We're reimagining enterprise Identity and Access Management from the ground up. Founded by serial entrepreneurs Shai Morag and Tal Marom and backed by a $60M seed round from Greylock, Accel, and CRV, we're building the next generation of identity security. Identity is the gateway to everything- who's let in, who's kept out, and it's now the number one attack vector in the enterprise. The tools built to govern it were designed for a slower world of human users and static environments. That world is gone. Identities are exploding across human, machine, and AI agents faster than legacy systems can track, and security teams are left patching together five disconnected tools that still can't answer "who has access to what, right now." We think the answer isn't another point solution- it's a new foundation. Oak is the AI-native Identity Operating System: an AI connector framework that reaches any application, a live identity graph built from raw evidence, and a team of AI agents that governs the full lifecycle of every identity in one platform. We're building Oak's AI-native core from day one-engineered for what enterprise identity is becoming, not patched onto what it used to be. And we're just getting started.
Oak's Vulnerability Research is the sharpest edge of our technical work - the team that takes systems apart to learn how they truly work, and where they break. We go deep into the mechanisms, protocols, and architectures that modern technology is built on, and we pressure-test the assumptions the rest of the industry takes for granted. Sometimes that work sharpens the platform, sometimes it stands entirely on its own, as an original research novelty.
As a Vulnerability Researcher, you'll build first-principles understanding of the technologies and systems you investigate, then go looking for what's wrong with them: the flawed assumptions baked into established paradigms, the gap between how a system is meant to behave and how it actually behaves, and the novel vulnerabilities and exploitation techniques no one has named yet. This is hands-on, deep technical work - reverse-engineering, breaking, and finding what's exploitable before an attacker does.
You'll have the room to follow the research where it leads, and the backing of an ecosystem created to set you up for success by providing every tool and access that could help.
Some threads will feed directly into how Oak understands what's genuinely exploitable, grounding the platform in real attacker reality rather than theoretical risk. Others will be pure discovery, pursued because the problem is hard and the finding truly matters, and published to move the field forward.
Either way, your work establishes Oak's authority in the field. Through original research, disclosures, and technical thought leadership, you'll build a body of work that earns the respect of the security community and sharpens how the industry thinks about what's truly secure.