--- title: AI Security Startups Map — Full Vendor Directory date: 2026-06-08 lastUpdated: 2026-06-08 published: 2025-06-05 --- # AI Security Startups Map — Full Vendor Directory > Interactive, continuously updated map of agentic AI security startups and vendors — runtime guardrails, agentic identity, AI red teaming, governance, and more. Source: https://startups.prompt.security/ · Curated by Prompt Security · 294 vendors · 14 categories · Last updated: June 8, 2026. ## Categories ### Observability & Governance (governance) Continuous discovery, inventory, and behavioral profiling of every AI agent across the enterprise. Lifecycle controls, audit trails, and policy enforcement to keep the agent fleet visible and accountable. ### Runtime & Guardrails (runtime) Inline content inspection and behavioral enforcement at the moment of inference. Blocks prompt injection, jailbreaks, data exfiltration, and unauthorized tool calls before they reach the model or downstream systems. ### Agentic Identity (identity) Issues verifiable, scoped, and revocable identities to AI agents and non-human workloads. Brokers least-privilege access to tools, APIs, and data so each agent action can be authenticated and audited. ### MCP & LLM Gateways (mcp-gateway) Protocol-layer control plane sitting between agents and the MCP servers, tools, and models they call. Per-request auth, scope enforcement, tool-call inspection, and supply-chain governance for the agent ↔ tool boundary. ### AI Red Teaming (redteam) Automated and human-in-the-loop adversarial testing of agents, models, and AI infrastructure. Generates attack chains, evaluates defenses, and produces auditor-ready findings before vulnerabilities reach production. ### AI-SPM (aispm) Posture management for AI agents, models, datasets, and pipelines across cloud and SaaS estates. Maps agent dependencies, surfaces misconfigurations, and prioritizes risk before workloads are exploited at runtime. ### Agentic Data Governance (dspm) Governs what data AI agents can read, write, and surface to users. Detects oversharing, enforces need-to-know access at inference time, and remediates sensitive-data exposure across the agent supply chain. ### Model Security (model) Secures the model itself across the ML lifecycle — supply-chain scanning of model files for backdoors, malware, and poisoning. Runtime protection against adversarial inputs and integrity drift in production. ### Agentic Network Security (network) Network-layer visibility and enforcement for AI traffic that bypasses traditional firewalls, SSE, and SASE. Decodes prompt/response flows, blocks shadow AI usage, and applies dynamic policy by app, user, and data type. ### Agentic Endpoint Security (aes) Next-generation EDR for AI agents running on developer and employee endpoints. Endpoint-native sensors intercept agent actions before execution, enforce intent-based policy, and surface shadow agents fleet-wide. ### Agentic Code Security (aspm) Shift-left security for AI-generated code and agent-orchestrated codebases. Reviews designs, scans dependencies, and governs coding agents (Cursor, Claude Code, Copilot) before insecure code ships to production. ### Agentic Browser Security (browser) Controls AI usage happening inside the browser, where most employee GenAI activity lives. Browser-layer DLP, in-flow coaching, and per-action policy enforcement for ChatGPT, Copilot, Claude, and embedded copilots. ### Agentic SSPM (sspm) Secures AI agents and copilots that live inside SaaS applications and citizen-developer platforms. Discovers OAuth-connected AI, governs Copilot Studio / Agentforce / LCNC agents, and contains SaaS-to-SaaS propagation risk. ### Sandboxing & Secure Envs (sandbox) Isolated execution environments where AI-generated code and agent actions can run without touching production. Container, microVM, and syscall-level boundaries that contain blast radius when agents go off-script. ## Vendors ### Acuvity - Website: acuvity.ai - Founded: 2023 - Country: USA - Funding: $9M - Categories: Observability & Governance, Runtime & Guardrails, AI-SPM, Agentic Browser Security, MCP & LLM Gateways - Founders: Satyam Sinha, Antoine Mercadal - Investors: Foundation Capital, Cervin Ventures, Cisco Investments, Xerox Ventures - Capabilities: Comprehensive AI security and governance platform across employees and applications; intent-based access controls; real-time monitoring of prompts, responses, and agent behaviors; visibility into GenAI applications, services, and plugins; reputation scoring and exposure tracking; secure MCP server protection (open source); audit trail for compliance; coverage across browsers, endpoints, and agents. - Sensors/Integration: Cloud-delivered platform with control points across browsers, endpoints, and agents; integration with major LLM providers and AI tools; language-based access controls; pluggable deployment without code changes. - Protections: Inline blocking and redaction of sensitive data before reaching LLMs; real-time enforcement of language-based access policies; behavioral anomaly detection across user-AI interactions; intent classification distinguishing adversarial behavior from legitimate use; comprehensive audit logs for compliance. - Differentiator: Acquired by Proofpoint in February 2026 — one of the highest-profile pure-play AI security acquisitions of 2026; its intent-based access positioning was the key thesis behind the acquisition. ### Advai - Website: advai.com - Founded: 2020 - Country: UK - Funding: £3M+ - Categories: Model Security, AI Red Teaming, Observability & Governance - Founders: Alex Carruthers, David Sully - Investors: Form Ventures, Quantum Motion - Capabilities: AI testing and monitoring platform for secure, compliant AI deployment; adversarial robustness testing; continuous monitoring of deployed models; AI governance and assurance workflows; targets UK government and regulated industry; aligned with UK AI assurance frameworks. - Sensors/Integration: API and SDK integration with customer ML platforms; adversarial test harness; continuous monitoring telemetry; integration with model registries. - Protections: Pre-deployment robustness validation; continuous monitoring catching model degradation; assurance workflows supporting UK government AI procurement; compliance evidence for emerging UK AI regulation. - Differentiator: UK-focused AI testing and assurance startup; strong public-sector positioning with UK Government Digital Service relationships; complements UK's emerging AI safety institute ecosystem; bridges AI red team and AI governance categories. ### Adversa AI - Website: adversa.ai - Founded: 2019 - Country: Israel - Funding: $50K - Categories: AI Red Teaming, Observability & Governance, Model Security - Founders: Aviram Jenik - Investors: Moxxie Ventures, Perplexity Fund, VentureIsrael, TAU Ventures - Capabilities: AI security platform for red teaming AI agents, GenAI applications, and ML models; comprehensive adversarial testing across the AI lifecycle; threat modeling for AI systems; security research and publications informing the broader category; pioneering work on adversarial AI dating from before the GenAI boom; coverage spanning traditional ML adversarial attacks (evasion, poisoning) plus GenAI-era threats (prompt injection, jailbreaks, agent manipulation). - Sensors/Integration: Cloud-delivered red teaming platform; integrates with target AI applications and agents via APIs; testing harness generating adversarial inputs across modalities (text, image, audio); research-driven attack chains derived from peer-reviewed and gray-literature AI security research. - Protections: Pre-deployment red teaming surfaces vulnerabilities before production; continuous adversarial testing in CI/CD; threat modeling for new AI deployments; security research outputs (advisories, vulnerability disclosures) feeding the broader category. - Differentiator: AI security pioneer founded in 2019 — predates the GenAI boom by 3+ years and has deep adversarial-ML research heritage covering the broader ML security space, not just LLMs; Influential in shaping early industry thinking on adversarial AI; Broad coverage (traditional ML + GenAI + agents) appeals to enterprises with both classical ML and GenAI workloads. ### Aembit - Website: aembit.io - Founded: 2021 - Country: USA - Funding: $45M - Categories: Agentic Identity, MCP & LLM Gateways - Founders: David Goldschlag, Kevin Sapp - Investors: Acrew Capital, Ballistic Ventures, Ten Eleven Ventures, Okta Ventures, CrowdStrike Falcon Fund - Capabilities: Workload IAM extended to AI agents; Blended Identity model combining the AI agent's non-human identity with the human operating it in a single policy decision at request time; MCP Authorization Server (OAuth 2.1 authorization code flow per MCP spec); MCP Identity Gateway as control point that exchanges agent credentials per-request; short-lived ephemeral credentials; secretless credential exchange; policy-based access decisions; structured audit logs; Trust Providers integration with AWS, Kubernetes, GitHub Actions. - Sensors/Integration: SaaS control plane (Aembit Cloud) + customer-deployed Linux VM Identity Gateway for data locality / network boundaries; agentless from agent's perspective (no SDK required); integrates with existing human IdPs. - Protections: Cryptographic workload attestation, ephemeral credentials only (no static secrets), least-privilege per agent, blended human + agent identity scoping, conditional access policies (MFA-equivalent for machines), per-request authorization for MCP calls. - Differentiator: Blended Identity is rare in agentic identity space — most competitors use either user-only or workload-only identity scoping; Production-scale workload IAM background before extending to AI agents; "production-grade infrastructure running at scale" architectural credibility vs. greenfield pure-play startups; IAM for Agentic AI generally available April 2026. ### Aether AI - Website: tryaether.ai - Founded: 2026 - Country: Australia - Categories: AI Red Teaming - Founders: Jamieson O'Reilly, Barath Parthasarathy - Capabilities: AI-driven platform continuously simulating attacks to find vulnerabilities in AI systems; aligned with MITRE ATT&CK and OWASP frameworks; security scanning and validation; attack detection and detection rule generation; AI pentesting for agentic systems; CI/CD-integrated continuous testing. - Sensors/Integration: Continuous adversarial test harness running against customer AI endpoints; rule-based and ML-based attack generation; integration with CI/CD pipelines. - Protections: Pre-deployment vulnerability discovery; continuous re-testing catching new exploitation patterns; detection rule generation feeding SOC playbooks; validation that fixes hold against future variants. - Differentiator: Continuous-by-design red team architecture (versus one-shot pentests) positions Aether AI alongside Promptfoo and Mindgard in the automated AI red-teaming category. ### AGAT Software - Website: agatsoftware.com - Founded: 2006 - Country: Israel - Categories: Runtime & Guardrails, Observability & Governance - Founders: Yoav Crombie - Capabilities: AI Firewall monitoring/controlling GenAI tool usage (ChatGPT, Gemini, Copilot) plus a private on-prem AI suite with DLP, content classification, hallucination reduction, prompt-injection prevention, and shadow-AI detection. - Sensors/Integration: Proxy-based application firewall with content inspection; deploys on-prem, SaaS, private cloud (AWS/Azure/GCP), or air-gapped. - Protections: Blocks data exfiltration to AI tools, prompt injection, toxic content, and policy violations; enforces DLP and zero data exposure. - Differentiator: Pairs a real-time AI firewall with a fully private/air-gapped enterprise AI suite, built on a decade of UC-compliance proxy expertise. ### agen.co - Website: agen.co - Founded: 2026 - Country: Israel - Categories: Agentic Identity, MCP & LLM Gateways - Founders: Sagi Rodin, Aviad Mizrachi - Capabilities: Behavior-based unique agent identity, trust levels + risk scores, RBAC + entitlements + feature-level permissions, contextual policies, PII redaction, scoped data access, behavior anomaly detection, delegated permission management. - Sensors/Integration: Inline access/auth layer for AI agents into SaaS apps and MCP servers; deployable as managed cloud, customer VPC, on-prem, or directly on-device; BYO-IdP or use Frontegg. - Protections: Least-privilege RBAC for agents, scoped data access, PII redaction, behavior anomaly detection, audit + compliance controls, delegated approvals. - Differentiator: Built by Frontegg (established customer-IAM vendor); Same agentic security and access foundation regardless of where the agent runs; MCP-data-access focus. ### Agentic Fabriq - Website: agenticfabriq.com - Founded: 2025 - Country: USA - Funding: Undisclosed - Categories: Agentic Identity, MCP & LLM Gateways, Observability & Governance - Founders: Paulina Xu, Matthew Xu - Capabilities: "Okta for Agents" — identity and permissioning layer for AI agents; per-agent identity with least-privilege access; full audit logs of every action every agent takes; one-click revocation across MCP, OAuth, and agent frameworks; TypeScript and Python SDKs; agents route through Fabriq instead of connecting directly to every system; per-agent and per-user permission scoping; centralized credential vault. - Sensors/Integration: SDK + API control plane — developer-installed permissioning and audit layer; drops into existing stacks without redesign; integrates with Okta, Azure AD, Google Workspace as IdPs; works with any agent framework. - Protections: Per-agent / per-user least-privilege enforcement, scoped permissions per tool/data/action, agent impersonation logic centralized, credentials and tokens never leave Fabriq (handled at platform layer), instant revocation, full audit trail tied to invoking user, policy enforcement at point of tool invocation. - Differentiator: Explicit thesis that OAuth/IAM/IdPs were built for humans clicking "Allow" and were never designed for agents; SDK-first / "developer drops in identity middleware" positioning is closest to Keycard but at much earlier traction. ### AI Prompt Shield - Website: aipromptshield.com - Founded: 2025 - Country: USA - Categories: Runtime & Guardrails, Agentic Data Governance - Founders: Atul K Chaudhari, Marcus Vance, Elena Rostova - Capabilities: Enterprise LLM security platform: prompt injection detection, jailbreak blocking (claims 99.4% accuracy), PII scrubbing/masking, semantic vector analysis of adversarial intent, real-time output auditing of autonomous agents. - Sensors/Integration: API endpoint (POST /v1/scan), Python/Node.js SDKs, edge gateway deployment, private VPC option. - Protections: Block prompt injection and jailbreaks; mask/scrub PII; multi-stage validation pipeline (<42ms latency); real-time agent output auditing. - Differentiator: Semantic vector analysis over regex filtering; defense-in-depth sequential phases; sub-50ms latency SLA; SOC 2 Type II / HIPAA / GDPR / ISO 27001; real-time governance dashboard. ### AI Score - Website: aiscore.ai - Founded: 2025 - Country: UK - Funding: $1M - Categories: Observability & Governance, AI-SPM - Founders: Alex Harland, Benita Tibb - Investors: GALLOS Technologies - Capabilities: Centralized AI governance and risk management platform; AI inventory and visibility; security and compliance training; alignment with NIST AI RMF and emerging AI regulations; role-based access control; shadow AI detection; AI security posture management and observability. - Sensors/Integration: SaaS platform integrating with enterprise AI tools and model registries; SSO for enterprise identity; compliance framework mapping engine. - Protections: Centralized AI risk visibility across distributed organizations; security and compliance training reducing user-level risk; policy enforcement on AI inventory; audit-ready compliance reporting. - Differentiator: Compact AI governance offering positioned for mid-market and enterprise GRC teams that find larger AI governance platforms overweight; explicit NIST RMF alignment makes AI Score attractive for US federal-aligned organizations. ### AI Security Gateway - Website: aisecuritygateway.ai - Founded: 2025 - Country: USA - Categories: MCP & LLM Gateways, Observability & Governance, Agentic Data Governance - Capabilities: OpenAI-compatible proxy for LLM applications providing DLP, PII redaction, and cost governance; AI gateway and AI firewall functionality; prompt injection detection; shadow AI discovery; works as drop-in replacement for direct OpenAI API calls. - Sensors/Integration: OpenAI-compatible API endpoint requiring only base URL change to deploy; transparent intercept of LLM traffic; per-user and per-app policy. - Protections: Inline PII redaction; cost guardrails preventing runaway LLM spend; prompt injection blocking; centralized audit logs of all LLM interactions; shadow AI detection via egress traffic analysis. - Differentiator: OpenAI-compatible drop-in deployment model minimizes integration friction for engineering teams; positioning around cost governance alongside security broadens the buyer beyond pure security teams. ### Aiceberg - Website: aiceberg.ai - Founded: 2023 - Country: USA - Funding: $10M - Categories: Runtime & Guardrails, Observability & Governance, AI-SPM - Founders: Alex Schlager - Investors: SYN Ventures, Sprout & Oak, Intel Capital - Capabilities: Guardian Agent providing real-time monitoring and oversight for agentic AI systems; visibility into agent decisions and actions; runtime guardrails preventing unsafe behavior; AI SPM (security posture management) for the agent fleet; "AI guardian" positioning — an AI-driven agent watching other agents for unsafe behavior. - Sensors/Integration: Guardian-agent architecture — an AI-powered observer monitoring other agents in real time; integrates with agent frameworks at the runtime layer; cloud-delivered observability and control plane. - Protections: Real-time oversight of agent decisions with policy-based intervention; runtime guardrails blocking unsafe actions before execution; visibility into the full agent fleet for security teams; AI SPM for posture management. - Differentiator: "AI guarding AI" positioning is rhetorically distinctive — uses an LLM-powered guardian agent to monitor other agents, betting that AI judgment will scale better than rule-based detection for complex agent behaviors; Appeals to buyers who already trust AI to make decisions and want AI-driven oversight rather than rules-based gates. ### AIM Intelligence - Website: aim-intelligence.com - Founded: 2024 - Country: South Korea - Funding: $8.4M - Categories: AI Red Teaming, AI-SPM - Founders: Sangyoon Yu - Investors: Samsung Venture Investment, Mirae Asset Capital, Smilegate Investment, Forest Ventures, Mashup Ventures, Bluepoint Partners, Z Venture Capital - Capabilities: Automated AI red teaming platform for testing AI model vulnerabilities; AIM Red product for adversarial probing; coverage of LLMs and generative AI systems; vulnerability discovery aligned with OWASP and MITRE ATT&CK frameworks; continuous testing integrated with CI/CD; targets the South Korean and broader Asian markets primarily. - Sensors/Integration: API-based test harness running against customer AI endpoints; adversarial prompt generation library; integration with CI/CD pipelines; reporting dashboards. - Protections: Pre-deployment vulnerability discovery in AI systems; continuous re-testing catching new attack patterns; detection rule generation for SOC playbooks; validation that fixes hold against future adversarial variants. - Differentiator: Seoul-based startup focused on automated AI red teaming; relatively rare focus from a South Korean security startup competing globally in the AI red team category; positioned alongside Aether AI, Promptfoo, and Mindgard. ### Aim Security - Website: aim.security - Founded: 2023 - Country: Israel - Funding: $28M - Categories: Runtime & Guardrails, Observability & Governance, AI-SPM, MCP & LLM Gateways, Agentic Network Security - Founders: Matan Getz, Adir Gruss - Investors: YL Ventures, Canaan Partners - Capabilities: Three-pillar AI security platform: secure employee use of public AI applications (Microsoft Copilot, ChatGPT, coding agents); secure private AI applications and AI agents via Aim AI Firewall enforcing corporate policy on user-agent-app interactions; secure the agentic AI development lifecycle via AI-SPM continuously discovering, detecting, and remediating risks across the ML and agent development stack; MCP server governance for local agents. - Sensors/Integration: Cloud-delivered SaaS pre-acquisition; now integrated into Cato's Single Pass Cloud Engine (SPACE) inspection layer for in-line traffic analysis across the SASE network. - Protections: AI Firewall enforcing per-prompt, per-response policy on all user-agent-app interactions; runtime block of prompt injection and data exposure; AI-SPM remediation across the dev lifecycle; original EchoLeak research disclosed the first zero-click AI vulnerability in Microsoft 365 Copilot. - Differentiator: Cato Networks' first-ever acquisition, building the AI security pillar of one of the largest SASE platforms; Original EchoLeak research established Aim's credibility in AI-specific vulnerability discovery. ### Aira Security - Website: airasecurity.ai - Founded: 2025 - Country: USA - Funding: Undisclosed - Categories: Runtime & Guardrails, Observability & Governance - Founders: Mohan Kumar, Naveen Mahavishnu - Capabilities: Security platform for AI agents with real-time behavior monitoring and control; runtime observability into agent decisions and actions; policy enforcement on agent behavior; anomaly detection for off-script agent activity; visibility into the agent fleet at scale. - Sensors/Integration: Runtime monitoring layer for AI agents; SDK or sidecar integration with agent frameworks; observability data capture and analysis for behavioral patterns. - Protections: Real-time blocking of anomalous agent actions; policy enforcement on agent behavior at the workflow level; runtime alerts surfacing deviations from expected agent behavior; control plane for security teams to govern the agent fleet. - Differentiator: Early-stage AI security startup with focus on real-time behavioral monitoring — distinct from posture-management (scan-time) and gateway (per-call) vendors by emphasizing continuous observability of agent decisions and learned behavioral baselines for anomaly detection. ### Airia - Website: airia.com - Founded: 2024 - Country: USA - Funding: $100M - Categories: Observability & Governance, AI-SPM - Founders: John Marshall, Kevin Kiley - Capabilities: AI orchestration with security/governance: AI discovery, agent constraints, responsible-AI guardrails, posture management, agent red teaming, risk classification, and compliance reporting. - Sensors/Integration: Platform with MCP capabilities and connectors linking AI agents to tools and data; flexible deployment. - Protections: Enforces agent constraints and guardrails, manages AI posture/inventory, blocks risky agent behavior, enforces compliance policy. - Differentiator: Unifies AI orchestration, security, and governance in one platform; self-funded with $100M from co-founder John Marshall (ex-AirWatch/OneTrust). ### Airrived - Website: airrived.ai - Founded: 2024 - Country: USA - Funding: $6.1M - Categories: Runtime & Guardrails, Observability & Governance - Founders: Anurag Gurtu - Investors: Cannage Capital, Plug and Play Ventures, Rebellion Ventures, Inner Loop Capital - Capabilities: Agentic AI platform whose Guardrails for AI / Shadow AI module does real-time prompt interception and validation, enterprise-wide GenAI discovery and visibility, and dynamic policy enforcement with data redaction and prompt blocking; also offers agentic security automation, orchestration and response on its Agentic OS. - Sensors/Integration: API-connected interception of GenAI prompts and responses; integrations across enterprise GenAI tools; Agentic OS orchestration layer. - Protections: Real-time prompt blocking and data redaction, shadow AI discovery and control, and policy enforcement on AI usage at the point of interception. - Differentiator: Emerged from stealth in Feb 2026; named among only 11 startups in Gartner's 2026 'Startups to Watch in Agentic AI'; pitched as an operating system for safe autonomous AI in cybersecurity and IT ops. ### Akto - Website: akto.io - Founded: 2022 - Country: USA - Funding: $4.5M - Categories: Runtime & Guardrails, AI Red Teaming, Agentic Browser Security - Founders: Ankita Gupta, Ankush Jain - Investors: Accel - Capabilities: Agentic discovery (MCPs/agents/tools), automated red teaming, posture management, NHI governance, MCP Attack Matrix research. - Sensors/Integration: Atlas = Chrome + Safari browser extensions + macOS user-space agent via MDM (Jamf/Mosyle) or Defender/SentinelOne; Argus = CI/CD + cloud runtime; AI-coding-agent hooks (Cursor, Claude Code, Copilot, Gemini CLI, Codex). - Protections: Prompt-validate + response-validate hooks in block/observe mode, runtime guardrails, SkillGuard, 4,000+ red-team probes. - Differentiator: Strongest hook-level integration with AI coding agents on this list; Open-source heritage; Published MCP Attack Matrix. ### Alert AI - Website: alertai.com - Founded: 2023 - Country: USA - Categories: Runtime & Guardrails, AI-SPM - Capabilities: AI Governance Fabric with 500+ pre-built rules and 1000+ detections for LLM, RAG, and agentic AI: input/content guardrails, data-leakage prevention, copilot security, AI-SPM posture, and adversarial threat detection. - Sensors/Integration: Zero Trust AI security gateway with 100+ integrations inspecting prompts and responses at runtime across the AI SDLC. - Protections: Blocks malicious prompts and prompt injection, prevents AI data leakage, enforces centralized runtime policy with audit trails. - Differentiator: Self-described first end-to-end Zero Trust gateway securing the full AI SDLC, with a proprietary DSL for prompt-security rules plus integrated cost control. ### AliasPath - Website: aliaspath.com - Founded: 2025 - Country: UK - Categories: Agentic Data Governance - Founders: Darren Wray, Robert Westmacott - Capabilities: AI data security platform enabling enterprises to use AI on sensitive data without exposing the real data to the model; alias-based tokenization for AI workflows; reversible transformations preserving model utility; integration with major LLM providers and enterprise data sources. - Sensors/Integration: Client-side transformation layer; integration with data pipelines feeding AI applications; reversible tokenization preserving relational consistency. - Protections: Sensitive data never reaches the model provider in identifiable form; alias mapping decoupling model inputs from underlying records; supports regulated industries where raw data cannot leave the customer environment. - Differentiator: Alias-based reversible tokenization is a distinct approach to AI DLP, complementary to redaction-based and differential-privacy-based approaches; early-stage but with clear technical positioning. ### AllTrue.ai - Website: alltrue.ai - Founded: 2022 - Country: USA - Categories: Observability & Governance, Runtime & Guardrails - Founders: Ron Bennatan - Capabilities: Discovers AI assets including shadow AI, maps models/agents and the data they access, enforces real-time policies, stress-tests systems, and maintains compliance. - Sensors/Integration: Enterprise AI discovery and runtime policy-enforcement layer integrating across AI tools, pipelines, identities, and data. - Protections: Blocks unsafe or non-compliant AI actions and data leakage at runtime; enforces least-privilege on data AI can access. - Differentiator: End-to-end AI security lifecycle (discovery, AI-SPM, runtime protection, red teaming, compliance); acquired by Varonis (~$150M, Feb 2026) and rebranded Varonis Atlas AI Security. ### Alter - Website: alterai.dev - Founded: 2025 - Country: USA - Funding: $500K - Categories: Agentic Identity, Runtime & Guardrails - Founders: Srikar Dandamuraju, Kevan Dodhia - Investors: Y Combinator - Capabilities: Applies zero-trust identity, parameter-level RBAC/ABAC authorization, ephemeral scope-narrowed tokens, and real-time guardrails to every AI agent action, with full audit trails. - Sensors/Integration: Authorization/guardrail layer that intercepts and wraps each agent tool call, with a CISO dashboard for visibility. - Protections: Blocks dangerous agent actions (unauthorized DB commands, policy-violating transactions), prevents privilege escalation and tool-call exfiltration, eliminates long-lived credentials. - Differentiator: Agent identity + least-privilege authorization at the per-tool-call/parameter level, with ongoing prompt-injection red teaming by ex-OpenAI security experts (YC S25). ### Anomity - Website: anomity.ai - Founded: 2026 - Country: USA - Categories: Agentic Endpoint Security, Observability & Governance - Founders: Omer Gold - Capabilities: Agentic Endpoint Security platform that discovers, classifies, and applies policy to the full AI surface on managed endpoints — AI agents (Claude, ChatGPT, Cursor, Copilot, Cline, Windsurf), MCP servers, IDE extensions, skills, plugins, hooks, and CLIs — building a fleet inventory most teams otherwise lack. Surfaces findings such as plaintext secrets in agent config files, unvetted MCP servers wired in from public registries, extensions not on the allowlist, custom skills auto-loaded into coding agents, and hook activity matching or violating policy. Designed to give full visibility and enforcement without sandboxes or blocked workflows, so developers and employees do not notice. - Sensors/Integration: Endpoint-based discovery and classification across each machine's AI tooling; inventories agents, MCP servers, extensions, skills and plugins, hooks, CLIs, and secrets with continuous findings; policy enforcement intended to stay out of the user's way (no sandboxing, no workflow blocking). - Protections: Inventory and risk classification of every agent and its attached surface (plugins, skills, hooks, CLIs, extensions); detection of plaintext secrets such as API keys, database URLs, JWTs, and private keys that loaded agents can read; flagging of unreviewed MCP servers with filesystem, shell, and network access and of blanket permission grants; allowlist enforcement and policy application across the fleet. - Differentiator: Frames AI as the new shadow IT and targets the ungoverned surface each agent drags in — plugins, skills, hooks, CLIs, IDE extensions, and MCP servers, each with its own permission model and none reporting to security. Bets on visibility and enforcement that developers do not notice (no sandboxes, no blocked workflows), a direct peer to endpoint agent-security entrants like Origin and Manifold. Very early-stage, currently early-access. ### Aona AI - Website: aona.ai - Founded: 2024 - Country: Australia - Funding: $350K - Categories: Observability & Governance, Agentic Browser Security, Agentic Data Governance - Founders: Bastien Cabirou, Salim Sebkhi - Investors: Antler - Capabilities: Shadow AI discovery and AI security governance platform; PII/IP/confidential data blocking from external AI tools; real-time AI usage visibility; AI coach guiding employees toward safe practices; data redaction and policy enforcement; coverage across ChatGPT, Copilot, Claude, Cursor and dozens of other AI tools. - Sensors/Integration: Browser- and endpoint-level instrumentation across employee AI usage; integration with corporate identity for per-user policy. - Protections: Real-time blocking of sensitive data before it reaches external AI tools; user education through in-flow AI coach; centralized dashboards for CISO/GRC teams; no rip-and-replace deployment. - Differentiator: Sydney-based; one of the most active AI security startups out of the Australian market. ### Apex Security - Website: apex.security - Founded: 2023 - Country: Israel - Funding: $7M - Categories: AI-SPM, Observability & Governance, Agentic Data Governance - Founders: Matan Derman, Tomer Avni - Investors: Sequoia Capital, Index Ventures - Capabilities: AI exposure management platform discovering and governing the AI attack surface across enterprise environments; telemetry collection across AI tools, models, and pipelines; behavioral analysis to enforce AI usage policies; governance over deployed and in-house developed AI systems; shadow AI app and AI-generated code discovery; synthetic identity risk surfacing; integrated into Tenable AI Aware and Tenable One as Tenable AI Exposure. - Sensors/Integration: Cloud-based platform with integrations across enterprise AI services, SaaS apps, and cloud infrastructure; deploys alongside the Tenable vulnerability scanners as part of unified exposure management post-acquisition. - Protections: Policy enforcement on AI tool usage; behavioral anomaly detection across AI interactions; remediation of AI-generated exposures; governance of both consumed AI (SaaS apps) and built AI (in-house models); preemptive risk reduction before exploitation. - Differentiator: First AI-focused acquisition by Tenable; Became the foundation for Tenable AI Exposure inside the Tenable One unified exposure management platform; Positioned AI risk as inseparable from broader vulnerability and exposure management. ### Arcade.dev - Website: arcade.dev - Founded: 2024 - Country: USA - Funding: $12M - Categories: MCP & LLM Gateways, Agentic Identity - Founders: Alex Salazar, Sam Partee - Investors: Laude Ventures - Capabilities: MCP runtime for production AI agents; Contextual Access (per-action authorization based on user identity, tool intent, data sensitivity — featured by Snyk as the reference pattern for agent guardrails); secure agent authorization to OAuth-enabled and secret-protected services; high-accuracy tools for multi-user AI agents at scale; centralized governance. - Sensors/Integration: MCP runtime / control plane between AI agents and external services; OAuth-aware token brokering; SDK + API integration patterns; AWS Marketplace deployable. - Protections: Per-action authorization decisions, scoped OAuth tokens per agent invocation, contextual policy enforcement at runtime, multi-user isolation, audit trail of every tool call. - Differentiator: First-mover positioning as "the MCP runtime" vs. gateway-only competitors; Snyk publicly endorsed Arcade's Contextual Access as the future-of-AI-agent-security architecture; Explicit focus on multi-user production agents. ### Archestra - Website: archestra.ai - Founded: 2025 - Country: UK - Funding: $3M - Categories: MCP & LLM Gateways, Observability & Governance - Founders: Matvey Kukuy, Ildar Iskhakov - Investors: Concept Ventures, Zero Prime Ventures, Celero Ventures, RTP Global, Aloniq - Capabilities: Open-source MCP orchestrator for enterprise AI agent deployment; helps non-technical teams securely connect AI agents to enterprise data via MCP; dynamic permission controls; security + orchestration layers added on top of standard MCP. - Sensors/Integration: MCP orchestration layer between AI agents and enterprise data sources; open-source so deployable in any environment. - Protections: Dynamic permission controls per-agent, granular MCP access scoping (prevents AI agents from having unrestricted access to sensitive systems), compliance-aware orchestration. - Differentiator: Open-source transparency story (rare among MCP gateway vendors); Explicitly targets non-technical / citizen-developer adoption of MCP. ### ARMO - Website: armosec.io - Founded: 2018 - Country: Israel - Funding: $34.5M - Categories: Sandboxing & Secure Envs, AI-SPM - Founders: Shauli Rozen, Ben Hirschberg, Leonid Sandler - Investors: Pitango, Tiger Global, Hyperwise Ventures - Capabilities: Cloud Application Detection & Response (CADR) built on Kubescape (CNCF project, ARMO is the originator); Application Profile DNA (per-agent behavioral baseline of tool usage, network connections, data access — built during 7-14 day observation window); progressive enforcement methodology; auto-generated NetworkPolicies from observed agent traffic patterns; multi-substrate enforcement; LLM-powered attack-story correlation. - Sensors/Integration: eBPF-based sensor deployed via Helm chart into K8s clusters; Kubernetes-native across EKS, AKS, GKE; complements (rather than replaces) native cloud controls like Workload Identity, VPC Service Controls, GKE Agent Sandbox CRD. - Protections: Per-agent least-privilege boundaries derived from each agent's own behavioral profile; runtime detection of deviation from baseline; kernel-level enforcement (process spawn, network connection, syscall) coupled with application-layer context; inline policy enforcement after observation period. - Differentiator: Kubescape origin gives deep K8s-native credibility (direct peer to Operant AI's K8s-native architecture); Only vendor on this list explicitly framing the problem as "policy paralysis"; Progressive enforcement methodology is the most rigorously articulated observe-then-enforce framework in the space. ### ArmorIQ - Website: armoriq.ai - Founded: 2025 - Country: USA - Categories: Runtime & Guardrails, Agentic Identity - Capabilities: Captures an agent’s plan, cryptographically signs declared intent, and verifies every runtime action against the approved task with full provenance auditing. - Sensors/Integration: Intent Engine, Sentry, Gatekeeper, Registry, and Auditor components sit between AI reasoning and execution to monitor agent behavior. - Protections: Blocks AI agents from taking actions that deviate from their signed, approved plan; enforces zero-trust policy checks on every action. - Differentiator: Intent-based enforcement ("it’s not about identity, it’s about intent") controlling what an agent does after it has access, rather than IAM-style access control. ### Arthur - Website: arthur.ai - Founded: 2018 - Country: USA - Funding: $63M - Categories: Runtime & Guardrails, Observability & Governance - Founders: Adam Wenchel, Liz O’Sullivan, Priscilla Alexander, John Dickerson - Investors: Acrew Capital, Greycroft, Index Ventures, Work-Bench, Andreessen Horowitz, AME Cloud Ventures - Capabilities: Built-in guardrails plus agent discovery, governance, and continuous evaluation/monitoring across traditional ML, GenAI, and agentic systems. - Sensors/Integration: A firewall layer between the application and deployment layers inspects user prompts and model responses in real time. - Protections: Detects and blocks prompt injection, sensitive data/PII leakage, hallucinations, and toxic or off-brand outputs. - Differentiator: Combines a full-lifecycle ML observability/governance platform with a real-time LLM firewall (Arthur Shield); trusted by major banks and the U.S. DoD. ### Assury - Website: assury.ai - Founded: 2025 - Country: USA - Categories: Runtime & Guardrails, Agentic Identity, Observability & Governance - Founders: David Girvin - Capabilities: Runtime control plane for governing multi-step AI agent workflows with zero-trust principles; observability into multi-step agent execution paths; policy enforcement at each step of an agent's workflow; identity-bound action authorization preventing privilege escalation across workflow steps; audit trails for the full agent decision tree. - Sensors/Integration: Runtime layer wrapping agent workflow orchestration; integrates with agent frameworks to instrument each step; policy enforcement points at workflow transitions; observability layer for end-to-end workflow visibility. - Protections: Per-step authorization checks ensuring each agent action is authorized in the context of the broader workflow; zero-trust enforcement preventing implicit privilege escalation as agents chain tool calls; observability surfacing anomalous workflow patterns; audit trail enabling compliance and forensic review of multi-step agent decisions. - Differentiator: Multi-step workflow focus is distinctive — most runtime AI security vendors operate at the per-prompt or per-tool-call level, while Assury treats the workflow as the unit of governance; Zero-trust applied to agent-internal state transitions (not just external boundaries) is a less common positioning; Early-stage startup carving out the "workflow runtime control plane" niche. ### Astrix - Website: astrix.security - Founded: 2021 - Country: Israel - Funding: $85M - Categories: Agentic Identity, Observability & Governance, Agentic SSPM - Founders: Alon Jackson, Idan Gour - Investors: Menlo Ventures, Bessemer Venture Partners, F2 Venture Capital, Workday Ventures - Capabilities: Comprehensive AI agent and non-human identity (NHI) security platform; discovery and governance mapping all AI agent activity and NHI inventory; agentic lifecycle management from provisioning to decommissioning; threat detection and response for compromised credentials and out-of-scope agent actions; secrets management for API keys, OAuth tokens, service accounts; real-time inventory of AI agents, MCP servers, and NHIs with behavioral context. - Sensors/Integration: Agentless SaaS-to-SaaS integrations across IdPs, cloud services, dev tools, and SaaS apps; ingests OAuth grants, service account activity, and agent credentials; post-acquisition integrating into Cisco Identity Intelligence, Secure Access, Duo, and Splunk. - Protections: Excessive-privilege detection on NHIs and agents; real-time threat detection on compromised credentials; out-of-scope agent action blocking; secrets centralization and protection; zero-trust extension to the agentic workforce. - Differentiator: Defined the NHI security category before agentic AI made it mainstream; Launched comprehensive AI agent security platform in early 2026 covering discovery, runtime monitoring, and policy enforcement; Cisco's flagship acquisition for agentic identity strategy. ### Aurascape - Website: aurascape.ai - Founded: 2024 - Country: USA - Funding: $62.8M - Categories: Agentic Network Security, Runtime & Guardrails, Observability & Governance - Founders: Moinul Khan, Rajiv Khemani, Liang Li, Jean-Luc Coelho, Viswesh Ananthakrishnan - Investors: Mayfield Fund, Menlo Ventures, Celesta Capital - Capabilities: Shadow AI discovery, AI interaction monitoring (prompt-response decoding for thousands of AI apps incl. long-tail), automated policy enforcement, content classification across multimodal AI (text/image/video/audio), AI copilot security. - Sensors/Integration: Network-layer (purpose-built to track AI traffic that bypasses traditional firewalls/proxies/SSE); explicitly contrasts itself against "out-of-band" deployments (APIs, browser extensions) by capturing network-level details. - Protections: Block unsafe data sharing in prompts/responses, in-flow user coaching/nudges, context-aware dynamic policy (data type + user permissions + AI app), block of risky actions or entire applications. - Differentiator: AI-native network-layer architecture explicitly positioning against SASE/SSE incumbents. ### Aurva - Website: aurva.io - Founded: 2023 - Country: India - Funding: $2.2M - Categories: AI-SPM, Agentic Data Governance, Observability & Governance - Founders: Apurv Garg, Krishna Bagadia, Akash Mandal - Investors: Nexus Venture Partners, DeVC - Capabilities: AI Security Posture Management platform for AI/ML infrastructure security; AI observability platform for shadow AI discovery and inventory management; external threat monitoring; open-source components alongside commercial platform; coverage across cloud-native AI workloads. - Sensors/Integration: Cloud-native integrations with AI/ML platforms; agentless and agent-based discovery; observability pipeline collecting AI usage telemetry; open-source components for community adoption. - Protections: Shadow AI discovery surfacing unmanaged AI usage; AI inventory and posture visibility; external threat monitoring catching AI-targeted attacks; misconfigurations and risk surfacing across AI infrastructure. - Differentiator: Combination of AI SPM and AI observability under one platform; open-source positioning broadens developer adoption; targets the same buyer as Wiz AI-SPM and Lasso but with stronger observability tilt. ### authID - Website: authid.ai - Founded: 2018 - Country: USA - Funding: $80.4M - Categories: Agentic Identity - Founders: Thomas Szoke - Capabilities: authID Mandate AI agent identity lifecycle management with biometric human sponsorship; binds AI agents to a verified human owner; ongoing reauthorization tied to biometric verification; deepfake-resistant identity proofing for AI workflows; complements broader authID biometric identity verification platform. - Sensors/Integration: Biometric verification SDK and APIs; integration with enterprise identity providers; cryptographic binding between human identity and AI agent credentials. - Protections: Strong human-to-agent identity binding preventing rogue or impersonated agents; lifecycle controls on agent credentials; deepfake-resistant verification at sponsorship and reauthorization; auditable identity provenance for AI agents. - Differentiator: Publicly-listed (NASDAQ: AUID) biometric identity verification company with focused AI agent identity product; biometric-rooted human sponsorship of AI agents is a distinct approach versus crypto-key or attestation-based NHI vendors. ### Autonomous - Website: a16y.ai - Founded: 2025 - Country: USA - Categories: Agentic Endpoint Security, MCP & LLM Gateways, Sandboxing & Secure Envs, Observability & Governance - Founders: Gil Dabah, Ariel Shiftan - Capabilities: Endpoint-native AI agent security platform restoring control over agent execution; three integrated layers — visibility, control, and isolation; instant discovery of every installed AI agent, skill, plugin, and MCP server across workstations; identifies exposed configs and hardcoded secrets; risk and posture reporting for all agentic activity; real-time AI agent behavior control across endpoints and IDEs; flexible distribution across Win/Mac/Linux; auto-blocks rogue MCPs and malicious skills; prevents prompt injections via MCP traffic interception; isolated cloud sandbox for MCP operations with centralized token vault; verified pre-scanned MCP catalog eliminating supply-chain threats. - Sensors/Integration: OS-native security agent installed on Windows, macOS, and Linux workstations and developer machines; intercepts MCP traffic at execution time; integrates with IDEs and coding assistants; flexible distribution methods for endpoint deployment. - Protections: Inline auto-blocking of rogue MCPs and malicious skills at the endpoint; prompt injection prevention through MCP traffic inspection; isolated sandbox execution for MCP servers in the cloud; centralized token vault removing credentials from unmanaged developer environments; runtime constraints on agent actions; verified MCP catalog gating supply-chain risk before installation. - Differentiator: Defines the Agentic Endpoint Security category from the OS layer — distinct from network-based MCP gateways that miss local agent activity; Explicit focus on the developer/employee workstation where Claude Code, Cursor, and other coding agents run with privileged access; Rebranded from MCPTotal to Autonomous as the scope expanded beyond MCP servers to all agentic skills, plugins, and coding assistants; Addresses the visibility gap that traditional EDR cannot see (MCP traffic, agent tool calls, hardcoded secrets in dev environments). ### Backslash - Website: backslash.security - Founded: 2022 - Country: Israel - Funding: $27M - Categories: Agentic Endpoint Security, MCP & LLM Gateways, Runtime & Guardrails, Observability & Governance - Founders: Shahar Man, Yossi Pik - Investors: Lightspeed Venture Partners, StageOne Ventures - Capabilities: Vibe coding security platform; end-to-end protection for AI-native software development stack covering IDEs, AI coding agents (Cursor, Claude Code, Windsurf, Gemini CLI, GitHub Copilot), MCP servers, prompt workflows and rules; MCP scanning, hardening, and real-time MCP proxy detecting data leakage, prompt injection, and privilege escalation; AI agent and IDE hardening enforcing secure configuration, file and network access, and permission boundaries; preemptive code security via centrally governed prompt rules; MCP Server Security Hub indexing 7,000+ MCP servers with security scores based on vulnerabilities, attack vectors, and provenance; published original research on NeighborJack and OS injection vulnerabilities in MCP servers. - Sensors/Integration: SaaS platform; integrates with major source-code management systems, AI coding IDEs, and MCP server registries; real-time MCP proxy running on developer machines; free MCP Server Security Hub for the community. - Protections: Inline scanning and blocking of data leakage, prompt injection, privilege escalation in MCP traffic; tool poisoning detection; secure-by-design prompt rule enforcement preventing vulnerabilities at code-generation time; configuration hardening for coding agents and IDEs. - Differentiator: Israeli pioneer of dedicated vibe coding security category; First to publish MCP-specific vulnerability research (NeighborJack, OS injection) at industry scale; Only vendor maintaining a public, free MCP Server Security Hub with 7,000+ servers rated; InfoWorld 2025 AI security tech award winner. ### Bay Security - Website: bay.security - Founded: 2025 - Country: Israel - Categories: Agentic Endpoint Security, Agentic Browser Security, Observability & Governance - Capabilities: Agent fleet discovery, contextual entity graph, posture alerts, real-time activity monitoring, auto-generated policies. - Sensors/Integration: Agentless via customer's existing EDR or MDM — no new endpoint agent. - Protections: Session-aware Allow/Ask/Deny per action, auto-generated policies, shadow AI block. - Differentiator: Agentless via existing EDR/MDM (like Helmet); Explicit prevention-first stance; <5 min claimed deployment. ### BlueRock - Website: bluerock.io - Founded: 2023 - Country: USA - Funding: $25M - Categories: Observability & Governance, Runtime & Guardrails, Agentic Endpoint Security, MCP & LLM Gateways - Founders: Ashar Aziz, Osman Ismael, Udo Steinberg - Investors: Mayfield, Wing Venture Capital - Capabilities: Agentic observability across the full Agentic Action Path (model decision → tool call → MCP server → data access → outcome); MCP Trust Registry with verified server ownership/capabilities; Trust Context Engine carrying agent identity, capabilities and trust attributes through execution. - Sensors/Integration: Secure-by-default platform embedded inside the Linux distributions and machine images where agents and MCP servers run — runtime-aware controls operating with full execution context. - Protections: Sandboxing, tool governance, MCP server protection, zero-trust enforcement; context-powered guardrails that allow/block agent actions before they run in production. - Differentiator: Secures agent actions — not just prompts — from inside the OS/runtime layer; founded by FireEye alumni (Ashar Aziz) with NOVA microhypervisor lineage (Udo Steinberg); claims ~90% reduction in manual log correlation. ### Bonfy - Website: bonfy.ai - Founded: 2023 - Country: USA - Funding: $15M - Categories: Agentic Data Governance, Runtime & Guardrails, Observability & Governance, Agentic Browser Security - Founders: Gidi Cohen, Danny Kibel - Investors: TLV Partners, Bullet Ventures, Honey Stone VC, Saban Capital Group - Capabilities: Bonfy Adaptive Content Security (ACS) 2.0 — data security platform built to protect AI agents + Shadow AI + enterprise GenAI workflows across every system and channel; real-time, contextual protection for data in use, at rest, and in motion; agent guardrails; Shadow AI detection; full Google Workspace + Microsoft 365 coverage; Salesforce, HubSpot, Slack, on-prem file stores, AWS S3 native integrations; MCP server interface + APIs for Microsoft Copilot Studio, OpenAI, Anthropic Claude, Google Gemini. - Sensors/Integration: Cross-channel: email, SaaS apps, collaboration tools, browsers, cloud and on-prem file stores, AI systems, agent frameworks; native MCP server interface. - Protections: Contextual content inspection, agent guardrails on data in use/at rest/in motion, sensitive-data classification, real-time policy enforcement, integration with Splunk / Microsoft Sentinel / Rapid7 for event handling. - Differentiator: "First data security platform for AI agents" positioning; SOC 2 Type 2; Broadest cross-channel content surface coverage (email + SaaS + collab + browser + cloud + on-prem + agent frameworks) — closer to a next-gen DLP architected for the AI era than a pure-play AI agent vendor. ### Bosch AIShield - Website: boschaishield.com - Founded: 2021 - Country: India - Categories: Model Security, AI Red Teaming, Runtime & Guardrails, AI-SPM - Capabilities: AI security from Bosch across two layers. The AIShield AI Security Platform runs vulnerability assessments on AI/ML models and ships defense mechanisms against adversarial threats — model extraction, evasion, data poisoning, and model-inference attacks — integrating into pipelines such as Amazon SageMaker. AIShield GuArdIan is an LLM/GenAI guardrail middleware that secures the input and output of generative-AI apps via a few lines of SDK, blocking prompt injection and jailbreaks, redacting confidential data and PII, flagging bias and toxic content, and enforcing role-based policy and compliance; it integrates with Amazon Bedrock. AISpectra adds automated model discovery, dynamic vulnerability assessment, supply-chain visibility, and real-time monitoring aligned to OWASP, MITRE ATLAS, and NIST. - Sensors/Integration: API-based vulnerability assessment plus a runtime ML firewall for deployed models; LLM guardrail middleware integrated via a few lines of Python/JS SDK, sitting between the application and the model; cloud integrations with Amazon SageMaker and Bedrock; telemetry exported to SIEM tools such as Splunk and Sentinel. - Protections: Runtime ML firewall defending models against extraction, evasion, and poisoning with real-time intrusion detection; inline input/output filtering for GenAI that blocks prompt injection and jailbreaks, masks PII and confidential data, and enforces policy and compliance; continuous monitoring, model discovery, and risk/compliance reporting mapped to OWASP, MITRE ATLAS, and NIST frameworks. - Differentiator: Backed by Bosch and run out of India (Bosch Global Software Technologies), giving it the engineering scale and enterprise reach of a global industrial group rather than a venture-stage startup; Gartner-recognized. One of the earliest production-ready, ready-to-deploy AI-security offerings, spanning both classic ML-model defense and modern LLM/GenAI guardrails under one brand, with deep AWS (SageMaker and Bedrock) integration. ### Bytemonk - Website: bytemonk.co - Founded: 2023 - Country: India - Categories: Runtime & Guardrails, Agentic Data Governance, Agentic Network Security - Founders: Samir Ranjan, Saurabh Kumar - Capabilities: Enterprise data & AI security platform unifying endpoint/cloud DLP, DSPM, and user-behavior analytics. Its Generative AI Firewall gives real-time data protection for interactions with public GenAI apps (e.g. ChatGPT), discovering shadow AI and intercepting sensitive data before it leaves the org. - Sensors/Integration: Converged data-security across cloud, SaaS, network, and endpoints with shadow-AI discovery (likely endpoint agent/proxy interception); deployment architecture not publicly disclosed. - Protections: Blocks sensitive-data leakage to public GenAI apps, prompt injection, jailbreaking, and data-poisoning against LLMs; enforces real-time DLP policies and prevents accidental data sharing. - Differentiator: DLP-first GenAI firewall with full visibility/discovery of all (incl. shadow) AI apps and LLM-specific threat prevention, positioned against legacy DLP (Forcepoint, Symantec) and CASB (Netskope, Microsoft). ### Calvin Risk - Website: calvin-risk.com - Founded: 2022 - Country: Switzerland - Funding: $5M - Categories: Observability & Governance - Founders: Julian Riebartsch - Investors: Join Capital, seed + speed Ventures, b2venture, Founderful - Capabilities: Quantitative AI governance platform with automated testing and continuous monitoring of ML and LLM portfolios; EU AI Act compliance tooling; technical, ethical, and regulatory risk quantification; bias detection; AI inventory management for boards; partnerships with Aviva, Lloyds, Lufthansa, House of Insurtech Switzerland. - Sensors/Integration: SaaS platform integrating with enterprise model registries and AI inventories; questionnaire-driven applicability assessment; quantitative model testing harness. - Protections: Pre-deployment risk assessment blocking unsafe AI models from production; ongoing monitoring catching drift and emerging bias; EU AI Act audit trail generation; board-level AI risk dashboards. - Differentiator: ETH Zurich spinoff (2022); financial-services pedigree (Aviva, Lloyds) makes Calvin Risk one of the most regulated-industry-validated AI governance startups in Europe. ### CalypsoAI - Website: calypsoai.com - Founded: 2018 - Country: USA - Funding: $38M - Categories: Runtime & Guardrails, AI Red Teaming, Observability & Governance, AI-SPM - Founders: Neil Serebryany - Investors: Paladin Capital Group, Lockheed Martin Ventures - Capabilities: Adaptive AI inference security platform; real-time threat defense at the inference layer (where AI models process user inputs); scalable AI red teaming; data security for AI outputs; AI-specific DLP; runtime protection against prompt injection, jailbreaks, model manipulation; audit-ready governance; model-agnostic across proprietary and open-source LLMs; integrated into F5 Application Delivery and Security Platform (ADSP) post-acquisition as F5 AI Guardrails and F5 AI Red Team. - Sensors/Integration: Cloud-delivered platform sitting at the inference layer between users/apps and AI models; integrates with F5's SPACE in-line traffic engine post-acquisition. - Protections: Real-time block of adversarial AI threats at inference; DLP for AI outputs; continuous adaptive red teaming surfacing new attack patterns; runtime governance and audit-ready policy enforcement; covers AI models, agents, and APIs. - Differentiator: Founded in 2018 — one of the original AI security companies; Top 2 Finalist in RSA 2025 Innovation Sandbox; F5's first major AI security move, positioning F5 as the first company delivering end-to-end protection for every app, API, AI model, and agent. ### Canyon Road - Website: canyonroad.ai - Founded: 2026 - Country: USA - Categories: Sandboxing & Secure Envs, Agentic Endpoint Security, Observability & Governance - Founders: Eran Sandler - Capabilities: Execution-layer security for AI workloads with three products — agentsh (open-source runtime enforcing least privilege at the syscall level for unsupervised headless agents in CI, containers, pipelines, dev environments), Beacon (supervised AI on endpoints — guardrails and approvals for Cursor, Claude Desktop, ChatGPT, copilots running with employee credentials), Watchtower (enterprise control plane); per-action runtime decisions by destination/command/tool/workload. - Sensors/Integration: Local enforcement at execution time — agentsh as a syscall-level runtime, Beacon as endpoint agent for supervised AI, Watchtower as central control plane; deployable across endpoints + CI + containers + pipelines + dev environments. - Protections: Syscall-level least-privilege enforcement, steering / redirect (e.g. redirect npm install to internal registry instead of hard-blocking — preventing retry-loop bypass), per-destination/command/tool allow-prompt-block, kill switch, audit trail, SIEM forwarding. - Differentiator: Only vendor on this list with dual supervised + unsupervised execution-context architecture; Explicit "steer don't just block" thesis; Open-source agentsh lowers adoption friction; Syscall-level enforcement is deeper than gateway/proxy approaches. ### Capsule Security - Website: capsulesecurity.io - Founded: 2024 - Country: Israel - Funding: $7M - Categories: Runtime & Guardrails, Agentic Endpoint Security - Founders: Naor Paz, Lidan Hazout - Investors: Lama Partners, Forgepoint Capital International - Capabilities: Agent discovery, agent security graph, runtime monitoring of reasoning/tool calls, whitebox red teaming, agent identity control. - Sensors/Integration: No proxy / no SDK / no extension — "Guardian Agent" SLMs evaluating actions; SaaS API integrations to AI platforms. - Protections: Block unsafe tool calls, PII exposure, prompt injection; runtime policy enforcement; audit logging. - Differentiator: Gartner-named "Guardian Agent" architecture; Original CVE-grade research (ShareLeak, PipeLeak); Explicit "no gateway" thesis. ### Cequence Security - Website: cequence.ai - Founded: 2014 - Country: USA - Funding: $100M - Categories: MCP & LLM Gateways, Agentic Identity, Runtime & Guardrails, Agentic Network Security - Founders: Ameya Talwalkar, Shreyans Mehta, Michael Barrett - Investors: Menlo Ventures, Hewlett Packard Enterprise, KPN Ventures - Capabilities: Established API security + bot management vendor extended to agentic AI; AI Gateway with 140+ verified enterprise application integrations; Agent Personas launched April 2026 — industry-first infrastructure-level privilege scoping for autonomous AI agents (describe agent's job in plain English, get scoped virtual endpoints down to specific API endpoint); Agent Access Keys for headless agents; user/agent behavior analysis distinguishes useful agents from malicious bots; blocks unauthorized AI data harvesting; discovers + manages shadow AI APIs from Copilot + Agentforce; protects more than 10B daily API interactions. - Sensors/Integration: API gateway + MCP gateway architecture; cloud / on-prem / hybrid deployments; integrates with DevOps frameworks for AI app discovery; OpenAPI spec generation. - Protections: Per-endpoint per-agent privilege scoping, scoped virtual endpoints eliminating lateral access risks, behavioral bot/agent differentiation, sensitive data exfiltration detection. - Differentiator: Agent Personas is rare — most competitors authenticate-then-allow-broadly; Cequence enforces what each agent can do down to individual API call; CIS Critical Security Controls co-author for AI agents + LLMs + MCP environments; TM Forum AI-Native Blueprint Initiative co-chair for Agentic Interaction Security. ### Cerbos - Website: cerbos.dev - Founded: 2021 - Country: UK - Funding: $11M - Categories: Agentic Identity - Founders: Emre Baran, Charith Ellawala - Investors: OMERS Ventures, Crane Venture Partners, Earlybird Venture Capital, Seedcamp - Capabilities: Open-source authorization engine with stateless policy-decision-point (PDP) architecture; ABAC + ReBAC + role-based access control; Cerbos Hub (managed CD-for-policies); increasingly positioned as the authz layer for AI agents — agent frameworks (LangChain, LangGraph, AutoGen) and MCP servers call Cerbos to evaluate authorization decisions; policy-as-code; audit trail. - Sensors/Integration: Sidecar / embedded PDP — called via API/SDK from agent frameworks, MCP servers, or LLM gateways at decision time; deployable as container/Lambda/binary in any environment. - Protections: Per-action authorization decisions (allow/deny) on every agent tool call, fine-grained scoped permissions, contextual policies (time-of-day, request origin, data sensitivity), centralized policy with distributed enforcement, full audit log. - Differentiator: Open-source (Cerbos PDP, ~3K+ GitHub stars); Not built for AI originally — generic application authorization that the agentic ecosystem has adopted as the de-facto fine-grained authz layer. ### Certiv - Website: certiv.ai - Founded: 2025 - Country: USA - Funding: $4.2M - Categories: Agentic Endpoint Security, Runtime & Guardrails, Observability & Governance - Founders: Jason Needham, Paul Allen, Dan Morris - Investors: Aviso Ventures, Founders Co-op, Fortson VC - Capabilities: "Runtime Assurance for AI Agents" — new category defined by Certiv; endpoint-native lightweight sensor sitting at the runtime layer of the endpoint (below every application, above the OS); intercepts agent actions before they execute; intent-level visibility and pre-execution policy enforcement with zero app configuration changes; shadow agent discovery; deterministic + intent-based policies; real-time risk scoring; stops dangerous actions in real time on Windows, Mac, and Linux; works with any model, framework, or tool — explicit support for Claude Code, OpenClaw, Cursor. - Sensors/Integration: Endpoint-native sensor (not network proxy, not gateway, not SDK, not browser extension) — deploys in minutes via simple MDM push; no kernel module; smart traffic selection for low-overhead performance; sits on the compute where agents actually run. - Protections: Pre-execution interception of agent actions, intent-based policy enforcement (governing what the agent is trying to accomplish, not just what it's doing), policy evaluation against company rules with blocking, full chain-of-reasoning trace for each agent action, shadow agent discovery, risk scoring before execution. - Differentiator: Explicit thesis: "you cannot control these new workers if you don't live on the compute where agents actually run" — closest direct competitor to Capsule Security (both endpoint, both runtime, both targeting Claude Code) but Certiv emphasizes endpoint-sensor + MDM-push deployment vs. Capsule's one-click no-proxy approach. ### Cinder - Website: cinder.ai - Founded: 2022 - Country: USA - Funding: $14M - Categories: AI Red Teaming, Runtime & Guardrails - Founders: Glen Wise, Phil Brennan, Brian Fishman, Declan Cummings - Investors: Accel, Y Combinator - Capabilities: AI agents enforce safety policies at the prompt layer and red-team models before launch, testing jailbreaks, prompt injection, and policy edge cases continuously. - Sensors/Integration: Agentic workflows and classifiers run on unified infrastructure with human feedback loops to monitor model behavior and adversarial inputs. - Protections: Tests and blocks jailbreaks, prompt injection, and policy-violating model outputs; keeps guardrails calibrated as products evolve. - Differentiator: Trust-and-safety platform repositioned for AI safety, serving GenAI customers (OpenAI, Character.AI, Midjourney, Stability AI) with continuous red teaming. ### Ciphero - Website: ciphero.ai - Founded: 2025 - Country: USA - Funding: $2.5M - Categories: Runtime & Guardrails, Observability & Governance - Founders: Saoud Khalifah, Rob Gross, Sen Tian - Investors: Sovereign's Capital, Chingona Ventures, BlueWing Ventures - Capabilities: Captures, verifies, and governs all AI interactions across human and agentic workflows, including shadow AI discovery. - Sensors/Integration: Monitors AI agent actions and AI interactions in production enterprise environments. - Protections: Action verification and governance controls that prevent data loss and attacks from autonomous agents. - Differentiator: A "trust but verify" AI verification layer giving enterprises visibility into what autonomous agents actually execute in production. ### Citadel AI - Website: citadel-ai.com - Founded: 2020 - Country: Japan - Funding: $4.7M - Categories: Model Security, Observability & Governance - Founders: Hironori Kobayashi, Kenny Song - Investors: Coral Capital, Mitsubishi UFJ Capital, Suntory, ANRI, UTokyo Innovation Platform - Capabilities: Automated robustness testing of AI models during training (Citadel Lens); continuous production monitoring for anomalies and data drift without labels (Citadel Radar); compliance reporting for AI standards. - Sensors/Integration: SDK/integration into ML training and inference pipelines; production model-monitoring agent. - Protections: Detect data drift, anomalies, and robustness failures; generate compliance/audit reports; alert on model-quality degradation. - Differentiator: AI quality & integrity focus aligned to global AI regulation; ISO/IEC and EU-AI-Act-oriented compliance reporting; Google Brain / TensorFlow founding pedigree. ### CloudMatos - Website: cloudmatos.ai - Founded: 2023 - Country: USA - Categories: Runtime & Guardrails, MCP & LLM Gateways, Observability & Governance, AI-SPM - Founders: Maulik Shyani, Rajesh Bagavathiyappan - Capabilities: Aegis Gateway — runtime security gateway specifically designed for multi-agent AI systems; policy enforcement across agent-to-agent communication; runtime guardrails for complex agent orchestrations; cloud security posture management extended to AI agent infrastructure; visibility into multi-agent workflows and inter-agent dependencies. - Sensors/Integration: Gateway architecture sitting in the middle of multi-agent traffic; cloud-native deployment; integrates with major agent orchestration frameworks; observability layer capturing inter-agent communication patterns. - Protections: Policy enforcement on agent-to-agent communication preventing privilege chains and unauthorized escalation; runtime blocking of unsafe multi-agent workflow patterns; visibility into the full agent topology for security and operations teams; cloud security posture controls extended to the AI agent stack. - Differentiator: Multi-agent specialization is distinctive — most AI security vendors focus on single-agent or per-LLM-call protections, while CloudMatos's Aegis Gateway is designed for orchestrations involving multiple cooperating agents (the harder, less-mature security problem); Cloud security heritage gives them operational maturity for complex distributed deployments. ### CloudsineAI - Website: cloudsine.tech - Founded: 2012 - Country: Singapore - Categories: Runtime & Guardrails - Founders: Matthias Chin - Capabilities: GenAI security vendor whose WebOrion GenAI Protector Plus is a GenAI/LLM firewall protecting public-facing GenAI and LLM-powered apps; also offers TraceCtrl for agentic AI visibility (agent behavior, tool calls, attack surface). - Sensors/Integration: Inline runtime firewall/proxy in front of GenAI and LLM applications, plus continuous web monitoring (WebOrion Monitor); deployed across 1,300+ applications and 40+ enterprise customers. - Protections: Prompt injection, data/sensitive-data leakage, model abuse, jailbreak and content-safety risks; aligned to OWASP Top 10 for LLMs, with attack-graph risk scoring and employee GenAI usage monitoring. - Differentiator: Singapore/ASEAN-focused GenAI firewall evolved from the established WebOrion web-security stack; runs an LLM Security Leaderboard and won a multi-million public-sector contract to secure 100 GenAI applications. ### Clover - Website: clover.security - Founded: 2023 - Country: Israel - Funding: $36M - Categories: Agentic Code Security - Founders: Alon Kollmann, Or Chen - Investors: Notable Capital, Team8 - Capabilities: Design-led product security platform; AI agents embedded into Confluence, Jira, GitHub, Cursor, and Slack to detect security flaws during design and planning, before code is committed; AI agents replicate experienced security engineer thinking, understand system behavior, anticipate vulnerability classes; automated security design reviews on every product change; threat-and-requirements assessment against company policies; secure-pattern suggestions in real time within developer and PM workflows. - Sensors/Integration: SaaS integrations with Confluence, Jira, GitHub, Cursor, Slack; works in the design and planning tools where products start, not just where they get coded. - Protections: Catches design flaws early before code is written; replaces rubber-stamp design reviews with continuous AI-driven analysis; provides developers and PMs in-the-flow security guidance turning secure decisions into the default path. - Differentiator: ServiceNow strategic investment with planned integration; Fortune 500 customers across fintech, banking, enterprise tech (Udemy, Lemonade, Plaid). ### Clutch Security - Website: clutch.security - Founded: 2023 - Country: Israel - Funding: $8.5M - Categories: Agentic Identity, Observability & Governance - Founders: Ofir Har-Chen, Sagi Hass, Tal Kimhi - Investors: Lightspeed Venture Partners, Merlin Ventures, CCL - Capabilities: Discovery & contextualized inventory of every NHI/AI agent/secret across cloud, SaaS, on-prem, code, CI/CD, vaults, RPA, data warehouses; Identity Lineage (relationships between NHIs and consumers); posture & risk management; lifecycle governance; real-time detection & response. - Sensors/Integration: Integrations across the full ecosystem (cloud + SaaS + on-prem + code + CI/CD + vaults + RPA + data warehouses); Zero-Knowledge Architecture (no credentials stored or transmitted); CrowdStrike Falcon integration. - Protections: Zero Trust enforcement for NHIs, ephemeral NHIs replacing long-lived credentials, continuous validation in place of secret rotation, automated suspicious-NHI detection, fortification of overprivileged or misconfigured identities. - Differentiator: Pure-play Universal NHI Security Platform; Pioneered "ephemeral NHI" + "Identity Lineage" architecture; Explicit thesis that secret rotation is fundamentally broken. ### CodeIntegrity - Website: codeintegrity.ai - Founded: 2024 - Country: USA - Funding: $5.25M - Categories: Runtime & Guardrails, MCP & LLM Gateways, Observability & Governance, Agentic Identity - Founders: Steven Jung, Abi Raghuram - Investors: Syn Ventures, Antler, Boost VC - Capabilities: Runtime control plane that sits between AI agents and enterprise systems, mediating every agent action before execution; turns agent instructions into sandboxed code so each action is explicit, inspectable, and repeatable — code becomes the control layer where intent, data, and tool calls can be checked before they run; full visibility into runtime tool actions with deterministic policy controls before execution; evaluates intent, data provenance, destination, and risk before any tool call executes; ties users, agents, and MCP clients to managed identity so every action has ownership; tracks the request, source context, destination, policy decision, and outcome behind each agent action for post-hoc security review; CodeIntegrity Labs tracks emerging agentic threats including prompt injection, tool abuse, and data leakage. - Sensors/Integration: Runtime layer that inserts between agents and enterprise tools/systems; integrates with MCP clients; controls tool calls from agents and MCP clients before actions reach systems or leave approved boundaries; not a pure SDK — operates as a deterministic control plane that wraps the non-deterministic LLM in a code sandbox layer. - Protections: Forces unpredictable AI models to follow strict, deterministic rules — limits which systems and data an agent can touch; sandbox execution of agent-derived actions before they reach production systems; blocks prompt injection by separating the controlling model from the model that reads untrusted content; full audit trail tying users/agents/MCP clients to managed identity; enterprise boundary enforcement before action execution rather than after. - Differentiator: Made headlines compromising Notion AI in under 4 hours, earning Economist coverage in September 2025; among the first to articulate the "runtime control layer" concept as a category — sandboxing the model itself rather than just inspecting prompts; San Francisco-based team founded May 2024; direct competitors include Certiv, Raven, and Manifold — together forming the emerging "AARM" (Agent Action Runtime Mediation) cluster; deterministic-by-design philosophy contrasts with content-inspection-based runtime defense vendors. ### Confident Security - Website: confident.security - Founded: 2024 - Country: USA - Funding: $4.2M - Categories: Runtime & Guardrails, Observability & Governance - Founders: Jonathan Mortensen - Investors: Decibel, South Park Commons, Ex Ante, Swyx - Capabilities: CONFSEC end-to-end encryption tool wrapping foundational models, guaranteeing prompts and metadata cannot be stored, seen, or used for AI training, even by the model provider or third parties; positioned as 'the Signal for AI'; intermediary vendor between AI providers and enterprise customers. - Sensors/Integration: Encryption wrapper sitting between customer applications and foundation model APIs; production-ready and externally audited; in talks with banks, browsers, and search engines. - Protections: Strong cryptographic guarantee that prompt content and metadata never reach the model provider in usable form; eliminates the privacy/utility tradeoff for sensitive AI workflows; supports hyperscalers, governments, and regulated enterprises as customers. - Differentiator: San Francisco startup that emerged from stealth in July 2025; cryptographic-first approach to AI privacy is distinctive among tokenization- and redaction-based competitors. ### Corridor - Website: corridor.dev - Founded: 2025 - Country: USA - Funding: $30.4M - Categories: Agentic Code Security - Founders: Jack Cable - Investors: Felicis, Conviction, Lux Capital, Timeless, Artisanal Ventures, Sunflower Capital, Datadog, SV Angel - Capabilities: Agentic Coding Security Management (ACSM) platform; real-time security guardrails injected into AI coding agents (Cursor, Claude Code, GitHub Copilot, Windsurf) at code-generation time; automated pull-request security reviews with detailed findings and remediation guidance; MCP server for secure code generation; visibility into how AI coding tools are being used across the org and what code is being generated; AppSec governance dashboards. - Sensors/Integration: GitHub integration; VS Code and Cursor extensions; MCP server connection model for coding agents; AWS Marketplace deployment. - Protections: Pre-generation guardrails preventing vulnerabilities before they are written; automated PR review with security findings; policy enforcement on AI-generated code per company standards; secure-by-design code generation guidance. - Differentiator: Customers include Cursor, Mercury, and Grey Noise Intelligence; Coined the ACSM category. ### Cranium AI - Website: cranium.ai - Founded: 2022 - Country: USA - Funding: $32M - Categories: AI-SPM, Observability & Governance, Model Security - Founders: Jonathan Dambrot - Investors: KPMG, SYN Ventures - Capabilities: AgentSensor (agent discovery + tool + agent-to-agent network mapping), CloudSensor (cloud security monitoring), CodeSensor (source-code scanning for models/datasets/AI packages), Arena (agent-based adversarial simulation), Arena Shield, ComplianceAgent, AI Bill of Materials (AIBOM), AI Cards transparency reports, third-party AI risk management, Trust Hub. - Sensors/Integration: Integrations across code repos, cloud, MLOps; threat intelligence from MITRE ATLAS, OWASP, OSV plus Cranium's curated AI Security Knowledge Base. - Protections: AI guardrails informed by Arena red-team findings, EU AI Act / NIST AI RMF / ISO 42001 compliance scoring, third-party AI risk monitoring. - Differentiator: Gartner Cool Vendor for AI Cybersecurity Governance; Fortune/Evolution Equity Top-50 cyber 2025; Strong third-party / supply-chain AI angle with explicit Trust Hub for sharing posture externally. ### Crash Override - Website: crashoverride.com - Founded: 2022 - Country: USA - Funding: $8M+ - Categories: AI-SPM, Observability & Governance, Agentic Code Security - Founders: Mark Curphey, John Viega - Investors: Andreessen Horowitz, Cyberstarts - Capabilities: AI tool discovery, adoption tracking, and security visibility platform; Chalk open-source supply chain tooling; visibility into AI tool usage across engineering organizations; software bill of materials extended to AI; integration with developer environments and CI/CD; broader app-sec visibility platform with AI extensions. - Sensors/Integration: Open-source Chalk agent and SDK across developer workflows; CI/CD integration; engineering telemetry capture; integration with code hosts and ticketing. - Protections: Shadow AI tool discovery across engineering teams; visibility into AI assistant adoption preventing unmanaged usage; supply chain tracking for AI dependencies; SBOM-style provenance for AI components in software. - Differentiator: Strong open-source go-to-market via Chalk; deep AppSec roots applied to AI tool visibility differentiate it from pure AI-native startups. ### Credal - Website: credal.ai - Founded: 2022 - Country: USA - Funding: $5.3M - Categories: Observability & Governance, MCP & LLM Gateways - Founders: Jack Fischer, Ravin Thambapillai - Investors: Y Combinator, Spark Capital, Drive Capital - Capabilities: Builds, governs, and deploys enterprise AI agents and MCP servers powered by company data under centralized security and governance controls. - Sensors/Integration: Connects to 50+ data sources (Google Drive, SharePoint, Slack, Salesforce, Snowflake, GitHub); audits 100% of agent runs with logging to Splunk/Datadog. - Protections: Role-based access controls, permission mirroring from source systems, automatic PII redaction before models access data, and human-in-the-loop approval gates. - Differentiator: A unified agent registry with permission inheritance from source systems, deployable across MCP-enabled interfaces like Claude, ChatGPT, and Cursor. ### Credo AI - Website: credo.ai - Founded: 2020 - Country: USA - Funding: $42M - Categories: Observability & Governance, AI-SPM - Founders: Navrina Singh, Eli Chen - Investors: Sands Capital, Decibel VC, AI Fund, Booz Allen Hamilton, Mozilla Ventures, FPV Ventures, CrimsoNox Capital - Capabilities: Enterprise AI governance, risk, and compliance platform; AI Agent Registry; Shadow AI discovery; centralized Risk Center; continuous discovery, assessment, and governance of AI agents, models, and applications; context-driven policy enforcement; regulatory mapping across EU AI Act, US AI Executive Order, NYC Local Law 144; partnerships with Microsoft and IBM for integrated governance. - Sensors/Integration: SaaS platform integrating with enterprise ML infrastructure, model registries, and AI tools; SSO for enterprise identity; questionnaire-driven regulatory applicability tools; Microsoft and IBM integration. - Protections: Continuous oversight and accountability across the AI lifecycle; policy enforcement preventing unmanaged AI deployment; bias and fairness monitoring; vendor AI risk assessments; audit-ready evidence generation aligned with major frameworks. - Differentiator: Operating since 2020; customers include Mastercard and Northrop Grumman; one of the most established AI governance vendors. ### Cyata - Website: cyata.ai - Founded: 2024 - Country: Israel - Funding: $8.5M - Categories: Observability & Governance, Agentic Identity, AI-SPM - Founders: Shahar Tal, Dror Roth, Baruch Weizman - Investors: Team8 - Capabilities: AI agent discovery, understanding, and governance platform; deep visibility into where AI agents are operating across the enterprise, how they behave, and what risks they pose; agent inventory across SaaS, cloud, and homegrown environments; behavioral profiling of autonomous agents; appropriate guardrails enforcement without slowing innovation; strengthens Check Point's AI Security pillar with full AI lifecycle protection. - Sensors/Integration: SaaS-to-SaaS and cloud integrations; agentless discovery across enterprise environments; behavioral telemetry collection on agent activity. - Protections: Agent inventory and policy enforcement; behavior-based risk scoring; guardrail recommendations per agent; covers both sanctioned and shadow agents. - Differentiator: Acquired by Check Point Feb 2026 as part of a $150M-combined deal with Cyclops Security; Foundational acquisition for Check Point's AI Security pillar alongside Lakera (acquired separately for ~$300M); Check Point's second Israeli AI security pickup in 5 months; Focuses specifically on the agent governance layer (vs Lakera's runtime guardrails). ### CyCraft - Website: cycraft.com - Founded: 2017 - Country: Taiwan - Funding: $8.15M - Categories: Runtime & Guardrails, AI Red Teaming - Founders: Benson Wu, Jeremy Chiu, PK Tsung - Investors: Pavilion Capital, The CID Group - Capabilities: Taiwan-based AI security vendor offering XecGuard, a LoRA-adapter LLM guardrail that protects models from prompt injection and jailbreaks, and XecART, an AI red-teaming security assessment for LLM applications. - Sensors/Integration: XecGuard deploys as a lightweight LoRA adapter / guardrail in front of LLMs; assessment tooling exercises LLM apps from the attacker side. - Protections: Real-time blocking of prompt injection and jailbreak attempts before an LLM processes input; red-team assessments surfacing attack vectors prior to production. - Differentiator: Cybersecurity scaleup that productized an LLM guardrail as a portable LoRA adapter (integration in weeks not months) and open-sourced parts of XecGuard. ### Cyera - Website: cyera.com - Founded: 2021 - Country: Israel - Funding: $2B - Categories: Agentic Data Governance, AI-SPM, Observability & Governance - Founders: Yotam Segev, Tamar Bar-Ilan - Investors: Sequoia Capital, Accel, Coatue, Cyberstarts, Georgian, Greenoaks, Lightspeed Venture Partners, Redpoint, Sapphire Ventures, Spark Capital, Blackstone, Evolution Equity Partners - Capabilities: Cyera AI Guardian extends Cyera's data security posture management (DSPM) platform to AI: discovers AI and data assets, classifies the sensitive data feeding models and agents, and governs what data AI systems can access through data-centric guardrails for enterprise AI adoption. - Sensors/Integration: Agentless cloud-native DSPM connectors across clouds, SaaS and data stores that build a sensitivity-aware data graph from data and access context. - Protections: Monitors and controls sensitive-data exposure to AI models and agents; enforces least-privilege data access; flags oversharing and risky AI data flows; remediation across the data estate. - Differentiator: One of the largest data-security scaleups; AI Guardian applies its DSPM data graph to AI governance; aggressive 2026 M&A (Trail, Ryft, Otterize, Genie, Shape) toward a unified data-and-AI security platform. Large scaleup rather than early-stage. ### Cygeniq AI - Website: cygeniq.ai - Founded: 2025 - Country: USA - Categories: Observability & Governance, AI-SPM, Runtime & Guardrails - Founders: Nilesh Patil, Joy Jayadratha Bhowmick, Anupam Sahai - Capabilities: AI security platform offering both 'Security for AI' (protecting AI systems from evolving threats) and 'AI for Security' (using AI for cybersecurity operations); AI governance and compliance; digital asset protection; threat analysis and anomaly detection; security orchestration and reporting. - Sensors/Integration: Cloud-delivered SaaS platform; integrations with enterprise security stacks; threat intelligence ingestion. - Protections: Continuous monitoring of AI systems for compliance and threat exposure; orchestration across detection and response workflows; AI-driven SOC capabilities augmenting existing tools. - Differentiator: Wilmington, Delaware-based startup founded 2025; explicit dual-positioning across both 'Security for AI' and 'AI for Security' is rare; very early stage and unfunded but with clearly articulated product scope. ### Cymphony - Website: cymphony.io - Founded: 2025 - Country: Israel - Funding: Undisclosed - Categories: Agentic SSPM, Agentic Data Governance, Agentic Identity, Observability & Governance - Founders: Shy Dekel, Idan Berkovits, Edi Gotlieb - Capabilities: Human Security Graph unifying identity, access, behavior, posture for workspace security in the AI era; maps file sharing across collaboration suite + 3rd party tools; manages file exposure / excessive sharing / abnormal file activity; identity hygiene gaps remediation; combines data, identity, usage, and business context to understand AI adoption risks; usage monitoring of AI-powered data access; targeted behavioral nudges; consolidates identity security + data security + DLP + insider