The Announcement
Willow, a startup founded by former Wix engineers, has emerged from stealth with $7 million in seed funding to address what it calls the fastest-growing and least governed attack vector in the enterprise: AI agent access to internal systems. Led by Hetz Ventures, the round follows early angel backing from Wix co-founders Avishai Abrahami and Nir Zohar. Willow’s platform provides a governance and access layer that gives organizations visibility into how AI agents connect to enterprise tools, applies granular controls over agent actions, detects shadow AI, and generates runtime-scoped permissions. The product has already been deployed internally across more than 5,000 Wix employees, giving Willow an unusually credible proof point for a company this early in its commercial life.
The Bigger Picture
The timing of Willow’s launch is not coincidental. Enterprise AI agent adoption has accelerated sharply over the past 18 months, with organizations deploying agents into production workflows faster than they’ve built the governance infrastructure to support them. The result is a widening gap between capability and control. According to the press release, 65% of companies have reported agent-related incidents in the last 12 months. That figure reflects a market that moved on speed and deferred accountability.
The Governance Gap Is Now a Security Gap
This isn’t purely an operational problem. It’s a security and compliance problem with direct liability implications. ECI Research’s 2025 AI Builder Summit survey found that 44% of enterprise AI leaders have only moderate confidence that AI agents can act autonomously without human intervention. That ambivalence sits uneasily alongside the reality that agents are already operating continuously in enterprise environments, connecting to CRM systems, code repositories, HR platforms, and financial tools. When agents can read, write, and execute across those surfaces, the absence of a formal access control layer creates exactly the kind of ambiguous ownership that breeds incidents.
Willow’s architecture directly responds to this by sitting between the agent and the enterprise system, generating scoped permissions at runtime, maintaining audit trails, and surfacing shadow AI integrations that IT and security teams don’t know exist. The marketplace of over 1,000 connectors is a practical accelerant. Enterprises rarely run a single agent talking to a single system. They run dozens of agents across hundreds of integrations, and the combinatorial complexity of governing that without purpose-built tooling is unmanageable.
What This Means for ITDMs
For IT decision-makers, Willow aims to address a problem that most security programs haven’t formally named yet. Traditional identity and access management (IAM) frameworks were designed for human identities. They assume an authenticated user making a discrete request. AI agents break that model. They act continuously, autonomously, and across multiple systems in a single workflow. They can be granted access by an individual employee who never informed IT. They can accumulate permissions over time. And when something goes wrong, attribution is difficult without an audit layer.
The business case for Willow is grounded in risk reduction, but it also enables adoption. The CEO’s framing is apt: enterprises currently face an implicit binary of locking AI down entirely or allowing unconstrained access. A governed middle path could enable the kind of measured, expanding deployment that drives ROI from AI investments. ECI Research’s 2025 AI Builder Summit survey also found that enterprise AI leaders envision a future where humans and AI agents actively collaborate on complex tasks and shared goals, not one replacing the other. That future requires trust infrastructure, and trust infrastructure requires visibility and control. Willow is building that layer.
For ITDMs evaluating the space, the deployment flexibility matters: SaaS, dedicated cloud, self-hosted, and air-gapped options address regulated industries where data sovereignty and compliance requirements are non-negotiable. That’s a meaningful differentiator from governance tools that assume cloud-native environments.
What This Means for Developers
For engineering and platform teams, the immediate relevance is shadow AI detection and runtime permission scoping. Developer-led AI adoption is already outpacing formal IT procurement. Engineers are connecting agents like Claude, Cursor, and Codex to internal APIs and data stores using personal credentials or broad service accounts. That pattern is exactly the kind of ungoverned integration Willow is designed to surface.
The runtime tool generation model is architecturally sound: rather than pre-defining a fixed permission set for an agent, Willow generates tools scoped to the specific task being performed. This is a meaningful improvement over static role-based access models. It also maps well to how modern agents actually work. Agentic frameworks like LangChain, CrewAI, and AutoGen route tasks dynamically. A governance layer that can adapt permissions in real time is a better fit than one that requires manual policy updates every time an agent’s capabilities or use cases evolve.
The 100-plus pre-built skills and 100-plus plugins also reduce the friction of onboarding new agent workflows under governance from the start, rather than retroactively governing agents that were already deployed.
Looking Ahead
Governance Becomes a Buying Criterion
The near-term trajectory for agentic AI governance tools is steep. Enterprise AI adoption is not slowing. ECI Research’s 2026 Enterprise Cloud Maturity report found that 70.9% of organizations source agentic AI capabilities through platform vendors and 68.6% engage IT or consulting service providers, while only 31.5% build agentic AI capabilities primarily in-house. As vendor-supplied agents proliferate across the enterprise, IT and security teams will increasingly demand that those agents operate within a defined, auditable access framework. Willow’s category might shift from “nice to have for early adopters” to a procurement requirement for risk-conscious buyers, and that transition will happen within the next 12 to 24 months.
The Road to Platform
Willow’s $7 million seed is sufficient to prove out go-to-market and accelerate product development, but the company is operating in a capital-intensive segment. Enterprise security sales cycles are long, and the governance conversation requires buyer education at the CISO and CIO level simultaneously. The product’s current traction in industries like cybersecurity, real estate, and fintech suggests Willow is finding early success in verticals where compliance obligations create an immediate forcing function. That’s the right beachhead strategy: land in regulated industries where the governance argument sells itself, build case studies, then expand into broader enterprise accounts.
The marketplace of over 1,000 connectors is also a platform signal, not just a product feature. If Willow can establish its connectivity layer as the default path through which enterprise agents access internal systems, it builds a structural moat that is difficult to displace even as the broader market consolidates. The parallel to how API management platforms became the de facto middleware of the cloud-native era is instructive. The analogy isn’t perfect, but the architectural logic is similar: control the access layer and you control the governance layer.
Stay Ahead of Application Development Trends
Get weekly analyst insights, research notes, event coverage, and AppDevANGLE updates delivered directly to your inbox.
Subscribe for Weekly Insights
Join technology leaders, practitioners, and GTM teams following the trends shaping modern software delivery.
Looking for deeper research access?
Explore ECI Research reports, survey insights, and market analysis through the ECI Research Portal.
