Oso Security ships two flagship offerings centered on its Polar policy language: Oso for Apps embeds authorization directly into customer applications, and Oso for Agents extends the same policy engine to AI agents that act on behalf of end users.

The platform centralizes authorization logic outside individual services, letting platform engineering teams enforce role-based, relationship-based, and attribute-based rules from one declarative model. Customer-facing case studies on osohq.com cite enterprise users including Visa, Verizon, Duolingo, Brex, Webflow, Wayfair, Honeycomb, Intercom, Vanta, Auditboard, Productboard, and Oyster.

Authorization sits adjacent to identity and access management but has historically been hand-rolled inside each application — a fragmented, high-friction surface area as systems multiply and AI agents start acting on behalf of users. Felicis frames Oso as the picks-and-shovels infrastructure for this transition: every team building a serious B2B or agent-driven product needs a centralized policy layer, and most lack the engineering resources to build it correctly.

The AI-agent wave compounds the demand. As enterprises connect agents to data and tools, authorization becomes the load-bearing safety primitive — controlling which agent can take which action, against which data, on whose behalf. Oso's positioning as the authorization engine for both humans and agents puts it on the right side of that secular tailwind.

Oso's open-source Polar policy language has become a developer-credibility flywheel: engineers adopt the OSS library inside their own services, then convert to the managed Cloud product for centralized policy management. Oso's Series A and Series A extension are led by Sequoia Capital and Felicis Ventures respectively, anchoring the company in the developer-tooling investment thesis.

The go-to-market motion is product-led rather than sales-led, and the team has stayed small relative to peers — letting Oso operate with founder-mode focus on the policy engine and customer integrations rather than scaling outbound sales. The early pivot toward AI-agent authorization gives Oso a head start on a category that competitors built on legacy IAM stacks have to retrofit.

Oso's commercial product is closed-source while the underlying policy engine remains open. That split creates ongoing tension with parts of the developer community that adopted the OSS library expecting the cloud version to remain free or self-hostable, and complicates the upgrade path from OSS to Cloud for cost-sensitive teams.

The target customer is narrow: platform engineering and developer-experience teams at organizations large enough to need centralized authorization. That focus is a strength on enterprise deals but limits the addressable wedge against horizontal IAM incumbents who can sell across security, identity, and compliance from one motion. Competitors with broader IAM portfolios can bundle authorization at zero marginal price, putting standalone authorization vendors under pricing pressure on the bottom of the market.

Oso's current public pricing page is oriented around Oso for Agents rather than the older Oso Cloud authorization product. The structure is product-led at the low end and sales-led at the high end: a Developer tier is listed at $0 per user per month for up to 3 users, Growth is listed at $15 per user per month for up to 25 users, and Enterprise is custom-priced.

The packaging shows a clear expansion path from individual developer/security evaluation to enterprise deployment. Paid and custom tiers add detections, tool inventory, Slack/SIEM integrations, custom retention and residency, cloud or on-prem deployment, EDR-based agent inventory, onboarding, and higher-touch support, which suggests Oso is monetizing operational security controls around agent permissions rather than only policy-decision API volume.