Breaking
PlainID pioneers Policy-Based Access Control (PBAC) $75M Series C led by Insight Partners SAP takes strategic stake in the authorization company Founded 2014 in Tel Aviv, U.S. HQ in New York Now securing agentic AI access at run time Policy 360 unifies the full access-policy lifecycle ~$99M raised across four rounds PlainID pioneers Policy-Based Access Control (PBAC) $75M Series C led by Insight Partners SAP takes strategic stake in the authorization company Founded 2014 in Tel Aviv, U.S. HQ in New York Now securing agentic AI access at run time Policy 360 unifies the full access-policy lifecycle ~$99M raised across four rounds
Company Profile · Cybersecurity · Tel Aviv / New York

PlainID

The company that turned a messy engineering afterthought - who is allowed to access what - into a category of its own: Policy-Based Access Control.

Founded 2014 ~95 Employees ~$99M Raised Authorization

PlainID's "iD" mark. The Tel Aviv-based authorization company sells to Fortune 500 enterprises across banking, healthcare, telecom, and government.

LinkedIn Twitter / X Facebook Instagram
The Dispatch

An access-control problem, fixed at the source

Every data breach has a quiet subplot: someone, or something, had access it should never have had. PlainID spent a decade building the layer that decides that question - and then answers it millions of times a second.

Most software makes access decisions the messy way. A permission gets hard-coded into an application, another into a database, a third into an API gateway. Multiply that across hundreds of systems and thousands of employees, partners, and machines, and you get what the industry politely calls "access sprawl" - and what security teams call a liability they cannot see.

PlainID, founded in Israel in 2014, was built to collapse that sprawl into one thing: policy. Instead of scattering access rules through code, the company's platform lets an organization define who can do what, under which conditions, in a central place - and then enforces those decisions dynamically, in real time, wherever an interaction happens.

The approach has a name PlainID helped popularize: Policy-Based Access Control, or PBAC. It builds on older standards like ABAC and XACML, but the pitch is plainer than the acronyms suggest. Take access logic out of the hands of individual developers, hand it to the security teams who are accountable for it, and make the decision context-aware rather than static.

That single design choice - decoupling the access decision from the application - is the through-line of everything PlainID has built since, from data and API authorization to its newest frontier: controlling what AI agents are allowed to touch.

2014Founded in Israel
$99MTotal raised
$75MSeries C, 2021
500Enterprise-grade customers
What It Does

Authorization, as a platform

Authentication asks "who are you?" Authorization asks the harder question: "now that I know who you are, what exactly can you do?" PlainID lives entirely in that second question.

The PlainID Authorization Platform sits between identities and the digital assets they want to reach - data stores, applications, APIs, microservices, SaaS tools, and now AI systems. When a request comes in, the platform evaluates it against centrally managed policies and returns a decision in real time: allow, deny, or mask. Because policies factor in identity, attributes, and context, the same user can be granted access in one situation and denied in another.

The platform is organized around a few clear jobs. Discover gives teams visibility into the access policies already buried across their systems. Manage standardizes how those policies are authored and maintained. Authorize enforces decisions at run time through a set of enforcement points and an Integration Hub that plugs into the existing stack. And Policy 360, launched in 2025, ties it together with a single view of every policy - its logic, metadata, dependencies, and history - so nothing hides in a corner.

The customers are large and, tellingly, regulated. PlainID concentrates on financial services, healthcare, insurance, telecommunications, pharmaceuticals, and government - industries where "who accessed what, and were they allowed to?" is not a philosophical question but an audit requirement. Public reporting and the company's own materials point to Fortune 500 organizations among its user base.

The Problem It Solves

Why hard-coded permissions are debt with a clearance

When access rules live inside application code, they are invisible, inconsistent, and slow to change. A developer bakes in a rule; years later, no one remembers why it exists or dares to remove it. Compliance teams cannot audit what they cannot see. And when a business rule changes, engineering has to touch dozens of systems to keep up.

PlainID's answer is to make policy a first-class, externalized asset. Change a policy once, and every enforcement point across the enterprise follows. That is also what makes Zero Trust architectures actually workable: you can verify an identity perfectly and still hand it the wrong data if your authorization is static. PlainID is the dynamic decision engine that keeps "never trust, always verify" from stopping at the front door.

"Agentic AI changes everything - run-time authorization makes it secure." — PlainID platform tagline
How It's Different

Not another identity vendor

The broader identity market is crowded with names that manage logins and lifecycles - Okta, Ping Identity, ForgeRock, SailPoint. PlainID deliberately plays a narrower, deeper game: the authorization decision itself. Its closest peers are specialists like Axiomatics, Styra and the Open Policy Agent community, Cerbos, Oso, and SGNL.

What sets PlainID apart within that field is breadth of enforcement paired with a business-oriented interface. It aims to cover data, APIs, microservices, SaaS, and AI from one policy plane, while keeping policy authoring accessible to security teams rather than only to engineers. Policy 360 and its AI-driven Policy Intelligence lean into that, using analysis of existing access data to surface patterns and recommend policies rather than making teams write everything from scratch.

