OCP

Oso Cloud Policy AI

Application Security & Authorization Management

Security & ComplianceAuthorizationAccess ControlManagementDeveloper Tools
Function:IT
Subfunction:Identity & Access Management
Loading versions...
Founded
2018
Employees
28
Funding
$25.9M total (Series B $15M Jun 2023)
Stage
$7 million revenue, Early-stage growth SaaS
Report version: Oct 24, 2025

1. Products/Services & Features

  • Main Offerings:

    • Authorization as a Service (AaaS) platform with policy-as-code using Polar DSL
    • Fine-grained access control (RBAC, ABAC, ReBAC) for cloud-native applications
    • Developer-friendly SDKs and APIs for Node.js, Python, Go, and other languages
  • Feature Breakdown: Policy-as-code (Polar DSL), Local Authorization, Fallback/Offline Mode, SSO Support (OIDC), MCP Server Integration, Secure RAG for SQLAlchemy/pgvector, MongoDB and CSV Sync, Policy Testing and Watch Mode, Write Logs and Webhook Integration, Query Builder, TypeScript Type Generation (Departments: Engineering, DevOps, SRE, Platform Engineering, IT Security, Enterprise Architecture)

  • Business Industry Gearing: High - Designed for enterprises and growth-stage SaaS companies requiring complex authorization at scale

2. Security & Compliance

  • Certifications: No public evidence of SOC 2 certification as of October 2025, No public evidence of ISO 27001 or other major security certifications

  • Vendors/Tools: Not applicable - Oso is a security vendor itself

  • Risk Profile:

    • Breaches: No publicly disclosed security breaches reported
    • Features: Audit trails, centralized policy enforcement, testable authorization logic, compliance-ready architecture, 99.99% uptime SLA (Enterprise plan)

3. User Feedback & Adoption

  • Aggregated Reviews: 3 reviews on G2 with positive ratings; limited review volume but high satisfaction scores

    • Pros: Excellent customer support, comprehensive documentation, fast authorization checks (<10ms), flexible policy models, enables faster product shipping, responsive to feature requests, strong reliability
    • Cons: Early adopters encountered some feature and performance issues in 2023 (now resolved), limited review volume on public platforms
  • Adoption Insights:

    • Adoption Ease: High - Well-documented SDKs, extensive API documentation, developer-friendly Polar DSL, quick integration for teams familiar with modern cloud architectures
    • Adoption Cultural Fit: High - Aligns with DevOps, SRE, and platform engineering cultures; emphasizes automation, testability, and operational excellence
  • Metrics: Not publicly disclosed; customer testimonials indicate high satisfaction and retention

  • Barriers: Requires developer expertise to implement; organizations with legacy monolithic architectures may need refactoring; learning curve for Polar DSL

4. Monetization & Business Model

  • Revenue Model: Usage-based SaaS subscription model with tiered pricing based on API requests per month

  • Pricing: Developer (Free, 100K requests/month), Pro ($149 per 1M requests), Enterprise ($249 per 1M requests with custom pricing) (Sources: https://www.osohq.com/pricing, https://www.saasworthy.com/product/oso-cloud/pricing, AWS Marketplace)

  • Market Context:

    • TAM: Authorization and access control market estimated at $5-10 billion annually; growing with cloud-native adoption
    • Growth Stage: High growth - Driven by microservices adoption, enterprise security requirements, and shift to policy-as-code

5. Leadership & Recent Developments

Name Description LinkedIn X Account
Graham Neray Founder and Chief Executive Officer; previously at Techstars Hub71, Techstars, Amberdata, MongoDB, and Cartesian https://www.linkedin.com/in/grahamneray https://x.com/grahamneray
Not publicly disclosed CTO and other executive team members' details require paid subscription access Not available Not available
Not publicly disclosed Additional leadership team members not publicly available Not available Not available
  • Key Metrics Update:

    • Funding: Series A funding round (exact date not specified in recent sources); last major funding was $8.2M Series A led by Sequoia in 2021
    • Employee Growth: Modest growth from founding team to 28 employees; focused on sustainable scaling
  • News/Trends:

    • News Launch: Oso MCP Server (August 2025), Secure RAG for SQLAlchemy and pgvector (July 2025)
    • News Partnerships: Integrations with MongoDB, CSV, SSO providers (Okta, Microsoft Entra); AWS Marketplace presence
    • News Funding: No recent funding announcements in 2024-2025; last major round was Series A in 2021
    • News Challenges: No major public challenges reported; company focused on product reliability and feature expansion

6. Target Audience & Use Cases

  • Target Market: Enterprise and growth-stage SaaS companies, particularly those with microservices architectures and complex authorization requirements

  • Target Users & Personas: Developers, DevOps engineers, SRE teams, platform engineers, IT security teams, enterprise architects

  • User Experience Level: Intermediate to Advanced - Requires solid understanding of cloud architecture, microservices, and security concepts

  • Key Use Cases:

    • Centralized permissions management for multi-tenant SaaS platforms
    • Fine-grained access control across microservices architectures
    • Audit and compliance for regulated industries (fintech, healthcare, edtech)

7. Impact & Recommendations

  • Measurable Outcomes:

    • Workflow Improvements: Reduces time spent building custom authorization logic, enables faster feature shipping, improves security posture, centralizes access control policy management
    • ROI Examples: Customers report faster product delivery, reduced security incidents, lower development overhead for authorization logic, improved compliance audit readiness
  • Fit Assessment: Excellent fit for IT security and platform engineering teams at enterprises and growth-stage companies; strong product-market fit in cloud-native and microservices segments

  • Custom Rec Flags:

    • Priority ICP: Mid-market to enterprise SaaS companies with 50+ engineers, complex authorization requirements, and microservices architectures
    • Short Term Goals: Expand enterprise customer base, improve market awareness, enhance product integrations, achieve SOC 2 certification

8. Data Sourcing Notes

Need help evaluating and implementing AI tools?

ChiriBrain orchestrates your entire AI stack — connecting tools, teams, and workflows into one governed platform.