Offroad raises $7M to automate identity security

Offroad emerged from stealth on June 4, 2026 with $7 million in seed funding led by Ibex Investors and Skywell Capital Partners, according to VentureBeat and SiliconANGLE. Founded in September 2025 and based in New York and Tel Aviv, the company builds what it calls an 'agentic identity security team': AI agents that gather cross-system context from identity providers, SaaS apps, cloud platforms, logs and tickets, investigate access posture, and either remediate risks autonomously or escalate high-impact changes to humans. Alongside the launch, Offroad released ohauth.ai, a free OAuth security catalog, and published an audit of 2,890 public OAuth apps across the Google Workspace and GitHub marketplaces; SiliconANGLE and Help Net Security report roughly one in three, representing more than 1.85 billion installations, showed serious structural security concerns such as dead publisher domains and excessive scopes.
What happened
Offroad emerged from stealth on June 4, 2026 with $7 million in seed funding led by Ibex Investors and Skywell Capital Partners, per VentureBeat and SiliconANGLE. Founded in September 2025 and based in New York and Tel Aviv, the company builds an agent-driven identity-security system that aggregates context from identity providers, HR systems, SaaS apps, cloud platforms, logs and tickets to investigate identity posture and remediate access risks, taking direct action where safe and escalating high-impact changes with supporting evidence.
The OAuth audit
Alongside the launch, Offroad released ohauth.ai, described as a free OAuth security catalog, and published an audit of 2,890 public OAuth applications across the Google Workspace and GitHub marketplaces. SiliconANGLE and Help Net Security report that roughly one in three of those apps - representing more than 1.85 billion installations - showed serious structural security concerns, including scopes wider than an app's function, write-capable AI integrations, threat-intel flags on publisher domains, and dead or purchasable publisher domains.
Why it matters
Industry context
identity and access vendors increasingly wrap automation and orchestration around detection to cut manual triage, and identity risk now spans human users, machine identities, API keys and agent-driven workflows. The ohauth.ai dataset gives practitioners a concrete, inspectable artifact for OAuth governance risk rather than only a product pitch.
What to watch
- •Enterprise integrations with major identity providers and support for machine-identity inventories.
- •The maturity of safe-action heuristics versus false-positive remediation.
- •Whether the ohauth.ai dataset expands and whether independent audits validate the company's OAuth findings.
Key Points
- 1Offroad launched from stealth with a $7M seed round to build agentic AI that discovers, investigates and remediates identity-security risks across many systems.
- 2Its public ohauth.ai audit of 2,890 OAuth marketplace apps found about one in three, over 1.85 billion installs, with structural issues - a tangible governance data point.
- 3Independent trade outlets (SiliconANGLE, Help Net Security, SC Media) corroborate the launch and audit; enterprise integrations and validation of the findings are what to watch next.
Scoring Rationale
A $7M seed launch is modest, but Offroad pairs it with a concrete, inspectable OAuth audit (ohauth.ai) corroborated by independent trade outlets, giving the story practical substance for IAM and security practitioners. It is an early-stage company launch rather than a platform- or model-level milestone, so it lands in the solid band.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems