Oak's $60M Bet on Agent Identity Meets a Boolean Pool of Zero
Oak raised $60M to govern AI agent access. The IAM-plus-LLM talent pool collapses to zero on LinkedIn boolean. Here is where to actually source it.
On July 15, 2026, Oak came out of stealth with a $60M seed co-led by Accel, Greylock, and CRV to build a control plane for AI agent identity and permissions. The company already has about 50 people and paying enterprise customers. It also has a hiring problem that every founder chasing this category is about to walk into: the engineer Oak needs does not have a LinkedIn title.
The pool that boolean says is zero
The intersection of "IAM engineer" and "LLM agent engineer" returns zero people on strict title-plus-skill boolean, even though the underlying talent exists. In Refolk's index of professional profiles, a current-title search for "IAM Engineer / Identity Engineer / Identity and Access Management Engineer" across the US and Israel returns 823 people. Add any keyword or skill signal for "LLM" or "AI agent" to that same query and the result collapses to 0.
That is the sourcing story in one number. The category Oak, Oasis Security, and GitGuardian are racing to define has no self-declared practitioners. Recruiters running title-plus-skill searches will conclude the market is empty and go home. It is not empty. It is unlabeled.
The mechanism is boring and predictable. IAM has been a mature discipline for 20 years, so people put "IAM Engineer" on their profile. Agent orchestration is 18 months old as a production concern, so the engineers doing it have not updated their titles. The overlap lives in commit history and side projects, not job descriptions.
Why Oak needs a specialist that does not exist yet
Oak's roadmap requires an engineer who is fluent in classical IAM plumbing and modern agent architectures at the same time, and those two skill sets live in two different LinkedIn tribes. The company is building a live identity graph that spans humans, service accounts, and AI agents, mapping access granted against access actually used so it can revoke in real time.
To ship that, an engineer needs to hold both stacks in their head:
- Classical IAM: OPA/Rego, Cedar, SCIM, OIDC, SAML, SPIFFE/SPIRE, the Okta/Entra/SailPoint/Auth0 operational reality.
- Agent runtime: MCP (Model Context Protocol), tool-calling semantics, prompt-scoped permissions, LangChain/LangGraph internals, how an agent actually asks for a credential.
The tribes barely talk. IDPro members and Kubernetes SIG-Auth regulars do not overlap much with the MCP spec contributors on GitHub. That is the exact gap Refolk closes: you describe the person in plain English ("someone who has shipped OPA policy at scale and also contributed to an MCP server or LangChain tool") and get a ranked shortlist assembled from signals across GitHub, LinkedIn, and the open web, not from a title filter that returns zero.
The 823, decoded
The 823-person IAM pool concentrates in professional services and hyperscalers, not the product companies a startup wants to poach from. The top employers in Refolk's sample skew toward PwC, Deloitte, DXC, Mizuho, Capital One, Simeio, with a thin bench at Meta, Airbnb, and BetterUp.
| Segment | Count | Source |
|---|---|---|
| IAM Engineers (US + Israel), current title | 823 | Refolk index, title filter |
| Same pool, add "LLM" or "AI agent" keyword | 0 | Refolk index, intersection |
| Top single employer in sample (PwC) | 3 of top 25 | Refolk index |
| FAANG-scale product co's in sample (Meta, Airbnb) | 3 | Refolk index |
| Oak headcount at stealth exit | ~50 | thenextweb.com |
| Adjacent NHI/agent-identity capital, past 12 months | $230M | Oak $60M + Oasis $120M + GitGuardian $50M |
The mechanism behind the services-heavy distribution is worth naming. For 15 years, IAM was sold as a compliance workstream by consulting shops, not as a product-engineering discipline. The 823 people who wrote "IAM Engineer" on their profile were mostly hired to configure SailPoint and pass SOX audits, not to write Go and ship SDKs. Oak needs product engineers. The bench it is poaching from was never trained to build product.
That is the first non-obvious cut. The second: strip services firms out of the 823 and the addressable product-IAM pool is closer to 100 to 150 people across the US and Israel. Now overlay a requirement that they have touched an LLM agent in anger, and you are hunting from a list that has to be assembled by inference.
How to actually source it
You source this pool by ignoring titles and following contribution graphs, alumni networks, and adjacent open-source communities. The signal-to-noise is inverted from a normal search: the strongest candidates advertise the least.
Seven lanes that actually produce candidates:
- SPIFFE/SPIRE contributors on GitHub. Workload identity is the closest existing analog to agent identity, and the contributor set is small enough to read end-to-end.
- Open Policy Agent and Cedar maintainers. Policy-as-code is the substrate every agent-identity product will sit on. The commit history is public.
- MCP spec contributors and MCP server authors. This is where agent permissioning is being invented in real time. Almost none of them have "identity" in their title.
- Kubernetes SIG-Auth regulars. Meeting notes and KEP authorship are public. Same tribe that shipped service accounts is now shipping workload federation.
- IDPro membership and the CIDPRO cert holders. Deep IAM domain knowledge, thin on LLM exposure, so filter for anyone with a side project involving agents.
- Ex-Ermetic, ex-Silverfort, ex-CyberArk, ex-Axiom, ex-Natoma engineers. M&A has locked the founding teams up, but the second and third hires roll off retention on predictable cliffs.