risk + AI security. - Sensors/Integration: Agentless integration; SOC2-ready; deploys in hours; integrates with collaboration suites, identity providers, DLP, SOC, HR systems. - Protections: Over-sharing remediation, abnormal file activity detection, identity posture enforcement, AI usage policy enforcement on data access, AI-driven data access monitoring. - Differentiator: "Workforce security platform" thesis — unifies the workforce-side of AI risk; Explicit positioning that enterprise AI adoption has eliminated "security through obscurity" so previously-acceptable risks now materialize immediately; Analogizes itself to "Workday for HR or Salesforce for sales" as system of record for human security; Takes a graph-first approach. ### DapplePot - Website: dapplepot.com - Founded: 2026 - Country: India - Categories: Runtime & Guardrails, Observability & Governance - Capabilities: Runtime security and observability platform for AI agents. A drop-in SDK instruments the agent and records every LLM call, tool use, and decision across an entire session, with frame-by-frame session replay and a timestamped, tamper-evident audit trail (90-day retention). Inline detection covers prompt injection, sensitive-data leakage, privilege and identity abuse, anomalous tool sequences, system-prompt leakage, and unbounded resource/cost consumption. Adds behavioral drift detection, per-session risk scoring, and fleet-level risk scoring across all agents, with findings mapped to the OWASP LLM Top 10 and OWASP Agentic AI Top 10. Spans the full lifecycle — runtime, post-session, and cross-session fleet health. - Sensors/Integration: Language SDK dropped directly into the agent code; starts capturing every model call, tool invocation, and decision immediately, without changing how the agent runs or adding noticeable latency. Records real inputs and outputs rather than sanitized logs; threat alerts route to existing channels; cloud-hosted. - Protections: Inline real-time blocking of prompt injection, data leakage, and privilege abuse; tool-call interception before unsafe actions execute; a live kill switch that terminates rogue sessions on the spot. Cross-session and post-session analysis surfaces behavioral drift and the most vulnerable agents in the fleet; immutable session evidence supports incident response, post-mortems, and proof that AI governance controls are working. - Differentiator: Positions AI agents as the enterprise largest unmonitored attack surface and folds them into the existing security perimeter. Distinguished by full-lifecycle coverage — most tools stop at runtime, whereas DapplePot extends from the first LLM call through cross-session fleet health — and by an evidence-first, tamper-evident audit trail framed around proving to security and audit teams exactly what an agent did, with explicit full mapping to the OWASP LLM Top 10 and Agentic AI Top 10. Bangalore, India-based and founded in 2026; early-stage with hands-on onboarding. ### Dash Security - Website: dash.security - Founded: 2024 - Country: UK - Categories: AI-SPM, Observability & Governance, Agentic Identity, MCP & LLM Gateways - Capabilities: Pre-launch security platform targeting agentic AI enterprise environments; AI security posture management surfacing risks before production deployment; non-human identity management for AI agents; shadow AI discovery across the enterprise; MCP security and governance; AI governance and policy controls for emerging agent workflows. - Sensors/Integration: Pre-launch / pre-production scanning of agent deployments; integrates with enterprise identity stacks to discover non-human and agent identities; MCP server inventory and policy enforcement. - Protections: Shift-left security — catches misconfigurations and risks before agents reach production; non-human identity scoping to enforce least-privilege; shadow AI discovery to surface unauthorized agent usage; MCP-layer policy enforcement. - Differentiator: Pre-launch positioning is unusual — most AI security vendors focus on runtime; Dash claims to catch risks in the design and pre-production phase before agents are deployed, addressing the "shift-left" gap in the AI security stack; UK-based (Dash Security Systems Ltd). ### DataKrypto - Website: datakrypto.com - Founded: 2021 - Country: USA - Funding: $3.25M - Categories: Model Security, Agentic Data Governance - Founders: Luigi Caramico, Ravi Srivatsav - Investors: P101, AVM Gestioni, Tomorrow Street - Capabilities: FHEnom for AI is a zero-knowledge framework combining DataKrypto's patented high-speed fully homomorphic encryption (FHE) with Trusted Execution Environments to keep data, model weights and queries encrypted across the entire AI lifecycle (ingestion, training, inference) even during in-memory computation. - Sensors/Integration: Encryption layer integrating into existing AI architectures; available on Google Cloud Marketplace; FIPS-validated; supports open-source and proprietary models. - Protections: End-to-end encryption of AI data and models that eliminates the 'cleartext gap'; protects IP and sensitive datasets from leakage, exposure, adversarial manipulation and infrastructure compromise; enables inference directly on encrypted data. - Differentiator: Claims the fastest FHE on the market at near real-time speeds; Google Cloud ISV Startup Springboard graduate; launched FHEnom for AI at RSA 2025; based in Burlingame, CA. ### Daxa.ai - Website: daxa.ai - Founded: 2023 - Country: USA - Funding: $3.8M - Categories: Observability & Governance, MCP & LLM Gateways, Agentic Data Governance, Runtime & Guardrails - Founders: Huseni Saboowala, Malav Patel, Sridhar Ramaswamy - Investors: Arka Venture Labs, IvyCap Ventures, Oakseed Ventures, G2C Ventures, HMG Ventures - Capabilities: Data-first AI governance and security platform; Pebblo AI data platform embedding access control, security, and governance into AI apps with developer-friendly hooks; Proxima secure AI knowledge retriever for role-appropriate AI answers; Pebblo MCP Gateway for AI agent traffic governance; Pebblo SafeLoader for LangChain integration; RAG security and access controls. - Sensors/Integration: Developer SDK integration with LangChain and other GenAI frameworks; MCP gateway intercepting agent tool calls; data classification at ingestion preventing sensitive data from reaching models; open-source Pebblo library with commercial extensions. - Protections: Pre-ingestion data classification preventing sensitive data exposure to models; role-based access control on retrieval; agent action governance through MCP gateway; runtime data intelligence reasoning over access decisions; recognized in 2025 Gartner Market Guide for AI TRiSM. - Differentiator: Strong open-source go-to-market via the Pebblo library, widely adopted in the LangChain ecosystem; HPE Secure AI Factory partnership; data-first positioning differentiates Daxa from prompt-firewall-centric competitors. ### Daytona - Website: daytona.io - Founded: 2023 - Country: USA - Funding: $31M - Categories: Sandboxing & Secure Envs - Founders: Ivan Burazin, Vedran Jukić, Goran Draganić - Investors: FirstMark Capital, Pace Capital, Upfront Ventures, Darkmode, E2VC, Datadog, Figma Ventures - Capabilities: AI agent execution sandbox infrastructure — isolated execution environments for AI-generated code with sub-90ms cold starts (27ms in optimized configurations); SDK + CLI for AI agents to create/use/destroy sandboxes on demand; persistent workspaces where agents can install dependencies, create files, and resume state across sessions; MCP server integration + dedicated Claude Code skill; multi-language support. - Sensors/Integration: Container-based runtime by default with optional Kata Containers (microVM isolation) or Sysbox for stronger workload separation; tiered isolation model; deployable as managed cloud or self-hosted. - Protections: Process-level isolation (default) escalating to microVM-level isolation (Kata/Sysbox); per-sandbox filesystem and network boundaries; ephemeral environments that die when the agent's task completes (limits blast radius); persistent workspace mode for stateful agents with isolation maintained across sessions. - Differentiator: Pivoted Feb 2025 from developer cloud dev environments → AI agent execution infrastructure (rare clean pivot story); Fastest cold starts in the category making it the default choice for high-frequency / latency-sensitive agent loops; Positioning is dev infrastructure for agent builders (not a security control plane for CISOs — different buyer than Canyon Road / ARMO / Operant / Jozu). ### Deepchecks - Website: deepchecks.com - Founded: 2019 - Country: Israel - Funding: $14M - Categories: Observability & Governance, Model Security, AI Red Teaming - Founders: Shir Chorev, Philip Tannor - Investors: Alpha Wave Ventures, Hetz Ventures, Grove Ventures - Capabilities: Production-grade platform unifying evaluation, observability, testing, and monitoring for AI systems and LLM agents; continuous measurement, tuning, and improvement of AI agents over time; agent behavior validation pre- and post-deployment; multi-agent system evaluation layer; supports the reliability requirements of agentic deployments; foundation for Check Point's Agentic Network Security Orchestration platform. - Sensors/Integration: SaaS and self-hosted deployment; integrates into LLM and agent pipelines; ingests model outputs, agent traces, and evaluation results. - Protections: Behavioral drift detection for AI agents; validation gates pre-deployment; continuous monitoring for hallucinations and unsafe outputs; evaluation hooks for multi-agent system reliability; ensures agents in production behave as specified. - Differentiator: Team-and-IP acquisition by Check Point May 2026 to accelerate their Agentic Network Security Orchestration roadmap; Check Point's 4th Israeli startup acquisition in 2026 alongside Cyclops, Cyata, and Rotate. ### DeepKeep - Website: deepkeep.ai - Founded: 2021 - Country: Israel - Funding: $10M - Categories: AI Red Teaming, Runtime & Guardrails - Founders: Rony Ohayon, Yossi Altevet - Investors: Awz Ventures, 5G Open Innovation Lab, OurCrowd - Capabilities: Full-lifecycle AI security across LLM and computer-vision systems: AI red teaming, runtime protection, model scanning, agent scanning, and AI usage governance. - Sensors/Integration: Detects prompt injection, jailbreaks, data leakage, unsafe outputs, hallucinations, bias, model supply-chain issues, and shadow AI across multimodal pipelines. - Protections: AI Firewall for real-time pre/post-deployment alerting, AI Lens governance with access control, AI Agent Scanner runtime protection, and static/dynamic model scanning. - Differentiator: Purpose-built AI-native engine (including "Vibe" human-steered red teaming) designed to comprehend AI/LLM logic rather than adapting traditional cybersecurity tools. ### Descope - Website: descope.com - Founded: 2022 - Country: USA - Funding: $88M - Categories: Agentic Identity, MCP & LLM Gateways - Founders: Slavik Markovich, Dan Sarel, Rishi Bhargava, Guy Rinat, Gilad Shriki, Doron Sharon, Meir Wahnon, Aviad Lichtenstadt - Investors: Lightspeed Venture Partners, Notable Capital, GGV Capital, Dell Technologies Capital, Unusual Ventures, Cerca Partners, Triventures - Capabilities: Agentic Identity Hub 2.0 — agents as first-class identities with dedicated OAuth client IDs and tool-level scopes; comprehensive MCP auth (OAuth 2.1, DCR, CIMD, per-tool scopes, multi-tenant); credential vault for OAuth tokens/API keys; agentic identity management dashboard; 50+ prebuilt third-party app templates; drag-and-drop visual identity workflows. - Sensors/Integration: Hosted IAM / OAuth-2.1 control plane for human users AND AI agents/MCP servers; SDKs and APIs for inbound apps and outbound apps. - Protections: Ephemeral / portable / revocable agent tokens, tool-level scope enforcement, enterprise policy controls, user-consent flows, per-agent and per-tenant isolation, full audit logging streamable to SIEM. - Differentiator: Leverages CIAM heritage to extend Auth0-like model to AI agents; Industry-first OAuth-2.1 MCP auth implementation. ### DeTaSECURE - Website: detasecure.com - Founded: 2024 - Country: India - Funding: Undisclosed - Categories: Agentic Network Security, Runtime & Guardrails, Observability & Governance - Founders: Tamaghna Basu, Debarati Basu - Capabilities: AI agent security platform with Web3-specific extensions — covers traditional AI agent security (prompt injection, data exfiltration) plus Web3 attack surfaces (smart contract interaction risks, on-chain agent exploitation, crypto-asset exfiltration through agent actions); cloud security heritage with WAF capabilities extended to AI traffic; audits and breach prevention for AI agent deployments. - Sensors/Integration: WAF-style inline inspection of AI traffic; cloud-security platform with AI agent extensions; integrates with Web3 toolchains for on-chain transaction monitoring; cloud-native deployment with multi-tenant SaaS model. - Protections: Inline blocking at the WAF layer for AI agent traffic; data breach prevention via inspection of agent inputs and outputs; Web3-specific protections against on-chain transaction abuse by compromised agents; audit and forensic capabilities for incident response. - Differentiator: Web3 + AI agent intersection is a niche specialization — most AI security vendors focus on enterprise SaaS while DeTaSECURE addresses the unique threat surface where AI agents interact with smart contracts, DeFi protocols, and crypto wallets; Cloud security and WAF heritage gives them production operational experience that pure-startup AI security vendors don't have. ### Dreadnode - Website: dreadnode.io - Founded: 2023 - Country: USA - Funding: $14M - Categories: AI Red Teaming, Model Security - Founders: Will Pearce, Nick Landers - Investors: Decibel Partners, Next Frontier Capital, In-Q-Tel, Sands Capital, Indie VC - Capabilities: Offensive AI security platform with Strikes (AI agent training ground for offensive cybersecurity), Spyglass (AI red teaming toolkit for probing deployed AI), and Crucible (AI hacking sandbox); adversarial testing of deployed AI systems; iterative agent resilience through repeated attack exposure; continuous auditing and vulnerability assessment of live AI models. - Sensors/Integration: API-based red team toolkit running against customer AI endpoints; sandbox environment for AI security practitioners; integration with major LLM providers and AI frameworks. - Protections: Pre-production vulnerability discovery in AI models and agents; continuous re-testing surfacing emerging attack patterns; detection of prompt injection, model bypasses, and data poisoning; training data generation for hardening AI agents. - Differentiator: Bozeman, Montana-based (founded 2023); powered DEFCON’s largest "Hack AI" event via Crucible; rare focus on offensive AI as a discipline distinct from defensive red teaming. ### DryRun Security - Website: dryrun.security - Founded: 2023 - Country: USA - Funding: $8.7M - Categories: Agentic Code Security - Founders: Ken Johnson, James Wickett - Investors: LiveOak Ventures, Work-Bench, Cannage Capital - Capabilities: AI-native agentic code security intelligence platform; proprietary Contextual Security Analysis (CSA) engine using the SLIDE model (Source code, Language, Intent, Data, Environment) to reason about how code actually behaves; DeepScan Agent delivering full-repository AppSec reviews in hours instead of weeks; PR analysis agent for real-time review of code changes; Natural Language Code Policies (NLCP) letting teams define enforcement rules in plain English; catches logic flaws, authorization gaps, IDOR, SQLi, XSS, SSRF, secrets, IaC misconfigurations that pattern-based SAST misses. - Sensors/Integration: GitHub-native integration with GitLab coming; Slack notifications; private LLM with ephemeral analysis services for data privacy; SaaS deployment. - Protections: Real-time PR feedback with security findings; whole-application risk evaluation via DeepScan context; plain-English policy enforcement scaling without DSL rules; false-positive reduction via behavioral reasoning; auditor-ready security insights across the codebase. - Differentiator: First to position as agentic code security intelligence; SLIDE model for contextual analysis is distinctive; 250,000+ code reviews per month at enterprise and mid-market customers. ### Duality Technologies - Website: dualitytech.com - Founded: 2016 - Country: USA - Funding: $49M - Categories: Model Security, Sandboxing & Secure Envs, Agentic Data Governance - Founders: Alon Kaufman, Rina Shainski, Shafi Goldwasser, Vinod Vaikuntanathan, Kurt Rohloff - Investors: LG Technology Ventures, Intel Capital, Hearst Ventures, Team8, Euclidean Capital, NAventures - Capabilities: SecurePlus privacy-preserving data collaboration platform combining homomorphic encryption with data science; secure multiparty data collaboration using TEEs for AI/ML workloads; AI assistant for sensitive data analysis; secure AI collaboration platform for cross-silo model training; supports financial services, healthcare, telecom regulated workloads. - Sensors/Integration: Platform deployment across enterprise data silos; integration with existing ML infrastructure; TEE-based confidential computing; PALISADE open-source HE library foundation. - Protections: End-to-end encryption during analysis preserving data ownership; secure cross-silo analytics enabling regulated collaboration; GDPR/HIPAA compliance via privacy-by-design; protection against re-identification across collaborating parties. - Differentiator: WEF 2021 Technology Pioneer; one of the most academically pedigreed teams in privacy-enhancing AI, with deep roots in homomorphic encryption. ### Dynamo AI - Website: dynamo.ai - Founded: 2021 - Country: USA - Funding: $30M - Categories: Runtime & Guardrails, AI Red Teaming, Model Security, Agentic Data Governance - Founders: Vaikkunth Mugunthan, Christian Lau - Investors: Canapi Ventures, Nexus Venture Partners, Formus Capital, Soma Capital - Capabilities: Enterprise platform for secure and compliant GenAI infrastructure; DynamoEval for risk assessment; DynamoEnhance for risk remediation; DynamoGuard real-time runtime guardrails; federated learning and differential privacy for LLM fine-tuning on sensitive data; hallucination detection; misuse and attack prevention; on-premise and cloud-hybrid deployment. - Sensors/Integration: PaaS deployment in any cloud or on-prem environment; SDK and API integration with customer LLMs; continuous evaluation harness; federated learning architecture keeping data at source. - Protections: Inline guardrails blocking misuse, attacks, and hallucinations; differential privacy preventing re-identification of training data; secure LLM fine-tuning without exposing sensitive datasets; compliance monitoring for regulated industries. - Differentiator: MIT CSAIL spinoff (2021); customers include the US Army, Experian, First Horizon Bank, Itochu, and CTC; testified before the US House Committee on Financial Services in 2025. ### Edera - Website: edera.dev - Founded: 2023 - Country: USA - Funding: $5M - Categories: Sandboxing & Secure Envs, Agentic Endpoint Security, Observability & Governance - Founders: Alex Zenla, Emily Long, Ariadne Conill - Investors: 645 Ventures, Eniac Ventures, FPV Ventures, Generationship, Precursor Ventures, Rosecliff Ventures - Capabilities: Secure infrastructure for deploying and executing AI agent workloads with strong isolation; Type 1 hypervisor-grade isolation (heritage from Xen / unikernel work) applied to container workloads running AI agents; multi-tenancy isolation for shared infrastructure hosting many agents; Kubernetes-native deployment; AWS-compatible execution environments; workload-level security for agent tool execution and code interpreters. - Sensors/Integration: Container runtime replacement (Edera Protect Containers) providing hardware-grade isolation between workloads; Kubernetes integration for cluster-wide deployment; supports AWS and bare-metal hosts; designed for multi-tenant scenarios where many agent workloads coexist on shared infrastructure. - Protections: Hardware-grade isolation between agent workloads — far stronger than container namespaces, preventing one compromised agent from affecting others on shared infrastructure; sandbox boundaries for AI-generated code execution; multi-tenant security for SaaS providers hosting customer agents; defense against container escape and lateral movement. - Differentiator: Type 1 hypervisor isolation heritage (Xen, unikernels) applied to AI agent workloads is technically rare — most competitors use container-level isolation which provides weaker boundaries; Positioned for the emerging "agent-as-a-service" market where SaaS providers host customer agents on shared infrastructure and need strong tenant isolation; Cloud-native packaging (Kubernetes operator, AWS support) makes the deeper-stack technology accessible to mainstream cloud-native teams. ### Enclave - Website: enclave.ai - Founded: 2025 - Country: Israel - Funding: $6M - Categories: Agentic Code Security, Agentic Endpoint Security - Founders: Tal Hoffman, Dvir Segev, Yanir Tsarimi - Investors: 8VC, Patrick Collison, Marc Benioff, Aaron Levie, Diane Greene, Matt Huang, Jeremy Stoppelman - Capabilities: AI-powered code security reading the entire codebase as a connected system, mapping services and data flows to surface only exploitable vulnerabilities with exploit context and precise fix instructions. Targets AI-generated code. - Sensors/Integration: Cloud scanning via app.enclave.ai plus self-hosted (Enterprise); integrates with repos and issue trackers (Jira, Linear); planned expansion to runtime and cloud. - Protections: Detects exploitable code vulnerabilities across auth, APIs, admin surfaces, file uploads, OAuth, and dependencies; reachability/criticality assessment to prioritize real risk. - Differentiator: System-level, cross-service analysis (vs. file-by-file signature scanning) filtering to actually-exploitable findings, acting as an independent security reviewer for AI-era development. ### EnforceAuth - Website: enforceauth.com - Founded: 2025 - Country: USA - Categories: Agentic Identity, MCP & LLM Gateways - Founders: Mark Rogge - Capabilities: Centralized authorization control plane (OPA/Rego/Cedar) enforcing fine-grained policy across apps, data, cloud, and AI agents, controlling agent-to-data and agent-to-agent actions in real time. - Sensors/Integration: Identifies authorization gaps via code scanning and the open-source Zift tool; detects unauthorized agent data access and prompt-injection-driven actions at runtime. - Protections: Continuous runtime authorization enforcement on every agent action plus a "Verdict" agentic firewall, with real-time decision logging and audit trails. - Differentiator: Closes the "authorization gap" between authentication and action for autonomous agents, exposing the control plane itself as an MCP server agents can operate. ### Enkrypt AI - Website: enkryptai.com - Founded: 2023 - Country: USA - Funding: $14M - Categories: AI Red Teaming, Runtime & Guardrails, Model Security, Observability & Governance - Founders: Sahil Agarwal, Prashanth Harshangi - Investors: Boldcap - Capabilities: End-to-end LLM security platform spanning the full GenAI lifecycle: red teaming during development, risk discovery in staging, runtime guardrails in production; automated red teaming across LLMs, Vision-Language Models, and Audio-Language Models with specialized agent-targeted tests (tool misuse, access control, behavior analysis); comprehensive testing across bias, toxicity, PII, harmful content, CBRN, misinformation; iterative attack chains, encoding, obfuscation, multi-turn jailbreaks; runtime guardrails for production deployments; out-of-the-box compliance reports mapped to NIST AI 600, OWASP Top 10 for LLMs, MITRE ATLAS; industry-first LLM Safety Leaderboard benchmarking 200+ models with continuous red teaming. - Sensors/Integration: Cloud-delivered SaaS platform; integrates with LLM applications and AI agents via APIs; sits between applications and model providers as a security testing and guardrails layer; partners with CASB vendors to extend coverage into existing data protection deployments; mapped to industry compliance frameworks for evidence generation. - Protections: Runtime guardrails block harmful outputs in real time; pre-deployment red teaming surfaces vulnerabilities before production; compliance gating based on risk thresholds; mitigation recommendations via system-prompt hardening, guardrails, or safety alignment training; continuous re-testing as new attacks emerge. - Differentiator: Boston-headquartered LLM security specialist focused on regulated industries — financial services, healthcare, government deploying generative AI applications; Full-lifecycle approach (red team + risk discovery + runtime guardrails) versus competitors that handle only one stage; Industry-first LLM Safety Leaderboard with 200+ models tested continuously is a unique public-good asset that drives top-of-funnel awareness. ### Entro Security - Website: entro.security - Founded: 2022 - Country: Israel - Funding: $24M - Categories: Agentic Identity, Observability & Governance, AI-SPM, Agentic Network Security - Founders: Itzik Alvas - Investors: StageOne Ventures, Mickey Boodaei - Capabilities: NHI Security pioneer extended to AI agents via AGA (Agentic Governance & Administration) platform pillar launched RSAC 2026; Shadow AI Discovery via EDR integrations; native connection to AWS Bedrock + Copilot Studio agent foundries to discover agents and their NHIs; MCP activity visibility + policy controls; NHIDR (Non-Human Identity Detection & Response); secrets scanning across code/cloud/CI/CD/SaaS; human ownership attribution; lifecycle management; audit trails. - Sensors/Integration: API integrations to clouds/CI/CD/SaaS; EDR-piggyback for endpoint AI discovery; native agent-foundry connectors (Bedrock, Copilot Studio). - Protections: Anomaly detection on agent behavior, least-privilege enforcement, credential rotation/decommissioning, secret exposure remediation, identity-graph-based blast-radius analysis. - Differentiator: Among earliest NHI security pure-plays; Coined and educates "NHI" as a category; Original LLMjacking research; AGA extends production-credible NHI platform into agentic AI vs. greenfield startups; Positioned alongside Microsoft Entra Agent ID in enterprise reference architectures. ### Enveil - Website: enveil.com - Founded: 2016 - Country: USA - Funding: $40M - Categories: Model Security, Agentic Data Governance - Founders: Ellison Anne Williams - Investors: USAA, Mastercard, Capital One Ventures, C5 Capital, DataTribe, In-Q-Tel, Bloomberg Beta, Cyber Mentor Fund, 1843 Capital - Capabilities: ZeroReveal Secure AI for encrypted ML training, inference, and validation across data silos; homomorphic encryption and secure multiparty computation protecting Data in Use; privacy-preserving search and analytics; cross-boundary data collaboration without raw data exposure; multi-party computation enabling regulated industry collaboration. - Sensors/Integration: Cloud, on-prem, and hybrid deployment; integration with enterprise data sources; ZeroReveal Search and Analytics products; API-based integration with AI/ML platforms. - Protections: Privacy-preserving computation maintaining encryption during processing; mathematically provable privacy of search and analytic queries; protection of data ownership and content across boundaries; ML/AI risk mitigation without exposing raw data. - Differentiator: WEF Technology Pioneer and Gartner Cool Vendor; among the longest-established commercializations of homomorphic encryption for AI workloads (founded 2016). ### Eos Cyber - Website: eoscyber.ai - Founded: 2025 - Country: USA - Funding: $6M - Categories: Agentic Identity, Observability & Governance - Founders: Archit Lohokare, Kashyap Ivaturi - Investors: Primary Venture Partners, MVP Ventures, Embedding VC - Capabilities: AI-native identity security platform for managing AI agent access risks; least-privilege enforcement for AI agents and non-human identities; visibility into agent permissions and entitlements across the enterprise; privilege escalation detection specific to AI agent contexts; LLM and prompt injection risk awareness in identity decisions. - Sensors/Integration: Identity governance layer integrating with IAM stacks; agent identity discovery via OAuth and service account inventory; permission graph analysis for AI agents and non-human identities. - Protections: Least-privilege enforcement on agent identities; privilege escalation detection; over-permissive agent identity remediation; visibility into shadow agent identities created outside official channels; identity-first guardrails for AI agent operations. - Differentiator: Pure-play AI-native identity security focus distinct from generic NHI/CIEM vendors that have added AI agent SKUs; Positioning emphasizes the unique identity lifecycle of AI agents (ephemeral, scoped, often inherit human privileges) rather than treating them as a sub-class of service accounts. ### Eroun & Company - Website: eroun.ai - Founded: 2025 - Country: South Korea - Funding: $1.4M - Categories: Runtime & Guardrails, Observability & Governance, Agentic Data Governance - Founders: Yoon Du Sik - Capabilities: SAIFE X GenAI security platform protecting against data leaks and prompt attacks; PII detection and redaction; sensitive data protection in GenAI workflows; runtime guardrails for LLM applications; targets the South Korean and Asian markets. - Sensors/Integration: API and SDK integration with LLM applications; PII detection engine; cloud-delivered runtime guardrails; integration with major LLM providers. - Protections: Inline PII redaction before reaching LLMs; prompt injection blocking; data leakage prevention across GenAI workflows; runtime policy enforcement. - Differentiator: Seoul-based GenAI security startup positioned for the South Korean and broader Asian enterprise market; SAIFE X platform brings localized GenAI security in regions underserved by US-centric AI security vendors. ### EVE Security - Website: eve.security - Founded: 2024 - Country: USA - Funding: $3M - Categories: Runtime & Guardrails - Founders: Nadav Cornberg, Sharon Eilon, Amit Eliav - Investors: LiveOak Ventures, Tau Ventures - Capabilities: Agent interrogation, behavioral anomaly detection, shadow AI discovery, audit trails. - Sensors/Integration: Inline runtime control plane between agents and crown jewels. - Protections: Allow / block / redact / alert per action; policy enforcement on tool calls and data sharing. - Differentiator: "Agent-in-the-Loop" — LLM-judge applied to each individual tool call. ### Evoke Security - Website: evokesecurity.com - Founded: 2024 - Country: USA - Funding: $4M - Categories: Agentic Browser Security, Runtime & Guardrails - Founders: Jason Rebholz, Jeffrey Chan - Investors: Crosspoint Capital Partners, Red Cell Partners - Capabilities: Agent inventory + governance, AI-SPM, threat modeling (malicious skills/MCPs, toxic flows), real-time per-agent policies. - Sensors/Integration: Four parallel modes — endpoint agent + SDK/Proxy/API + browser extension + SIEM integration. - Protections: Per-agent policy enforcement, unauthorized-action block, full prompt/tool-call/response visibility, over-permissioned agent remediation. - Differentiator: Most direct "EDR for AI Agents" positioning; CrowdStrike/AWS/NVIDIA RSAC accelerator finalist. ### FairNow - Website: fairnow.ai - Founded: 2023 - Country: USA - Funding: $3.5M - Categories: Observability & Governance - Founders: Guru Sethupathy - Capabilities: AI governance, risk, and compliance automation platform; AI inventory management; governance workflow orchestration with role-based accountability; risk assessments and ongoing monitoring; documentation and audit trail generation; vendor AI risk management; regulatory compliance tracking across global AI laws. - Sensors/Integration: SaaS platform centralizing AI usage tracking; integration with model registries; bias audit tooling; questionnaire-based regulatory applicability tools. - Protections: Automated compliance workflows preventing unmanaged AI deployment; continuous bias and fairness monitoring; vendor AI risk assessments before procurement; auditor-ready documentation generation. - Differentiator: DMV-area startup focused on Fortune 100 AI risk; team brings model risk management, infosec, data governance, and compliance backgrounds; positioning as the 'AI governance command center' for enterprises with distributed AI usage. ### Fiddler AI - Website: fiddler.ai - Founded: 2018 - Country: USA - Funding: $45M - Categories: Observability & Governance, Model Security - Founders: Krishna Gade, Amit Paka - Investors: Lightspeed Venture Partners, Insight Partners, Lockheed Martin Ventures - Capabilities: LLM observability (hallucination/factuality, toxicity, PII detection, prompt safety, jailbreak attempts, drift), traditional ML model monitoring (drift, accuracy, bias/fairness, explainability), Fiddler Trust Models, Fiddler Guardrails (low-latency moderation pre/post LLM), agentic observability, alerts to Slack/Teams/PagerDuty, EU AI Act / AI Bill of Rights compliance reporting. - Sensors/Integration: SDK-based publishing of prompts/responses/RAG sources to Fiddler; pre/post-LLM inline guardrails via Trust Models; Carahsoft partnership for federal/state/local agency reach. - Protections: Pre-LLM moderation (block toxic/jailbreak/PII), post-LLM hallucination + toxicity + PII filtering, alerting on drift and quality regressions, bias/fairness detection in predictive ML. - Differentiator: Most established ML observability vendor that has extended into LLM/agent observability; "MOOD stack" framing; Strong explainable AI / bias / fairness depth from ML-monitoring heritage. ### FireRaven - Website: fireraven.ai - Founded: 2023 - Country: Canada - Funding: Undisclosed - Categories: Runtime & Guardrails, AI Red Teaming, Observability & Governance - Founders: JS Patenaude, Philippe Maisonneuve - Investors: Plug and Play Ventures, Front Row Ventures, Technical University of Denmark - Capabilities: Customizable security and compliance guardrails with real-time monitoring for AI agents; FireGuard policy enforcement layer for Microsoft Copilot; RedRaven automated AI red-teaming aligned with NIST and OWASP; input and response filtering; user behavior analytics for AI sessions; CI/CD-integrated continuous testing. - Sensors/Integration: No-code SaaS platform with API integration to LLM endpoints; M365/Copilot integration; CI/CD pipeline hooks for automated red-team testing. - Protections: Input filtering preventing prompt injection and policy violation; response filtering blocking sensitive content; continuous red-team testing surfacing new attack patterns; transparency through real-time monitoring dashboards. - Differentiator: Laval, Quebec-based dual-product startup (founded 2023-2024); combining runtime guardrails (FireGuard) with continuous red-teaming (RedRaven) is uncommon for an early-stage company. ### FireTail - Website: firetail.ai - Founded: 2022 - Country: USA - Funding: $5M+ - Categories: AI-SPM, Observability & Governance, Agentic Browser Security - Founders: Jeremy Snyder, Riley Priddle - Investors: Paladin Capital - Capabilities: AI security platform with code-to-cloud AI discovery and risk assessment; continuous AI integration inventory; AI-specific threat detection (prompt injection, data leaks, model manipulation); risk scoring against OWASP LLM Top 10 and MITRE ATT&CK; shadow AI and rogue AI identification; compliance monitoring across GDPR, CCPA. - Sensors/Integration: Code-to-cloud scanning identifying AI integrations across environments; centralized AI logging for security teams; integration with existing enterprise security tools. - Protections: Real-time attack protection alerting before damage; AI-specific risk scoring driving prioritization; unauthorized data exposure detection; compliance reporting aligned with major frameworks. - Differentiator: Pivot from API security roots to AI security; one of the earliest companies positioning AI security as a code-to-cloud problem mirroring CNAPP architecture. ### First Recon AI - Website: firstrecon.ai - Founded: 2025 - Country: USA - Categories: Observability & Governance, Runtime & Guardrails, MCP & LLM Gateways, Agentic Data Governance - Founders: Kentaro Kawamori - Capabilities: End-to-end enterprise AI control and security platform built across three layers: on-device semantic inspection that evaluates sensitive data, context, and intent before content reaches any AI provider and supports local/offline models; an AI Firewall that inspects prompts and responses before model access and applies allow, block, redact, or flag-for-review policy actions; and an AI Gateway that manages traffic across ChatGPT, Claude, Gemini, Copilot and every provider with routing, access controls, cost and spend governance, and audit trails. Adds AI agent security and governance (clear boundaries, approved tools, and policy enforcement across Cowork, semi-autonomous, and autonomous agent modalities), OS-level shadow AI discovery across browser, desktop, and IDE, human-in-the-loop review, and model governance mapped to SOC 2, GDPR, HIPAA, and the EU AI Act. - Sensors/Integration: Three-layer architecture on a Zero Trust foundation: an on-device endpoint sensor for semantic inspection on laptops, mobile devices, and workstations (with offline model support), an inline AI Firewall between the environment and model providers, and a cloud AI Gateway control plane; flexible deployment across desktop, browser, cloud, and on-premises; developer APIs expose data protection, firewall, and gateway as services. - Protections: Inline blocking and redaction of sensitive data before it reaches a model; prompt injection and AI threat detection and response; allow, block, redact, or flag policy actions on prompts and responses; automatic routing of blocked prompts to a private-network local model; per-provider access controls, spend caps, and tamper-evident audit trails; agent action policy enforcement; model governance and compliance gating. - Differentiator: Positions a single platform across the full enterprise AI surface (endpoint semantic inspection plus AI Firewall plus multi-provider AI Gateway) rather than a single control point; combines security, governance, cost control, and productivity in one app; on-device preflight inspection with offline local-model fallback is unusual among gateway-first vendors. ### ForceAI Security - Website: forceaisecurity.com - Founded: 2026 - Country: USA - Categories: Runtime & Guardrails, MCP & LLM Gateways - Capabilities: Single platform (Pinesmith) to secure AI activity, prompts, agents, MCP servers, and workflows from design-time guardrails through runtime, plus governed AI agents for security operations. - Sensors/Integration: Inspects AI inputs, outputs, files, code, tool calls, agent actions, MCP calls, and data access for visibility and detection. - Protections: Detects and blocks prompt injection, jailbreaks, sensitive-data exposure, unsafe outputs, and unauthorized agent behavior, with real-time approval of agent actions. - Differentiator: Combines AI runtime guardrails and MCP/agent governance with audit-ready compliance evidence in one platform, covering gaps left by DLP/CASB/SIEM. ### Future AGI - Website: futureagi.com - Founded: 2024 - Country: USA - Funding: $1.6M - Categories: Observability & Governance, Runtime & Guardrails, AI Red Teaming, MCP & LLM Gateways - Founders: Nikhil Pareek, Charu Gupta - Investors: Powerhouse Ventures, Snow Leopard Ventures, AngelList Quant Fund, Saka Ventures, Swadharma Source Ventures - Capabilities: End-to-end AI agent engineering platform covering the full lifecycle: simulate (multi-turn scenarios, synthetic data generation, persona testing), evaluate (factuality, groundedness, hallucination, PII, toxicity, tool selection), optimize (prompt and RL-based agent tuning), monitor (tracing, dashboards, alerting), protect (real-time guardrails); purpose-trained evaluation models superior to LLM-as-a-judge for hallucination detection; sub-100ms guardrails blocking prompt injection, jailbreaks, PII leakage, off-topic content; LLM gateway with model routing, fallbacks, MCP tools governance and guardrails; full request logging, cost tracking, audit trails; integrations with LangChain, LlamaIndex, CrewAI, AutoGen, OpenAI SDK, voice agents (VAPI, Retell, LiveKit, Pipecat). - Sensors/Integration: OpenTelemetry-native instrumentation drops into any agent framework with a few lines of code; Python and TypeScript SDKs; runs both as managed cloud and as self-hosted (Apache 2.0 licensed); SOC2-territory deployment patterns; integrates with Jaeger, Prometheus, Grafana alongside existing observability; gateway layer routes LLM traffic and applies guardrails inline. - Protections: Real-time guardrails intercept hallucinations, PII leaks, prompt injections, jailbreaks before they reach users; pre-launch simulation surfaces edge cases and adversarial scenarios; production drift detection; AI-powered alerting on unusual patterns; centralized policy enforcement across all agents in the org; MCP tool input/output validation and injection pattern matching. - Differentiator: Fully open-source (Apache 2.0) with no "open core" gotchas — entire platform inspectable and self-hostable; Consolidates 5+ typically-separate tools (LangSmith for tracing + Arize for ML obs + Braintrust for evals + dedicated guardrail vendor + gateway vendor) into one platform; Flat $50/month Pro pricing (not per-seat) is dramatically cheaper than LangSmith ($39/user) or Braintrust ($249/month); 986+ GitHub stars. ### Galene.AI - Website: galene.ai - Founded: 2025 - Country: Italy - Funding: Bootstrapped (~$1.4M ARR) - Categories: Observability & Governance, Sandboxing & Secure Envs, Runtime & Guardrails - Founders: Andrea Cappelletti - Capabilities: Sovereign agentic AI platform deployable on-prem or private cloud; Generative Shield runtime guardrails and cyber security inspection; personal AI assistant + specialized AI agents + customizable AI agents; MCP-based connectors to internal apps; multi-tenant RBAC; alignment with EU AI Act, GDPR, ISO 42001, ISO 27001, SOC 2. - Sensors/Integration: Cloud and on-prem deployments via partnerships including Scaleway; MCP connectors to internal SaaS and databases; end-to-end encrypted GPU instance support. - Protections: Runtime AI governance enforcing data sovereignty; built-in DLP policies; tenant isolation via fine-grained RBAC; audit-ready logging; continuous vulnerability scanning and third-party penetration tests. - Differentiator: Milan-based European startup founded 2025; European sovereignty positioning differentiates Galene from US AI platform vendors; profitable and self-funded with $1.4M ARR, an outlier in the AI governance category. ### Galileo - Website: galileo.ai - Founded: 2021 - Country: USA - Funding: $68.1M - Categories: Observability & Governance, AI Red Teaming, Runtime & Guardrails - Founders: Vikram Chatterji, Atindriyo Sanyal, Yash Sheth - Investors: Scale Venture Partners, Premji Invest, Databricks, Battery Ventures, Walden Catalyst - Capabilities: Luna Evaluation Suite + Galileo Protect for runtime security; Agent Control launched March 2026 — open-source control plane for AI agents bringing principled governance; pre-deployment behavioral testing across hallucinations, bias, toxicity, robustness, prompt injection; real-time observability for LLM calls, retrieval pipelines, multi-step AI agents; built-in security guardrails preventing prompt injection + PII leakage; automated compliance mapping (EU AI Act, NIST); 100+ behavioral tests; ServiceNow AI Control Tower integration; OpenAI / Anthropic / Copilot / OTel / Snowflake native integrations. - Sensors/Integration: SaaS platform + open-source Agent