Harel is 32 in the last dossier that bothered to list an age, which means he founded PlainID in his early twenties, which means someone at Bank Hapoalim let a very young engineer sit in the Deputy CISO chair, which tells you something about the reputation he had already built by then. He came up on mainframes at Bezeq, moved into security consulting at Taldor, and then to Bank Hapoalim, where he ran cross-organizational security projects at the sort of scale where you learn, quickly, that the hard part of identity is not who somebody is. It is what they are permitted to do once you have decided.
The insight that became PlainID is the one most CISOs would recite if you woke them at 3 a.m.: access rules live in a spreadsheet, or in an application, or in fifty applications, or in someone's head. Nobody has a single, queryable, auditable view of "who can touch what, and why." XACML, the OASIS standard from the mid-2000s, described a solution. Almost no one implemented it. Harel and his co-founders built the company that did.
The bet paid off slowly. PlainID spent its first few years explaining an acronym. By 2021, "PBAC" was on Gartner slides and the round from Insight Partners closed at $75 million, with Viola Ventures and existing backers rolling. VentureBeat framed the raise as PlainID reducing "identity and access policy chaos," which is polite journalism for the thing every enterprise architect quietly panics about at 2 a.m. before an audit.
What Harel is working on now is the same problem with different customers. When LLM agents started asking to touch enterprise data on behalf of users, the authorization question got sharper: which agent, acting on whose behalf, is allowed to read which row of which table? PlainID's positioning shifted to include AI agents and LLM data access. The engine did not have to. That was the point of building it right the first time.