IAM security platform Cerby raises $40M to expand network, add agentic AI tools

Identity security automation provider Cerby has raised $40 million in a series B funding round, and plans to invest in expanding its network and build up its agentic AI capabilities.

The company says its platform automates the full identity lifecycle across disconnected applications for identity and access management (IAM), identity governance and administration (IGA), privileged access management (PAM) and enterprise password management.

The funding round was led by DTCP, but existing investors including Okta Ventures and Salesforce Ventures also participated.

Cerby intends to invest in expanding its Cerby Application Network, developing its agentic AI software and making its platform more extensible, according to the announcement. The company also plans to scale its go-to-market operations in North America and the EMEA region, and prioritize growth in Germany, France, the UK and the Middle East.

Cerby held a series A investment round in late-2023, and claims to have increased its annual recurring revenue (ARR) by ten times and its customer base by five times since then.

“From day one, we’ve been laser-focused on eliminating the operational burden and security risk created by manual identity workflows — automatically, intelligently, and at scale,” says Cerby CEO and Co-founder Belsasar Lepe. “We’re building a world where identity security is fully automated — eliminating human error and ensuring no app is left behind.”

Phishing sophistication increases

Phishing attacks are continuing to grow more sophisticated, according to a lengthy blog post from Microsoft.

Corporate VP and Deputy CISO for Identity Igor Sakhnov reviews a list of modern techniques for stealing identities or authentication credentials from enterprise cloud environments. Those techniques include adversary-in-the-middle (AiTM) credential phishing attacks, device code phishing, OAuth consent phishing and device join phishing.

Sakhnov explains how lures are made more effective with AI and QR codes, and how attacks are carried out beyond email, in video calls or on social media platforms.

The post also makes many recommendations for how organizations can improve their security posture, from hardening credentials and cloud digital identities to implementing passwordless authentication methods like passkeys.

An acquisition, a partnership and an expansion

U.S.-based IAM provider Ory Corp has acquired BoxyHQ to integrate its multi-tenant SaaS SSO services and its London and India-based team.

BoxyHQ’s solutions and open-source projects are being rebranded as “Polis” as part of the integration.

“BoxyHQ fits perfectly into Ory’s modern framework because it has its roots in enabling open source innovation and transparency in addition to being composable, which means companies can use the components they need as open source software, a fully integrated managed service, or self-managed solution,” says Ory Corp CEO Jeff Kukowski. “BoxyHQ and Ory are a departure from the black-box, monolithic, one-size fits all solutions offered by legacy providers. Customers of Okta, PING Identity and WorkOS will find immediate value in Ory’s self-service onboarding that eliminates administrative friction.”

Customer identity and access management (CIAM) provider Strivacity and Idmworks have formed a strategic partnership to help organizations quickly deliver customer-focused registration, identity verification, fraud detection, consent management and adaptive access.

Idmworks will bring its end-to-end digital identity services and two decades of guiding complex IAM initiatives to Strivacity’s unified CIAM platform, the partners say.

And as non-human identities (NHIs) take a more prominent role in enterprise operations, Saviynt has extended its cloud-native identity and governance solutions to cover all forms of identities.

The company’s platform enables customers to see a unified view of all NHIs and their access, perform deep analysis of the security posture of NHIs and visualize their activity.

The announcement came on the eve of this week’s Identiverse 2025, where Saviynt executive presented a workshop on NHI.

Article Topics

AI agents  |  Cerby  |  digital identity  |  identity access management (IAM)  |  identity security  |  Idmworks  |  non-human identities  |  Ory Corp  |  Saviynt