The secure action layer for production AI agents - proving which agent took which action, on behalf of which user.
Arcade.dev sells something unglamorous and, for the enterprise, non-negotiable: the ability for an AI agent to take a real action inside a real business system - and for someone, later, to prove exactly what happened. Send the email. File the ticket. Update the record in Salesforce. Then answer the audit question that follows: which agent did that, on behalf of which user, on which resource?
The company, based in San Francisco and founded in 2024, calls itself the "secure action layer" for production AI agents. Its platform handles the parts developers dread - OAuth flows, token storage, permission checks, tool execution and audit logging - across a catalog of more than 8,000 agent-optimized tools spanning Gmail, Slack, GitHub, Salesforce, X and Google Workspace.
Co-founder and CEO Alex Salazar frames the problem bluntly. "Agents don't fail in production because the model is wrong," he has said. "They fail because nobody can prove that for any given action by an agent, whether that agent on behalf of that user can perform that action on that resource." It is a distinctly un-magical way to describe AI - and that is the point.
Arcade did not start here. The team initially set out to build agents, decided, in Salazar's words, that "most agents suck - they don't do much," and pivoted to the infrastructure underneath them. In June 2026 that bet was validated with a $60 million Series A, bringing total funding to $72 million.
"Agents don't fail in production because the model is wrong. They fail because nobody can prove which agent did what, for which user."
Checks permissions before an agent acts - integrating with existing identity providers like Okta, Microsoft Entra and SailPoint so agents inherit the same scoped access as the humans they work for.
Runs the tool call reliably through a single secure gateway. OAuth tokens are encrypted and salted before storage, so the language model never touches raw credentials.
Logs every action an agent takes, producing the audit trail regulated enterprises need to answer who-did-what after the fact.
Most agents fail because they lack authorized access to the private systems needed to do real work - or teams grant that access unsafely, letting models hold raw credentials and widening the attack surface. Arcade gives agents delegated, per-user authorization without exposing secrets to the LLM, and removes the manual work of updating permissions by hand.
Arcade authored the MCP (Model Context Protocol) authorization specification - adopted by Anthropic - and stayed framework agnostic. Its runtime plugs into LangChain, LangGraph, LlamaIndex, CrewAI, Mastra, Google ADK and OpenAI Agents. Alternatives mean building bespoke auth in-house or stitching together integration platforms; Arcade ships 8,000+ tools with authorization built in.
Founded authentication startup Stormpath and sold it to Okta in 2017, then spent years there as a VP building identity products. Now applying that playbook to the authorization of AI agents.
Former Redis engineer and open-source contributor to LLM projects including LangChain and LlamaIndex - bringing the infrastructure and applied-AI depth behind Arcade's runtime.
Enforce, execute and govern agent actions with multi-cloud (AWS, Azure, GCP) and on-premises deployment.
Pre-built, agent-optimized MCP tools and connectors with delegated user authorization handled automatically.
The MCP runtime and authorization spec Arcade authored - user auth, token management and policy enforcement.
Python and JavaScript SDKs for LangChain, LangGraph, LlamaIndex, CrewAI, Google ADK and OpenAI Agents.
Route agent actions through a secure gateway on a usage or subscription basis - self-serve to enterprise.
OAuth tokens are encrypted and salted; the LLM only ever gets scoped, delegated access - never raw secrets.
Arcade sits at the layer between the models everyone talks about and the systems agents actually need to touch. Its customers are developers building LLM-based agents and large enterprises - the platform is described as running in production at some of the world's largest banks, industrials and pharmaceutical companies, exactly the regulated buyers who cannot deploy an autonomous agent without an audit trail.
From individual builders using the SDKs to Fortune-scale banks, industrials and pharma running agents in production.
Anthropic adopted Arcade's MCP authorization spec; LangChain brought Arcade's tool library into LangSmith Fleet.
The default alternative is in-house agent auth or general integration platforms - the trade-off Arcade is built to remove.
Salazar and Partee found Arcade in San Francisco, concluding the hard part of AI agents is authorization, not the model.
Raised a $12M seed led by Laude Ventures - the first publicly announced investment from Andy Konwinski's fund.
Arcade's agent-optimized tools land in LangChain's LangSmith Fleet, widening reach across the developer ecosystem.
Anthropic adopts the MCP authorization specification Arcade authored; the tool catalog grows past 8,000.
Led by SYN Ventures with Morgan Stanley and Wipro; total funding hits $72M and Jay Leek joins the board.
Led by Laude Ventures, with Perplexity/Databricks co-founder Andy Konwinski and NEA's Pete Sonsini.
Led by SYN Ventures, with strategic investment from Morgan Stanley and Wipro. Jay Leek joined the board.
Arcade provides a secure action layer for AI agents. It handles OAuth authentication, token management, permission enforcement, tool execution and audit logging so agents can safely take real actions in systems like Gmail, Slack, GitHub and Salesforce.
It was founded in 2024 by CEO Alex Salazar (former Okta VP and Stormpath founder) and CTO Sam Partee (former Redis engineer and open-source LLM contributor).
$72M total - a $12M seed in 2025 led by Laude Ventures and a $60M Series A in June 2026 led by SYN Ventures with Morgan Stanley and Wipro.
Arcade authored the MCP authorization spec adopted by Anthropic and provides 8,000+ ready-made tools plus encrypted, per-user delegated authorization - so teams don't have to build fragile OAuth and audit plumbing themselves.
Developers building LLM-based agents and large enterprises, including some of the world's largest banks, industrials and pharmaceutical companies running agents in production.