Control framework; CI/CD validation; production monitoring; native LLM provider integrations. - Protections: Pre-deployment behavioral testing, runtime prompt injection + PII leakage prevention, hallucination + bias + toxicity scoring, compliance evidence generation. - Differentiator: Agent Control open-source is rare (most competitors are closed SaaS); ServiceNow AI Control Tower partnership distinctive for enterprise distribution. ### General Analysis - Website: generalanalysis.com - Founded: 2024 - Country: USA - Funding: $10M - Categories: AI Red Teaming - Founders: Rez Havaei, Maximilian Li, Rex Liu - Investors: Altos Ventures, 645 Ventures, Menlo Ventures, Y Combinator - Capabilities: Automated context-aware red teaming with tool-graph mapping, AI detection & response, AI asset inventory + vulnerability scanning, runtime guardrails derived from red-team findings, drift/poisoning monitoring. - Sensors/Integration: GitHub + LLM provider + cloud/runtime connectors; OSS GA Guard classifier series. - Protections: Runtime guardrails (LLM01 prompt injection, LLM02 sensitive data, LLM05 PII, LLM06 abnormal intent), intent classification, drift detection, replay validation of confirmed exploits. - Differentiator: Strongest red-teaming-to-guardrail feedback loop; High-profile original research (Supabase MCP SQL leak, Stripe iMessage Claude jailbreak, $10M customer-service-bot exploit). ### Genie Security - Website: genie.security - Founded: 2024 - Country: Israel - Funding: $3M - Categories: Agentic Data Governance, Agentic Endpoint Security, Observability & Governance - Founders: Nadav Noy, Noam Dotan - Investors: Mensch Capital, Dynamic Loop - Capabilities: Endpoint-installed agent for real-time data leakage prevention against GenAI tools; identifies attempts to leak sensitive data from employee endpoints (laptops, phones, servers) caused by human action or by AI assistants like Claude, ChatGPT, and other GenAI tools; deployed across hundreds of endpoint devices in Israeli and US organizations within 5 months of founding. - Sensors/Integration: Endpoint agent installed on enterprise devices; monitors data flows out to AI tools and assistants; passive observability with active blocking capability. - Protections: Inline blocking of sensitive data egress to AI tools; classification of leakage attempts by source (human vs AI agent); per-prompt-or-action data loss prevention; complements Cyera DSPM with endpoint-side enforcement post-acquisition. - Differentiator: 5-person team at acquisition; Immediately filled Cyera's endpoint-DLP gap for the agentic data-leak vector. ### Geordie AI - Website: geordie.ai - Founded: 2024 - Country: UK - Funding: $36.5M - Categories: AI-SPM, Observability & Governance, Runtime & Guardrails, Agentic Identity - Founders: Henry Comfort, Hanah-Marie Darley, Benji Weber - Investors: General Catalyst, Ten Eleven Ventures, Balderton Capital - Capabilities: AI agent discovery across code, cloud, and endpoints; maps each agent's "anatomy" (tools, skills, connections, data access); runtime observability of agent actions; behavior monitoring + risk control; Beam Risk Mitigation Engine providing dynamic guidance during agent decision-making in real-time; posture management; audit-ready compliance reporting. - Sensors/Integration: API integrations into code environments + cloud platforms + endpoint devices; SSO integration; endpoint agents for real-time visibility into running agents. - Protections: Real-time intervention in agent decision chains (Beam guides agents toward safer behavioral path through contextual adjustments / policy constraints before high-risk actions execute), anomaly detection, runtime policy enforcement, audit-ready logs — explicit "proactive defense without impacting business continuity" thesis. - Differentiator: RSAC 2026 Innovation Sandbox WINNER ("Most Innovative Startup") — the agentic-AI-security category-defining moment, equivalent to Wiz's 2021 ISB run; Black Hat Europe 2025 Startup Spotlight winner before RSAC; Beam engine architecturally intervenes in the agent's decision chain itself — rarer than detect-and-block models elsewhere. ### Giskard - Website: giskard.ai - Founded: 2021 - Country: France - Funding: $1.6M - Categories: AI Red Teaming, Model Security - Founders: Andrei Avtomonov, Jean-Marie John Mathews, Alex Combessie - Investors: Elaia, Bessemer Venture Partners, EIC Fund - Capabilities: Open-source Python library for LLM testing + Giskard Hub enterprise SaaS for continuous red teaming, automated vulnerability scanning, hallucination/contradiction detection, RAG evaluation, golden-dataset management, Giskard Guards (independent EU-sovereign on-premise guardrail platform with Policy-as-Code), team collaboration UI + SDK. - Sensors/Integration: Pre-deployment testing via Python SDK + Hub; runtime guardrails (Guards) deployable on-prem with EU sovereignty. - Protections: Vulnerability detection, regression prevention via test suites, runtime policy enforcement via Guards (EU AI Act + OWASP Top 10 LLM packs), LLM-as-judge evaluation. - Differentiator: French/EU vendor; EU-sovereign on-premise guardrail story is unique; Partnerships with European Commission and Google DeepMind on research. ### Golf - Website: golf.dev - Founded: 2025 - Country: USA - Funding: Undisclosed - Categories: MCP & LLM Gateways, Observability & Governance, Agentic Identity - Founders: Wojciech Błaszak, Antoni Gmitruk - Capabilities: Agentic AI Security and Governance control plane at the MCP layer (not the LLM layer) — explicit thesis that "AI gateways sit between your app and the LLM — useless for third-party agents like Claude, Copilot, and ChatGPT that make their own calls"; shadow MCP discovery; MCP Gateway with granular per-tool / per-team / per-data-source policies at sub-millisecond latency; PII exposure / credential leak / unauthorized access blocking; pre-mapped compliance evidence export. - Sensors/Integration: Endpoint-deployed agent that discovers every AI tool, MCP server, and agent connection (including shadow infrastructure); all traffic flows through the MCP Gateway for enforcement; SSO integration with IdPs; SIEM streaming of agent activity. - Protections: Shadow MCP detection, real-time policy enforcement per tool/team/data source, PII + credential + unauthorized-access blocking at sub-ms latency, audit trail generation, SOC 2 Type II certified. - Differentiator: Explicit "MCP layer not LLM layer" positioning that differentiates from traditional AI gateways; Uniquely combines open-source MCP server framework + governance control plane in one company; Endpoint deployment model is rarer in MCP governance space. ### Gray Swan AI - Website: grayswan.ai - Founded: 2023 - Country: USA - Funding: $45M - Categories: AI Red Teaming, Runtime & Guardrails, Model Security - Founders: Matt Fredrikson, Andy Zou, Zico Kolter - Investors: Wing Venture Capital, Madrona, Obvious Ventures, Snowflake Ventures, Hudson River Trading, Samsung Next, Magarac Venture Partners, Pillar VC - Capabilities: AI Security Suite (Cygnal/Cygnet I/O filtering + Shade automated testing), AI red-teaming for frontier labs, Gray Swan Arena (3M+ attack corpus), Circuit Breakers, benchmarks (AgentHarm, HarmBench, WMDP, CyBench, MMLU). - Sensors/Integration: 2-line code integration via SDK (Python/JS/cURL); cloud-hosted platform. - Protections: Cygnet inline input+output filtering, continuous agentic monitoring, Shade automated vulnerability testing, Circuit Breakers technique. - Differentiator: Most academic / frontier-research credibility on the list; CMU origins; Safety evals baked into Claude/GPT/Meta model cards. ### Grip Security - Website: grip.security - Founded: 2021 - Country: Israel - Funding: $66M - Categories: Agentic SSPM, AI-SPM, Agentic Identity, Observability & Governance - Founders: Lior Yaari, Idan Fast, Alon Shenkler - Investors: YL Ventures, Third Point Ventures, Intel Capital, The Syndicate Group - Capabilities: Established SSPM extended into AI: discovers GenAI usage, classifies risk by data sensitivity, sets policy, enforces with workflows; S-SPM + AI-SPM unified posture management; embedded AI inside SaaS apps; maps AI agent access to data + OAuth tokens; controls privileged agents chaining actions across apps; model-level visibility, controls, drift alerts; identity-first guardrails for autonomous actions. - Sensors/Integration: SaaS-to-SaaS integrations across the SSPM footprint; OAuth-token-aware. - Protections: Shadow GenAI discovery + control, identity-first agent supervision, OAuth token mapping for AI agents, SaaS-chain propagation detection, model drift alerts. - Differentiator: Established SSPM vendor extending naturally into agentic AI — leverages existing SaaS-to-SaaS graph as the data substrate for AI agent governance; "Apps. Agents. Data. Secured." positioning bridges the SSPM-to-AI-SPM continuum. ### GuardiAgent - Website: guardiagent.com - Founded: 2026 - Categories: Sandboxing & Secure Envs, MCP & LLM Gateways - Capabilities: Sandboxes AI agents and MCP servers in isolated containers with least-privilege, user-consent permission models and auto-generated security manifests. - Sensors/Integration: Monitors agent/MCP system calls, resource usage, and permission requests at the execution boundary. - Protections: Enforces restricted permissions, resource limits, and container isolation to block rogue agent actions and compromised-server exploits. - Differentiator: Drop-in sandbox compatible with agent SDKs (e.g. OpenAI Agents SDK) adding only ~0.3-0.6ms overhead. ### Guardion AI - Website: guardion.ai - Founded: 2025 - Country: Brazil - Categories: Runtime & Guardrails, Observability & Governance - Founders: Rafael Sandroni - Investors: Google for Startups, NVIDIA Inception, Entrepreneurs First - Capabilities: Drop-in proxy between AI tools and systems for observability, enforcement, and compliance without code changes. - Sensors/Integration: Captures every tool call, data access, and autonomous decision while inspecting inputs/outputs in real time. - Protections: Detects prompt injection, unauthorized API/shell calls, and capability drift while stripping SSNs, API keys, and credentials. - Differentiator: Low-latency runtime gateway (P99 <20ms) built by ex-Apple Siri runtime security engineers; deployed at LatAm fintechs. ### Guardrails AI - Website: guardrailsai.com - Founded: 2023 - Country: USA - Funding: $7.5M - Categories: Runtime & Guardrails, AI Red Teaming - Founders: Shreya Rajpal, Diego Oppenheimer, Safeer Mohiuddin, Zayd Simjee - Investors: Zetta Venture Partners, Bloomberg Beta, FactoryHQ - Capabilities: Open-source guardrails framework for LLM applications combined with commercial Guardrails Hub; Snowglobe AI chatbot simulation platform for testing and evals; red-teaming feedback loop for adaptive guardrails; fine-tuning dataset generation from simulated interactions; PII redaction, jailbreak detection, hallucination filtering. - Sensors/Integration: SDK and library integrations in customer LLM apps; simulation environments running adversarial conversations at scale; observability dashboards for guardrail performance. - Protections: Inline output validation against schema and policy; jailbreak/prompt-injection blocking; hallucination suppression via factuality checks; continuous improvement via red-team-derived training data. - Differentiator: Combination of a widely-adopted open-source guardrails library with the commercial Snowglobe simulation platform is a distinctive open-core go-to-market; a recognized voice in LLM safety and reliability. ### Haize Labs - Website: haizelabs.com - Founded: 2023 - Country: USA - Funding: $12.5M - Categories: AI Red Teaming, Model Security - Founders: Leonard Tang, Richard Liu, Steve Li - Investors: General Catalyst, Soma Capital, Amjad Masad, Scott Wu, Demi Guo, Neil Shen - Capabilities: Runs algorithmic adversarial stress-testing and safety ratings across text, audio, code, video, image, and web modalities. - Sensors/Integration: Probes LLMs with automated attack-generation algorithms to surface vulnerabilities pre-deployment. - Protections: Identifies jailbreaks and unsafe outputs so model providers can remediate before release. - Differentiator: Positioned as the "Moody’s for AI" with automated haizing; customers include Anthropic, Scale AI, and AI21. ### Hardshell - Website: hardshell.ai - Founded: 2025 - Country: USA - Funding: $1.1M - Categories: Model Security, Agentic Data Governance - Founders: Andrew Schoka, Hunter Moore - Investors: VTC Ventures, Front Porch Venture Partners, Blu Venture Investors - Capabilities: AI security platform protecting training data from poisoning and leakage; adversarial ML defense; data poisoning detection during model training; pre-training data security validation; protection against backdoor attacks on AI models. - Sensors/Integration: Integration with ML training pipelines; static and dynamic analysis of training data; adversarial detection harness. - Protections: Detection of poisoned training samples before model training; mitigation of backdoor and trojan attacks on AI models; protection of model integrity throughout training; data leakage prevention from trained models. - Differentiator: Focused specialization on training data security distinguishes Hardshell from runtime-only AI security competitors; addresses the under-served pre-training phase of the AI lifecycle. ### Harmonic Security - Website: harmonic.security - Founded: 2023 - Country: UK - Funding: $26M - Categories: Agentic Browser Security, Agentic Data Governance, Runtime & Guardrails - Founders: Alastair Paterson, Bryan Woolgar-O'Neil - Investors: Ten Eleven Ventures, Sorenson Capital - Capabilities: AI usage analytics (Explore), browser+desktop control (Guide), unified human+agent governance (Command), MCP gateway, securing Claude. - Sensors/Integration: Three concurrent on-device sensors — browser extension (Chrome/Edge/Firefox/Safari/Arc/Brave/Vivaldi/Island/Comet/Dia), desktop client (Win/macOS/Linux) for Claude Desktop, ChatGPT, Cursor, Windsurf, and MCP Gateway for Claude Code / Cowork / custom MCPs. - Protections: Inline block/warn-log/silent-log with <200ms decisions, intent classification (not regex DLP), per-team patterns (not per-user surveillance), data residency. - Differentiator: Strongest "AI has moved off the network" thesis — direct positioning against Zscaler/Netskope/Purview; Best-articulated employee-privacy stance. ### Helmet Security - Website: helmetsecurity.com - Founded: 2025 - Country: USA - Funding: $9M - Categories: MCP & LLM Gateways, Agentic Endpoint Security, Observability & Governance - Founders: Fred Kneip, Kaushik Shanadi - Investors: SYN Ventures, WhiteRabbit Ventures - Capabilities: MCP server discovery, traffic monitoring, registry of verified MCP servers/skills, drift detection, supply-chain analysis, secret scanning. - Sensors/Integration: Agentless via existing EDR (CrowdStrike/SentinelOne/Defender process telemetry); optional lightweight Helmet endpoint agent. - Protections: Real-time MCP tool-call enforcement, prompt injection block, PII/secret leakage block, structured access policies. - Differentiator: Piggybacks on the customer's existing EDR for MCP discovery — no new endpoint agent; "Wiz for AI-to-AI communications". ### HiddenLayer - Website: hiddenlayer.com - Founded: 2022 - Country: USA - Funding: $50M - Categories: Model Security, Agentic Code Security, Runtime & Guardrails - Founders: Christopher Sestito, Tanner Burns, James Ballard - Investors: M12, Moore Strategic Ventures, Ten Eleven Ventures, Booz Allen Ventures - Capabilities: AISec Platform 2.0 — AI Discovery (asset inventory, AIBOM, Model Genealogy lineage), AI Supply Chain Security (static scanning of model files for graph-level backdoors, ShadowLogic, control-vector injection, embedded malware, serialization exploits, poisoning indicators), AI Attack Simulation, AI Runtime Security with new agentic capabilities, telemetry dashboards. - Sensors/Integration: Build-time / ingest static analysis of model files (works in airgapped and sensitive environments); runtime integration with agent gateways and execution frameworks; does not require access to private data or models. - Protections: Pre-deployment model scanning for backdoors/malware, runtime agent-behavior detection, real-time prompt injection / tool-call / exfiltration block at agent runtime. - Differentiator: First-to-market and deepest in ML model security — defining vendor for the model-supply-chain category; Won RSA 2023 Innovation Sandbox; Gartner Cool Vendor for AI Security. ### Highflame - Website: highflame.com - Founded: 2026 - Country: USA - Categories: Runtime & Guardrails, Agentic Identity, Agentic Network Security, MCP & LLM Gateways - Founders: Sharath Rajasekar, Anil Kumar - Capabilities: Unified AI Security Platform spanning build-time to run-time for GenAI + Agents + MCPs; ZeroID for verifiable cryptographic identity for AI agents (scoped delegation, instant revocation); real-time protection against emerging AI threats; visibility at every step of AI roadmap; secures both employee AI usage and autonomous agent deployments. - Sensors/Integration: Network-layer integration via Tailscale partnership (announced April 2026) — secures AI agent + model + MCP interactions at the network layer; agent identity layer (ZeroID). - Protections: Cryptographic agent identity verification, scoped delegation, instant revocation, network-level enforcement on agent ↔ model ↔ MCP interactions, real-time threat protection across the AI roadmap. - Differentiator: Tailscale network-layer partnership is distinctive — most agentic security vendors operate at API/gateway/endpoint layer; ZeroID treats agent identity as cryptographic primitive (closer to SPIFFE/SPIRE workload identity model) rather than OAuth-token extension; Spans both employee GenAI usage and autonomous agent governance in single platform. ### HikmaAI - Website: hikmaai.io - Founded: 2025 - Country: Sweden - Funding: $0.55M - Categories: AI Red Teaming, Observability & Governance, AI-SPM - Founders: Andrea Pili, Mauro Medda - Investors: Angel investors - Capabilities: Security and governance platform for evaluating and securing enterprise AI systems; AI pentesting and red teaming capabilities; ML security operations (MLSecOps); prompt injection testing and detection; shadow AI discovery; AI compliance reporting; observability across the AI lifecycle. - Sensors/Integration: Cloud-delivered AI security platform; integrates with AI applications and agents via APIs; red-teaming engine generates adversarial inputs and behavioral tests; observability layer captures AI system behavior for analysis. - Protections: Red-teaming surfaces vulnerabilities before production; prompt injection detection; shadow AI discovery surfacing unauthorized AI usage; AI compliance reporting mapped to regulatory frameworks; MLSecOps controls integrated into the AI development pipeline. - Differentiator: Positioning emphasizes the operational maturity gap ("MLSecOps") that established cybersecurity teams need when extending into AI workloads. ### Hivetrace - Website: hivetrace.ai - Founded: 2025 - Country: Russia - Funding: $110K - Categories: Runtime & Guardrails, AI Red Teaming - Capabilities: Bidirectional real-time monitoring of user prompts and LLM responses with anomaly detection, plus HiveTrace Red automated red teaming (80+ attacks across 10 categories). - Sensors/Integration: SDK decorators/clients stream agent and LLM interaction data for continuous analysis; SIEM integration available. - Protections: Detects and mitigates prompt injection, jailbreaks, system-prompt leakage, sensitive-data theft, and harmful HTML/Markdown. - Differentiator: Combines runtime monitoring with an integrated red-teaming engine; on-prem and cloud; listed in OWASP AI Security Landscape. ### HydroX AI - Website: hydrox.ai - Founded: 2023 - Country: USA - Funding: $4M - Categories: AI Red Teaming, Runtime & Guardrails, AI-SPM - Founders: Zhuo Li - Investors: Vitalbridge Capital, Atom Capital, Qiji Chuangtan - Capabilities: End-to-end AI security platform combining red teaming, continuous evaluation, and runtime protection; MLSecOps tooling for the full model lifecycle; generative AI threat coverage including jailbreaks, prompt injection, and content safety; continuous testing aligned with industry frameworks. - Sensors/Integration: API-based integration with customer AI systems; continuous test harness running adversarial probes; observability pipeline collecting model behavior. - Protections: Pre-production red-team validation surfacing weaknesses before deployment; runtime protection blocking attacks at inference; continuous evaluation against drift and new attack patterns. - Differentiator: Positions HydroX as a unified AI security platform spanning red team, evaluation, and protection layers; a relatively rare full-stack approach among early-stage competitors. ### Hypergame AI - Website: hypergame.ai - Founded: 2023 - Country: USA - Funding: $50K - Categories: AI Red Teaming, Runtime & Guardrails - Founders: Philip A. Dursey - Investors: Monsoon Venture Fund, Plug and Play, PHX Ventures - Capabilities: Adversarial AI red teaming simulating prompt injection, data poisoning, model inversion and API abuse, plus a deception "Mirror Matrix" for AI agents. - Sensors/Integration: Full instrumentation of agent behavior within the Mirror Matrix environment. - Protections: Active defense and cyber deception that shapes an adversary agent’s perception while retaining ground-truth control. - Differentiator: Grounds AI red teaming in hypergame theory and military deception doctrine, deploying live human red-team operators inside simulations. ### Identity Machines - Website: identitymachines.com - Founded: 2024 - Country: Canada - Categories: Agentic Identity, Observability & Governance - Capabilities: Issues rich agent identities, dynamic trust profiles and session-bound credentials, enforcing real-time attribute-based access control and AI agent guardrails. - Sensors/Integration: Continuously verifies each agent’s origin, behavior and capabilities across multi-cloud agent systems. - Protections: Zero-trust access enforcement ensuring only verified, authorized agents can act, with full audit trails. - Differentiator: Identity-first control plane (Iron Book) for AI agents interoperating with Entra ID, AWS Cognito, and OAuth2/OIDC. ### Impart Security - Website: impart.ai - Founded: 2022 - Country: USA - Funding: $18M - Categories: Runtime & Guardrails, Agentic Network Security - Founders: Jonathan Divincenzo, Brian Joe - Investors: Madrona Ventures, CRV, 8-Bit Capital, Haystack, AlphaTech Ventures - Capabilities: Runtime protection platform (Impart agentOS) unifying WAF, API security and an LLM Firewall in one deployment; LLM Discovery inventories AI usage, while Attack Embedding Analysis tokenizes prompts into embeddings to detect prompt-injection and adversarial inputs at real-time speeds. - Sensors/Integration: Inline, serverless-friendly runtime apps deployed in the path of live web/API/LLM traffic; installs in minutes across legacy and modern stacks. - Protections: Inline blocking of prompt injection, jailbreaks and abusive prompts; content filtering on LLM responses; unified policy enforcement across AI, API and web apps. - Differentiator: Claims the first solution to unify WAF, API security, and LLM protection in a single platform via its Attack Embedding Analysis detection method. ### IndyKite - Website: indykite.ai - Founded: 2020 - Country: USA - Funding: $10.5M - Categories: Agentic Identity, Observability & Governance, MCP & LLM Gateways - Founders: Lasse Andresen - Investors: Molten Ventures, TRK Group, Alliance Venture, Speedinvest - Capabilities: Context-aware authorization platform for autonomous AI agents — AgentControl product governs agents with identity context, policy controls, and audit trails; identity knowledge graph capturing relationships between users, agents, devices, and data; per-action authorization decisions informed by the broader identity context; policy enforcement at decision time rather than enrollment time; audit logging tied to identity for compliance and forensics. - Sensors/Integration: Identity platform with graph-based context model; integrates with existing IAM systems via standards (OAuth, SCIM, etc.); policy decision point invoked by applications and agent frameworks; works alongside MCP gateways for agent authorization decisions. - Protections: Context-aware authorization preventing privilege escalation as agents chain actions; policy enforcement based on the broader identity graph (who the agent acts for, what relationships justify access); revocation propagating through the identity graph; audit trails enabling post-incident analysis of agent decisions. - Differentiator: Identity knowledge graph approach is differentiated from rule-based IAM — captures relationships and context (which human sponsors which agent for which purpose) rather than treating each agent identity as isolated; AgentControl product specifically targets the autonomous-agent identity gap that legacy IAM systems weren't designed for; European (Norway/Czech Republic) heritage appeals to GDPR-conscious buyers. ### Intellect Machines - Website: intellectmachines.com - Founded: 2025 - Country: India - Categories: Observability & Governance, Runtime & Guardrails, MCP & LLM Gateways - Capabilities: Scouter product: on-demand prompt scanning, jailbreak/prompt-extraction detection, system-prompt exposure detection, real-time risk scoring; 250+ attack probes across 20 categories; multi-agent red-team testing; remediation guidance. - Sensors/Integration: Dashboard prompt uploads; GitHub repo scanning; CI/CD pipeline integration. - Protections: Pre-production vulnerability findings and risk scoring; prompt-theft / IP protection; remediation guidance (assessment-oriented, not inline enforcement). - Differentiator: "Security and control layer for the AI-native enterprise" — governed, measurable, auditable AI actions from prompt to execution; 250+ probes / 20 categories via Scouter. ### Intentyx - Website: intentyx.ai - Founded: 2025 - Categories: Runtime & Guardrails, Observability & Governance - Capabilities: Discovers AI agents and maps their architecture, then applies zero-trust governance to block or quarantine unsafe agent actions with forensic replay. - Sensors/Integration: Real-time capture of agent telemetry, prompts, tool calls and inter-agent communications, detecting intent/outcome drift and prompt tampering. - Protections: Zero-trust runtime enforcement against unauthorized data access, instruction overrides, hallucinated goals, and PII exposure. - Differentiator: Focuses on agent behavioral drift detection mapped to MITRE ATLAS and OWASP, with high-fidelity action replay. ### Invariant Labs - Website: invariantlabs.ai - Founded: 2024 - Country: Switzerland - Funding: Undisclosed - Categories: Runtime & Guardrails, MCP & LLM Gateways, AI Red Teaming, Agentic Code Security - Founders: Marc Fischer, Luca Beurer-Kellner, Martin Vechev, Florian Tramèr - Capabilities: Security and reliability platform for AI agents and MCP servers; Guardrails contextual security layer enforcing deterministic rules on data flow, tool calls, and content; Explorer runtime observability dashboard inspecting LLM and agentic behavior; MCP server vulnerability scanning; pioneered terms 'tool poisoning' and named several agentic attack vectors. - Sensors/Integration: SDK integration with agentic frameworks; runtime traffic tracing across AI agent invocations; static and dynamic analysis of MCP server implementations; observability dashboard collecting tool usage, decisions, and context. - Protections: Real-time policy enforcement on agent data flow and tool execution; MCP server-level vulnerability detection; tool poisoning prevention; deterministic security rules limiting blast radius of compromised agents; runtime hardening for agentic applications. - Differentiator: ETH Zurich spinoff acquired by Snyk in June 2025 (the same ETH group that produced DeepCode, also acquired by Snyk); pioneer in agentic attack-vector research including tool poisoning and MCP vulnerabilities; team integrated into Snyk Labs. ### Irregular - Website: irregular.com - Founded: 2023 - Country: Israel - Funding: $80M - Categories: AI Red Teaming, Model Security - Founders: Dan Lahav, Omer Nevo - Investors: Sequoia Capital, Redpoint Ventures, Swish Ventures, Assaf Rappaport, Ofir Ehrlich - Capabilities: Frontier-model security lab; adversarial testing of foundation models for cyber-misuse potential and resilience under attack; works with leading AI labs (OpenAI, Anthropic) and governments. - Sensors/Integration: Offensive testing harness operating against foundation models and AI infrastructure; no customer-side runtime sensor. - Protections: None — produces evaluations and hardening findings, not inline enforcement. - Differentiator: First dedicated frontier-AI security lab; formerly Pattern Labs; $450M valuation; contracts with OpenAI, Anthropic and government clients. ### Island - Website: island.io - Founded: 2020 - Country: USA - Funding: $487M - Categories: Agentic Browser Security, Runtime & Guardrails, Observability & Governance, Agentic Endpoint Security - Founders: Mike Fey, Dan Amiga - Investors: Sequoia Capital, Insight Partners, Coatue, Cyberstarts, Stripes - Capabilities: Enterprise Platform unifying browser, desktop apps, and networks for safe enterprise AI adoption; Island Enterprise Browser with built-in DLP, identity, and policy enforcement; AI Protect enables safe use of any AI application (consumer or enterprise) without risking corporate data; unified AI visibility and governance enforcing guardrails across web AI tools, desktop apps, extensions, and connectors; AI agentic controls for autonomous agents in the workplace; AI publishing capabilities so app creators inherit identity, data protection, monitoring, and policy controls; full audit trail of AI prompts, intent, and outputs. - Sensors/Integration: Island Enterprise Browser (purpose-built Chromium-based browser), companion browser extension for consumer browsers (Chrome, Edge, Firefox, Safari), and desktop application sensors; single control plane governs work at the presentation layer across browsers and desktops; SASE network layer complements with traffic-level controls. - Protections: Real-time DLP at the browser and desktop layer blocking AI prompt injection of sensitive data; identity-bound policy enforcement on every AI interaction; centralized policy enforcement across all AI tools including ChatGPT, Copilot, Claude, and embedded enterprise AI; agentic workflow controls preventing rogue agent actions; auditability for compliance; works without backhaul, streaming pixels, or VDI choke points. - Differentiator: Pioneer of the Enterprise Browser category (founded 2020); Has expanded from browser-only to a full Enterprise Platform spanning browser + consumer browsers + desktop apps + networks; Pioneered the presentation-layer approach to AI security — controls AI prompts and outputs where they happen (in browser/desktop) rather than at the network edge where encrypted traffic is opaque to AI content. ### Islo - Website: islo.dev - Founded: 2026 - Country: Israel - Categories: Sandboxing & Secure Envs, Agentic Identity, Observability & Governance - Founders: Uri Mishol, Uri Shaham - Capabilities: Secure, long-running sandbox for AI coding agents: each agent gets its own dedicated, persistent cloud environment (a real Linux microVM, not docker-in-docker) that runs real services, survives reconnects, and resumes with the same filesystem, history, and context. Granular policy controls govern each agent access to codebases, infrastructure, and external systems such as GitHub and Jira; a built-in vault keeps secrets out of the model by injecting credentials only at egress with per-request audit, so live keys never reach the agent or sandbox memory. Adds agent identity management, guardrails, human approval checkpoints, observability, cost control, and reproducible environments; partners with the Harbor Framework for reproducible agent benchmarks and reinforcement-learning evaluations with reward-hacking defense. Spin up from Python, TypeScript, Go, or the CLI. - Sensors/Integration: Cloud-hosted isolated execution environments (real Linux microVMs) provisioned per agent; deployable standalone or via the Incredibuild SDLC platform; SDKs for Python, TypeScript, and Go plus a CLI; an egress-layer secrets vault that rewrites and injects credentials at the network boundary; integrates with Incredibuild acceleration for compute-heavy build and test workflows. - Protections: Per-agent isolation that decouples AI execution from developer machines and contains blast radius; granular policy enforcement over what each agent can access (codebases, infrastructure, GitHub, Jira); secret isolation via egress-time credential injection so keys never touch agent or sandbox memory, with a continuous per-request audit chain; human approval checkpoints for autonomous runs; guardrails, observability, and cost controls managed centrally. - Differentiator: Built by Incredibuild, the Israeli SDLC-acceleration company serving 600+ customers including Microsoft, Take-Two, and Barclays, and launched in 2026 — bringing enterprise execution-control and build-acceleration heritage to agent sandboxing. Thesis that every AI agent needs its own computer: agents that otherwise run on a developer laptop die when the lid closes and inherit the developer full permissions. Distinguished from pure execution-infra sandboxes such as Daytona by its egress-time secrets-vault model and tight coupling to Incredibuild acceleration and SDLC governance; a Harbor Framework partnership targets RL and benchmark workloads with reward-hacking defense. ### JetStream Security - Website: jetstream.security - Founded: 2024 - Country: USA - Funding: $34M - Categories: Agentic Identity, Observability & Governance, Runtime & Guardrails - Founders: Raj Rajamani, Jared Phipps, Jatheen Anand, Venu Vissamsetty - Investors: Redpoint Ventures, CrowdStrike Falcon Fund - Capabilities: AI visibility (agents/models/tools/workflows), agentic identity binding (ABAC via brokered keys), runtime governance (live behavior vs. blueprints), AI FinOps (cost by model/agent/workflow/owner). - Sensors/Integration: Identity-scoped virtual keys / brokered credentials (control plane). - Protections: ABAC controls, brokered least-privilege keys, drift detection, immutable audit, identity-aware AI kill switches, runaway-cost prevention. - Differentiator: Only vendor explicitly tying cost attribution & runaway-cost prevention to AI security/governance. ### Jozu - Website: jozu.com - Founded: 2024 - Country: Canada - Funding: $4M - Categories: Sandboxing & Secure Envs, Model Security - Founders: Brad Micklea, Gorkem Ercan, Jesse Williams - Investors: HalfCourt Capital, Mozilla Ventures, Brightspark Ventures, AlleyCorp, Sentiero Ventures, Union Bay Partners - Capabilities: Jozu Agent Guard — zero-trust AI runtime that executes agents, models, and MCP servers inside secured environments with policy enforcement and guardrails that agents cannot disable; vetting, signing, and governing AI artifacts from development through production; local policy engine with visibility into running actions + inputs/outputs + prompts/responses; works across servers, laptops, and edge devices. - Sensors/Integration: Local runtime engine running on the host (separate process boundary from the agent it governs); built on top of KitOps (Jozu's CNCF project with 240,000+ downloads). - Protections: Only approved artifacts execute, only permitted actions occur, agents cannot terminate or bypass the enforcement layer, full audit logs immune to agent tampering, policy enforcement applied locally without cloud round-trip. - Differentiator: Defining "agent self-disable" attack origin story — Jozu observed an AI agent killing its policy enforcement process, disabling auto-restart, resuming unrestricted, and erasing audit logs in four commands; Agent Guard architecturally moves enforcement out of the agent's reach. ### Kanopy Security - Website: kanopysecurity.com - Founded: 2025 - Country: Israel - Funding: $8M - Categories: Agentic SSPM, Observability & Governance - Founders: Yair Finzi, Amichai Shulman - Investors: Acrew Capital, Meron Capital, Flint Capital - Capabilities: Discovery/inventory of business-built apps + agents across LCNC, vulnerability detection, governance, DLP, automation security. - Sensors/Integration: SaaS API connectors to each LCNC platform. - Protections: One-click remediation; detects data leakage, excess permissions, injection, shadow assets, malicious integrations. - Differentiator: Unique focus on Power Platform, Copilot Studio, UiPath, Agentforce, Retool — citizen-dev LCNC space. ### Keyboard - Website: keyboard.dev - Founded: 2026 - Country: USA - Categories: MCP & LLM Gateways, Observability & Governance, Agentic Identity, Sandboxing & Secure Envs - Founders: Andrew Van Beek, Stephen Roland - Capabilities: Secure control plane for AI sitting between AI clients (Copilot, Cursor, Claude, Claude Code, Gemini, ChatGPT, Open WebUI) and company applications; organization-wide visibility and policy enforcement for AI-driven automations on internal data; role-based access controls letting IT define exactly who can do what with AI; data access controls scoping each AI workflow to specific data only; sandboxed task execution isolating every action from production systems; complete audit trail of every prompt and action for security review, threat detection, and compliance; out-of-the-box connections to thousands of SaaS apps; optional company-branded chatbot deployable on customer infrastructure; zero-trust by design. - Sensors/Integration: Cloud-delivered control plane with self-hosting option for full on-prem deployment; sits in-line between AI clients and target applications; integrates with any AI client (Copilot, Cursor, Claude, Claude Code, Gemini, ChatGPT, Open WebUI) and thousands of SaaS apps via pre-built connectors plus custom-tool flexibility. - Protections: Per-task sandboxed execution containing blast radius from misbehaving agents; role-based access enforcement on AI actions; data access scoping per workflow; complete auditability of every prompt and action; centralized policy across all AI tools and models; zero-trust architecture with no data retention or training. - Differentiator: Positions itself as "The Secure Control Plane for AI" — the layer between organizational data and the AI tools employees use; LinkedIn handle "keyboardmcp" signals MCP-first architecture; Combines four typically-separate concerns (governance, identity, sandboxing, gateway) into one product; Self-host option appeals to regulated industries that can’t allow AI traffic to leave their infrastructure. ### Keycard - Website: keycard.ai - Founded: 2024 - Country: USA - Funding: $38M - Categories: Agentic Identity - Founders: Ian Livingstone, Matthew Creager, Jared Hanson - Investors: Andreessen Horowitz, Boldstart Ventures, Acrew Capital - Capabilities: Composite identity (user + device + agent + task), policy-gated credential issuance, observe-only policy mode, instant rollback, audit streaming, keycard run CLI for coding agents, MCP+OAuth 2.1 client-ID standards leadership. - Sensors/Integration: Enforcement at the gate (credential issuance, not data path) — STS-pattern token exchange; keycard run on dev machines. - Protections: Task-scoped, short-lived, revocable tokens; no .env on disk (in-memory secret injection); MCP tool allow/block/escalate; destructive-action approval workflows. - Differentiator: Most identity-purist vendor on the list; "the Auth0 moment for agent access". ### Kipling Secure - Website: kiplingsecure.ai - Founded: 2024 - Country: USA - Funding: $5.5M - Categories: Observability & Governance, Runtime & Guardrails - Founders: Saurabh Sandhir - Investors: Emergent Ventures, Unusual Ventures, Z5 Capital - Capabilities: Detects unauthorized/unmanaged AI activity and gives MSPs visibility, classification, and control over AI interactions across client endpoints. - Sensors/Integration: Endpoint-based detection of AI tool usage and AI-related activity across managed environments. - Protections: Governs AI access, prevents data leaks, and mitigates AI risks without blocking AI adoption. - Differentiator: Purpose-built for the MSP/MSSP model with per-endpoint pricing consolidating multiple AI-security functions. ### Knostic - Website: knostic.ai - Founded: 2023 - Country: USA - Funding: $14.3M - Categories: Runtime & Guardrails, Agentic Data Governance, Observability & Governance - Founders: Gadi Evron, Sounil Yu - Investors: Bright Pixel Capital, SVCI, DNX Ventures, Seedcamp, Shield Capital, Pitango - Capabilities: "Need-to-know" access control at the knowledge layer for enterprise LLMs (Copilot/Glean/Gemini); oversharing/undersharing/inference-risk detection; continuous query simulation to catch leaks; contextual answer curation/sanitization; file-level sensitive-data labeling and remediation; agentic supply-chain discovery (MCP servers, IDE extensions, skills, rules); destructive-command blocking. - Sensors/Integration: Lightweight API integrations with Microsoft 365 Copilot, Glean, and other LLM platforms (no proxy required); coverage extending to AI agents and coding assistants on endpoints and IDEs (AgentMesh feed). - Protections: Response reshaping per user's clearance, oversharing prevention, data exfiltration block, destructive-command block, automated remediation of mislabeled files. - Differentiator: Only "need-to-know" enforcement at the LLM-inference layer on this list; Only startup to win both RSA 2024 Launch Pad and Black Hat 2024 Startup Spotlight; RSAC 2025 Innovation Sandbox Top-10 finalist. ### Koi - Website: koi.ai - Founded: 2024 - Country: Israel - Funding: $48M - Categories: Agentic Endpoint Security, Observability & Governance, Agentic Code Security - Founders: Amit Assaraf, Idan Dardikman, Itay Kruk - Investors: Charles River Ventures, Pitango, Cyberstarts - Capabilities: Agentic Endpoint Security platform; Supply Chain Gateway acts as a central checkpoint for all incoming software (extensions, packages, AI models, AI agents) entering the org; Wings AI-driven risk engine using ML, classification, sandboxing, and threat intelligence to evaluate component risk in real time; replaces download buttons with approval-request workflow; delays software updates for security checks; threat detection engine for downloaded files with isolation and rollback; protects more than 10,000 security professionals via ExtensionTotal community resource. - Sensors/Integration: Endpoint agent installed on developer and employee workstations; browser-extension governance; integrates with software registries (npm, VS Code marketplace, etc.) at install time. - Protections: Pre-install evaluation of software components blocking risky downloads before execution; sandboxing and behavioral analysis of installed software including AI agents; update-delay window for security validation; threat removal, isolation, and rollback; protects against the AI-native shadow supply chain (browser extensions, MCP servers, plug-ins). - Differentiator: Defined the Agentic Endpoint Security category at the point of acquisition; Inception came from a real-world experiment creating a fake malicious extension that spread widely in dev environments; Integrated into Prisma AIRS and Cortex XDR post-acquisition. ### KonaSense - Website: konasense.com - Founded: 2025 - Country: USA - Categories: Observability & Governance, Agentic Browser Security, Runtime & Guardrails - Founders: Cristiano Lincoln Mattos, Felipe Zimmerle, Gustavo Monteiro, Rafael Silva - Capabilities: AI security and governance platform unifying visibility, control, and protection across every AI interaction including browsers, coding tools, and desktop applications; policy enforcement