- The LangChain, LangGraph, and Autogen contributor graphs, filtered for anyone who has also touched an auth library. Rare, but they exist.
Every one of those lanes requires stitching signals across platforms. That is exactly the friction Refolk is built to remove: describe the hybrid in plain English, get back a ranked list with the evidence attached.
The Israeli closed loop
Oak will staff most of its senior bench from a Tel Aviv identity-cloud diaspora that is essentially closed to outside recruiters. CEO Shai Morag sold Ermetic to Tenable for $265M in 2023 and Secdo to Palo Alto Networks in 2018. CPO Tal Marom came out of Tenable and Salesforce. The same alumni network is staffing Oak, Oasis Security ($120M Series B in March 2026), Silverfort, and every new agent-identity bet raising a seed in Tel Aviv.
That closed loop is why $60M seeds are possible pre-revenue in this category. It is also why US founders trying to compete on the same category will find the Israeli senior pool rationed by founder rolodex, not by market rate. If you are hiring in the US against Oak, your realistic play is the SPIFFE/OPA contributor graph plus the ex-Axiom and ex-Natoma diaspora, not a bidding war in Tel Aviv.
The category has no self-declared practitioners, which means the best recruiters in it are running graph queries, not boolean.
The demand curve is running two orders of magnitude ahead of the labeled supply
Non-human identities already outnumber human identities 100 to 1 in enterprises, and IDC projects up to 1.3 billion AI agents in operation by 2028. The engineering discipline to govern them has not scaled remotely close to that. This is a structural squeeze, not a cyclical one.
GitGuardian's 2026 State of Secrets Sprawl report puts a sharp edge on the operational reality: 28.65M hardcoded secrets added to public GitHub in 2025, up 34% year over year, and AI-service-related secrets surged 81% to 1.27M incidents. CEO Eric Fourrier's framing captures the shape of the shortage: "Organizations that once managed hundreds of service accounts will now face thousands of autonomous AI agents, each requiring secure credentials."
Every enterprise on that curve will need a team that looks like the one Oak is trying to hire. The category is going to hire ten thousand people over the next five years from a labeled pool of roughly zero.
What competing acquirers are doing to the senior end
Incumbent M&A is draining the senior end of the pool faster than founders can hire it, and the acquisition math means those engineers are locked up on four-year retention.
Recent moves worth naming:
- Palo Alto Networks bid for CyberArk.
- Okta acquired Axiom.
- Silverfort grabbed Fabrix.
- Snowflake bought Natoma.
- Geordie AI won the RSAC 2026 Innovation Sandbox and raised a $30M Series A in May 2026 for an agent-native security platform.
If you are sourcing Staff or Principal candidates against Oak, you are competing with vesting cliffs that were signed six to twelve months ago. The realistic window on the ex-Axiom bench opens in mid-2027, on ex-Natoma in early 2028. The Senior IC and Staff-minus lanes (SPIFFE contributors at mid-career, OPA maintainers who never got acquired, ex-Ermetic engineers who joined the Tenable integration and are now bored) are the pool that is actually hire-ready today.
Founders in this category should be doing two things in parallel. First, mapping the acquisition cliffs by name and putting every locked-up founding engineer on a 90-day check-in cadence. Second, running graph-based sourcing against the seven lanes above to build a working list of 50 to 80 hybrid candidates before the next round closes and the price goes up. Refolk is the fastest way to build that list, because "IAM engineer who has also shipped agent tooling" is exactly the plain-English query that title-based tools cannot answer.
FAQ
How big is the AI agent identity talent pool right now?
On a strict title-plus-skill boolean, effectively zero. In Refolk's index, the base pool of self-identified IAM engineers across the US and Israel is 823 people, and adding any LLM or AI agent keyword signal collapses that to 0. The working pool exists, but it has to be inferred from GitHub contribution history (OPA, Cedar, SPIFFE, MCP), open-source maintainership, and alumni networks from Ermetic, Silverfort, Axiom, and Natoma. Realistic hire-ready shortlist for a US Series A: 40 to 60 people.
Why can't LinkedIn boolean find these engineers?
Because "agent identity engineer" is not a job title anyone has held long enough to put on their profile. The role was invented in the last 18 months. Existing IAM engineers are mostly configured-in-services roles at PwC, Deloitte, and DXC, and existing LLM engineers do not think of themselves as identity people. The intersection lives in side projects, commit graphs, and community memberships (IDPro, SIG-Auth, MCP spec working groups), none of which LinkedIn indexes as searchable skills.
Where should Oak and its competitors actually source?
Follow contribution graphs, not titles. The seven productive lanes are SPIFFE/SPIRE contributors, OPA and Cedar maintainers, MCP server authors, Kubernetes SIG-Auth regulars, IDPro cert holders with agent side projects, ex-Ermetic/Silverfort/CyberArk/Axiom/Natoma alumni past their retention cliffs, and LangChain/LangGraph contributors who have also touched an auth library. This is exactly the query shape Refolk is built for.
Is this a cyclical shortage or a structural one?
Structural. Non-human identities already outnumber humans 100 to 1 in enterprises, and IDC projects up to 1.3B AI agents in production by 2028. The engineering discipline to govern that is two orders of magnitude behind the demand curve, and no bootcamp or CS program teaches it as a coherent field yet. Expect this category to be hire-constrained for at least the next three to five years, with senior compensation running well ahead of adjacent security roles.