Willow Launches with $7M to Build the Future of Enterprise AI Agent Governance

After a year running quietly inside Wix at the scale of thousands of employees, Willow emerges from stealth as the Agentic Access Platform for the enterprise. Hetz Ventures leads the round.

Herzliya, Israel · June 4, 2026 — Today we're announcing that Willow has raised $7 million in seed funding, led by Hetz Ventures, to build the access layer enterprises need to safely adopt AI agents at scale.

Willow is the AI Basecamp for the enterprise: a unified Agentic Access Platform where every AI agent gets a real identity, scoped access to exactly the tools its task requires, runtime guardrails, and a full audit trail tied to a human. The platform is already running in production at Wix, powering ~5,000 weekly active users across engineering, product, design, HR, finance, and legal. Deployments are now expanding across cyber security, real estate, fintech, and adtech.

This funding accelerates Willow's go-to-market and product development at exactly the moment enterprises are confronting the question they've been avoiding: who is actually using AI inside the company, with what permissions, and how would we know if something went wrong?

The problem: AI agents are running inside your organization. You probably can't see them.

AI adoption inside enterprises didn't follow the SaaS playbook. It didn't come in through procurement. It came in bottom-up.

A developer installs an MCP server on a Tuesday. Finance starts piping reports into an unmonitored tool. Sales runs an unapproved skill that touches the CRM. Someone in marketing builds a vibe-coded app and wires it straight into the company data platform, and suddenly the entire lead base is one GET request away from anyone who finds the endpoint. No ticket. No inventory. No review.

By the time security asks "what do we actually have?", the honest answer is: we don't know.

The numbers back up what every CISO is already feeling:

• 79% of enterprises are deploying AI agents. (PwC, 2025)
• 73% are running multi-agent systems. (HFS / Cognizant)
• 65% have already had an agent-related incident in the last 12 months. (Cloud Security Alliance, 2026)

Most existing AI gateways only secure what enterprises already know about. The real problem is everything they don't: agents on personal API keys, unsanctioned skills with standing access, data leaving through paths no one logs.

The category that emerged in response, AI security as an after-the-fact dashboard, is failing in two directions at once. It tells security what already happened. It tells employees only what they can't do. Neither closes the gap. Both leave enterprises one prompt away from a serious incident.

Why traditional IAM, PAM, and DLP can't fix this

The default reaction has been to bolt agents onto existing identity infrastructure. It doesn't work, and the reason is structural, not configuration.

Identity and Access Management (IAM) was built for humans and predictable service accounts. Stable identities, known sessions, access to apps and files. Agents break every one of those assumptions. They are non-human, autonomous, short-lived, and multi-tool. One agent might touch Jira, Snowflake, and GitHub in a single task, assemble its capabilities at runtime, and act on behalf of a human while making decisions no one pre-approved.

Privileged Access Management (PAM) vaults credentials for privileged humans and known sessions. Agents are neither.

Machine identity issues certs and keys for predictable, service-to-service traffic. Agents are probabilistic, not deterministic.

Legacy DLP watches the network layer. Agent risk lives at the prompt layer. By the time data shows up in a packet, it has already left through a path no one monitored.

Agentic access is a new category because each existing model solves a narrower problem. Human access assumes a person authenticates once and you trust their judgment. Agents are non-human, multi-tool, probabilistic, and act on behalf of humans while making decisions no human pre-approved. That combination requires governing the action, not just the connection. Not "can this agent reach Snowflake," but "which schemas, under which conditions, doing what."

What Willow does: identity, scope, audit, before an agent touches a system

Willow is the control plane underneath every AI agent in the enterprise. One platform that connects any agent (Claude, Cursor, ChatGPT, Codex, Gemini, n8n, custom agents) to any internal system, with the auth, scope, runtime guardrails, and audit trail enterprises actually require.

The platform does five things, on one control plane:

• Identity at the agent layer. Every agent gets a real identity inherited from your existing IdP (Okta, Entra, Active Directory, JumpCloud). No new identity model to build and maintain.
• Scope per task, not per organization. Tools are generated at runtime, scoped to exactly what the agent's task requires. Not blanket OAuth grants. Not standing access. Least privilege, enforced at the point of tool generation, before the agent acts.
• Runtime guardrails. PII redaction, prompt-injection protection, app-aware permissions, and approval workflows that fire before risky actions complete, not after.
• Shadow AI detection. A browser extension and an endpoint agent (pushed through your MDM) surface unsanctioned MCPs, skills, and agents the moment they appear, not after an incident.
• Audit trail tied to a real human. Every action streamed to your SIEM in real time. Full attribution, every time, no exceptions.