Products & Services

The toolkit

SINCE 2014

Authorization Platform

The core PBAC engine that centralizes access decisions across data, apps, APIs, and services, enforcing them dynamically in real time.

2025

Policy 360

A unified, 360-degree view of every access policy - logic, metadata, dependencies, and actions - so teams can discover, manage, and monitor in one place.

2025

Agentic AI Authorization

Run-time access control for AI agents, including a LangChain Authorizer plus RAG and MCP controls, so LLM-driven agents only access and expose permitted data.

2019

Authorizers & Integration Hub

Enforcement points and out-of-the-box integrations that connect the platform to identity providers and the existing tech stack.

2026

Policy Intelligence

AI-driven analysis of existing authorization data that discovers access patterns and recommends optimized policies.

BUSINESS MODEL

Enterprise SaaS

B2B subscription software. PlainID typically lands with one use case - data, API, or workforce access - then expands across the enterprise via partners and integrators.

The Founders

Built by people who lived the problem

PlainID's origin is not a garage story. Its founders came out of banking security and Israel's military computing world - places where getting access wrong has real consequences. CEO Oren Ohayon Harel was previously Deputy CISO at one of Israel's largest banks. Co-founder and CTO Gal Helemski, now also Chief Innovation and Product Officer, spent six years in the IDF's elite Mamram computing unit and holds a physics and computer science degree from Bar-Ilan University.

OH

Oren Ohayon Harel

Co-Founder & CEO
GH

Gal Helemski

Co-Founder & CTO / CInO
DT

Dmitry Tuchinsky

Co-Founder
Funding & Backers

Roughly $99M, and a strategic nod from SAP

PlainID has raised close to $99-100M across four rounds. The headline event was a $75M Series C in December 2021 led by Insight Partners, with participation from Viola Ventures and others. But an earlier, quieter signal mattered too: in 2019, enterprise-software giant SAP took a strategic stake - the kind of validation that opens doors with enterprise buyers.

RoundAmountDateLead / Investors
Series A$11MJul 2018Viola Ventures, Capri, Springtide, iAngels
StrategicUndisclosed2019SAP
Growth round$11MNov 2020Existing investors
Series C$75MDec 2021Insight Partners, Viola Ventures
Timeline

A decade of decisions

2014
PlainID is founded
Oren Ohayon Harel, Gal Helemski, and Dmitry Tuchinsky launch the company in Israel to centralize authorization through policy.
2018
$11M Series A
Viola Ventures leads the first institutional round to scale the PBAC platform.
2019
SAP invests strategically
A stake from the enterprise-software giant validates PlainID's authorization approach.
2020
Growth on 300% YoY
PlainID announces an $11M round on the back of rapid customer growth.
2021
$75M Series C
Insight Partners leads, pushing total funding toward $99M.
2025
Policy 360 & agentic AI
A unified policy view launches alongside a LangChain Authorizer to secure AI agents at run time.
2026
AI-driven Policy Intelligence
The platform begins recommending policies from analysis of real access patterns.
Where It Fits

The missing half of Zero Trust

The identity and access market has spent years perfecting authentication. Authorization - the decision that comes after login - lagged behind, largely because it was hard and unglamorous. PlainID's bet is that this is exactly where the next wave of security spend lands, driven by two forces: regulation that demands granular, auditable access control, and AI that introduces a new kind of actor.

That second force is the interesting one. AI agents don't carry badges; they carry API keys and act on behalf of users at machine speed. Treating them like employees who need permissions - and enforcing those permissions in real time - is a problem most enterprises have not yet confronted. PlainID's move to authorize agentic AI is an attempt to be early to a market that barely exists, using the same policy engine it already sells for humans and services.

The next insider threat won't have a badge. It will have an API key and a model behind it.

Whether PlainID becomes the default authorization layer for the AI era or one strong option among several, its role is clear: it is infrastructure. The kind of software you never see, making the decision that matters, over and over, quietly.

Frequently Asked

The short answers

What does PlainID do?

PlainID provides an enterprise authorization platform built on Policy-Based Access Control (PBAC). It centralizes decisions about who can access what across data, applications, APIs, microservices, and AI agents, and enforces them dynamically in real time.

What is Policy-Based Access Control (PBAC)?

PBAC decides access based on policies combining identity, attributes, and context, rather than static roles or permissions hard-coded into applications. PlainID is the recognized pioneer of the model, which builds on standards like ABAC and XACML.

Who founded PlainID and when?

PlainID was founded in 2014 in Israel by Oren Ohayon Harel (CEO), Gal Helemski (CTO and Chief Innovation & Product Officer), and Dmitry Tuchinsky.

How much funding has PlainID raised?

PlainID has raised roughly $99-100M in total, including an $11M Series A (2018), a strategic investment from SAP (2019), and a $75M Series C led by Insight Partners (2021).

How is PlainID relevant to AI security?

PlainID extends authorization to agentic AI, enforcing access policy on AI agents at run time. Its LangChain Authorizer and RAG/MCP controls ensure LLM-powered agents only access and expose data they are permitted to.

Watch & Explore

Interviews and demos

Links & sources