Funding
Scalekit Raises $5.5M to Secure the Future of AI Agent Authentication
For years, identity and access systems were built around the assumption that humans would be the ones interacting with applications. A user would type in a password, complete multi-factor authentication, and manually log out when their session ended. That model worked well in the era of web and mobile apps, but the rules are changing quickly. The rise of AI agents—software entities that can independently interact with business applications, APIs, and entire workflows—means that authentication must adapt. These agents can appear, complete a task in seconds, and disappear without ever touching a browser.
This shift is exactly what Scalekit is addressing. Founded by the team behind Freshworks’ original authentication platform, the company is focused on building the missing layer of infrastructure for agent identities. Today, Scalekit announced the close of a $5.5 million seed round, led by Together Fund and Z47 with angel participation from experienced operators and investors. The funding enables the launch of Scalekit’s authentication stack designed specifically for AI-native apps, where the primary users aren’t people—but agents.
Why Existing Identity Stacks Fall Short
Traditional identity systems are showing their age. Most platforms still expect a human to log in, remain active for a period, and then log out. When AI agents are introduced, that assumption collapses. Agents are often given more permissions than they should have, or developers create brittle, custom workarounds to make them function. This isn’t just inefficient—it’s dangerous.
Gartner forecasts that by 2028, 25% of enterprise breaches will come from compromised AI agents. The attack surface is expanding, but the protective infrastructure has not kept pace. Developers need authentication that understands the ephemeral nature of agents, applies strict scoping of privileges, and tracks activity across machine-to-machine interactions.
Scalekit addresses this gap with a drop-in toolkit that verifies agent identity, enforces precise authorization, and integrates seamlessly with Model Context Protocol (MCP) servers. The platform provides:
- OAuth 2.1 authorization for MCP servers, delivered in minutes
- Encrypted token vaults to store and manage agent credentials
- Secure tool-calling layers so agents can act in Gmail, Slack, HubSpot, Notion, and beyond without exposing raw tokens
This approach eliminates the need for teams to reinvent their own auth systems while dramatically lowering the security risks tied to agent workflows.
Developer-Centric and Modular
One of Scalekit’s biggest differentiators is its developer-first design. Rather than pushing an all-or-nothing migration, the company offers modules that can be added as needed. Teams can start small—by implementing passwordless logins or two-factor OTPs—and later expand into agent-specific features like delegated consent or step-up approvals.
This modularity mirrors how developers want to work today. By keeping the integration lightweight, Scalekit enables startups and enterprises to move quickly without the friction of a massive platform overhaul. As co-founder and CTO Ravi Madabhushi explains, “agent identities live in code, not in user directories.” Scalekit is built with that reality in mind.
The impact is already being seen in the market. Companies like Fello, Sifthub, Napkin, Unstract, Hubbl, and Aerchain rely on Scalekit to speed up their go-to-market timelines. Instead of spending months building authentication systems, they can ship secure AI-native features in weeks. For instance, Fello integrated Scalekit’s passwordless module without re-architecting their app, while Sifthub avoided months of complexity by leveraging Scalekit’s ready-to-go agentic workflows.
The Bigger Picture: Identity in an Agent-Driven World
The rise of AI agents represents more than a new software trend—it marks a fundamental shift in how work is done. Just as cloud computing required new models for infrastructure, the spread of autonomous and semi-autonomous agents will demand new approaches to identity, security, and governance.
As AI agents rise, identity shifts from hidden infrastructure to the critical layer that defines both possibility and protection. Without robust systems to verify who or what an agent is, enterprises risk exposing sensitive data and losing control over mission-critical workflows. The challenge isn’t just preventing breaches; it’s also about enabling agents to safely collaborate, negotiate, and execute tasks within complex ecosystems.
In the near future, identity stacks will need to support:
- Ephemeral credentials that expire within seconds or minutes
- Fine-grained consent models where humans delegate specific actions to agents
- Auditable logs that trace every agent action for compliance and oversight
- Cross-platform interoperability, allowing agents to securely operate across hundreds of apps and services
This isn’t just about security—it’s about governance and accountability in an economy where agents act alongside humans. The emergence of companies like Scalekit suggests how authentication may evolve: lightweight, modular, and built with agents as first-class citizens.
As enterprises embrace AI agents, the question won’t be whether identity systems can handle them, but how quickly businesses adapt their workflows to trust and depend on them. Authentication, once seen as a background utility, could become one of the defining enablers of the AI-driven enterprise — and companies like Scalekit are building the foundations of that shift.