on human-to-AI interactions; audit trails for compliance; PII and confidential data protection. - Sensors/Integration: Browser and desktop-level instrumentation; coverage of coding tools alongside chat-based AI; centralized policy plane. - Protections: Policy enforcement at every AI interaction surface; centralized audit logs supporting compliance; sensitive data leakage prevention; coverage across browser, desktop, and dev environments. - Differentiator: Multi-surface coverage (browser + coding + desktop) at the human-to-AI interaction layer; early-stage company filling a niche between pure browser-extension AI security and full-stack governance platforms. ### Lakera - Website: lakera.ai - Founded: 2021 - Country: Switzerland - Funding: $25M - Categories: Runtime & Guardrails, AI Red Teaming, MCP & LLM Gateways, Model Security - Founders: David Haber, Mateo Rojas-Carulla, Václav Volhejn - Investors: Atomico, Citi Ventures, Dropbox Ventures, redalpine - Capabilities: AI-native security platform for agentic AI applications; flagship products Lakera Red (continuous AI red teaming) and Lakera Guard (real-time runtime enforcement); detection rates above 98% with sub-50ms latency and false positives below 0.5%; protection across prompts, RAG pipelines, MCP, and multi-agent workflows; powered by Gandalf adversarial red-teaming community with 80M+ adversarial patterns; supports 100+ languages. - Sensors/Integration: API-based and cloud-delivered with on-prem options; integrates into LLM application stacks at runtime; Gandalf community-sourced adversarial data continuously feeding the detection models. - Protections: Real-time block of prompt injection, data leakage, and model manipulation; continuous red teaming surfacing new vulnerability classes pre-deployment; runtime guardrails for LLM outputs; pre-deployment posture assessment for agents and multimodal workflows. - Differentiator: HQ in Zurich became Check Point's Global Center of Excellence for AI Security post-acquisition; Team includes 11 PhDs in AI security research; Gandalf red-teaming community is a uniquely defensible moat — over 1M players have stress-tested LLMs through the platform; Serves Fortune 500 enterprises. ### LangGuard - Website: langguard.ai - Founded: 2025 - Country: USA - Categories: Observability & Governance, Runtime & Guardrails, AI-SPM - Founders: Ravi Srinivasan, Venkat Raghavan, Jason Keirstead - Capabilities: AI control plane for governance, monitoring, and orchestration of AI agents; observability across agent runtime; policy enforcement on agent behavior; integration with major LLM providers and agentic frameworks; centralized control plane for distributed agent fleets. - Sensors/Integration: API-based integration with agentic frameworks; runtime observability pipeline; centralized policy plane; integration with major LLM providers. - Protections: Centralized governance of distributed AI agents; runtime observability surfacing anomalous behavior; policy enforcement on agent actions; audit trail across the agent lifecycle. - Differentiator: AI control plane positioning targets the same buyer as Singulr AI, Pillar Security, and Acuvity; observability-tilted architecture for organizations operating large agent fleets. ### Lasso Security - Website: lasso.security - Founded: 2023 - Country: Israel - Funding: $6M - Categories: Runtime & Guardrails, MCP & LLM Gateways, Agentic Network Security - Founders: Elad Schulman, Ophir Dror - Investors: Entrée Capital - Capabilities: Agent discovery via platform/CI integration, AI security posture analysis, adversarial testing / purple teaming with 3,000+ attack library across OWASP Top 10, multi-turn agentic attacks, runtime guardrails, MITRE/OWASP attack context. - Sensors/Integration: Inline at the proxy, API, or AI Gateway layer; CI integration for homegrown apps; Cloudflare Gateway integration for network-level coverage; Lasso Federal variant for US government / DoD. - Protections: Autonomous masking and blocking, real-time monitoring/detection/response, policy enforcement on prompts and responses. - Differentiator: One of the few with explicit Cloudflare Gateway / network-level integration; Lasso Federal LLC with Swish Data partnership targeting Civilian, Defense, and National Security agencies. ### LatticaAI - Website: lattica.ai - Founded: 2024 - Country: Israel - Funding: $3.25M - Categories: Model Security, Agentic Data Governance - Founders: Rotem Tzabari - Investors: Cyber Fund, Lightshift Capital, Sentient, XT Venture Capital, Sandeep Nailwal - Capabilities: Privacy-preserving AI inference platform using Fully Homomorphic Encryption; encrypted model inputs and outputs across browser, mobile, and server contexts; integration with major LLM providers; FHE-optimized for AI/ML workloads; privacy-preserving alternative to plaintext model APIs. - Sensors/Integration: Client-side encryption SDK; FHE-based inference layer; integration with browser, mobile, and server runtimes; partnerships with infrastructure providers. - Protections: Cryptographic guarantee that model inputs remain private from the model provider; encrypted inference preserving model utility; protection of sensitive prompts and responses; supports regulated workloads requiring zero plaintext exposure to AI providers. - Differentiator: FHE-specialized AI inference platform; positioning alongside Mirror Security, Protopia, and Confident Security in the cryptographic-AI-privacy category; differentiated by browser-level deployment options. ### LayerX Security - Website: layerxsecurity.com - Founded: 2022 - Country: Israel - Funding: $45M - Categories: Agentic Browser Security, Runtime & Guardrails, Observability & Governance - Founders: Or Eshed, David Weisbrot - Investors: Glilot Capital Partners, Dell Technologies Capital, Jump Capital - Capabilities: Browser-based AI security and Secure Enterprise Browser (SEB) platform; real-time visibility into user interactions with web content, AI prompts, file uploads, and SaaS applications; AI usage control for ChatGPT, Copilot, Claude, and other GenAI tools; web/SaaS DLP enforcing what employees can paste into AI; shadow AI and shadow SaaS discovery; browser extension management; identity protection at the browser layer; safe browsing controls; complete coverage of human-to-AI and agent-driven browser activity. - Sensors/Integration: Lightweight browser extension that runs on top of any existing browser (Chrome, Edge, Firefox, Safari) without requiring users to adopt a dedicated enterprise browser; deploys via MDM or EMM; integrates into Akamai's Zero Trust portfolio post-acquisition. - Protections: Real-time DLP blocking sensitive data from being pasted into AI prompts; per-action policy enforcement on browser activity; in-flow coaching showing users why content is risky; shadow SaaS and unsanctioned-AI discovery; identity protection against phishing and session hijacking; controls extend wherever the browser goes (managed and unmanaged devices). - Differentiator: Named by Gartner as Representative Vendor in both Secure Enterprise Browsers and AI Usage Control categories across five 2025 Hype Cycle reports; only company recognized in both; agentless deployment (works on existing browsers) avoids the user-adoption friction of dedicated enterprise browser products like Island and Talon; Akamai's 4th Israeli cybersecurity acquisition (after Guardicore, Noname Security, NeoSec); now the AI-browser-control pillar of Akamai's Zero Trust portfolio. ### Liminal Security - Website: liminal.ai - Founded: 2023 - Country: USA - Funding: $5M - Categories: Observability & Governance, Agentic Data Governance - Founders: Steven Walchek - Investors: Fin Capital, High Alpha, Matchstick Ventures, Craft Ventures Scout Fund, OMVC - Capabilities: Model-agnostic hub for unified LLM access that detects/redacts sensitive data in prompts and rehydrates protected terms in outputs. - Sensors/Integration: Detection of PCI/PHI/PII and intellectual property within prompts and model responses. - Protections: Pre-submission redaction, granular data-use policy enforcement, access control, and observability over all GenAI interactions. - Differentiator: Model-agnostic gateway for regulated enterprises with reversible redaction/rehydration. ### Lorica - Website: lorica.ai - Founded: 2024 - Country: Canada - Funding: $3.2M - Categories: Model Security, Sandboxing & Secure Envs, Agentic Data Governance - Founders: Alhassan Khedr, Glenn Gulak - Investors: CP Overture, Plug and Play Tech Center, UTEST, Toronto Innovation Acceleration Partners - Capabilities: Confidential AI infrastructure layer enabling privacy-preserving model deployment for AIaaS providers and enterprises; hardware-backed security and attestation at every layer; one-click deployment of confidential model instances; performance parity with plaintext inference; built-in compliance for regulated industries. - Sensors/Integration: Hardware-verified confidential compute environments (TEE-based); model deployment platform with attestation; integration with major model providers. - Protections: Hardware-backed isolation guaranteeing privacy from Lorica itself and from the model provider; full attestation chain proving execution integrity; compliance-ready deployments for banking, insurance, payments, and healthcare. - Differentiator: Confidential computing positioning targets the same market as Protopia and Confident Security but with a TEE-based hardware-rooted approach; partnerships with model providers and infrastructure vendors give Lorica a vertical integration angle. ### Lumeus - Website: lumeus.ai - Founded: 2022 - Country: USA - Funding: $6M - Categories: MCP & LLM Gateways, Agentic Network Security, Observability & Governance, Agentic Identity - Founders: Satish Veerapuneni, Saurabh Jain - Investors: Tola Capital, Emergent Ventures, First Rays Venture Partners - Capabilities: Zero Trust gateway for GenAI/LLM and Cloud Access with MCP protocol support; AI-native security for modern development teams protecting AI coding workflows, MCP protocols, and infrastructure access; ephemeral credentials and intelligent policy enforcement; visualizes GenAI/LLM-to-Cloud traffic for anomalies; authorizes access by Zero Trust principles; topic-level conversation controls; named in Gartner's AI TRiSM Market Guide (Feb 2025); IDE-integrated secure access to Kubernetes, MCP, SSH, and other resources. - Sensors/Integration: Agentless Zero Trust networking platform; IDE extension for VS Code providing secure access from developer environments; integrates with cloud and on-premises infrastructure without per-host agents; sits between developers/agents and infrastructure to mediate every access. - Protections: Zero-standing access (just-in-time credentials) preventing long-lived secrets in AI workflows; Zero Trust authorization on every MCP and cloud resource access; topic-based access control blocking sensitive conversations from reaching specific resources; AI-aware governance for developer and agent traffic. - Differentiator: San Jose-based 2021 founding pivot from generalist Zero Trust networking to AI-native dev-tools security as MCP adoption grew; LinkedIn page is marked "(Acquired)" indicating a recent stealth or undisclosed acquisition (acquirer not publicly announced); IDE-integrated secure access angle is distinctive among MCP gateways that focus on server-side enforcement only. ### Lumia Security - Website: lumia.security - Founded: 2024 - Country: Israel - Funding: $18M - Categories: Agentic Network Security, Observability & Governance, Runtime & Guardrails - Founders: Omri Iluz, Bobi Gilburd - Investors: Team8 Capital, New Era Capital - Capabilities: Shadow AI analysis, leakage/oversharing prevention, agent guardrails (for both humans and autonomous agents). - Sensors/Integration: Network-layer proxy — proprietary "Protocol Analysis Engine". - Protections: NL policy guardrails, content inspection, data-leakage detection, oversharing prevention, agent action controls. - Differentiator: One of the few network-proxy-first vendors; Covers human AI use and agentic AI on one plane. ### Lunar.dev - Website: lunar.dev - Founded: 2023 - Country: Israel - Funding: $6M - Categories: MCP & LLM Gateways, Observability & Governance, Agentic Identity - Founders: Eyal Solomon, Roy Gabbay - Capabilities: MCPX — a gateway for securing, governing, and auditing AI agent access to MCP servers; RBAC and SSO enforcement at the MCP layer; observability into MCP server usage; AI gateway capabilities for routing and securing agent ↔ tool interactions; policy enforcement across the MCP server fleet; audit logging for compliance and forensics. - Sensors/Integration: Gateway sitting in front of MCP servers; routes agent traffic through a single control plane; integrates with enterprise SSO and RBAC for agent identity context; observability layer captures every MCP transaction. - Protections: RBAC enforcement on agent access to specific MCP servers and tools; SSO-gated agent authentication; per-server policy enforcement; full audit trail of MCP transactions; rate limiting and abuse prevention; observability-driven anomaly detection. - Differentiator: Established API gateway company (Lunar.dev) extending into the MCP space — leverages production API gateway expertise (routing, RBAC, SSO, observability) and applies it to the agent-tool boundary; Broader gateway heritage means more mature operational features than pure-startup MCP-specific entrants; The MCPX product is one of several offerings from a company with a deeper engineering footprint. ### MagicMirror - Website: magicmirrorsecurity.com - Founded: 2024 - Country: USA - Funding: ~$2M - Categories: Observability & Governance, Agentic Browser Security, Agentic Endpoint Security - Founders: Daphna Wegner, Ishay Tubi - Investors: Family offices, Angel investors - Capabilities: Browser-level GenAI visibility (prompts, uploads, usage patterns); shadow-AI discovery across 100+ AI tools (ChatGPT, Gemini, Claude, Copilot); analytics, reporting, and role-based enablement. - Sensors/Integration: Browser plugin + on-device proprietary Small Language Models (SLMs) running fully locally; no prompt logging by default. - Protections: On-device PII/PCI/PHI anonymization before data leaves the device; event-based policy enforcement keyed to user identity and context; governs browser-based AI interactions and agentic actions on the employee device. - Differentiator: Fully local, zero-latency enforcement via on-device SLMs (data never leaves the browser); selected for the AWS & CrowdStrike Cybersecurity Startup Accelerator. ### Magier AI - Website: magier.ai - Founded: 2025 - Country: USA - Funding: $0.22M - Categories: Runtime & Guardrails, AI Red Teaming - Founders: Ranice Brown - Investors: Techstars - Capabilities: End-to-end LLM security platform protecting GenAI interactions and applications; LLM guardrails for prompt injection and data leakage; multimodal protection; integration with major LLM providers; covers customer LLM apps and employee GenAI usage; broader GenAI security positioning. - Sensors/Integration: API and SDK integration with LLM applications; runtime guardrail engine; cloud-delivered platform. - Protections: Inline blocking of prompt injection, jailbreaks, and data leakage; multimodal content safety enforcement; runtime policy enforcement on LLM apps; protection of customer-facing GenAI applications. - Differentiator: End-to-end LLM security positioning across both employee and application use cases; competes in the broad GenAI security category alongside Lakera, Lasso, Prompt Security, and CalypsoAI. ### Manifold Security - Website: manifold.security - Founded: 2024 - Country: USA - Funding: $8M - Categories: Observability & Governance, Runtime & Guardrails - Founders: Neal Swaelens, Oleksandr Yaremchuk, Michael McKenna - Investors: Costanoa Ventures - Capabilities: Agent + MCP server + tool + skill discovery, privilege-path / delegation-chain analysis, real-time attack-chain detection, Manifest (7,700+ MCP servers + 238,000+ skills indexed with Lineage + Safety scores). - Sensors/Integration: Agentless using OpenTelemetry-style observability protocols — no gateways or proxies. - Protections: Real-time detection + remediate / quarantine / terminate of compromised agents, runtime behavioral baselining, MCP supply-chain risk scoring. - Differentiator: Team created LLM Guard (most-adopted OSS LLM firewall); OpenTelemetry-based architecture; Manifest is largest cataloged AI agent supply-chain database. ### Matvis - Website: matvis.com - Founded: 2023 - Country: Germany - Categories: Runtime & Guardrails, AI Red Teaming - Founders: Wolfgang Glatz, Nico Lutz, Nico Widmann - Investors: Gründermotor - Capabilities: Provider-agnostic API-level security layer that masks/pseudonymizes personal data before it reaches AI models and validates compliance. - Sensors/Integration: Real-time detection of prompt injection, sensitive PII, data-leak attempts, and shadow AI usage. - Protections: Deterministic, auditable data filtering, system-prompt bypass prevention, and automated compliance testing with audit trails. - Differentiator: Deterministic, auditable API-layer protection independent of any AI provider or model infrastructure. ### Mindgard - Website: mindgard.ai - Founded: 2022 - Country: UK - Funding: $11M - Categories: AI Red Teaming, Observability & Governance, Runtime & Guardrails, AI-SPM - Founders: Peter Garraghan, Neeraj Suri, Steve Street - Investors: .406 Ventures, Atlantic Bridge, Willowtree Investments, IQ Capital, Lakestar - Capabilities: DAST-AI (Dynamic Application Security Testing for AI) — autonomous / one-click agentic red teaming of AI systems, agents, and infrastructure; AI discovery & assessment; recon & intelligence gathering on AI systems; artifact scanning; attack-chain generation; continuous AI risk mapping; defense validation; reduces testing times from months to minutes; shadow AI discovery. - Sensors/Integration: Cloud-hosted SaaS platform with API/SDK integration into AI systems; black-box and gray-box testing of chatbots, agents, models, and AI infrastructure; CI/CD-compatible. - Protections: Pre-deployment vulnerability detection (no runtime enforcement) — prompt injection, model inversion, data poisoning, evasion, jailbreaks, agentic manipulation, OWASP LLM Top 10 / OWASP Agentic Top 10. - Differentiator: Explicitly positioned as "DAST for AI" — analogous to traditional DAST/SAST tools but purpose-built for AI; Direct competitor to Gray Swan and General Analysis on the red-teaming axis. ### Mint Security - Website: mint.security - Founded: 2025 - Country: Finland - Categories: Runtime & Guardrails - Capabilities: Permitted Operational Envelope (PoE) for agents, AI touchpoint discovery, real-time oversight. - Sensors/Integration: Not publicly disclosed (research focus suggests endpoint/IDE). - Protections: Operational-envelope allow/deny per AI component (specifics undisclosed). - Differentiator: Exceptional original research (Chrome on-device LLM attack, Gemini CLI sandbox escape, Claude Code 512K-line harness analysis). ### MintMCP - Website: mintmcp.com - Founded: 2026 - Country: USA - Funding: $3.8M - Categories: MCP & LLM Gateways, Observability & Governance, Agentic Identity - Founders: Jiquan Ngiam, Vijay Vasudevan, Bo See - Capabilities: Enterprise MCP gateway + LLM proxy monitoring every tool call, bash command, and file operation from coding agents; role-based MCP endpoints; one-click hosting of STDIO-based MCP servers as managed enterprise services; enterprise connectors (Elasticsearch, Snowflake, Gmail, etc.) with built-in auth; real-time monitoring dashboards. - Sensors/Integration: MCP gateway / LLM proxy sitting between AI clients (Cursor, Claude Code) and MCP servers / backend APIs; per-request OAuth 2.0 token-exchange validation; TLS 1.3 minimum. - Protections: Per-request auth enforcement, agent rate limiting (prevents runaway scenarios), input validation to block prompt injection before backend, complete audit trail of every API call, role-based tool exposure (least-privilege per endpoint). - Differentiator: Cursor partnership validates them as the leading coding-agent MCP governance solution; SOC 2 Type II; Explicit thesis is "one endpoint per role" — finer-grained than most MCP gateways. ### Mirror Security - Website: mirrorsecurity.io - Founded: 2024 - Country: Ireland - Funding: $2.5M - Categories: Model Security, AI Red Teaming, AI-SPM, Agentic Data Governance - Founders: Pankaj Thapa, Aditya Narayana K - Investors: Sure Valley Ventures, Atlantic Bridge - Capabilities: Security of AI platform with three core technologies: AgentIQ (full-spectrum agentic security with guardrails and compliance), Discover (risk assessment and automated red teaming), and VectaX (Fully Homomorphic Encryption optimized for AI workloads, vector databases, and RAG); 23 team-held patents in cryptography and AI security; partnership with G42 Inception AI. - Sensors/Integration: SDK integration with AI agents and applications; FHE-based encrypted memory and inference; integration with vector databases and RAG workflows; multi-agent observability dashboard. - Protections: Encrypted inference and fine-tuning preventing data exposure during AI processing; cryptographic proof of data confidentiality during computation; automated red team probing surfacing vulnerabilities; agent guardrails for single-task through complex multi-agent swarms. - Differentiator: Dublin-based University College Dublin spinoff (2024); multi-million-dollar partnership with G42's Inception AI; FHE-optimized-for-AI approach with 23 patents differentiates Mirror from pure red-team or guardrail competitors. ### Modelmetry - Website: modelmetry.com - Founded: 2024 - Country: United Kingdom - Categories: Runtime & Guardrails, Observability & Governance - Founders: Lazhar Ichir - Capabilities: Real-time evaluation of LLM inputs/outputs with pre-built and custom evaluators plus tracing/observability for latency, cost, and tokens. - Sensors/Integration: Detectors for jailbreak/prompt injection, PII, secrets, profanity, sensitive topics, hallucination, and JSON-schema validity. - Protections: Customizable pass/fail guardrails with early-termination on policy violations across input and output. - Differentiator: Developer-first with open-source Python/TypeScript SDKs and a no-payload-access privacy stance. ### Modulos - Website: modulos.ai - Founded: 2018 - Country: Switzerland - Funding: $11M+ - Categories: Observability & Governance - Founders: Kevin Schawinski, Dennis Turp - Investors: b-to-v Partners, Investiere, Reeve Foundation - Capabilities: AI governance platform for managing AI system lifecycle and compliance; EU AI Act compliance automation; ISO 42001 alignment; risk assessment workflows; control library; documentation generation; integration with enterprise AI portfolios; partnerships with regulators and auditors. - Sensors/Integration: SaaS platform with workflow orchestration; integration with model registries and ML platforms; compliance framework mapping engine; audit trail collection. - Protections: Pre-deployment AI risk assessment; ongoing monitoring of AI portfolios for compliance drift; automated documentation generation for audits; EU AI Act applicability and conformity assessments; ISO 42001-aligned governance. - Differentiator: Zurich-based ETH spinoff (2018); one of the earliest European AI governance startups, with a strong regulatory focus aligned to the EU AI Act timeline. ### Nestria AI - Website: nestria.ai - Founded: 2025 - Country: Singapore - Funding: $125K - Categories: Observability & Governance, Runtime & Guardrails - Founders: Zakaria Najm, Prity Jha - Investors: Antler - Capabilities: Governance and security platform for agentic AI in regulated enterprise workflows; runtime security guardrails for LLM and agent applications; prompt injection blocking; AI compliance reporting mapped to regulatory frameworks; LLM-specific risk controls for enterprise deployments in finance, healthcare, and other regulated industries. - Sensors/Integration: Cloud-delivered platform integrating with enterprise AI applications; SDK or API-level integration for runtime guardrails; compliance evidence collection across the AI lifecycle. - Protections: Runtime guardrails block prompt injection and harmful outputs; compliance enforcement mapped to regulatory requirements; AI governance policy enforcement at inference time; risk dashboards for executive and audit reporting. - Differentiator: Explicit focus on regulated enterprise workflows where AI deployment is gated by compliance — rather than competing for general developer adoption, targets the specific buyer persona of CISOs and compliance officers in finance/healthcare/government who need evidence-pack outputs and audit-ready controls. ### NeuralTrust - Website: neuraltrust.ai - Founded: 2024 - Country: Spain - Funding: Undisclosed - Categories: MCP & LLM Gateways, Runtime & Guardrails, AI Red Teaming, Observability & Governance, Model Security - Founders: Joan Vendrell Farreny, Alejandro Domingo, Victor Garcia - Investors: Venture Friends, EIC Accelerator - Capabilities: Comprehensive AI security platform spanning gateway, runtime, and testing: TrustGate (AI gateway with authorization, rate limiting, content filtering across LLM providers); TrustLens (observability and runtime monitoring of LLM and agent applications); TrustTest (automated red teaming and adversarial testing); MCP Gateway product controlling AI agent access to tools and data with permissions; broad coverage of LLM security including prompt injection blocking, PII redaction, content policy enforcement. - Sensors/Integration: Cloud-delivered SaaS platform; gateway component sitting between applications and LLM/MCP providers; observability layer capturing agent and LLM telemetry; red teaming engine generating adversarial test cases; integrates with major LLM providers and frameworks. - Protections: Inline blocking of prompt injection, jailbreaks, and harmful content; PII redaction before content reaches models; authorization enforcement on MCP tool access; continuous red teaming surfacing weaknesses before production; observability-driven anomaly detection in production. - Differentiator: Barcelona-based AI security startup taking a horizontal platform approach (gateway + runtime + testing in one product) rather than specializing in a single layer; Spanish/EU heritage gives natural data-residency appeal to European buyers; Rapid product expansion with multiple distinct offerings (TrustGate, TrustLens, TrustTest, MCP Gateway) under a single platform — appeals to consolidation-minded enterprise buyers. ### Nexos.ai - Website: nexos.ai - Founded: 2024 - Country: Lithuania - Funding: $43M - Categories: MCP & LLM Gateways, Observability & Governance, Agentic Data Governance - Founders: Tomas Okmanas, Eimantas Sabaliauskas - Investors: Index Ventures, Evantic Capital, Creandum, DIG Ventures - Capabilities: Unified AI platform combining workspace interface and AI gateway; multi-LLM access with secure proxying; agent governance; DLP for prompt content; cost management and observability across providers; positioned as a neutral 'Switzerland for LLMs' intermediary between employees and AI systems. - Sensors/Integration: Cloud-hosted AI gateway intercepting prompt traffic; workspace front-end for end users; developer API for app builders; integrations with major LLM providers. - Protections: Inline DLP redacting sensitive data before reaching LLMs; provider abstraction reducing vendor lock-in; centralized policy enforcement across all employee AI usage; private model support for regulated industries. - Differentiator: One of the most prominent and well-capitalized European AI security startups to emerge from stealth; positioned as a unified LLM gateway and identity layer for European enterprises. ### Nightfall AI - Website: nightfall.ai - Founded: 2018 - Country: USA - Funding: $60M - Categories: Agentic Data Governance, Agentic Browser Security, Runtime & Guardrails - Founders: Isaac Madan, Rohan Sathe - Investors: WestBridge Capital, Venrock, Bain Capital Ventures - Capabilities: AI-native data loss prevention (DLP) detecting and protecting sensitive data (PII, PHI, PCI, secrets) across SaaS apps, email, endpoints, browsers, and GenAI tools via ML classifiers. Prevents exposure and exfiltration including leakage to shadow AI. - Sensors/Integration: API/OAuth integrations for SaaS apps (Microsoft 365, Google Workspace, Slack, Salesforce); macOS/Windows endpoint agents via MDM; browser extensions for shadow-AI prevention. - Protections: Blocks sensitive-data leakage to GenAI tools (ChatGPT, Copilot, Gemini), exfiltration to unauthorized destinations, insider threats, secret/credential exposure, inappropriate sharing. - Differentiator: AI-powered detection vs. legacy regex DLP, plus data lineage tracking and purpose-built AI/agent security covering shadow AI and MCP governance. ### Noma Security - Website: noma.security - Founded: 2023 - Country: Israel - Funding: $32M - Categories: AI-SPM, Observability & Governance, Agentic Identity, Model Security - Founders: Niv Braun, Alon Tron - Investors: Ballistic Ventures, Glilot Capital Partners, Databricks Ventures - Capabilities: End-to-end AI lifecycle coverage (discovery → posture → red teaming → runtime), Agentic Risk Map (blast-radius visualization), AI supply-chain security, MLOps tool security, AI threat detection & response, immediate containment. - Sensors/Integration: Agentless, no code changes, deploys across cloud / SaaS / self-hosted; 80+ pre-built integrations including Snowflake, Databricks, AWS, Azure, GCP, Microsoft Copilot Studio, Salesforce Agentforce, AWS Security Hub. - Protections: Real-time guardrails (prompt injection, sensitive data leakage, rogue outputs, unauthorized agent actions), containment to stop cascading damage. - Differentiator: Among best-funded on this list. ### Nroc Security - Website: nrocsecurity.com - Founded: 2023 - Country: Finland - Funding: $2M - Categories: Observability & Governance, Agentic Network Security - Founders: Markus Melin, Antti Reijonen - Investors: Great North Ventures, Icebreaker.vc, Leo Capital, Hannu Turunen - Capabilities: Agentless network proxy that governs access to GenAI tools, applies guardrails, and generates compliance evidence. - Sensors/Integration: Inline network traffic to GenAI services (ChatGPT, Microsoft Copilot) inspected without endpoint agents or browser plugins. - Protections: Blocks data leaks and enforces policy on employee GenAI interactions to prevent sensitive-data exposure. - Differentiator: Deploys as a network proxy with no endpoint agents or browser extensions for faster rollout. ### NuDay AI - Website: nuday.ai - Founded: 2025 - Country: USA - Categories: Agentic Identity, Observability & Governance, Runtime & Guardrails - Capabilities: Zero-trust security and governance platform for autonomous agentic AI systems; quantum-safe encryption for agent communications; key management for AI agent credentials and secrets; runtime guardrails for LLM and agent applications; prompt injection blocking; RAG security; AI governance controls; zero-trust architecture applied to non-human identities. - Sensors/Integration: Vault-style architecture mediating agent access to secrets and credentials; runtime guardrails integrated via SDK or proxy; encryption layer covering agent ↔ tool and agent ↔ data communications; key lifecycle management for agent identities. - Protections: Zero-trust enforcement on every agent action; quantum-safe encryption protecting agent communications against future cryptographic threats; key management preventing credential leakage to LLM context; prompt injection blocking; RAG-specific security controls preventing data poisoning and exfiltration. - Differentiator: Quantum-safe encryption angle is unusual for the AI security category — most vendors focus on prompt-level threats while nuday.ai takes a deeper cryptographic stance, addressing forward-secrecy concerns for long-lived agent credentials; Combines secrets management heritage with AI agent governance, positioning as a vault-style trust anchor for autonomous systems. ### NuDay AI - Website: ntur.ai - Founded: 2026 - Categories: Agentic Identity, Runtime & Guardrails - Capabilities: Zero-trust platform (Agent Vault) that cryptographically enforces AI agent tool execution, monitors behavioral drift, and brokers agent credentials. - Sensors/Integration: Agent outbound API/tool calls and runtime behavior monitored at a proxy/vault layer. - Protections: Prevents credential exposure and unauthorized or anomalous agent actions while enforcing compliance. - Differentiator: Proxy attaches credentials so agents complete work without ever seeing or storing the underlying secret. ### Oasis Security - Website: oasis.security - Founded: 2022 - Country: Israel - Funding: $195M - Categories: Agentic Identity, Observability & Governance, AI-SPM - Founders: Danny Brickman, Amit Zimerman - Investors: Sequoia Capital, Accel, Cyberstarts, Craft Ventures, Maple Capital, Wing Venture Capital - Capabilities: Non-human identity management platform automatically discovering and managing NHIs (service accounts, API keys, OAuth tokens, certificates) across hybrid and multi-cloud environments; lifecycle management from creation through rotation to revocation; holistic visibility into the full NHI estate; risk assessment per identity with prioritized remediation; secret management compliance automation; integration with major IaaS, SaaS, and identity providers; recent extension to cover AI agent identities as a sub-class of NHIs. - Sensors/Integration: Cloud-delivered platform integrating with IaaS providers (AWS, Azure, GCP), SaaS apps, identity providers (Okta, Entra), and secret managers (HashiCorp Vault, AWS Secrets Manager); agentless discovery via API integrations; data plane observability for credential usage patterns. - Protections: Automated NHI lifecycle management preventing orphaned credentials; least-privilege enforcement on service accounts and API keys; rotation automation reducing credential exposure window; revocation propagation across the identity graph; compliance reporting for NHI governance frameworks. - Differentiator: A leading pure-play in the non-human identity (NHI) security category, signaling NHI security is being treated as a top-tier emerging space; pure-NHI focus distinct from generalist IAM vendors that have added NHI SKUs; AI agent identity treated as a natural extension of NHI rather than a separate category. ### Oblivious - Website: oblivious.com - Founded: 2020 - Country: Ireland - Funding: $5.8M - Categories: Agentic Data Governance, Sandboxing & Secure Envs, Observability & Governance, Runtime & Guardrails - Founders: Robert Pisarczyk, Jack Fitzsimons - Investors: Cavalry Ventures, Act VC, Atlantic Bridge, Firestreak Ventures, Expeditions Fund, Hustle Fund - Capabilities: Privacy-preserving AI agent platform for running LLMs on sensitive data without exposing it to the model provider; confidential computing layer for AI workloads enabling regulated industries to use LLMs without sending raw data to OpenAI, Anthropic, or Google; differential privacy and secure-enclave techniques applied to AI agent inputs and outputs; agent sandboxing with data-flow controls. - Sensors/Integration: Confidential-computing infrastructure (TEEs, secure enclaves) hosting LLM workloads; deploys in customer's cloud or sovereign cloud regions; integrates with existing AI frameworks while protecting data via cryptographic boundaries. - Protections: Cryptographic isolation of sensitive data from model providers; differential privacy mechanisms preventing data leakage through model responses; sandboxed execution preventing exfiltration of sensitive content via tool calls; sovereign-cloud deployment options for data residency compliance. - Differentiator: Dublin/Ireland-based confidential-computing pioneer applying TEE and secure-enclave techniques to AI agents — a fundamentally different defensive layer than prompt-level guardrails; Targets regulated industries (finance, healthcare, government) where data sovereignty makes hosted-API LLM usage impossible; Appeals to European and UK buyers concerned with US-cloud data residency for AI workloads. ### Obot AI - Website: obot.ai - Founded: 2024 - Country: USA - Funding: $35M - Categories: MCP & LLM Gateways, Agentic Identity, Observability & Governance - Founders: Sheng Liang, Shannon Williams, Darren Shepherd, Will Chan, Tim Nicklas - Investors: Mayfield Fund, Nexus Venture Partners - Capabilities: Complete open-source MCP platform spanning hosting + registry + gateway + chat client; Obot MCP Gateway as centralized control plane; administrative control plane for IT to onboard, manage, and update MCP servers via modern UI or GitOps flow; MCP hosting + proxying; request filtering; user management with groups + access permissions; centralized authentication integrating with enterprise IdPs (Active Directory, Okta); model provider management; Skills management; instant connection URLs for users to connect MCP servers directly to Claude Desktop, Cursor, VSCode, enterprise chat clients; curated connectors for Office365, Jira, GitHub, Gmail, Redis, ElasticSearch, PostgreSQL, MongoDB; Nanobot MCP Agent Framework as companion OSS project. - Sensors/Integration: Open-source gateway deployed on Kubernetes (self-hosted on customer infrastructure) or as Obot's hosted SaaS; OAuth 2.1 + encryption at rest and in transit; comprehensive audit logging. - Protections: Programmatic request filtering on MCP traffic, role-based access control, audit logging on all MCP interactions, GitOps-managed configuration as code, IT-verified trust levels on MCP server registry, OAuth 2.1 enforcement. - Differentiator: Strongest open-source-infrastructure-at-scale pedigree in the agentic security space; Explicit Obot vs. Runlayer-style proprietary-gateway positioning maps to the Rancher-vs-OpenShift dynamic from a decade ago; Nanobot framework positions Obot as both governance plane and agent-build platform simultaneously. ### Obsidian Security - Website: obsidiansecurity.com - Founded: 2017 - Country: USA - Funding: $120M - Categories: Agentic SSPM, Agentic Identity, Observability & Governance, Agentic Browser Security - Founders: Glenn Chisholm, Ben Johnson, Matt Wolff - Investors: Menlo Ventures, Norwest Venture Partners, IVP, Greylock, Wing Venture Capital, GV - Capabilities: SSPM, shadow AI discovery, AI agent visibility/governance/runtime, MCP security, ITDR, OAuth abuse detection. - Sensors/Integration: SaaS app API connectors (knowledge graph data model). - Protections: Posture remediation, account takeover detection, OAuth token abuse blocking, agent governance, EU AI Act reporting. - Differentiator: Mature SSPM extending into AI; Deepest SaaS coverage on this list. ### Oligo Security - Website: oligo.security - Founded: 2022 - Country: Israel - Funding: $86M - Categories: Runtime & Guardrails, Agentic Code Security - Founders: Nadav Czerninski, Gal Elbaz, Avshalom Hilu - Investors: Greenfield Partners, Red Dot Capital Partners, AWS Startups - Capabilities: eBPF-based runtime application security platform with extension to AI/agentic applications; library-level vulnerability detection and prioritization based on actual code execution; runtime AI workload monitoring for misconfiguration, data exfiltration, and anomalous behavior; CNAPP-adjacent runtime coverage for AI apps. - Sensors/Integration: eBPF kernel sensors providing runtime telemetry from production workloads; deployable across cloud, on-prem, and hybrid environments; agentless mode for cloud-native infrastructure. - Protections: Runtime detection of malicious AI-targeted attacks; library blocking when exploited at runtime; prioritization of vulnerabilities by execution evidence (cuts false-positive backlog dramatically); recently extended platform to cover AI agentic workloads. - Differentiator: eBPF approach distinguishes it from network-based AI security tools by anchoring detection inside the workload itself; one of the better-resourced runtime-security startups extending into AI. ### Onyx Security - Website: onyx.security - Founded: 2022 - Country: USA - Funding: $40M - Categories: Runtime & Guardrails, Observability & Governance, Agentic Identity - Founders: Maxim Bar Kogan, Gil Elbaz - Investors: Conviction Partners, Cyberstarts - Capabilities: Shadow AI discovery, posture, NL policy authoring, EU AI Act remediation, AI orchestration / smart routing, AI ROI measurement, Guardian Agent. - Sensors/Integration: SaaS, cloud, endpoint, code coverage via API connectors + endpoint. - Protections: Inline blocking, human-approval gating, behavior steering, PII sharing prevention, tool-access limits, app blocking. - Differentiator: Combines security + governance + orchestration + ROI in one plane. ### Opaque - Website: opaque.co - Founded: 2021 - Country: USA - Funding: $31.6M - Categories: Model Security, Sandboxing & Secure Envs, Agentic Data Governance - Founders: Raluca Ada Popa, Ion Stoica, Rishabh Poddar, Wenting Zheng, Chester Leung - Investors: Walden Catalyst Partners, Storm Ventures, Thomvest Ventures, Intel Capital, Race Capital, The House Fund, FactoryHQ, Clear Ventures, Accenture Ventures - Capabilities: Confidential AI platform enabling enterprises to run cloud-scale general-purpose AI workloads on encrypted data with hardware-attested execution; Confidential Agents for RAG and agentic workflows; Opaque Studio for accelerated development on LangGraph; cryptographic verification of privacy and sovereignty; full data confidentiality, auditability, and compliance. - Sensors/Integration: TEE-based confidential computing environments; integration with cloud and on-prem AI infrastructure; commercialization of MC2 open-source platform from UC Berkeley RISELab; LangGraph framework support. - Protections: Hardware-attested execution guaranteeing privacy at every stage; encrypted data processing with cryptographic proof; provable policy compliance for regulated industries; runtime-verifiable trust enabling production agentic deployments; partnership and embedding by Accenture. - Differentiator: UC Berkeley RISELab spinoff (the same lab that produced Databricks and Apache Spark); one of the most academically credentialed teams in confidential AI. ### Openlayer - Website: openlayer.com - Founded: 2021 - Country: USA - Funding: $19.3M - Categories: Observability & Governance, AI-SPM, AI Red Teaming, Runtime & Guardrails - Founders: Gabriel Bayomi, Rishab Ramanathan, Vikas Nair - Investors: Race Capital, Y Combinator, Quiet Capital, NXTP, KPN Ventures, Mindset, Telefonica - Capabilities: AI governance and observability platform for agentic systems; tests + validates every agentic system before production; assesses reliability + security + behavior across dynamic workflows; catches risks like hallucinations + bias + prompt injection before they spread; 100+ behavioral tests; automates model inventory + risk classification + compliance workflows; real-time observability for LLM calls + retrieval pipelines + multi-step AI agents; security guardrails for prompt injection + PII leakage prevention; automated compliance aligned to EU AI Act + NIST + ISO/IEC 42001 + OWASP; native integrations with OpenAI, Anthropic, CoPilot, OTel, Snowflake, Microsoft Copilot Studio, Salesforce Agentforce. - Sensors/Integration: Native integrations with Copilot Studio + Agentforce + major LLM APIs; CI/CD-stage validation + production monitoring. - Protections: Pre-deployment behavioral testing, hallucination + bias + toxicity detection, prompt injection prevention, PII leakage detection, EU AI Act / NIST / ISO 42001 compliance evidence. - Differentiator: Strongest compliance-mapping coverage in the space (EU AI Act + NIST + ISO 42001 + OWASP + TRAIGA) — positions for the compliance-buyer not security-buyer; Copilot Studio + Agentforce auto-discovery distinctive for Microsoft + Salesforce shops. ### OpenShield - Website: