Oso

Researched 2026-06-28. Primary category: authorization-engine. Independent, VC-backed (Sequoia Series A). 2025 pivot toward AI-agent security.

One-liner — Authorization-as-a-service built on Polar, a declarative policy language — now repositioning hard as an AI-agent security & control platform (“Oso for Agents”).

What it does

Oso lets developers model and enforce access control (RBAC, ReBAC, ABAC, or mixes) using Polar, its declarative policy language (implemented in Rust). Oso Cloud is the managed authorization service (the company claims 1M+ req/s, <10ms latency); the earlier embeddable Oso Library is now legacy/deprecated in favor of Cloud. In 2025 Oso layered on Oso for Agents: discover agents running across an org (laptop, browser, terminal), monitor every prompt / tool call / response, detect policy violations, PII exposure and credential leakage, and enforce policy (“block unknown MCP servers,” “deny all delete operations”) with audit/compliance export.

Where it sits in the stack

Primary authorization-engine (Polar-based PDP); cross-listed to agent-runtime-security because “Oso for Agents” extends from deciding permissions into watching agent behaviour — discovery, monitoring, detection. Layer: model-prompt. Lethal-trifecta role: as an authz engine it constrains sensitive-data and egress (decide whether an action is allowed); the agents product also touches untrusted-input monitoring (flagging risky tool calls), blurring toward agent-runtime-security. Not a content-injection firewall in the ai-runtime-security sense, though its agent monitoring overlaps.

Deployment & architecture

Managed Oso Cloud (SaaS) is the primary path; SDKs in major languages call a central PDP. Self-managed options exist. “Oso for Agents” adds discovery/monitoring across endpoints and an MCP-aware policy layer. Pairs with your IdP; authorizes rather than authenticates.

Positioning & differentiators

Known for Polar — an expressive, purpose-built authz DSL — and a strong developer-education brand (Authorization Academy). Versus open-policy-agent (Rego, infra-general), cerbos (stateless YAML), authzed (Zanzibar/ReBAC database), permit-io (managed OPA/Cedar wrapper), styra (enterprise OPA). Oso’s distinctive 2025 bet is leaning into agent authorization/security as a wedge — closest in that framing to zenity, operant-ai, straiker on the runtime side while remaining an authz engine at its core.

Ownership, funding & M&A

Founded ~2018 by Graham Neray (CEO) and Sam Scott (CTO); remote, New York base. Series A $8.2M (2021-03, led by Sequoia, with SV Angel, Company Ventures, Highland Capital and notable angels). Disclosed total ~$11M (incl. 2019 Sequoia seed); some trackers cite up to ~$26M cumulatively — hence ownership_confidence medium on the exact figure. No M&A — independent (no seed flag). Confidence high on independence, medium on total funding.

CTO / hedge-fund lens

Day-2. Attractive if you want a managed authz engine with an expressive policy language and minimal ops, and you’re interested in the agent-security angle (discover/monitor/control agents) from one vendor. The agents product is new — diligence maturity and production references before relying on it as a primary agent-runtime control; for pure authz the core Oso Cloud is more proven. The Polar DSL is a (mild) lock-in consideration vs OPA/Cedar’s broader ecosystems.

Competitors / alternatives

open-policy-agent, cerbos, authzed, permit-io, styra; on the agent-runtime side zenity, operant-ai, straiker.

Open questions / to verify

  • Exact cumulative funding (sources disagree: ~$11M disclosed vs ~$26M cited) and any round since 2021.
  • Maturity and customer references for Oso for Agents specifically (launched 2025; positioning is largely vendor marketing as of fetch).
  • Status/end-of-life of the legacy open-source Oso Library.

Sources

History

  • [2026-06-28] Stub created from seed registry.
  • [2026-06-28] Researched; established ~2018 founding, NY/remote, founders (Neray/Scott), Sequoia Series A $8.2M (2021), Polar/Oso Cloud. Documented 2025 “Oso for Agents” pivot and added agent-runtime-security as secondary category. No M&A — independent. Confidence high (funding total medium).