The platform also includes a marketplace with over 1,000 ready-to-use connectors, more than 100 skills, and more than 100 plugins, plus the ability to wrap any internal API as an MCP. Deploy as SaaS, dedicated cloud, or self-hosted, including fully air-gapped.

The outcome is the line we use internally: Willow turns "we can't approve that" into "it's already governed."

Proof: what production looks like at Wix

We didn't write this from a whiteboard. Willow has been running in production at Wix for a year, and the numbers from that deployment are the foundation of everything we just said.

• ~5,000 weekly active users, across engineering, product, design, HR, finance, and legal. More than the entire Wix engineering organization.
• 600+ governed tools, all behind Okta SSO with full audit and shadow-AI protection.
• 300,000+ governed tool calls every week, with zero hit to security posture.

What surprised us most wasn't the scale. It was the breadth. The moments that stuck were the ones we didn't anticipate. An office manager who used to walk hundreds of meeting rooms once a month to release the unused ones now runs a single prompt through Claude, governed by Willow, and frees every empty room in minutes. A developer who spent hours on manual data migrations now does it in one prompt through Cursor, scoped to the right systems and audited end-to-end. Hours back, every week, for people who will never write an MCP file.

"Thousands of Wix employees are using AI agents every day, and at our scale, visibility and control over those agents are absolutely critical. To accelerate AI adoption safely, we need guidelines, governance, and full visibility across the company. Willow provides exactly that."

Avishai Abrahami, Co‑Founder and CEO, Wix

Innovid (NYSE: CTV) uses Willow to govern developer machines specifically around exposure to MCP servers and external skills, getting control and reducing AI risk without telling their engineers to stop. Riskified (NYSE: RSKD) is deploying Willow in production. More are coming.

Why Hetz Ventures led the round

"The gateway between AI agents and an enterprise's internal systems is rapidly becoming one of the most overlooked blind spots in enterprise security. What convinced us to lead this round was watching Willow solve the problem inside Wix first, at the scale of thousands of employees, before bringing it to market. Eyal, Shalev, and Idan have built something rare: a governance layer that enterprises actually deploy, rather than another framework that sits on a shelf. They're the right team to define this category."

Guy Fighel, Partner, Hetz Ventures

The thesis: every infrastructure era has had its access layer

This is the part we keep coming back to.

On-prem had Active Directory. SaaS had Okta. Agents need theirs now. That is the access layer Willow is building, and it is being built right now whether enterprises choose it deliberately or assemble it by accident.

Leaders who treat agent governance as a feature they'll bolt on later, or as a tool that belongs only to the security team, will wake up with seven vendors, seven dashboards, no unified identity for their agents, and no neutral way to answer what those agents actually did across a multi-vendor fleet. They will rebuild it as one platform anyway, under far worse conditions, after an incident.

Willow is built for the other path. Choose the access layer on purpose. Govern every agent, in every tool, on behalf of every human, from one control plane.

What's next

The $7M seed accelerates three things:

• Hiring across engineering, product, and GTM. The platform team is growing, and we're investing heavily in the parts of the product that make enterprise AI actually work in production.
• Deeper platform investment. More guardrails, more shadow-AI coverage, more depth on the integrations that make Willow fit into how enterprise teams already operate.
• Expanding deployments. More enterprise customers, more verticals, more of the world's largest organizations adopting governed AI at scale.

If any of this resonates, the easiest next step is to book a 20-minute demo or explore the platform.

Join us

We're hiring across engineering, GTM, product, and design. If you want to build the access layer for the agentic era, see open roles.

About Willow (formerly Webrix)

Founded by former Wix engineers Eyal Ben Ezra (CEO), Shalev Shalit (CTO), and Idan Chetrit (VP Platform), Willow is the Agentic Access Platform for enterprise AI. The company enables organizations to securely connect AI agents to internal systems with runtime permissions, centralized controls, auditability, and full attribution of agent activity. Willow is headquartered in Herzliya, Israel.