining automated cross-environment discovery, contextual risk assessment, and policy-driven remediation—not just secrets storage.

Who uses Oasis Security? +

Fortune 500 and large enterprises including Chipotle, JLL, Mercury Financial, and customers in healthcare, logistics, insurance, and CPG. Oasis serves organizations with complex hybrid cloud environments, strict compliance requirements, and hundreds or thousands of non-human identities requiring governance.

How does Oasis compare to CyberArk? +

CyberArk is a broader Privileged Access Management (PAM) platform focused on human identities, endpoints, and application-to-application access. Oasis is purpose-built for non-human identity discovery, lifecycle governance, and automated remediation across cloud-native environments. Choose CyberArk for mature PAM; choose Oasis if machine identity sprawl and least-privilege automation are your priority.