openshield.ai - Founded: 2025 - Country: Hungary - Categories: MCP & LLM Gateways, Runtime & Guardrails - Founders: David Papp - Capabilities: Transparent proxy firewall providing rate limiting, content/keyword filtering, tokenizer/cost tracking, and model pipelining for AI models. - Sensors/Integration: Input/output prompt-response flows between clients and OpenAI-compatible models inspected via Python and LLM-based rules. - Protections: Blocks prompt injection, sensitive-data leakage, and malicious usage while enforcing per-user/model/key rate limits. - Differentiator: Open-source self-hosted gateway sitting transparently in front of models with no infra changes (now under Gen0Sec brand). ### Operant AI - Website: operant.ai - Founded: 2022 - Country: USA - Funding: $13.5M - Categories: AI-SPM, MCP & LLM Gateways, Runtime & Guardrails - Founders: Vrajesh Bhavsar, Priyanka Tembey, Ashley Roof - Investors: SineWave Ventures, Felicis, Alumni Ventures, Massive, Calm Ventures, Gaingels - Capabilities: 3D Runtime Defense (Discover/Detect/Defend), Endpoint Protector, Agent Protector, AI Gatekeeper, MCP Gateway, API protection, Woodpecker OSS red teaming. - Sensors/Integration: K8s-native (eBPF/sidecar) + macOS endpoint agent; inline data path for auto-redaction. - Protections: Inline auto-redaction of sensitive data in prompts/responses, prompt injection block, exfiltration block, 0-click defense (Shadow Escape), rogue agent block, NHI for MCP, OWASP API attacks. - Differentiator: Most K8s-native vendor; Only vendor named in 5 distinct Gartner AI security reports in 2025; Woodpecker OSS. ### Opsin Security - Website: opsinsecurity.com - Founded: 2024 - Country: USA - Funding: $7M - Categories: Agentic SSPM, Agentic Data Governance, Observability & Governance - Founders: James Pham, Jeremy Mailen - Investors: Race Capital, CapitalX, Lockstep Ventures, Plug and Play Tech Center - Capabilities: Opsin Agent Defense — addresses the urgent security gap posed by AI agents created by non-technical employees (Custom GPTs, Microsoft 365 Copilot applications, Copilot Studio); comprehensive visibility into AI agent activities and configurations; monitors who creates AI agents and what data they can access; inventories AI agents; proactive risk assessments on where sensitive data is exposed or overshared across SharePoint / OneDrive / Google Workspace / cloud file shares; validates configurations + permissions + data access before rollout or approval; step-by-step remediation instructions. - Sensors/Integration: API integrations to SharePoint, OneDrive, Google Workspace, cloud file shares, M365 Copilot ecosystem. - Protections: Agent inventory enforcement, configuration validation, oversharing remediation at the source, decentralized owner-driven remediation workflows, AI activity monitoring for policy alignment. - Differentiator: Explicit focus on employee-built AI agents (Custom GPTs + Copilot Studio apps deployed without security approval) — overlaps with Zenity and Kanopy in the LCNC + citizen-dev security category but with stronger emphasis on data oversharing risk in M365 + Google Workspace contexts. ### Opti - Website: opti.ai - Founded: 2025 - Country: USA - Funding: $20M - Categories: Agentic Identity, Observability & Governance - Founders: Barak Perelman, Ido Trivizki, Mille Gandelsman - Investors: YL Ventures, Mayfield Fund, Hetz Ventures, Squared Circle Ventures, LocalGlobe, Maple Capital, Shlomo Kramer - Capabilities: AI-native IAM platform covering human, non-human, and agentic identities; AI-powered identity fabric ingesting, normalizing, and analyzing all identities across applications; specialized entitlement models discovering risky access and excessive privileges; identity workflow engine for automated policies and remediation plans; AI-driven JML (joiner/mover/leaver) lifecycle workflows; dedicated AI Agent Security module; access reviews, NHI governance, IGA, least-privilege enforcement; 250+ integrations across IdP, IGA, and business apps. - Sensors/Integration: Agentless, API-first integrations with IdP, IGA, and 250+ business applications; AWS Security Hub Extended listing; deploys in hours; supports homegrown applications via AI-engine. - Protections: Continuous access behavior and risk analysis per identity per application; risky-access and excessive-privilege detection with automated remediation; AI-driven entitlement recommendations replacing rubber-stamp approvals; least-privilege enforcement; access review automation with mapped roles, policies, and usage. - Differentiator: Explicit AI-native IAM positioning treating human, non-human, and agentic identities as one unified problem; Specialized entitlement models trained for IAM (not generic LLM wrappers); Identity fabric architecture as the data substrate for governance; AWS Security Hub Extended partner; Positions IAM as a remediation problem, not just a discovery problem. ### Origin - Website: originhq.com - Founded: 2025 - Country: USA - Categories: Agentic Endpoint Security, Observability & Governance - Capabilities: Endpoint-native observability and security for AI agents. A single system-level endpoint sensor discovers and observes every AI agent and MCP server on a machine — Claude, OpenAI, Gemini, coding assistants, browser copilots, local tools — with no per-agent integration. It captures the full semantic trace of each session: the prompt that started it, the reasoning chain, and every file read, process spawned, command run, and network call made, attributed end-to-end to the user, the agent, and the process. Behavior is auto-clustered into baseline topologies so anomalies stand out by contrast rather than by signature (for example, credential access plus an undeclared network call deviating from an Auth Refactoring baseline). It also tracks AI spend by clustering conversations across the org by topic, team, and initiative. - Sensors/Integration: One system-level endpoint sensor per machine, deployed in minutes with no network reconfiguration or per-agent integration; intercepts AI traffic at the TLS layer with process attribution, then extracts prompts, responses, and tool calls and correlates intent to files, commands, services, and outcomes; free self-serve install for individual laptops. - Protections: Continuous discovery of shadow AI agents and MCP servers the moment they appear; endpoint enforcement of AI usage policies; behavioral baselining that flags anomalous agent sessions (credential access, undeclared network calls, deviation from normal task clusters) before they become incidents; full process trees, session context, and an audit-ready trail for investigation and governance. - Differentiator: Positions itself as the next generation of endpoint security for a part-human, part-machine workforce — a capability it argues exists in neither SIEM, CASB, nor EDR, because EDR assumes a human at a keyboard and breaks down when an agent reading files, writing code, and opening connections is normal behavior. Its bet is that the endpoint, not the API gateway or agent framework, is the one place to see what an agent actually does before, during, and after the model responds, captured as semantic context rather than signatures. US-based with AI security research in Israel; early-stage, with a free endpoint install as the wedge. ### Oryo - Website: oryo.io - Founded: 2025 - Country: USA - Funding: $3M - Categories: AI-SPM, Observability & Governance, MCP & LLM Gateways - Founders: Prashanth Ram, Swaroop Sham - Investors: Golden Sparrow, Village Global, Seven Hill Ventures - Capabilities: Enterprise security control plane for AI agents; discovers and secures every AI agent + tool + MCP + data flow + identity + model + prompt in a single map; connects to SaaS, cloud AI agent platforms, identity systems, and the security ecosystem via API to scan configs/identities/permissions/MCPs/activity; enriches with business context, asset criticality, third-party intelligence; agent-aware detection algorithms; risk scoring + ranking by impact/exploitability. - Sensors/Integration: API-based discovery across SaaS / cloud AI agent platforms / identity systems / security ecosystem — agentless integration model. - Protections: Shadow agent detection, data exfiltration path detection, policy enforcement to prevent agentic security/governance issues, risk-prioritized remediation workflows. - Differentiator: Direct lineage to the two reference architectures for human identity and cloud security posture, now applied to agentic stack; Positions itself as "control plane for AI agents" vs. point-tool competitors; "CISOs today focus on identity for humans — tomorrow they'll need the same trust layer for Agentic AI". ### Oso - Website: osohq.com - Founded: 2018 - Country: USA - Funding: $28M - Categories: Agentic Identity, Observability & Governance - Founders: Sam Scott, Graham Neray - Investors: Sequoia Capital, Felicis Ventures, SV Angel - Capabilities: Authorization platform for AI coding agents and applications; security platform for monitoring, controlling, and auditing AI coding agents; fine-grained access control via Polar language; centralized authorization-as-a-service; SDK integrations across major programming languages and frameworks; extension to AI agent authorization use cases. - Sensors/Integration: SDK integration in customer applications and AI coding agents; centralized policy engine for authorization decisions; observability dashboard for authorization events; integration with identity providers. - Protections: Centralized policy enforcement preventing AI agents from exceeding least-privilege access; runtime authorization checks on agent actions; auditing of agent access decisions; fine-grained authorization for AI coding tools. - Differentiator: New York-based; strong adoption in developer-facing authorization with extension into AI coding-agent security; positioned as the authorization layer for AI-native applications. ### Ovalix - Website: ovalix.ai - Founded: 2025 - Country: Israel - Funding: $12M - Categories: Runtime & Guardrails, Agentic Identity - Founders: Oriel Vaturi, Aviad Levy - Capabilities: Secures and controls AI agents to protect business-critical operations; agent-level visibility and policy enforcement; agent identity governance; operational risk reduction for agentic workflows. - Sensors/Integration: Early-stage; integration model not publicly detailed. - Protections: AI agent control, behavioral enforcement, operational risk constraint. - Differentiator: Very early-stage pure-play; Explicit positioning as "secure and control AI agents" without the broader GenAI / shadow AI distractions some competitors layer in; Minimal public footprint so harder to differentiate technically — flagged for radar tracking rather than competitive analysis. ### Pallma - Website: pallma.ai - Founded: 2025 - Country: UK - Funding: $1.6M - Categories: Runtime & Guardrails, Observability & Governance, AI Red Teaming - Founders: Pavlos Mitsoulis, Dionysis Varelas - Investors: Marathon Venture Capital - Capabilities: AI security platform protecting agentic AI systems from runtime exploits; AI firewall blocking prompt injection, jailbreaks, and data exfiltration attempts at inference time; runtime guardrails for LLM and agent workflows; AI pentesting capabilities for surfacing vulnerabilities before production; coverage spanning generative AI and agentic AI deployments. - Sensors/Integration: Inline runtime layer sitting between applications and LLM endpoints; deploys as a firewall-style proxy or SDK; protects model interactions and agent tool calls at the moment of execution. - Protections: Blocks prompt injection attempts; prevents data exfiltration via model responses; enforces LLM guardrails inline; AI pentesting surfaces weaknesses before exploitation; runtime monitoring of agentic systems for off-script behavior. - Differentiator: Positions explicitly as competing with Google Model Armor and similar cloud-provider AI security primitives — the differentiation pitch is that purpose-built independent AI security platforms outperform bolt-on offerings from foundation-model providers; Combines firewall + pentesting + runtime in one platform rather than separate products. ### Pangea - Website: pangea.cloud - Founded: 2021 - Country: USA - Funding: $76M - Categories: Runtime & Guardrails, Observability & Governance, Agentic Data Governance, AI-SPM, Agentic Identity - Founders: Oliver Friedrichs - Investors: Ballistic Ventures, GV, Decibel - Capabilities: AI Detection and Response (AIDR) platform — securing data, models, agents, identities, infrastructure, and interactions across the AI lifecycle; AI guardrails with industry-best 99% efficacy on prompt injection at sub-30ms latency; AI access control and identity governance; shadow AI discovery and monitoring; AI usage compliance; secured data ingestion pipelines, LLM prompts and responses, and agent tool calls. - Sensors/Integration: Cloud-delivered service integrated into Falcon platform post-acquisition; pre-built APIs and SDKs for embedding security at AI build-time; extends Falcon Shield agentic protection. - Protections: Inline prompt injection detection and blocking; unauthorized access and AI misuse prevention; secure secrets and tool-call inspection; AI DLP across prompts and responses; integrated with CrowdStrike Falcon identity, endpoint, and SaaS controls post-acquisition. - Differentiator: Created the AIDR (AI Detection and Response) category alongside CrowdStrike — analogous to how CrowdStrike pioneered EDR; Industry-leading 99% prompt injection efficacy benchmark; Now the AI interaction layer of Falcon Cloud Security and Falcon Shield. ### Parakeet Security - Website: parakeetsecurity.ai - Founded: 2025 - Country: USA - Categories: Runtime & Guardrails, AI Red Teaming, Observability & Governance - Capabilities: Security platform specifically designed for voice AI agents — distinct from text-based AI security focused on LLM prompts; protects voice agents (call-center automation, IVR replacements, voice assistants) against emerging threats including voice prompt injection, audio-channel adversarial attacks, voice-cloning attacks against authentication flows, and conversational social engineering of voice agents. - Sensors/Integration: Specialized for voice/audio modality — STT (speech-to-text), TTS (text-to-speech), and the LLM in the middle are all attack surfaces; integrates with voice-AI platforms (e.g. VAPI, Retell, LiveKit, Pipecat) at the protocol level; runtime analysis of audio streams alongside text content. - Protections: Voice-specific prompt injection blocking (e.g. audio-encoded injections invisible to text classifiers); detection of voice-cloning and deepfake-driven impersonation of authorized callers; conversational behavioral controls preventing voice agents from being socially engineered; runtime monitoring of voice-agent compliance with policy. - Differentiator: Voice-AI-specific positioning is rare and defensible — most AI security vendors handle text only and treat voice as an afterthought via STT preprocessing; Voice agents have a fundamentally different threat surface (audio adversarial attacks, voice cloning, real-time interruption attacks) that text-focused vendors don't address; High-growth voice-AI deployment in call centers and customer support creates pull for category-specific security. ### Pegasi - Website: pegasi.ai - Founded: 2023 - Country: USA - Funding: $400K - Categories: Runtime & Guardrails, AI Red Teaming - Founders: Kevin Wu - Investors: Forum Ventures, Neo, Soma Capital, The Neo Fund, Night Capital - Capabilities: Reliability/trust layer plus ClawReins intervention guardrails that score action irreversibility, gate destructive agent actions, and audit-log decisions. - Sensors/Integration: Agent tool calls, browser state, and LLM input/output trajectories monitored before execution. - Protections: Deterministic pre-execution gating of destructive actions, hallucination guardrails, and human-approval routing. - Differentiator: Browser- and trajectory-aware intervention layer requiring explicit CONFIRM tokens before catastrophic agent actions. ### Permiso - Website: permiso.io - Founded: 2022 - Country: USA - Funding: $28.5M - Categories: Agentic Identity, Observability & Governance, Runtime & Guardrails - Founders: Paul Nguyen, Jason Martin - Investors: Point72 Ventures, Foundation Capital, Work-Bench, 11.2 Capital, Rain Capital, Altimeter Capital - Capabilities: Identity Runtime Attribution to AI Agents launched May 2026 (extends Discover/Protect/Defend framework); Universal Identity Graph tracking human + non-human + agent identities in same platform; full blast radius visualization; runtime detection of over-privileged access + unused permissions + anomalous tool usage; behavioral skill sandboxing; identity-first controls (least privilege recommendations, approval gates, runtime kill switches at machine speed); P0 Labs threat intel including LLMjacking discovery, cross-prompt injection in enterprise AI copilots, analysis of 341+ malicious AI agent skills. - Sensors/Integration: SaaS platform; identity-graph integrations; no separate AI agent module — integrated with existing human + NHI identity workflows. - Protections: Runtime kill switches at identity layer (revoke agent access at machine speed), behavioral baseline + drift detection, agent-specific behavioral patterns from P0 Labs, sub-agent chain blast-radius detection. - Differentiator: P0 Labs threat research is distinctive — original LLMjacking discovery + cross-prompt injection research + malicious skill marketplace analysis; Identity-first kill switch architecture vs. proxy/gateway-based interception; "AI isn't a new silo, it's an identity problem" thesis. ### Permit.io - Website: permit.io - Founded: 2021 - Country: Israel - Funding: $14M - Categories: Agentic Identity, Observability & Governance, MCP & LLM Gateways - Founders: Or Weis, Asaf Cohen - Investors: NFX - Capabilities: Enterprise-grade AI agent authorization platform; OPAL (Open Policy Administration Layer) — open-source policy administration extended for AI agent contexts; fine-grained per-action authorization decisions for agent tool calls; policy-as-code for AI agent permissions; integration with existing authorization stacks; agent-aware policy decisions that consider both the agent's identity and the human principal it acts for. - Sensors/Integration: Authorization-as-a-service platform with SDKs for major languages and frameworks; OPAL distributes policies in real time to enforcement points; integrates with MCP gateways and agent frameworks for per-call decisions; policy decision point and policy administration point architecture. - Protections: Fine-grained authorization on every agent action — far more granular than OAuth scopes; policy-as-code enabling version control, review, and CI/CD for authorization rules; agent-aware policies that account for delegated identity (agent acting on behalf of human); audit trail of every authorization decision for compliance. - Differentiator: Open-source OPAL component drives community adoption and developer trust; Fine-grained per-action authorization is increasingly necessary as agents chain tool calls — Permit's heritage is uniquely suited to this. ### Pillar Security - Website: pillar.security - Founded: 2023 - Country: Israel - Funding: $9M - Categories: AI-SPM, Observability & Governance, Runtime & Guardrails, Agentic Identity - Founders: Dor Sarig, Ziv Karliner - Investors: Shield Capital, Golden Ventures - Capabilities: End-to-end AI lifecycle coverage (discovery → posture → red teaming → guardrails → governance), AI fingerprinting, automated AI asset inventory (models, agents, datasets, meta-prompts), adversarial testing, adaptive runtime guardrails, MCP & tool security, SAIL framework (Secure AI Lifecycle Framework). - Sensors/Integration: Integrates with code repositories, AI/ML platforms, data infrastructure, IdPs, and local developer environments; agentic-endpoint detection of unapproved coding agents. - Protections: Approved-model lists, MCP allowlists, adaptive guardrails informed by red-team findings, agent-outside-governance-boundary detection, audit logs for GDPR/CCPA, embedded-AI / agentic-endpoint / AI gateway protections. - Differentiator: Gartner 2026 Representative Vendor for "Guardian Agents"; Published the SAIL framework ratified with Microsoft/Google Cloud/SAP/ServiceNow. ### PipeLab - Website: pipelab.org - Founded: 2025 - Country: USA - Categories: MCP & LLM Gateways, Runtime & Guardrails, Agentic Network Security, Agentic Endpoint Security, Sandboxing & Secure Envs - Founders: Joshua Waldrep - Capabilities: Pipelock — open-source agent firewall for MCP and AI agent egress; 11-layer scanner pipeline with 48 DLP credential patterns (Base64/hex/URL/Unicode encoding-aware); 25 prompt-injection detection patterns with 6-pass normalization (zero-width chars, homoglyphs, leetspeak); MCP tool poisoning detection, rug-pull tracking, policy engine with redirect, session binding, chain detection; A2A (agent-to-agent) scanning; process sandboxing (Landlock + seccomp + network namespaces on Linux, sandbox-exec on macOS); adaptive enforcement with per-session threat scoring and 3-level escalation; 4-source kill switch (CLI, dashboard, API, Telegram); hash-chained flight recorder; Ed25519-signed assessment reports verifiable offline; 70+ Prometheus metrics for fleet monitoring. - Sensors/Integration: Single ~22MB binary deployed locally; intercepts HTTP, WebSocket, and MCP traffic at the network boundary (HTTPS_PROXY pattern); per-agent process sandbox profiles; CLI wires up Claude Code, Cursor, VS Code, JetBrains, or any agent that speaks HTTP; brew/curl installable. - Protections: Inline scan + block on every outbound action; tool poisoning + prompt injection + secret exfiltration block; process sandboxing on Linux/macOS; kill switch flips agent into deny-all in under a second; signed receipts for every inspected action; OWASP MCP Top 10, OWASP Agentic Top 10, MITRE ATLAS, EU AI Act, SOC 2 mappings. - Differentiator: Only AI agent firewall currently listed in the CNCF Landscape (Security & Compliance category); Fully open-source with 618+ GitHub stars, 16,500+ tests, 87% coverage; Verifiable offline thesis — every action produces an Ed25519-signed receipt any third party can verify without contacting the vendor; Single-binary deployment lowers adoption friction vs. multi-component SaaS platforms; CLI-first developer experience (brew install + pipelock claude setup). ### Pluto Security - Website: pluto.security - Founded: 2025 - Country: Israel - Funding: $8M - Categories: Agentic SSPM, Observability & Governance - Investors: Mercer Ventures, Modern Technical Fund, TLV Partners, U&I Ventures, AWS & CrowdStrike Cybersecurity Accelerator - Capabilities: Oversight of employee-built AI/no-code apps, governance for AI coding agents, Mythos-readiness assessments. - Sensors/Integration: SaaS API connectors to builder platforms; IdP integration. - Protections: Policy enforcement on builder-platform AI; visibility/inventory. - Differentiator: Only vendor focused on citizen-developer / vibe-coding attack surface (Lovable, Replit, n8n, Make, Base44); Runs ClaudeSec research hub. ### PointGuard AI - Website: pointguardai.com - Founded: 2021 - Country: USA - Categories: AI-SPM, Runtime & Guardrails, MCP & LLM Gateways, Observability & Governance, AI Red Teaming - Founders: Pravin Kothari, Mali Gorantla, Warlu Kothapalli - Capabilities: Full-stack AI security and governance platform (formerly AppSOC, rebranded April 2025); AI Discovery and Inventory across models, agents, MCP servers, and integrations; AI Security Posture Management (AI-SPM); AI Security Testing including AI Red Teaming; runtime AI Anomaly Detection and Guardrails; AI DLP and Access Control for sensitive data; Agentic Gateway as centralized control point for MCP, API, and A2A traffic; agent identity with zero-trust authorization; Agent Governance Mesh; integrated vulnerability management bridging AI and traditional applications; Trusted MCP Knowledge Base for evaluating MCP tools. - Sensors/Integration: Cloud-native platform integrating with Databricks, AWS, Azure, and other AI infrastructure; agentless discovery across AI projects, models, datasets, notebooks, agents, MCP servers, endpoints; PointGuard AppSOC retained as the ASPM solution within the broader platform. - Protections: Runtime guardrails for prompt injection and data exposure; zero-trust authorization on agent tool access; granular MCP tool permissions with secure secrets management; static and dynamic model scanning; adversarial simulation; AI DLP and access controls; correlated risk across AI, applications, and cloud environments. - Differentiator: Broadest horizontal coverage among AI security platforms (8+ categories in one product); Rebranded from AppSOC to PointGuard AI in April 2025 to reflect expansion from pure ASPM into full AI security; Included in multiple Gartner reports on AI security; Serves BFSI, healthcare, government regulated industries; San Jose-based, founded 2021. ### Polaxis - Website: polaxis.io - Founded: 2026 - Country: India - Categories: Runtime & Guardrails, Observability & Governance, MCP & LLM Gateways, Agentic Identity - Capabilities: AI agent security and governance platform that intercepts every tool call through a 7-layer firewall — regex scan, risk scorer, LLM gate, behavioral baseline, session graph, threat intel, and policy engine; blocks prompt injection, PII leakage, credential theft, and unsafe actions before any tool executes; human-in-the-loop approvals routing high-risk actions to Slack with PII auto-masked; budget controls per agent/day/month auto-blocking when thresholds hit; immutable encrypted audit trail of every tool call, parameter, and approval; on-demand SOC 2, GDPR, HIPAA, EU AI Act, and OWASP Agentic Top 10 compliance reports; behavioral anomaly detection via Welford online stats per-agent; session-graph kill-chain detection across multi-turn agent runs; budget caps and spend visibility. - Sensors/Integration: Python SDK (two-line integration) deployable in any Python environment and any agent framework; zero-code MCP proxy mode (three env vars, point MCP client at proxy); framework-agnostic — LangChain, LangGraph, CrewAI, PydanticAI, AutoGen, OpenAI function-calling, Claude SDK, Cursor, Claude Desktop, custom agents; self-hosted in customer VPC on Enterprise plans (FastAPI + MongoDB + MCP proxy). - Protections: Inline block of prompt injection, PII exfiltration, credential theft at < 1ms median Python-layer latency; 89% of calls resolved without an LLM round-trip via pure Python signals; LLM gate fires only ~11% of calls using claude-3-5-haiku with 5-min cache and fail-open; tool-call-level governance (block / allow / HITL) by tool name, params, agent identity, time, spend, or custom logic; configurable fail-open vs fail-closed per agent; tamper-proof AES-256-encrypted audit log. - Differentiator: Explicitly positioned as the tool-call governance layer — distinct from LLM-text guardrail vendors (Prompt Security, Lakera Guard) which inspect prompts and outputs; The 7-layer architecture combines deterministic Python signals with selective LLM gating to keep latency in microseconds; Free tier (1 agent, 10K evals/mo) with self-serve onboarding lowers adoption friction; Built-in compliance report generation (SOC 2, GDPR, HIPAA, EU AI Act, OWASP) for audit-ready PDFs on demand; Budget enforcement is a unique primitive — most competitors lack hard cost limits per agent; Transparent pricing ($0/$149/$499/Custom) versus traditional enterprise-only AI security vendors. ### Polygraf AI - Website: polygraf.ai - Founded: 2021 - Country: USA - Funding: $11.8M - Categories: Runtime & Guardrails, Agentic Data Governance, Observability & Governance - Founders: Yagub Rahimov, Anton Stepaniuk, Vignesh Karumbaya - Investors: Allegis Capital, Alumni Ventures, DataPower VC, DOMiNO Ventures, Endless Frontier Labs - Capabilities: On-prem AI security & zero-trust governance platform; AI behavioral control layer with explainable SLMs; real-time data-leak and prompt-injection detection; privacy-preserving monitoring for defense and intelligence. - Sensors/Integration: On-premise / air-gapped deployment; explainable small language models inspecting prompts and responses inline; API integrations to enterprise AI stack. - Protections: Block data exfiltration, PII exposure, and unauthorized AI use; real-time policy enforcement; AI-content detection; audit logging. - Differentiator: Gartner Representative Vendor for Guardian Agents (2026); fully on-prem / air-gapped posture for defense & intelligence; explainable behavioral control layer. ### Polymer - Website: polymerhq.io - Founded: 2019 - Country: USA - Funding: $9.76M - Categories: Agentic Data Governance, Agentic Network Security - Founders: Usman Malik, Yasir Ali - Investors: Story Ventures, Tensility Venture Partners, Inspiration Ventures, 10x Venture Partners, Indicator Ventures, Maccabee Ventures, Motivate Ventures - Capabilities: Polymer's data security platform applied to AI: data loss prevention and governance for SaaS and GenAI tools that discovers sensitive data, classifies it with NLP, and controls what users and AI apps can share or expose. - Sensors/Integration: API connectors to SaaS apps plus browser/endpoint controls; real-time inspection of data flowing into GenAI tools. - Protections: Real-time DLP blocking and redaction of sensitive data shared with AI apps; policy enforcement and in-context user nudges; shadow AI usage visibility. - Differentiator: DLP startup repositioned around securing data in employee GenAI usage, with NLP-based classification rather than brittle regex rules. ### Pomerium - Website: pomerium.com - Founded: 2019 - Country: USA - Funding: $17.5M - Categories: Agentic Identity, MCP & LLM Gateways - Founders: Bobby Desimone - Investors: Benchmark, Bain Capital Ventures, SNR, Haystack - Capabilities: Open-source zero-trust identity-aware proxy with explicit MCP authorization support; per-request authorization with JWT identity and full audit logging; policy-based authorization preventing prompt injection attacks; clientless access (browser or API) without VPN; evaluates every request against identity + device posture + contextual signals; Control Agentic Sprawl product; explicit thesis that "OAuth alone can't secure MCP". - Sensors/Integration: Zero-trust proxy in the network path; identity-aware request inspection; integrates with existing IdPs. - Protections: Per-request authorization for MCP calls, prompt injection prevention via policy enforcement, JWT identity binding per agent request, full audit logging of agent ↔ resource interactions, task-intent-based access decisions. - Differentiator: Open-source-first zero-trust proxy extending naturally to MCP authorization — closer to a Cloudflare/Tailscale architecture than a SaaS agent-security product; Competes with Aembit on MCP authorization but with proxy-first architecture vs. credential-exchange model; Explicit per-request policy enforcement is rarer than session-based competitors. ### Portal26 - Website: portal26.ai - Founded: 2023 - Country: USA - Funding: $15M - Categories: Observability & Governance, AI-SPM, Runtime & Guardrails - Founders: Arti Arora Raman, Pakshi Rajan, Karthikeyan Mani - Investors: Shasta Ventures, Fusion Fund, Refinery Ventures - Capabilities: AMP (Agent Management Platform) launched March 2026 within Portal26's Enterprise AI Adoption Management Platform; automatically discovers and analyzes AI agents with detailed behavioral insights (interactions with AI models, volume of tool calls, systems being accessed); purpose-built agentic AI risk detectors; quarantine or remove high-risk agents directly in the platform or via integrations; also measures agent ROI (impact, productivity mapping, token consumption, agent demand, agent migration management). - Sensors/Integration: API integrations across enterprise AI agent ecosystem; agentless discovery model. - Protections: Security policy enforcement on agents, threat detection, rogue agent disabling, sensitive transaction guarding (no human oversight detection), risk-based agent quarantine. - Differentiator: "Visibility to Value" thesis — combines security capabilities with Value Realization (token consumption, productivity, ROI measurement); Competes for the "AI Adoption Platform" buyer (CIO + CISO joint) vs. pure security buyer of WitnessAI, Aurascape, Lumia. ### Portkey - Website: portkey.ai - Founded: 2023 - Country: India - Funding: $3M - Categories: MCP & LLM Gateways, Observability & Governance, Runtime & Guardrails, Agentic Identity - Founders: Rohit Agarwal, Ayush Garg - Investors: Lightspeed Venture Partners - Capabilities: Unified control plane for production AI; open-source AI Gateway processing 1T+ tokens and 120M+ AI requests daily across 24,000+ organizations; MCP Gateway for governing AI agents across enterprise tools; observability, guardrails, RBAC, PII redaction, rate limiting, cost controls, prompt management; unified API to 250+ LLMs; semantic routing, caching, and intelligent traffic shaping; manages $180M+ in annualized AI spend. - Sensors/Integration: Open-source gateway deployable on-prem, in cloud, or as managed SaaS; sits in the critical path between applications and LLM providers; supports OpenAI, Anthropic, Mistral, Llama, and other models. - Protections: PII redaction at the gateway; RBAC and identity enforcement on every LLM call; rate limiting and budget caps; semantic routing to safer models; full observability and audit trail; MCP Gateway permission boundaries for agent tool access. - Differentiator: Originally developer-focused AI gateway; Becomes the AI Gateway for Prisma AIRS post-acquisition; Open-sourcing the full gateway prior to acquisition created a wide community moat (10.2K GitHub stars); Positions itself at the agent-to-tool-to-model traffic boundary; Massive deployment scale at acquisition. ### Prediction Guard - Website: predictionguard.com - Founded: 2023 - Country: USA - Funding: $3.7M - Categories: Runtime & Guardrails, Model Security - Founders: Daniel Whitenack - Investors: Sovereign's Capital, Blu Ventures, Noblis Ventures, K Street Capital, WaterStone Impact Fund, M25, Service Provider Capital - Capabilities: Private, compliant (SOC 2 Type II, HIPAA) LLM hosting and inference with integrated output checks and guardrails via API. - Sensors/Integration: Inspects LLM prompts and outputs for prompt injection, toxicity, factual consistency, PII, and structure/type validity. - Protections: Blocks prompt injections, filters toxic output, prevents hallucinations, enforces structured output, keeps data private. - Differentiator: Couples private/self-hostable LLM inference on affordable hardware (Intel Gaudi) with runtime guardrails in one compliant platform. ### Prime Security - Website: primesec.ai - Founded: 2024 - Country: Israel - Funding: $20M - Categories: Agentic Code Security, Model Security - Founders: Michael Nov, Dimitry Shvartsman, Danny Hanga, Matan Markovics - Investors: Scale Venture Partners, Foundation Capital, Flybridge Ventures - Capabilities: Agentic Security Architect — autonomous AI agents conducting security design reviews before code is written; embedded directly in engineering workflows (Jira, etc.); design-flaw detection; near-full coverage of planned development tasks; reviews in <20 minutes; fine-tuned proprietary AI models for risk detection. - Sensors/Integration: Integrates into engineering planning systems (Jira-class) and design documents — not into runtime. - Protections: Surfaces and prioritizes design-stage security flaws before they ship; aligned with internal policies and compliance frameworks. - Differentiator: Only "shift-WAY-left" vendor on this list — operates at the design/planning phase, not at code/runtime; Black Hat 2025 Startup Spotlight winner. ### PrivaSapien - Website: privasapien.com - Founded: 2019 - Country: India - Funding: $1M - Categories: AI Red Teaming, Agentic Data Governance, Observability & Governance - Founders: Abilash Soundararajan, Deepika Abilash - Investors: Omidyar Network India - Capabilities: Agent Turing agentic AI red teaming platform for LLMs and GenAI covering privacy, safety, and fairness; automated privacy risk assessment with PXAR scoring; synthetic data generation; data pseudonymization; AI model security; regulatory mapping for global privacy regimes. - Sensors/Integration: Red team test harness running against customer AI endpoints; automated privacy risk assessment workflows; integration with enterprise data sources for synthetic data generation. - Protections: Pre-deployment privacy and fairness validation; synthetic data substitution preserving utility without exposing real PII; pseudonymization for safe model training; visualization of privacy harms with PXAR scoring. - Differentiator: Bengaluru-based startup (formerly TruthShare) operating since 2019; combination of red-teaming and privacy-enhancing technologies under one roof distinguishes PrivaSapien from pure-play red-team or DSPM vendors. ### Private AI - Website: private-ai.com - Founded: 2019 - Country: Canada - Funding: $11.3M - Categories: Agentic Data Governance - Founders: Patricia Thaine, Pieter Luitjens - Investors: Shasta Ventures - Capabilities: PrivateGPT Headless API stripping PII from prompts before transmission to LLMs like ChatGPT, then re-identifying responses on return; runs entirely within the user environment; multi-language PII detection across 50+ entity types; PII redaction for documents, audio, video; integration with cloud and on-premise LLM endpoints. - Sensors/Integration: Client-side library and API gateway intercepting prompts before transmission; broad language and entity coverage; integration with major LLM provider APIs. - Protections: Automatic PII removal before any sensitive data leaves the customer environment; re-identification of model responses preserving user experience; supports regulated workflows where raw PII cannot reach third-party model providers. - Differentiator: Toronto-based; deep PII detection model coverage spanning 50+ entity types and dozens of languages is one of the strongest privacy-preserving offerings for LLM workflows. ### Prompt Security - Website: prompt.security - Founded: 2023 - Country: Israel - Funding: $23M - Categories: Observability & Governance, Runtime & Guardrails, MCP & LLM Gateways, AI Red Teaming, Agentic Network Security, Agentic Endpoint Security, Agentic Browser Security, Agentic Data Governance - Founders: Itamar Golan, Lior Drihem - Investors: Hetz Ventures, Jump Capital, Ridge Ventures, Okta Ventures, F5, Four Rivers - Capabilities: Full-stack GenAI and agentic AI security platform; runtime protection at the point of interaction (browser, desktop, API); real-time visibility into AI tool usage across the enterprise; protection for employee use of public AI (shadow AI discovery, DLP, prompt injection prevention); secure homegrown LLM applications and AI agents; MCP gateway security across 13,000+ known MCP servers; AI agent runtime protection; agent observability and behavior monitoring; agentic IDE and developer-tool governance; sensitive data leakage prevention; misuse and policy enforcement. - Sensors/Integration: Browser extension, desktop application, and API integrations; deployable across web, SaaS, and endpoint; complementary to SentinelOne endpoint platform post-acquisition. - Protections: Inline blocking of prompt injection, data leakage, and AI misuse; runtime guardrails for prompt and response; MCP server-level controls preventing malicious tool calls and data exfiltration; full-stack approach across employee shadow AI, homegrown LLM apps, and agentic workflows. - Differentiator: First pure-play AI security startup acquired by a major endpoint security vendor; Pioneer of unified runtime AI protection across browser, desktop, and API; 2025 SINET16 Innovator and CRN cybersecurity startup to watch; Now powers the AI security layer of SentinelOne Singularity Platform. ### PromptArmor - Website: promptarmor.com - Founded: 2023 - Country: USA - Funding: $3M - Categories: Runtime & Guardrails - Founders: Shankar Krishnan, Vikram Jayanthi - Investors: Y Combinator, Accel, Lightspeed Venture Partners, Kindred Ventures, Intuit Ventures, Seven Seven Six - Capabilities: Data exfiltration prevention, adversarial input detection, compliance + risk assessment for AI systems handling customer data; high-impact original vulnerability research (notably the Snowflake Cortex Code prompt-injection bypass). - Sensors/Integration: Inline integration with LLM applications; specific focus on systems handling sensitive customer data. - Protections: Data exfiltration block, adversarial input filtering, compliance enforcement, sandboxing-bypass detection (informed by their own research). - Differentiator: Research-heavy posture with named vulnerability disclosures shaping the agentic AI threat landscape (Cortex Code among others); Rare among small startups to consistently publish credible attack research at the level of Invariant Labs / General Analysis / Capsule. ### Promptfoo - Website: promptfoo.dev - Founded: 2024 - Country: USA - Funding: $5M - Categories: AI Red Teaming, Runtime & Guardrails, Observability & Governance - Founders: Ian Webster, Michael D'Angelo - Investors: Andreessen Horowitz - Capabilities: AI security platform protecting LLMs from online adversaries; open-source LLM evaluation, red teaming, and security testing framework; widely adopted by enterprise AI teams for prompt evaluation and adversarial testing; supports OpenAI, Anthropic, Google, open-source models; CI/CD integration for security regression testing of LLM applications; will be integrated into OpenAI Frontier (the enterprise AI agents platform) post-acquisition. - Sensors/Integration: Open-source CLI and library; integrates into developer and CI/CD pipelines; SaaS evaluation platform for enterprise customers. - Protections: Adversarial test generation against LLM applications; regression detection for prompt-injection and jailbreak resistance; red-team campaign automation; runtime hooks for production guardrails. - Differentiator: Rapid open-source adoption (15K+ GitHub stars); acquired by OpenAI in March 2026 — the first major frontier-lab acquisition of a dedicated AI security startup; signals OpenAI views agentic security as a strategic capability, hardening its enterprise agents platform. ### Protect AI - Website: protectai.com - Founded: 2022 - Country: USA - Funding: $108M - Categories: Model Security, AI-SPM, AI Red Teaming, Observability & Governance, Runtime & Guardrails - Founders: Ian Swanson, Daryan Dehghanpisheh, Badar Ahmed - Investors: Evolution Equity Partners, Acrew Capital, boldstart ventures, Knollwood Capital, Pelion - Capabilities: AI/ML security platform covering the full lifecycle from development to runtime; ML supply chain security (model scanning via ModelScan, dataset and notebook scanning via NB Defense); AI-SPM via Layer; AI red teaming via Recon (simulated cyberattacks to find vulnerabilities in AI apps); runtime AI security via Guardian and Sightline; protection against model manipulation, data poisoning, and prompt injection; comprehensive coverage across models, agents, infrastructure, tools, and third-party components. - Sensors/Integration: Cloud-delivered SaaS pre-acquisition; integrates with ML training infrastructure, model registries, MLflow, Jupyter, GitHub; foundation of Palo Alto Prisma AIRS post-acquisition. - Protections: Pre-deployment model scanning for backdoors, malware, and integrity issues; AI red team simulation surfacing exploitation paths; runtime guardrails for prompt injection and data leakage; AI-SPM for ongoing posture; supply chain governance for ML artifacts. - Differentiator: Among the very first AI security companies (2022); now a cornerstone of Prisma AIRS, Palo Alto's comprehensive AI security platform; ML supply chain security pioneer with widely-used open-source tools (ModelScan, NB Defense). ### Protecto - Website: protecto.ai - Founded: 2022 - Country: USA - Funding: $5M - Categories: Agentic Data Governance - Founders: Amar Kanagaraj, Baskaran Alagarsamy - Capabilities: DeepSight transformer-based sensitive-data detection (PII/PHI/financial/IP), context-preserving tokenization (semantic meaning kept; LLM still reasons correctly), Protecto Vault, real-time privacy guardrails, RAG/MCP pipeline protection, role-based data masking at inference time, audit logs. - Sensors/Integration: Inline privacy/control plane in front of LLM APIs (OpenAI, Anthropic, Gemini); integrates with orchestration frameworks, vector DBs, and model gateways; SaaS, private VPC, or fully on-prem deployment. - Protections: Mask/tokenize PII/PHI/secrets pre-prompt; deterministic + reversible tokenization for authorized re-linking; GDPR/HIPAA/PDPL/DPDP pre-built policy packs; RBAC for AI agents. - Differentiator: Tokenization (not redaction) preserving LLM accuracy is the defining bet; Article 28 DPA-ready; Explicit GDPR/Schrems II positioning with EU-only / on-prem deployment options. ### Protectt.ai - Website: protectt.ai - Founded: 2020 - Country: India - Funding: $8.7M - Categories: AI Red Teaming, Runtime & Guardrails, Model Security - Founders: Manish Mimani, Mohanraj Selvaraj - Investors: Bessemer Venture Partners - Capabilities: Originally India's mobile app security and fraud-control platform (RASP, code obfuscation, anti-tampering, device binding, and SIM-swap/transaction-fraud defense for BFSI), Protectt.ai has extended into security for AI itself. Its AI-native platform now covers AI red teaming for LLMs and agentic AI — automated adversarial testing for prompt injection, jailbreaks, model manipulation, model extraction, hallucination exploitation, and agentic-workflow abuse across the AI lifecycle — plus AI model scanning and runtime protection via an LLM firewall offering 24/7 threat mitigation. ISO 42001-aligned; ISO 27001 and PCI DSS certified. - Sensors/Integration: Lightweight SDK heritage from mobile (100+ security features with cloud-offloaded analysis); for AI, automated adversarial-simulation tooling that probes LLM and agentic deployments from development through production, plus an inline LLM firewall for runtime threat mitigation; cloud-hosted. - Protections: Automated red-team simulation of real-world attacks (prompt injection, jailbreaks, model manipulation and extraction, agentic-workflow abuse) to surface vulnerabilities before production; a runtime LLM firewall for 24/7 threat mitigation; AI model scanning; alongside its core mobile RASP, anti-tampering, and fraud controls. - Differentiator: An established mobile app security and fraud-control company (named Cybersecurity Company of the Year 2023 and trusted by major Indian banks, insurers, and fintechs) that has expanded its AI-native positioning into actual security for AI, adding LLM and agentic red teaming, model scanning, and an LLM firewall. India-based with deep BFSI and regulatory grounding (RBI, SEBI, NPCI). Its AI-security line is newer and sits alongside a large mobile-security install base, setting it apart from pure-play AI-security startups. ### Protopia AI - Website: protopia.ai - Founded: 2019 - Country: USA - Funding: $25M - Categories: Model Security, Agentic Data Governance - Founders: Hadi Esmaeilzadeh, Eiman Ebrahimi - Investors: ATX Venture Partners, Samsung NEXT, Mercato Partners, Galaxy Interactive, Silverton Partners, DNX Ventures - Capabilities: Stained Glass Transform technology applying mathematical noise to data before AI inference, preserving model accuracy while protecting sensitive content from the model provider; round-trip protection for LLM endpoints; on-premise and cloud-hybrid deployment; supports both training and inference data privacy. - Sensors/Integration: Client-side SDK transforming data before it leaves the user environment; inference-time integration with cloud and on-prem LLM endpoints; partnerships with AWS, Lambda, and confidential compute providers. - Protections: Eliminates plaintext exposure during ML inference; prevents data leakage to model providers even in shared-tenant scenarios; mathematically backed privacy guarantees for sensitive prompts; Air Force contract validates regulated/defense readiness. - Differentiator: Recognized by Gartner in its AI TRiSM market guide; a $1.25M US Air Force contract for its Stained Glass Transform technology demonstrates defense-grade validation. ### PVML - Website: pvml.com - Founded: 2022 - Country: Israel - Funding: $8M - Categories: Agentic Data Governance, Runtime & Guardrails, MCP & LLM Gateways - Founders: Shachar Schnapp, Rina Galperin - Investors: NFX, FJ Labs, Gefen Capital - Capabilities: Secure AI-ready virtual databases — enables CIOs / IT teams to securely operationalize GenAI on existing infrastructure without moving or duplicating data; unlimited virtual databases with built-in security and AI readiness; original research on Supabase MCP malicious-agent attack demonstrating how MCP exposes underlying tools to novel attack vectors; data-layer enforcement for agentic AI accessing databases. - Sensors/Integration: Virtual database layer sitting between agents and underlying data stores. - Protections: Data-access enforcement at virtualization layer, MCP-aware data access controls, no data duplication/movement (privacy by architecture). - Differentiator: Virtual-database architecture is distinctive — sits at the data layer vs. API/identity/network layers most competitors target; Competes with Skyflow (data privacy vault), Protecto (tokenization), Knostic (need-to-know) but with database-virtualization model; Original Supabase MCP attack research positions it as a thought leader. ### Pynt - Website: pynt.io - Founded: 2022 - Country: Israel - Funding: $6M - Categories: MCP & LLM Gateways, AI Red Teaming, Runtime & Guardrails, Observability & Governance - Founders: Tzvika Shneider, Ori Goldberg, Golan Yosef - Capabilities: Chain-aware MCP security — agent-based security solution understanding the full MCP chain (multiple servers, tools, and downstream calls) rather than per-call inspection; API security heritage extended to MCP protocols; visibility into MCP tool usage and chain dependencies; security scanning specific to MCP server configurations and exposed tools; integrates with broader Pynt API security platform. - Sensors/Integration: Agent-based scanning of MCP chains; production telemetry from MCP server interactions; API security platform with MCP-specific extensions; integrates with developer environments and CI/CD pipelines. - Protections: Chain-level security analysis identifying risks that per-call inspection misses (e.g. tool A feeds data to tool B which exfiltrates); inline blocking of risky MCP chain executions; security scanning of MCP server configurations for misconfigurations and exposed risks; API security best practices applied to the MCP protocol. - Differentiator: Israeli API security company (Pynt) extending into MCP — leverages deep API security heritage with chain-aware analysis that's a natural fit for MCP's multi-call nature; "chain-aware" framing is distinctive — most MCP security vendors focus on individual server permissions while Pynt analyzes the broader interaction graph; API-security pricing and packaging makes the MCP product accessible to existing Pynt customers as an upsell. ### Qualifire - Website: qualifire.ai - Founded: 2023 - Country: Israel - Funding: $4.6M - Categories: Runtime & Guardrails, AI Red Teaming - Founders: Ariel Dan, Dror Ivry, Gilad Ivry - Investors: Disruptive AI, AnD Ventures - Capabilities: AI control plane delivering continuous evaluation, real-time guardrails, and pre-production agentic testing for GenAI apps. - Sensors/Integration: Evaluates LLM inputs/outputs to detect prompt injection, hallucinations, PII, harmful content, and instruction violations at low latency. - Protections: Contextual real-time guardrails that prevent inaccuracies, policy violations, and unsafe outputs before they reach users. - Differentiator: Combines ultra-low-latency guardrails with continuous evaluation and pre-production red-team-style testing. ### Quilr AI - Website: quilr.ai - Founded: 2024 - Country: USA - Funding: $3M - Categories: Runtime & Guardrails, Observability & Governance, Agentic Browser Security - Founders: Vidit Arora - Investors: Crew Capital - Capabilities: Next-gen DLP, AI guardrails, AI-SPM, in-flow employee coaching ("Quilly"), shadow AI discovery, plugin/connector risk. - Sensors/Integration: Browser + API + endpoint + IDE + LLM gateway + SDK (all six surfaces explicitly). - Protections: Intent-based classification (not regex DLP), in-flow real-time coaching, prompt injection/jailbreak sanitization, OWASP LLM Top 10 / NIST AI RMF / MITRE ATLAS mapping. - Differentiator: "Quilly" human-centric coaching agent unique on this list; Broadest stated deployment-surface coverage. ### Raven - Website: raven.io - Founded: 2024 - Country: USA - Funding: $20M - Categories: Runtime & Guardrails, Observability & Governance, AI-SPM - Founders: Roi Abitboul, Guy Franco, Omer Yair - Investors: Norwest, Elron Ventures, RedSeed, UpWest, SentinelOne, Jibe Ventures, Dnipro VC, Unusual Ventures, CyberFuture - Capabilities: Runtime platform to discover, monitor, and control AI agents inside production applications; instrumentation for live agent observability; policy enforcement on agent actions; shadow AI discovery across the enterprise; visibility into agent behavior, tool usage, and data flow patterns. - Sensors/Integration: Runtime instrumentation embedded in production applications; SDK or sidecar capturing agent telemetry; visibility layer surfacing agent activity to security and engineering teams. - Protections: Policy-based blocking of unauthorized agent actions; runtime monitoring catching anomalous behavior; shadow AI discovery surfacing unauthorized agents and copilots; observability-driven controls for governance and compliance. - Differentiator: California-based runtime AI security startup positioned in the emerging "AARM" (Agent Action Runtime Mediation) category alongside Certiv and Manifold; runtime observability-first approach with policy enforcement layered on top. ### raxIT Labs - Website: raxitlabs.com - Founded: 2024 - Country: Australia - Categories: AI Red Teaming, Observability & Governance - Founders: Adesh Gairola - Capabilities: Automated AI agent threat modeling tool with EU AI Act and NIST framework mapping; AI security assessment generating risk reports and compliance evidence; MLSecOps capabilities for the AI development lifecycle; LLM and GenAI security testing; AI SPM (security posture management); AI governance and compliance reporting tied to recognized regulatory frameworks. - Sensors/Integration: Assessment-driven engagement model — scans AI systems, agent definitions, and ML pipelines to surface risks; integrates with code repositories and CI/CD; generates threat models from agent specifications and architecture descriptions. - Protections: Pre-deployment threat modeling surfacing risks before agents reach production; compliance gap reports mapped to EU AI Act and NIST AI RMF; recommended remediation for identified weaknesses; ongoing posture management as AI systems evolve. - Differentiator: Threat modeling automation focus — most AI security vendors deliver runtime protection or generic red teaming; RaxIT explicitly automates the threat modeling stage which is typically a manual security architect activity; Explicit compliance mapping (EU AI Act, NIST AI RMF) makes outputs directly consumable by compliance teams rather than security engineering. ### Ray Security - Website: raysecurity.io - Founded: 2024 - Country: Israel - Funding: $11M - Categories: Agentic Data Governance, Runtime & Guardrails, Observability & Governance - Founders: Ariel Zamir, Eric Wolf, Dekel Levkovich - Investors: Venture Guides, Ibex Investors - Capabilities: Predictive data security platform that forecasts which data will be accessed and applies safeguards before risks emerge; detects all AI agents interacting with data including shadow AI tools operating outside visibility; understands what each agent is accessing, from where, and whether it is authorized; automated identification of data over-exposed to users + applications + AI agents; remediation-first approach; predicts most-likely access patterns by humans or AI agents and applies controls proactively. - Sensors/Integration: Integrates seamlessly with existing infrastructure; dynamic policy application across cloud / on-prem / hybrid data sources with one click. - Protections: Predictive data protection (apply controls before access), unauthorized AI agent data access blocking, automated over-exposure remediation, real-time detection and response on data access. - Differentiator: "Predictive" rather than reactive thesis — most DSPM competitors react to risky access; Ray predicts likely future access patterns and applies controls preemptively; CRN Cybersecurity Startup to Watch 2026. ### Realm Labs - Website: realmlabs.ai - Founded: 2024 - Country: USA - Funding: $5M - Categories: Runtime & Guardrails, Observability & Governance, Model Security - Founders: Saurabh Shintre - Capabilities: Deep Neural Inspection (DNI) — measures AI's internal mechanisms during inference to observe, detect, and prevent misbehavior before it surfaces as bad output; unified AI Detection & Response platform; signals of hallucination, misbehavior, or policy violations detected inside the model during inference; real-time enforcement actions; AAA framework (Authentication, Authorization, Auditing) for AI agents and chatbots. - Sensors/Integration: Inference-time inspection of the model itself (not just I/O); deployable on-prem or across AWS/GCP/Azure; low-latency for production environments. - Protections: Pre-output detection of hallucinations, misbehavior, policy violations; real-time block / redirect / correct of model behavior; guardrails and access controls working across any modality, language, or variation; intent classification of agent reasoning. - Differentiator: RSAC 2026 Innovation Sandbox finalist and Forrester's "Our Pick" from the 10 finalists; Only vendor on this list with explicit thesis of inspecting the model's internals during inference — treats AI as a transparent system rather than a black box. ### Reco - Website: reco.ai - Founded: 2020 - Country: Israel - Funding: $85M - Categories: Agentic SSPM, Agentic Identity, Observability & Governance - Founders: Ofer Klein, Gal Nakash, Tal Shapira - Investors: Insight Partners, Zeev Ventures, Boldstart Ventures, Angular Ventures, Redseed, Workday Ventures, TIAA Ventures, S Ventures, Quadrille Capital - Capabilities: Dynamic SaaS Security platform extending into AI agent security; AI-powered identity-centric discovery and mapping of every SaaS app, AI tool, user, and integration across the enterprise; shadow AI and shadow SaaS discovery (including OAuth-connected GenAI apps and Copilot extensions); identity graph correlating human users, NHIs, AI agents, and their entitlements across SaaS; SaaS-to-SaaS integration risk assessment; configuration posture management; data exposure analysis; threat detection for SaaS account takeover, OAuth abuse, and anomalous AI agent behavior; native integrations with Microsoft 365 Copilot, Salesforce Einstein, Google Workspace AI features. - Sensors/Integration: Agentless, API-first integrations across 100+ SaaS apps; AI-driven knowledge graph correlating users + identities + apps + data + actions; OAuth grant inspection. - Protections: OAuth-grant revocation for risky AI integrations, misconfiguration remediation, anomalous agent behavior detection, shadow AI app blocking workflows, identity-based access policy enforcement. - Differentiator: Identity-centric SSPM architecture with AI-driven knowledge graph as the data substrate — automatically maps relationships between humans, NHIs, agents, SaaS apps, and data without requiring pre-built connectors for every new AI tool; One of the most aggressive incumbents extending SSPM heritage into AI-agent-in-SaaS governance. ### Red Access - Website: redaccess.io - Founded: 2021 - Country: Israel - Funding: $23M - Categories: Agentic Browser Security, Observability & Governance, Agentic Network Security - Founders: Dor Zvi, Tal Dery - Investors: Norwest Venture Partners, Elron Ventures, Ten Eleven Ventures - Capabilities: Agentless, session-based secure-browsing and SSE platform that turns any browser into a secure enterprise browser without an extension, dedicated enterprise browser, or network rewrite — recently extended into AI. Its GenAI Security use case gives organizations visibility into and policy control over employee use of GenAI tools (ChatGPT, Copilot, and peers), with inline data-loss prevention to stop sensitive data from leaving for GenAI services. Adds Shadow Builders / Vibe Coding governance — discovering and securing employee-built AI apps and no-code and agentic workflows — and a firewall-native AI-Ready layer that upgrades existing firewalls with GenAI and browser-agnostic security. - Sensors/Integration: Agentless, cloud-based, session-level interception across any browser, web app, SaaS, messaging app, and device, with no agent, extension, enterprise browser, or rip-and-replace; firewall-native deployment that activates SSE and GenAI security on existing firewalls in hours; per-user and per-app policy. - Protections: Inline DLP that blocks sensitive data from being pasted or uploaded into GenAI tools; visibility and policy enforcement over shadow AI and shadow-builder/vibe-coding activity; safe-browsing, phishing, and web-threat protection at the session layer; audit and governance of GenAI usage across the workforce. - Differentiator: Primarily a secure-browsing and SSE company (the self-described first agentless browsing security platform), its AI relevance is GenAI usage control and shadow-AI governance at the browser and session layer rather than agent runtime — a peer to enterprise-browser players like LayerX and Island for the AI-usage-control use case. Differentiated by an agentless, firewall-native architecture that adds GenAI and browser-agnostic security to existing infrastructure with no agents, browser changes, or network rewrites; Tel Aviv-based with an expanding US presence. ### Red Specter - Website: red-specter.co.uk - Founded: 2025 - Country: UK - Categories: AI Red Teaming, Runtime & Guardrails - Founders: Richard Barron - Capabilities: UK research lab (Red Specter Security Research Ltd) building a full AI offensive/defensive stack: NIGHTFALL, a 50+-tool offensive framework for LLM, MCP and agent supply-chain attacks with autonomous campaign orchestration; and AI Shield (M99/M999), a multi-module runtime security framework for autonomous AI agents. - Sensors/Integration: Offensive toolkit run against authorized AI targets; AI Shield runtime detection layers and kill-switch integrity enforcement for agent fleets. - Protections: Runtime detection and termination of rogue agent behavior, prompt-injection blocking, and kill-switch integrity enforcement; findings cryptographically signed (Ed25519) and mapped to MITRE ATLAS, OWASP LLM/Agentic Top 10 and EU AI Act. - Differentiator: Bootstrapped UK lab offering both AI red-team tooling and agent runtime defense, with court-ready signed chain-of-custody evidence and Apache-licensed components. Early-stage / small team. ### Relyance AI - Website: relyance.ai - Founded: 2020 - Country: USA - Funding: $62M - Categories: Agentic Data Governance, Observability & Governance, AI-SPM - Founders: Abhi Sharma - Investors: Unusual Ventures, Menlo Ventures, Thomvest Ventures - Capabilities: Lyo NL data-defense engineer, Data Journeys code→cloud→AI lineage, AI inventory, compound-risk detection (agent + identity + sensitive data), AI regulatory mapping (EU AI Act / ISO 42001 / NIST AI RMF / GDPR / SOC 2 / HIPAA / NIS2), DSR/RoPA/DPIA automation, 3rd-party AI risk. - Sensors/Integration: Fully agentless, API-first — scans code repos + CI/CD + cloud runtime + SaaS + 3rd parties; SaaS, InHost (VPC), or DirectConnect deployment. - Protections: Not a runtime enforcer — compound-risk alerts, drift detection, code-level remediation guidance, runtime-vs-contract alignment, audit-ready evidence. - Differentiator: Only vendor with privacy/governance heritage (started in DPIA/RoPA); Most established AI-SPM/DSPM vendor here; Explicit "DSPM is the wrong abstraction" thesis. ### Repello AI - Website: repello.ai - Founded: 2024 - Country: India - Funding: $1.2M - Categories: AI Red Teaming - Founders: Aryaman Behera, Naman Mishra - Investors: Venture Highway, pi Ventures, Entrepreneur First - Capabilities: ARTEMIS (Automated Red Teaming Engine for Mapping, Identification, and Scanning) — simulates millions of adversarial attacks across text, image, and audio modalities; Repello Guard (adaptive runtime guardrails); Agent Wiz for secure AI agent deployment; threat modeling. - Sensors/Integration: CI/CD integration for pre-deployment scanning; runtime guardrails via SDK/API; multimodal probe library. - Protections: Pre-deployment vulnerability detection across multimodal attacks, runtime guardrails for prompt injection / data exfiltration / abuse, continuous adaptive policy updates from red-team findings. - Differentiator: Rare multimodal red-teaming depth (text + image + audio); Strong India fintech/edtech traction. ### Requesty - Website: requesty.ai - Founded: 2024 - Country: UK - Funding: $3M - Categories: MCP & LLM Gateways, Runtime & Guardrails, Observability & Governance - Founders: Thibault Jaigu, Daniel Trugman - Investors: 20VC - Capabilities: Unified LLM gateway and OpenAI-compatible API for 400+ AI models (Claude, GPT, Gemini, DeepSeek, Llama, Mistral) — drop-in replacement for OpenAI SDK with a single base URL change; intelligent routing automatically detecting request nature and routing to the most suitable model; semantic prompt caching cutting latency and costs (up to 40% savings reported); automatic failover and 99.99% SLA; PII detection and redaction; prompt injection blocking; content policy enforcement; role-based access control (Owner/Admin/Developer/Viewer roles); per-team budgets, model allowlists, usage quotas; complete audit trail; EU endpoint in Frankfurt for GDPR data residency; processing 90+ billion tokens daily for 70,000+ developers. - Sensors/Integration: Cloud-delivered API gateway at router.requesty.ai/v1; integrates as a one-line code change (swap OpenAI/Anthropic base URL); managed SaaS service with no self-hosting; multi-region endpoints (US Virginia, EU Frankfurt, APAC Singapore) for latency and compliance; OpenAI-compatible API surface so existing applications work without code changes. - Protections: Inline PII detection and redaction (emails, phone numbers, SSNs, credit cards scrubbed in real-time before reaching the model); prompt injection blocking; content policy enforcement filtering harmful outputs; role-based access enforcement; per-team budget caps preventing runaway spend; complete audit log for compliance and forensics. - Differentiator: Positions itself as "Cloudflare for AI" — infrastructure plumbing layer rather than just a router; Explicit GDPR-first European alternative to OpenRouter with EU data residency; Combines routing + caching + cost optimization + security + governance in one product (most competitors focus on one); $1.5M ARR and 25,000+ developers onboarded since 2025 pivot from data analytics; Customers include Shopify, Appnovation, Naible; Rapid growth in production-grade AI gateway category. ### Reva - Website: reva.ai - Founded: 2017 - Country: France - Categories: Agentic Identity, Runtime & Guardrails, Observability & Governance - Founders: Amit Saha, Yash Prakash, Tushar Agarwal - Capabilities: Authorization Management Platform (AMP) that enforces, governs, and adapts access across AI agents, cloud-native apps, and data from a single control plane. A Policy-as-Code engine (supporting open standards such as Cedar, OPA, and AVP) provides AI-assisted policy authoring, versioning, impact analysis, and continuous certification, plus real-time authorization decisions. For AI specifically it delivers adaptive runtime authorization for agents — controlling what they can access, invoke, and execute — permission-aware retrieval for RAG and vector stores, agent-level tool restrictions, and an Access Explorer that visualizes agent permissions and delegation chains. - Sensors/Integration: Unified control plane with a Trust Gateway for runtime authorization across APIs, Kubernetes, microservices, and cloud IAM; integrates with standard policy engines (Cedar, OPA, AVP) and identity frameworks (SPIFFE/SPIRE); policy authoring, governance, and observability tooling for hybrid-cloud and AI workloads. - Protections: Dynamic, context-aware authorization enforcing least privilege and guardrails on both human and AI access; issues verifiable, short-lived agent identities (SPIFFE/SPIRE) with controlled delegation paths between agents and tools; human-in-the-loop enforcement; permission-aware retrieval to curb over-retrieval and data exposure in RAG; a policy library mapped to OWASP LLM Top 10, OWASP Agentic, NIST AI RMF, and the EU AI Act. - Differentiator: Frames itself as the first Authorization Management Platform that treats authorization as one control plane spanning AI agents, apps, and data, rather than bolting agent controls onto legacy IAM; thesis that static roles and pre-defined permissions break down for agents that shift intent and chain actions at runtime. Built on open policy standards (Cedar, OPA, AVP) and SPIFFE/SPIRE identities; France-based. ### Riscosity - Website: riscosity.com - Founded: 2020 - Country: USA - Funding: $7M - Categories: Observability & Governance, Agentic Data Governance - Founders: James Greene - Investors: S3 Ventures - Capabilities: Agentless AI data firewall governing data flows to third-party AI services; sensitive data detection and redaction before reaching AI providers; PII discovery; GDPR-aligned compliance; partnership integrations with Mastercard for third-party security; no-code policy management. - Sensors/Integration: Network-tier inspection of outbound API traffic to AI services; cloud-delivered agentless deployment; integrations with major SaaS and AI platforms. - Protections: Inline blocking and redaction of sensitive data flowing to AI services; shadow AI discovery via egress monitoring; remediation of risky data transfers; protection against accidental compliance violations. - Differentiator: Pioneered the 'AI data firewall' framing in 2023; partnership with Mastercard for third-party security gives Riscosity ecosystem validation rare for early-stage AI data security startups. ### Robust Intelligence - Website: robustintelligence.com - Founded: 2019 - Country: USA - Funding: $44M - Categories: Runtime & Guardrails, AI Red Teaming, Model Security, Observability & Governance, AI-SPM - Founders: Yaron Singer, Kojin Oshiba - Investors: Sequoia Capital, Tiger Global, Engineering Capital - Capabilities: End-to-end AI security platform protecting AI models and applications across the full lifecycle from development to production; pioneered the industry's first "AI Firewall" — runtime protection against prompt injection, data poisoning, and model evasion attacks; algorithmic red teaming automating discovery of model vulnerabilities (jailbreaks, hallucinations, bias, PII leakage) at scale; continuous testing of AI models for safety, security, and compliance issues; AI risk and governance reporting aligned with industry and regulatory standards; protection for foundation models, fine-tuned models, and RAG applications; foundational to Cisco AI Defense and Cisco Foundation AI post-acquisition. - Sensors/Integration: Cloud-delivered SaaS pre-acquisition; API integrations with ML platforms (MLflow, SageMaker, Vertex AI) and major model providers; AI Firewall deploys in-line via REST API or model proxy; now integrated into Cisco's networking and security data flows post-acquisition for unparalleled visibility into all customer AI traffic. - Protections: Real-time inline blocking of prompt injection, jailbreaks, and adversarial inputs via the AI Firewall; pre-deployment red-team scanning surfacing exploitation paths before models reach production; continuous validation flagging model drift, integrity issues, and emergent failure modes; PII detection and redaction; compliance gating for regulated AI deployments; serves enterprise customers including JPMorgan Chase, IBM, Expedia, Deloitte, and BMW. - Differentiator: Among the very first dedicated AI security companies — predates the GenAI boom by 2+ years; Coined the "AI Firewall" category that the entire industry now uses; Foundational technology behind Cisco AI Defense and the open-source Cisco Foundation AI initiative; Sister acquisition to Cisco's May 2026 Astrix purchase — together making Cisco a two-pillar AI security platform (Robust = models/red-team, Astrix = identity/agents). ### Rockfort AI - Website: rockfort.ai - Founded: 2024 - Country: India - Categories: AI Red Teaming, Runtime & Guardrails, Observability & Governance - Capabilities: GenAI security for enterprises and AI-native startups, organized around three products. Rockfort Red runs hundreds of simulated attacks against an LLM or AI application to surface prompt injection, model poisoning, and data-exfiltration risks, returning a first report within roughly 48 hours. Rockfort Shield sits inline between the app and the model (API, SDK, or proxy) to enforce policy and mask PII before prompts reach the provider, at sub-10ms latency, with audit-ready logs. Rockfort Certify packages buyer-ready security evidence and compliance such as ISO 42001. An employee-facing browser extension blocks sensitive data from reaching LLMs and reduces Shadow AI. - Sensors/Integration: Point Rockfort at an AI system via API, SDK, or proxy with no product code changes; an inline proxy for production traffic; an employee browser extension for Shadow-AI control; cloud-hosted. - Protections: Pre-deployment red teaming (500+ attack simulations) with prioritized fixes; inline runtime protection that masks PII and enforces policy before data reaches the model; Shadow-AI prevention at the browser; compliance and audit evidence (ISO 42001) to clear enterprise security reviews. - Differentiator: Pitched squarely at AI-native startups losing enterprise deals to security questionnaires — test before you ship (Red), protect while you run (Shield), and close deals with proof (Certify) — compressing 90-day security reviews to roughly 14 days. India-based (Hyderabad), founded 2024; combines offensive testing, an inline data-protection proxy, and compliance evidence in one lightweight package. ### Runlayer - Website: runlayer.com - Founded: 2026 - Country: USA - Funding: $11M - Categories: MCP & LLM Gateways, Agentic Identity, Observability & Governance - Founders: Andrew Berman, Tal Peretz, Vitor Balocco - Investors: Khosla Ventures, Felicis - Capabilities: Private MCP/skill/agent registry, one-click MCP installs, custom MCP hosting, subagent orchestration, identity-bound permissions, MCP attack detectors. - Sensors/Integration: MCP gateway / control plane between any MCP client and any MCP server (cloud or self-hosted VPC). - Protections: Pre-approval MCP/skill scanning, multi-tier detectors per call (tool poisoning, shadowing, command injection, fake MCPs), SSO+SCIM, audit trail. - Differentiator: Cleanest pure-play MCP gateway; Endorsed by MCP co-creator; 18,000+ MCP servers + 300+ clients supported. ### Ryft - Website: ryft.io - Founded: 2024 - Country: UK - Funding: $8M - Categories: Agentic Data Governance, Observability & Governance, AI-SPM - Founders: Yossi Reitblat - Investors: Index Ventures, Bessemer Venture Partners - Capabilities: Automated data lake and data-access governance platform tailored for enterprises adopting AI systems and autonomous agents; automates data management for AI environments; governs which identities and AI agents access which data; ingests access logs to build a real-time map of data flows; reduces engineering overhead of data access controls at AI scale. - Sensors/Integration: Cloud-native integrations with data lakes, warehouses, and AI infrastructure; agentless ingestion of access logs; integrates with major cloud providers. - Protections: Per-identity data access governance for AI agents; automated enforcement of data lake permissions; visibility into agent-driven data flows; remediation of overprivileged AI access. - Differentiator: Founded in 2024, acquired only ~2 years later for $100-130M; International customers (Sonos, Unity, Voodoo) at exit; Second of Cyera's aggressive 2026 acquisition spree alongside Genie, Trail, Otterize, and Shape AI. ### Safe Intelligence - Website: safeintelligence.ai - Founded: 2023 - Country: UK - Funding: £3M+ - Categories: Model Security, AI Red Teaming, Observability & Governance - Founders: Alessio Lomuscio - Investors: Backed VC - Capabilities: ML model validation, robustification, and monitoring platform; formal verification of AI model properties; robustness testing against adversarial inputs; runtime monitoring of deployed models; AI governance and compliance support; targets safety-critical AI applications in regulated industries. - Sensors/Integration: API integration with customer ML pipelines; formal verification engine; adversarial test harness; model monitoring telemetry. - Protections: Mathematically grounded robustness guarantees on AI models; pre-deployment verification surfacing model weaknesses; runtime monitoring catching drift and adversarial input patterns; documentation supporting regulated AI deployments. - Differentiator: Imperial College London spinoff; a formal-verification approach to AI safety that is rare in commercial AI security; targets safety-critical sectors requiring provable model behavior. ### Sarus - Website: sarus.tech - Founded: 2021 - Country: France - Funding: $2.7M - Categories: Model Security, Agentic Data Governance - Founders: Maxime Agostini, Nicolas Grislain, Vincent Lepage - Investors: Y Combinator, European Innovation Council, Google for Startups, Moove Lab, ByTheTower - Capabilities: Privacy-preserving SQL/pandas/scikit-learn rewriting engine using differential privacy; computation-to-data architecture leaving data at source; SarusLLM enabling privacy-preserving LLM fine-tuning on sensitive data; deployable in client infrastructure on-prem or cloud. - Sensors/Integration: Native deployment within existing data infrastructure; rewrites standard queries from data tools into privacy-safe variants; on-prem and private cloud support. - Protections: Mathematically guaranteed differential privacy noise on outputs preventing re-identification; replaces traditional anonymization; GDPR compliance via privacy-by-design. - Differentiator: Paris-based team with deep differential-privacy expertise applied directly to LLM fine-tuning — a rare specialization in the AI security category. ### Secretarium - Website: secretarium.com - Founded: 2019 - Country: UK - Funding: $6.7M - Categories: Model Security, Sandboxing & Secure Envs - Founders: Cedric Wahl - Investors: IQ Capital, Innovate UK - Capabilities: Klave for AI confidential computing platform for private, verifiable AI inference on sensitive data; trusted execution environment-based deployment; deterministic and verifiable computation; RAG security; integration with secure enclaves; supports regulated industries requiring cryptographic compute attestation. - Sensors/Integration: TEE-based deployment of AI models; cryptographic attestation chain; integration with cloud providers offering confidential compute; RAG pipelines on encrypted vector stores. - Protections: Verifiable AI inference where computation can be cryptographically proven correct; data confidentiality even from the model operator; secure deployment in regulated financial services and government workloads. - Differentiator: London-based confidential computing pioneer with Klave platform; deterministic and verifiable approach to AI computation distinguishes Secretarium from pure-confidentiality-focused TEE platforms; financial services and government focus. ### Securiti - Website: securiti.ai - Founded: 2018 - Country: USA - Funding: $156M - Categories: Agentic Data Governance, AI-SPM, Runtime & Guardrails - Founders: Rehan Jalil - Investors: Mayfield, General Catalyst, Workday, Veeam, Aramco Ventures, Schroders, Capital One Ventures, Citi Ventures - Capabilities: Gencore AI is Securiti's platform for safely building and operating enterprise GenAI and RAG, preparing unstructured data into AI-ready formats and grounding it with embedded data controls, lineage, and policy enforcement via a Data Command Graph. - Sensors/Integration: SaaS/cloud platform connecting to unstructured data sources, vector databases, and LLMs; integrates with Databricks, NVIDIA, AWS Bedrock, and HPE across GenAI pipelines. - Protections: Context-aware LLM Firewalls inspect prompts and responses to block data leaks, prompt injection, and harmful content; auto-detects and controls sensitive data in AI pipelines with full lineage. - Differentiator: Knowledge Graph-driven Data Command Graph unifies data, AI models, and regulatory controls so enterprises build safe AI with governance and entitlements enforced end-to-end. ### Secuvy - Website: secuvy.ai - Founded: 2019 - Country: USA - Funding: $5.35M - Categories: Agentic Data Governance, Observability & Governance - Founders: Vaibhav Mehrotra, Prashant Sharma - Investors: WestWave Capital, Dell Technologies Capital - Capabilities: AI-driven enterprise data security and privacy platform; data discovery and classification across structured and unstructured environments; DSPM across hybrid, multi-cloud, and on-premises; compliance automation for DPIA and PIA; risk assessment and automated remediation; policy-based file encryption and secure collaboration. - Sensors/Integration: API and database connectors across enterprise data sources; cloud and on-premise deployment options; integration with DRM platforms. - Protections: Automated discovery and classification of sensitive data feeding into AI workflows; DSPM visibility across hybrid estates; automated remediation of misclassifications and security risks; data leakage prevention into LLMs and GenAI tools. - Differentiator: A team operating since 2019 positions Secuvy as a more established DSPM-for-AI vendor relative to 2023+ entrants. ### Seezo - Website: seezo.io - Founded: 2024 - Country: India - Funding: $7M - Categories: Agentic Code Security - Founders: Sandesh Mysore Anand, Rakshitha R Rao - Investors: Accel - Capabilities: Automated security design review platform; GenAI scans technical documentation and architectural artifacts (JIRA tickets, Google Docs, Confluence pages, system diagrams) to identify security risks before coding begins; context-aware security requirements tailored to API endpoints, authentication flows, and architectural components; risk profile-aware rule tailoring; integration with coding standards and company-specific jargon; maps requirements to compliance standards including PCI and ASVS; on-premises deployment option for enterprise customers; delivers security insights through JIRA, Slack, and collaborative engineering tools. - Sensors/Integration: SaaS or on-prem; ingests design documents from JIRA, Notion, Confluence, Google Docs, architecture diagrams; integrates with developer workflows via Slack and JIRA. - Protections: Pre-coding identification of design-stage risks; tailored security requirements delivered into developer tickets; compliance mapping for PCI and ASVS; threat-modeling automation reducing manual security review burden. - Differentiator: Positions specifically on the design-review use case rather than the broader code-security platform play; On-prem deployment serves enterprise customers reluctant to ship sensitive design docs to SaaS; Small focused team (~10) executing on a specific shift-left use case. ### Seraphic Security - Website: seraphicsecurity.com - Founded: 2020 - Country: Israel - Funding: $32M - Categories: Agentic Browser Security, Runtime & Guardrails, Agentic Endpoint Security - Founders: Ilan Yeshua, Avihay Cohen, Suresh Batchu - Investors: GreatPoint Ventures, CrowdStrike Falcon Fund, Cyberstarts, Planven Investments, Storm Ventures - Capabilities: Browser runtime security platform that turns any browser (Chrome, Edge, Safari, Firefox, agentic browsers) into a secure enterprise browser without requiring users to switch browsers or routing traffic through proxies; JavaScript abstraction layer integrating directly into the browser to prevent attacks at runtime; continuous in-session protection against phishing, zero-day browser exploits, session hijacking, data exfiltration, and man-in-the-browser attacks; enables secure access to SaaS and private web applications for employees and third parties on both managed and personal devices, eliminating the need for VDI or VPN; supports all browsers as well as SaaS desktop applications like Teams, Slack, Discord, and WhatsApp; agentless-style protection for contractors and BYOD without requiring a full endpoint agent; specifically extended to protect AI-driven browsing including ChatGPT Atlas. - Sensors/Integration: JavaScript-based abstraction layer that integrates into the browser runtime — works on any unmodified browser (Chrome, Edge, Safari, Firefox, and agentic browsers like ChatGPT Atlas) rather than requiring a separate proprietary browser; deploys without requiring a full endpoint agent; invisible to end users; post-acquisition integrating natively with CrowdStrike Falcon Fusion SOAR and Falcon Shield, fusing browser telemetry with Falcon endpoint signals and SGNL's continuous authorization technology. - Protections: Real-time inline blocking of zero-day browser exploits, phishing kits, sophisticated spear phishing, ransomware, and high-risk policy infringements; data loss prevention at the browser layer including AI prompt content; session hijacking and man-in-the-browser attack prevention; continuous in-session visibility and control across managed and unmanaged devices; secure access enforcement for SaaS and internal applications without VDI/VPN; specifically protects against AI-driven browsing risks. - Differentiator: Israeli (Herzliya) browser security specialist taking a fundamentally different approach from competitors Talon (acquired by PAN) and Island — Seraphic secures unmodified existing browsers via a JavaScript abstraction layer rather than shipping a proprietary Chromium-based enterprise browser, which is invisible to users and eliminates browser-migration friction; CrowdStrike's 6th Israeli acquisition (first since 2024) and first major browser-security purchase; Deal cluster with SGNL ($740M, identity, week earlier) is positioned by CrowdStrike as a unified "next-gen identity security" play spanning endpoint → browser → cloud; Explicitly called out as protecting the "agentic workforce" — directly relevant to AI agent operating in browsers; Launched ChatGPT Atlas protection in 2025. ### Singulr AI - Website: singulr.ai - Founded: 2024 - Country: USA - Funding: $10M - Categories: AI-SPM, Observability & Governance, Runtime & Guardrails - Founders: Shiv Agarwal, Abhijit Sharma - Capabilities: Unified AI Control Plane + Agent Pulse (extension for autonomous agents and MCP servers); Agent Risk Intelligence powered by Singulr Trust Feed (continuous risk posture evaluation based on model access, MCP server configurations, connected tools, AI red-teaming simulations); Agent Governance; Agent Runtime Controls (real-time enforcement). - Sensors/Integration: Integration-first / vendor-agnostic — leverages existing IT and security investments rather than requiring new agents/proxies; SaaS control-plane architecture with deep API integrations. - Protections: Real-time enforcement against unauthorized system/tool access, prompt injection, data leakage during execution; dynamic risk classification as environments evolve; drift-vs-baseline detection. - Differentiator: Explicit "Unified AI Control Plane" positioning unifying governance + security posture + usage intelligence + data protection + runtime enforcement in one platform; "purpose-built for AI" vs. legacy security solutions extending into AI. ### Skyflow - Website: skyflow.com - Founded: 2019 - Country: USA - Funding: $100M - Categories: Agentic Data Governance, Runtime & Guardrails, Agentic Identity - Founders: Anshu Sharma, Roshmik Saha - Investors: Insight Partners, Khosla Ventures, Foundation Capital, Firestreak Ventures, Canvas Prime - Capabilities: Data privacy vault that isolates, protects, and governs sensitive data; polymorphic encryption preserving data utility while protecting raw values; tokenization of PII/PHI/PCI/credentials; SDK-based integration enabling apps + AI agents to operate on tokenized data without ever seeing raw values; data residency + sovereignty controls; vault-native LLM serving so AI agents can be given access to tokenized inputs and detokenize only at the trust boundary; fine-grained access policies per identity per field per use case. - Sensors/Integration: SDK + API; sits between application/agent and underlying data stores; integrates with major cloud + identity providers. - Protections: Data tokenization (raw data never leaves vault), per-field access controls, polymorphic encryption preserving operations on encrypted data, detokenization only at trust boundary, agent-aware access policies. - Differentiator: Vault architecture for AI agents — closer to Protecto in tokenization angle but with broader data-privacy-vault product surface; Positions as data-layer enforcement for agentic AI (similar to PVML's virtual-database thesis but with privacy-vault primitives instead of database virtualization); Strongest privacy-vault heritage. ### Skyld - Website: skyld.io - Founded: 2021 - Country: France - Funding: €1.5M - Categories: Model Security - Founders: Marie Paindavoine, Joseph Boutros - Investors: Plug and Play, BPI France - Capabilities: AI model protection platform securing on-device ML models from reverse engineering, theft, and tampering; cryptographic obfuscation of model weights and architecture; protection of intellectual property in deployed models on mobile, edge, and IoT devices; reverse-engineering deterrence for proprietary AI. - Sensors/Integration: SDK integration during model compilation and deployment; coverage of TensorFlow, PyTorch, ONNX, and other major ML frameworks; mobile, edge, and IoT deployment targets. - Protections: Cryptographic protection of model weights preventing extraction by reverse engineers; tamper resistance for deployed models; IP protection for proprietary algorithms; protection against model inversion attacks. - Differentiator: Paris-based startup focused on the underserved category of on-device AI model protection; complementary to cloud-AI security rather than competitive; relevant for edge AI, automotive, and IoT verticals where models cannot run in trusted cloud environments. ### SlashID - Website: slashid.com - Founded: 2021 - Country: USA - Funding: $8.8M - Categories: Agentic Identity, Observability & Governance, MCP & LLM Gateways - Founders: Vincenzo Iozzo, Giovanni Gola - Investors: TQ Ventures, Musha Ventures, Alven Capital Partners, DG Daiwa Ventures, Headline - Capabilities: AI Identity Governance launched May 2026 — first access-graph-native solution governing OAuth-connected AI apps + agents + MCP servers; Access Graph models OAuth scopes as first-class edges; continuous discovery of OAuth 2.0 grants issued to AI apps; toxic combinations as saved Access Graph queries; covers Claude Code, Cursor, Gemini CLI, GitHub Copilot, Microsoft 365 Copilot, ChatGPT; discovers every MCP server configured across the fleet; 500+ out-of-the-box identity threat detections; browser-level phishing prevention. - Sensors/Integration: No agents, no proxies, no inline inspection — leverages pre-tool-use hooks + real-time OpenTelemetry export + vendor admin APIs; covers Claude Code, Cursor, Gemini CLI, Copilot, M365 Copilot, ChatGPT without endpoint software. - Protections: OAuth scope visualization at edge level, toxic-combination remediation workflows, AI app + agent + MCP server lifecycle policies, browser-level phishing prevention against malicious AI-tool OAuth apps. - Differentiator: Access Graph approach is distinctive — graph-native vs. policy-list governance; Emerged from April 2026 Vercel security incident analysis (attackers compromised Google Workspace via malicious OAuth 2.0 app from third-party AI tool); Positioned as extension of existing IGA platform. ### SlashLLM - Website: slashllm.com - Founded: 2026 - Country: Singapore - Categories: MCP & LLM Gateways, Runtime & Guardrails, Observability & Governance, AI Red Teaming - Capabilities: ISP-style "Integrated Service Provider" for AI security — platform (SlashStack) + embedded operations team + governance program in one offering; unified API gateway with authentication, rate limiting, and policy enforcement across every model provider (OpenAI, Anthropic, Bedrock, local models); input and output filtering including prompt injection blocking, PII redaction, harmful content detection, custom rules; full request/response logging, cost tracking, latency monitoring, tamper-proof audit trails for compliance; automated vulnerability scanning, jailbreak testing, regression suites running continuously; centralized policy store; compliance mapping and evidence packs for SOC2, HIPAA, EU AI Act, IMDA Verify (Singapore); quarterly governance reports and maintained AI risk register. - Sensors/Integration: Self-hosted deployment in customer environment via Docker/Kubernetes; integrates with existing CI/CD, IAM, SIEM stacks; gateway layer sits inline between applications and LLM providers; transparent and audit-ready architecture; not a SaaS — operates in your network with your data control. - Protections: Inline blocking of prompt injection, PII leakage, jailbreaks, and harmful content at the gateway; continuous automated red teaming surfacing new vulnerabilities; compliance enforcement with SOC2/HIPAA/EU AI Act/IMDA mapping; rate limiting and policy enforcement preventing abuse; tamper-proof audit trail for incident forensics. - Differentiator: Singapore-based with IMDA Verify compliance for APAC enterprises — rare combination of product + managed service for AI security; ISP model (platform + embedded team) differentiates from pure-software vendors — buyers get the platform plus humans operating it on their behalf, addressing the AI security talent shortage directly; Integrates cleanly with existing security stacks (CI/CD, IAM, SIEM) rather than being another silo; Safety-score methodology covering Data Leakage, Agent Safety, Prompt Injection Resistance, RAG Integrity, Governance & Monitoring is a structured executive-friendly deliverable; Deployed in customer environment (not SaaS) — appeals to data-sovereignty-conscious buyers. ### SolidCore - Website: solidcore.ai - Founded: 2025 - Country: USA - Funding: $4M - Categories: Observability & Governance, AI-SPM - Founders: Eric Chiu, Hemma Prafullchandra - Investors: Runtime Ventures, Epic Ventures - Capabilities: Governance platform for LLM-based applications with visibility and compliance monitoring; AWS and Azure cloud integrations; AI inventory and observability; compliance automation; runtime risk monitoring; multi-cloud coverage for enterprise AI portfolios. - Sensors/Integration: Cloud-native integrations with AWS and Azure AI services; agentless deployment; integration with enterprise identity providers and SIEM. - Protections: Centralized visibility across multi-cloud AI usage; compliance evidence generation for regulated industries; risk monitoring catching policy violations; AI inventory feeding security operations. - Differentiator: Multi-cloud governance positioning with explicit AWS and Azure focus; targets enterprise security and compliance teams operating distributed cloud AI; competes in the AI governance category alongside Credo AI and FairNow. ### Sonoma Security - Website: sonoma.dev - Founded: 2025 - Country: USA - Funding: Undisclosed - Categories: MCP & LLM Gateways, Observability & Governance, AI-SPM - Founders: Stephen Cobbe, Nick Raziborsky - Capabilities: MCP governance platform for securing and controlling enterprise AI agents; supply-chain security for MCP servers used by AI agents; permissions enforcement on agent ↔ MCP interactions; prompt injection protection at the MCP layer; AI governance and compliance controls; policy enforcement for which MCP servers and tools agents can access. - Sensors/Integration: MCP-layer control plane sitting between AI agents and MCP servers; intercepts and inspects every MCP call; integrates with enterprise IAM for agent identity context; supply-chain scanning of MCP server packages. - Protections: Permission enforcement on agent tool calls; blocking of high-risk MCP server usage; prompt injection detection at the MCP boundary; supply-chain protection against malicious or compromised MCP servers; audit logging of all MCP transactions for compliance. - Differentiator: Pure-play MCP governance focus distinct from generalist AI gateways — purpose-built for the MCP protocol rather than treating it as one of many integration points; Supply-chain security angle (vetting which MCP servers agents are allowed to call) is differentiated from competitors who focus on traffic inspection alone; Distinct from Noma Security despite name similarity (Sonoma is at sonoma.dev, Noma is at noma.security). ### SPLX - Website: splx.ai - Founded: 2023 - Country: USA - Funding: $9M - Categories: AI Red Teaming, Runtime & Guardrails, AI-SPM, Observability & Governance - Founders: Kristian Kamber, Ante Gojsalić - Investors: LAUNCHub Ventures, Inovo Venture Partners, South Central Ventures, DNV Ventures, Runtime Ventures, Rain Capital - Capabilities: End-to-end AI security platform covering AI asset discovery, automated red teaming, runtime guardrails, and AI governance for the full AI lifecycle from development through deployment; AI Asset Management providing visibility into AI models, agentic workflows, and infrastructure; maps agentic workflows visualizing every node, agent, and tool across complex software chains; automated continuous red teaming executing 5,000+ attack simulations against AI models; runtime guardrails for sensitive data protection; threat inspection on AI traffic; prompt hardening for production-ready AI deployments; compliance tools for AI governance frameworks; agent-level threat analysis delivering real-time prioritized risk insights. - Sensors/Integration: Cloud-delivered AI security platform; integrates with AI applications, agents, models, and workflows via APIs; post-acquisition integrating natively into the Zscaler Zero Trust Exchange platform alongside Zscaler's data protection and inline traffic inspection capabilities; shift-left coverage from development through deployment. - Protections: Continuous automated red teaming surfacing jailbreaks, prompt injection vulnerabilities, and AI model weaknesses before production; runtime guardrails blocking sensitive data exfiltration; threat inspection on AI traffic with prioritized agent-level risk insights; compliance reporting for AI governance requirements; prompt hardening fortifying applications against adversarial inputs. - Differentiator: Croatian-founded (Zagreb) AI security pioneer scaling rapidly to enterprise customers in under two years before exit; Combines red teaming + runtime + governance + asset discovery in one platform — the four pillars Zscaler explicitly highlighted as expanding their Zero Trust Exchange; Zscaler's second AI security acquisition in 2025-2026 (alongside Symmetry Systems) — establishes Zscaler as a multi-deal consolidator in the space; Now positioned as the dedicated AI protection layer within Zscaler Zero Trust Exchange. ### Stacklok - Website: stacklok.com - Founded: 2022 - Country: USA - Funding: $17.5M - Categories: MCP & LLM Gateways, Observability & Governance, Agentic Identity, Agentic Code Security - Founders: Craig McLuckie, Luke Hinds - Investors: Madrona Venture Group, Index Ventures - Capabilities: Enterprise MCP platform managing authentication, authorization, and policy controls for AI agent access to tools and systems; runs in customer's VPC (not SaaS) for data residency-sensitive deployments; ToolHive open-source platform for MCP server management; CodeGate intercepts risky AI completions to prevent secret leakage; Trusty evaluates open-source package trustworthiness for AI supply chain; Minder policy engine enforcing supply-chain controls across repos, dependencies, and CI/CD; State of MCP in Software 2026 report — definitive enterprise MCP adoption benchmark. - Sensors/Integration: Self-hosted in customer VPC, not SaaS; MCP gateway architecture sitting between agents and enterprise systems; CodeGate sidecar integrating with AI coding tools to scan completions; Trusty package evaluation API; Minder policy engine in CI/CD pipelines; Kubernetes-native deployment leveraging the team's K8s heritage. - Protections: Authentication and authorization enforcement on agent ↔ MCP server interactions; policy-based blocking of unauthorized tool access; visibility into agent activity for audit and compliance; CodeGate blocks risky AI completions including secret leakage and untrusted package suggestions; supply-chain risk scoring via Trusty before packages are accepted. - Differentiator: Brings proven cloud-native security patterns to the MCP and AI security space; VPC-deployed architecture (not SaaS) is differentiated for financial services and regulated industries where data residency is a hard requirement; Produces influential industry research ("State of MCP in Software 2026" survey of 100 technical leaders) that's become a reference for MCP adoption metrics. ### Straiker - Website: straiker.ai - Founded: 2024 - Country: USA - Funding: $21M - Categories: Runtime & Guardrails, MCP & LLM Gateways, Observability & Governance - Founders: Ankur Shah - Investors: Lightspeed Venture Partners, Bain Capital Ventures - Capabilities: Discover AI (AI-SPM), Ascend AI (autonomous red teamer), Defend AI (runtime guardrails); MCP security. - Sensors/Integration: Cloud platform with inline runtime guardrails (specifics limited on site). - Protections: Pre-deployment red teaming + runtime prompt injection block, data leakage block, tool manipulation block, behavioral signal analysis. - Differentiator: CB Insights AI 100 (2026); Platform-engineering pedigree extending Prisma-Cloud-style architecture to AI. ### Superagent - Website: superagent.sh - Founded: 2023 - Country: USA - Funding: $10M - Categories: Runtime & Guardrails, AI Red Teaming - Founders: Alan Zabihi, Ismail Pelaseyed - Investors: Y Combinator, Rebel Fund, Bessemer Venture Partners, Dharmesh Shah, Frederic Kerrest, Amjad Masad - Capabilities: Runtime AI firewall/SDK that analyzes every agent request and response in real time, plus repo scanning and red teaming. - Sensors/Integration: NinjaLM, a fine-tuned SLM reasoning over prompts, responses, and tool calls in tens of milliseconds. - Protections: Blocks prompt injections and malicious tool/code executions; redacts secrets and PII across inputs and outputs. - Differentiator: Open-source, reasoning-driven runtime defense powered by a purpose-built security SLM (NinjaLM) embedded via SDK. ### SUPERWISE - Website: superwise.ai - Founded: 2019 - Country: Israel - Funding: $4.5M - Categories: Observability & Governance, Runtime & Guardrails - Founders: Ofer Razon, Oren Razon - Investors: F2 Venture Capital, Capri Ventures - Capabilities: AI governance and observability platform offering an AI control plane with policies, guardrails and monitoring for GenAI and agentic applications, evolving from its machine-learning observability heritage. - Sensors/Integration: SaaS platform ingesting model/agent telemetry; gateway and SDK integrations for inline policy and guardrail enforcement. - Protections: Guardrails enforcing content, safety and compliance policies on AI inputs/outputs; behavioral monitoring and policy management across the AI estate. - Differentiator: Combines AI governance, policies and guardrails in one platform, leveraging deep ML-observability roots to extend into GenAI control. ### SurePath AI - Website: surepath.ai - Founded: 2024 - Country: USA - Funding: $6.3M - Categories: Agentic Network Security, Runtime & Guardrails, Observability & Governance - Founders: Casey Bleeker, Randy Birdsall - Investors: Uncork Capital, Operator Collective, Swisscom Ventures, AWS & CrowdStrike Cybersecurity Accelerator - Capabilities: GenAI governance platform that intercepts and redacts sensitive data, enforces access guardrails, provides organization-wide visibility into AI usage; secures any GenAI solutions enterprises build, adopt, or buy — including Shadow AI; drives public GenAI traffic to private models (turns Shadow AI into a managed resource); detects + classifies unauthorized GenAI usage; data leakage detection; usage policy enforcement at scale; inference-level controls for AI agents. - Sensors/Integration: SaaS platform that complements existing SASE deployments — targets gaps in SASE's ability to manage GenAI traffic and Shadow AI; integrates with incumbent network security vendors. - Protections: Sensitive-data interception + redaction, access guardrails at inference, public-LLM-to-private-model traffic redirection, GenAI policy enforcement. - Differentiator: Explicit "complement-not-displace SASE" positioning — works with incumbent network security stack vs. trying to replace it; Identity-centric security strategy; Competes with Aurascape, WitnessAI, Lumia in network-layer AI security but with stronger SASE-integration story. ### Sweet Security - Website: sweet.security - Founded: 2023 - Country: Israel - Funding: $120M - Categories: Runtime & Guardrails, AI-SPM - Founders: Dror Kashti, Eyal Fisher, Orel Ben Ishay - Investors: Evolution Equity Partners, Munich Re Ventures, Glilot Capital Partners - Capabilities: Sweet Security's runtime cloud detection and response platform extended with an AI Security Platform (AISP) that discovers AI usage and components in cloud workloads, detects AI-related runtime threats, and applies guardrails to GenAI and agent activity. - Sensors/Integration: eBPF-based runtime sensor in cloud workloads and Kubernetes providing unified runtime telemetry across cloud, workload and AI layers. - Protections: Runtime detection and response for AI workloads; blocks anomalous agent/LLM behavior and sensitive-data exposure; correlates AI risk with cloud runtime context. - Differentiator: Israeli cloud-runtime (CDR/CNAPP) vendor that extended its eBPF runtime platform into a dedicated AI Security Platform, unifying cloud and AI runtime defense. ### Swift Security - Website: swiftsecurity.ai - Founded: 2023 - Country: USA - Categories: Observability & Governance, Agentic Browser Security - Founders: Naveen Bachkethi, Neil King - Capabilities: Discovers and monitors employee use of public and custom GenAI apps (ChatGPT, Gemini, Perplexity) and protects data flowing through them. - Sensors/Integration: Browser extension and network-level inspection observing prompts and responses across AI platforms. - Protections: Detects and blocks leakage of sensitive data (PII/PCI/PHI, IP, financial data) into GenAI applications via DLP. - Differentiator: Browser-extension GenAI DLP for copilot and public LLM interactions; acquired by Concentric AI (July 2025). ### Symbiotic Security - Website: symbioticsec.ai - Founded: 2024 - Country: USA - Funding: $13M - Categories: Agentic Code Security - Founders: Jerome Robert, Edouard Viot - Investors: Alven, Drysdale Ventures, Lerer Hippeau, Axeleo Capital, Factorial Cap - Capabilities: End-to-end security for AI coding; Symbiotic Code is an AI code-generation agent that embeds security enforcement directly into the generation workflow (policies enforced before generation, outputs verified, vulnerabilities auto-remediated, correctness revalidated before code returned); Symbiotic v1 IDE plugin provides real-time detection, AI remediation, and built-in security chatbot for developer training; Deep Remediation uses agentic workflows reasoning across files to fix root causes rather than fragile patches; Learned Guardrails memory system converts past fixes into dynamic rules; proprietary security-specific verified LLM training dataset; published original research on Gemini CLI Security Extension prototype pollution and Lovable Supabase RLS misconfigurations. - Sensors/Integration: IDE extensions for major editors; Terminal User Interface (TUI) tool for Symbiotic Code; CI/CD integration; PR-time scanning. - Protections: Pre-code guardrails before AI generation; in-IDE real-time detection and AI remediation; PR and CI/CD security; just-in-time developer training built into the workflow; root-cause fixes across multiple files via agentic remediation. - Differentiator: Distinctive positioning as a code-gen agent that embeds security inside generation rather than scanning after; Brooklyn-based; Thesis built on Carnegie Mellon research showing AI agents successfully implement features 61% of the time but only 10.5% are actually secure. ### Symmetry Systems - Website: symmetry-systems.com - Founded: 2018 - Country: USA - Funding: $32M - Categories: Agentic Data Governance, Agentic Identity, Observability & Governance, AI-SPM - Founders: Mohit Tiwari, Casey Bisson - Investors: ForgePoint Capital, Prefix Capital, W11 Capital, Ten Eleven Ventures - Capabilities: Identity-and-data access graph for AI security; maps relationships between human and non-human identities, applications, and data across the enterprise; ingests enterprise-wide access logs from SaaS apps, public clouds, data stores, and AI systems; AI correlates them into a visualization showing which identities access which data and how; automatic data asset inventory across cloud, on-premises, and air-gapped environments; sensitivity tagging. - Sensors/Integration: Agentless cloud-delivered service; integrates with major SaaS apps, hyperscalers, and data stores; ingests access logs at enterprise scale. - Protections: Audit data access for AI agents and NHIs; define minimum-required permissions for all identities; limit blast radius if an account or agent is compromised; trace any piece of data an AI agent touches across chains of sub-agents and tools; instant anomaly detection on unexpected agent behavior with automated Zero Trust Exchange responses. - Differentiator: Positioned access governance as the AI-era control plane; Now the foundation of Zscaler's Zero Trust Exchange for AI agent governance; One of the few vendors mapping the agent-identity-data triangle as a single graph. ### Tego AI - Website: tego.ai - Founded: 2025 - Country: Israel - Funding: Undisclosed - Categories: Agentic Identity, Observability & Governance, Runtime & Guardrails - Founders: Dan Benger, Tal Melamed, Itay Rozenman - Investors: Geek Ventures, Crescendo - Capabilities: Agent-native security platform built on three pillars: discover, monitor, and control AI agents across the enterprise. Automatic agent discovery across all platforms maps each agent configuration, tools, and permissions; runtime behavioral baselining per agent detects anomalies and misuse before they become incidents; and just-in-time, purpose- and intent-aware access control ensures each agent can only access what it needs for each specific task. Targets regulated industries such as finance, healthcare, energy, and government with audit trails and agent-to-agent communication risk visibility, and publishes a public database analyzing the security risks of AI agent skills. - Sensors/Integration: Agent-native discovery and monitoring layer integrating across agent platforms; runtime instrumentation captures per-agent behavior for baselining; an access-control broker mediates agent permissions just-in-time at the moment of each task. - Protections: Just-in-time, intent-aware least-privilege access control on agent actions; behavioral anomaly detection per agent; containment of compromised or misbehaving agents; audit trails for every agent action; visibility and control over unmanaged or shadow agents operating outside security oversight. - Differentiator: Thesis that traditional governance and access models assume human intent and deterministic behavior, so autonomous agents need agent-native controls; the just-in-time, purpose- and intent-aware access-control primitive is the core differentiator versus discovery-only or guardrail-only vendors; maintains a public AI agent skills security database as a research asset. Not affiliated with the unrelated public company Tego Cyber / VigilAigent (TGCB). ### Teleport - Website: goteleport.com - Founded: 2015 - Country: USA - Funding: $169M - Categories: Agentic Identity, Sandboxing & Secure Envs - Founders: Ev Kontsevoy, Taylor Wakefield, Alexander Klizhentas - Investors: Kleiner Perkins, Y Combinator, Bessemer Venture Partners, S28 Capital - Capabilities: Established identity-based infrastructure access platform (SSH, RDP, HTTPS, Kubernetes, cloud consoles via built-in proxy) with dedicated Agentic AI Security use case; eliminates shared secrets, standing privileges, and anonymous audit trails from agentic AI workloads and AI infrastructure; short-lived certificates ensuring bots and agents are not left unattended with API keys or access tokens; identity-based cryptography issuing cryptographic identities to users, machines, workloads, devices, and protected resources; session management and audit for infrastructure access by AI agents. - Sensors/Integration: Identity-aware proxy gateway; replaces VPN for AI infrastructure access; integrates with existing IdPs. - Protections: Short-lived cryptographic identities (vs. long-lived API keys/tokens), session-level audit, standing-privilege elimination, AI workload identity attestation. - Differentiator: Infrastructure access background (SSH, Kubernetes, RDP) gives architectural credibility for agents accessing infrastructure — closer to Aembit's positioning but with deeper roots in privileged-access management; Identity-based cryptography for AI workloads is distinctive. ### Teleskope - Website: teleskope.ai - Founded: 2022 - Country: USA - Funding: $8M+ - Categories: Agentic Data Governance, Observability & Governance - Founders: Jacqueline Kuo, Aaron Devera - Investors: Lerer Hippeau, Picus Capital - Capabilities: AI security and governance platform for data protection across AI/ML development lifecycle; PII discovery and classification in training data; data lineage for AI/ML pipelines; sensitive data redaction before LLM ingestion; compliance automation; integrations across cloud data warehouses and AI tools. - Sensors/Integration: Cloud-native integrations with data warehouses, data lakes, ML platforms; agentless scanning of structured and unstructured data; pipeline hooks for pre-ingestion classification. - Protections: Automated PII discovery and redaction before AI training; data classification feeding policy enforcement; compliance evidence for GDPR, CCPA, HIPAA; protection against accidental sensitive data exposure to AI models. - Differentiator: NYC-based startup (2022) with a data-pipeline focus on AI security that distinguishes Teleskope from pure runtime AI security competitors. ### Tenet Security - Website: tenetsecurity.ai - Founded: 2025 - Country: Israel - Categories: Runtime & Guardrails, Sandboxing & Secure Envs, AI Red Teaming - Founders: Barak Sternberg, Nevo Poran - Capabilities: Runtime Agent Defense layer for AI agents that monitors, controls, and secures agent reasoning and actions in real time with adaptive guardrails, shifting from passive monitoring to active enforcement. Its Agent-Side Simulation engine intercepts every tool call and execution path, simulates the outcome in a parallel environment, and deterministically blocks or kills hijacked logic before it reaches production infrastructure. Maps an agent's full decision tree in real time to catch lateral movement, unauthorized data passing, and agent hijacking that traditional EDR, DLP, and prompt scanners miss. Pre-Flight Red Teaming, fed by Tenet Threat Labs, bombards agents in CI/CD with thousands of adversarial attacks before deployment. - Sensors/Integration: Latency-optimized, drop-in runtime layer that needs no custom Python checks or proprietary query language and adapts to model updates instantly; intercepts tool calls and execution paths at runtime; a CI/CD red-teaming harness fed by Tenet Threat Labs intelligence; cloud-hosted. - Protections: Deterministic, pre-execution blocking of hijacked agent logic via parallel simulation (real-time sandboxing); defense against agent hijacking, lateral movement, and data exfiltration; adaptive guardrails that survive model updates rather than brittle hardcoded rules; pre-production adversarial testing against jailbreaks and lateral-movement techniques. - Differentiator: Positions itself as the first Runtime Agent Defense layer, moving agent security from monitoring to enforcement: rather than scanning prompts or relying on static rules, it simulates an agent's intended tool calls in a parallel reality and deterministically kills malicious actions before they execute. Thesis that useful agents need high-privilege access (API keys, write permissions, Slack and database access), so a hijacked agent instantly inherits those privileges and bypasses the identity perimeter — a class of attack it calls AgentJacking that EDR, DLP, and prompt scanners cannot catch. Israel-based; recognized in the 2026 Cybersecurity Excellence Awards and InfoSec Awards. ### Terra Security - Website: terra.security - Founded: 2024 - Country: Israel - Funding: $38M - Categories: AI Red Teaming - Founders: Shahar Peled, Gal Malachi - Investors: Felicis, Dell Technologies Capital, SVCI, SYN Ventures, Lama Partners, Underscore VC - Capabilities: Agentic pentesting of web/AI/API/mobile/cloud, AI red teaming, audit-ready signed reports. - Sensors/Integration: Agentic pentesters operating against customer environments (offensive). - Protections: None — produces vulnerability findings, not enforcement. - Differentiator: Continuous agentic pentest with human-on-the-loop; Compresses 4–6 week pentests to hours. ### TestSavant - Website: testsavant.ai - Founded: 2025 - Country: USA - Categories: AI Red Teaming, Runtime & Guardrails, Observability & Governance - Founders: Alex Belotsky, Kuba Fietkiewicz - Capabilities: AI assurance and security platform for generative and agentic AI combining automated reliability testing (hallucination, bias, toxicity, sensitive-data disclosure), AI red teaming with synthetic adversaries, low-latency runtime guardrails, and audit-grade evidence and compliance reporting in one control plane. - Sensors/Integration: Inline guardrails deployable in front of any AI system; CI/CD gates in the SDLC; test orchestration across models, agents and workflows. - Protections: Adaptive runtime guardrails enforcing threat-detection policies; continuous red-team campaigns mapped to OWASP and NIST; regression detection for model drift; evidence packets for SOC 2 / ISO reviews. - Differentiator: Unifies AI quality testing, adversarial red teaming and runtime guardrails in a single 'AI Assurance Studio' spanning product, security and GRC teams. ### Tetrate - Website: tetrate.io - Founded: 2018 - Country: USA - Funding: $52.5M - Categories: MCP & LLM Gateways, Runtime & Guardrails, Observability & Governance, Agentic Network Security - Founders: Varun Talwar, Jeyappragash JJ - Investors: Sapphire Ventures, Scale Venture Partners, Dell Technologies Capital, Intel Capital, 8VC, Samsung NEXT, NTTVC, KAAJ Ventures - Capabilities: Tetrate Agent Router Enterprise (TARE) — GenAI runtime visibility and governance platform built on Envoy service mesh heritage; LLM traffic management routing requests across model providers; AI data gateway capabilities for content inspection and policy enforcement; cost and performance optimization for LLM API consumption; integration with enterprise service mesh deployments; production-grade observability and reliability primitives applied to AI traffic. - Sensors/Integration: Envoy-based proxy layer inserting into the LLM request path; service mesh integration leveraging customers' existing Istio/Envoy deployments; cloud-delivered or self-hosted options; integrates with Tetrate Service Bridge for enterprise customers already using Tetrate for non-AI workloads. - Protections: Content-aware policy enforcement on LLM traffic; rate limiting and abuse prevention; cost controls preventing runaway agent loops; observability-driven anomaly detection; multi-provider routing for resilience and cost optimization; production-grade SLAs and operational maturity from service-mesh heritage. - Differentiator: Leverages the natural fit of Envoy as an L7 proxy for LLM traffic; Pre-existing enterprise relationships ease adoption of the new AI offering as an extension of existing Tetrate deployments. ### ThirdLaw - Website: thirdlaw.io - Founded: 2025 - Country: USA - Categories: Runtime & Guardrails, Observability & Governance - Founders: Ed Albanese - Capabilities: AI safety and control for enterprise AI agents and LLMs; proactive risk management; real-time monitoring; seamless compliance for AI operations; empowers IT + Security teams with policy enforcement for autonomous AI systems. - Sensors/Integration: Early-stage; integration model not publicly detailed. - Protections: AI agent safety controls, real-time runtime monitoring, compliance enforcement. - Differentiator: "Three Laws of Robotics" namesake positions explicitly around safety-and-control thesis; Very early-stage pure-play; Minimal public technical detail vs. better-funded competitors — flagged for radar tracking; Closer in positioning to Knostic and Capsule than to identity-focused competitors. ### Tibo - Website: tibo.ai - Founded: 2023 - Country: Singapore - Categories: Observability & Governance, Agentic Data Governance - Founders: Peng Zhao - Investors: Oak Seed Ventures - Capabilities: Gives enterprises real-time visibility and control over AI usage and discovers unauthorized/shadow AI across the organization. - Sensors/Integration: Quickly deployed agent/extension that monitors AI tool usage with no IT setup. - Protections: Automatically detects, redacts, and replaces sensitive data in prompts in real time while preserving prompt quality. - Differentiator: Intelligent redaction that prevents data leaks while maintaining productivity and prompt accuracy. ### Tinfoil - Website: tinfoil.sh - Founded: 2024 - Country: USA - Funding: $0.5M - Categories: Model Security, Sandboxing & Secure Envs - Founders: Jules Drean, Sacha Servan-Schreiber, Tanya Verma - Investors: Pioneer Fund - Capabilities: Confidential AI platform that runs models inside secure hardware enclaves, offering private inference, a private chat and an OpenAI-compatible inference API with zero-trust, zero-access, zero-retention guarantees; collaborates with Red Hat on open-source confidential-AI infrastructure. - Sensors/Integration: NVIDIA Hopper/Blackwell confidential-computing GPUs plus CPU TEEs (AMD SEV-SNP / Intel TDX); cryptographic runtime attestation and transparency logs; open-source, auditable security-critical stack. - Protections: Hardware-enforced isolation and memory encryption keep prompts, data and model weights inaccessible to anyone (including the cloud and Tinfoil) during processing; verifiable attestation for supply-chain integrity. - Differentiator: Founded 2024 in San Francisco; one of the few platforms offering multi-GPU confidential computing with near-native performance; its security-critical infrastructure is open-source and cryptographically verifiable. ### Token Security - Website: token.security - Founded: 2023 - Country: Israel - Funding: $27M - Categories: Agentic Identity, Observability & Governance - Founders: Itamar Apelblat, Ido Shlomo - Investors: Notable Capital, TLV Partners, SNR, Shlomo Kramer - Capabilities: Continuous NHI + AI agent discovery, lifecycle management, posture (permissions drift, right-sizing), ITDR for NHIs, Token MCP Server + Token AI Agent conversational interface. - Sensors/Integration: SaaS deployment with API integrations to IdP (Okta/Entra), cloud (AWS/Azure/GCP/K8s/Snowflake), source repos, secrets managers. - Protections: Right-sized least-privilege enforcement, orphaned-identity decommissioning, permissions drift remediation, ITDR for NHIs, automated remediation. - Differentiator: Strongest NHI heritage of any vendor here; RSAC Innovation Sandbox 2026 finalist. ### Traceforce - Website: traceforce.ai - Founded: 2025 - Country: USA - Categories: AI-SPM, MCP & LLM Gateways - Founders: Xia Hua, Glenn Mulvaney - Capabilities: Automatically discovers every AI tool, MCP, and skill across endpoints and assesses risk from actual usage patterns. - Sensors/Integration: Lightweight endpoint agent (Scout Lite), TraceGraph Agent SDK, and open-source MCP X-Ray scanner. - Protections: Context-aware risk detection with automated remediation integrating into existing security stacks. - Differentiator: Endpoint EDR built specifically for locally-running AI agents that traditional EDR and CASB miss. ### Trail Security - Website: trail.security - Founded: 2023 - Country: Israel - Funding: $35M - Categories: Agentic Data Governance, Observability & Governance, Runtime & Guardrails - Founders: Zohar Vittenberg, Nadav Zingerman, Roei Mutay - Investors: Lightspeed Venture Partners, CRV, Cyberstarts - Capabilities: Next-generation data loss prevention (DLP) platform; AI-powered detection of sensitive data exfiltration across endpoints, cloud, and SaaS; deep content inspection at the data flow boundary; protects against both human and AI-agent-driven data leakage; now integrated with Cyera DSPM to deliver the industry's first Unified Data Security Platform. - Sensors/Integration: Endpoint, network, and SaaS integrations for comprehensive data egress monitoring; integrates with Cyera's DSPM platform post-acquisition for unified visibility. - Protections: Inline DLP blocking sensitive data leaving the org; AI-aware policy enforcement covering GenAI tool usage; behavioral classification of risky data flows; complementary to DSPM's at-rest data classification. - Differentiator: Founded in 2023 in Israel; Operated entirely in stealth from founding to acquisition; Cyera's second-largest acquisition; Established Cyera as a unified data security platform combining DSPM + DLP, disrupting a $2B legacy DLP market projected to reach $21B by 2034. ### Trent AI - Website: trent.ai - Founded: 2024 - Country: UK - Funding: $13M - Categories: Runtime & Guardrails, Observability & Governance, Agentic Code Security - Founders: Eno Thereska, Neil Lawrence, Zhenwen Dai - Investors: Phoenix Court, LocalGlobe, AWS - Capabilities: Multi-agent security solution — specialized AI security agents that continuously scan, judge, mitigate, and evaluate AI agents across their entire lifecycle; continuously scans models for code, dependencies, infrastructure, runtime behavior; risk analysis + business impact; auto-patching of vulnerabilities; configuration modification + fix validation; posture evaluation against standards. - Sensors/Integration: Embedded into development workflows (CI/CD-adjacent) and runtime environments; multi-agent platform observing AI agent code + deps + infra + runtime simultaneously. - Protections: Vulnerability patching, configuration mitigation, fix validation, posture-vs-standard evaluation, audit-ready reporting for design partners. - Differentiator: Only vendor on this list using a multi-agent system to secure AI agents (defensive agents-securing-agents architecture). ### TrojAI - Website: troj.ai - Founded: 2019 - Country: Canada - Funding: $15.5M - Categories: Runtime & Guardrails, Model Security, AI Red Teaming - Founders: Lee Weiner, James Stewart - Investors: Lavrock Ventures, Vanedge Capital - Capabilities: TrojAI Detect (pre-deployment red teaming), TrojAI Defend (runtime firewall), Defend for MCP, prompt injection / jailbreak / data leakage / tool exploitation detection. - Sensors/Integration: Self-hosted-friendly so data stays in customer environment; model/cloud/platform-agnostic. - Protections: Inline blocking, PII/NER/toxicity/DoS/source-code/confidential-data detection, customizable risk engine, MCP runtime protection. - Differentiator: Oldest vendor on this list (founded ~2019); Gartner-recognized across AI TRiSM, Hype Cycle GenAI; Self-hosted strength for regulated industries. ### TrojanVectors - Website: trojanvectors.com - Founded: 2024 - Country: USA - Categories: AI Red Teaming, Model Security - Founders: Sachin Dharashivkar - Capabilities: Automated red-teaming agents that probe AI systems through simulated adversarial attacks. - Sensors/Integration: Attack-simulation agents that test models and pipelines for malicious prompts and poisoned vector-DB inputs. - Protections: Surfaces vulnerabilities to malicious prompts and indirect prompt injection / vector-database poisoning before exploitation. - Differentiator: Specialized focus on indirect prompt injection through vector databases alongside general adversarial red teaming. ### Trust3 AI - Website: trust3.ai - Founded: 2016 - Country: USA - Funding: $67.3M - Categories: Observability & Governance, AI-SPM, Agentic Data Governance - Founders: Balaji Ganesan, Don Bosco Durai - Investors: Battery Ventures, Insight Partners, Sapphire Ventures, Accel - Capabilities: Unified data and AI governance platform with policy-based access control (PBAC); policy automation across data and AI agents; AI inventory and discovery; real-time guardrails on data and AI workflows; trust agents for automated governance; bias and ethical violation prevention; regulatory compliance tracking across GDPR, HIPAA, EU AI Act. - Sensors/Integration: Integrations with structured and unstructured data sources; cloud-delivered platform; agent-based policy enforcement in data pipelines; API connectors to data warehouses, lakes, and AI tools. - Protections: Automated policy creation via natural language; runtime guardrails enforcing data and AI agent policies; centralized audit trails; compliance evidence generation; bridges data governance and AI governance under one control plane. - Differentiator: Privacera rebrand (March 2026) signals the broader trend of mature data-governance vendors pivoting to unified AI+data governance; one of the longest-running teams in pure-play AI governance. ### Trustwise - Website: trustwise.ai - Founded: 2023 - Country: USA - Funding: ~$4M - Categories: Runtime & Guardrails, Observability & Governance, AI-SPM - Founders: Manoj Saxena - Investors: Firestreak Ventures - Capabilities: Harmony AI runtime trust layer enforcing security, control, and alignment in AI agent behavior; AI Security Posture Management (AI-SPM); policy evasion prevention; blast-radius reduction across multi-agent systems; hallucination detection and prevention; sensitive data leakage detection; cross-platform support across cloud, ML platform, and LLM choices. - Sensors/Integration: API-based integration as a runtime trust layer between AI agents and downstream systems; cross-cloud and cross-LLM coverage; teams across Austin, NYC, Cambridge UK, and Hyderabad. - Protections: Inline blocking of prompt injection and policy evasion at runtime; alignment enforcement against company policies; runtime intervention preventing unauthorized agent autonomy; deployed by CISOs in regulated financial services and healthcare. - Differentiator: Deep regulated-industry positioning aimed at financial-services and healthcare CISOs, with a strong responsible-AI governance heritage. ### Tumeryk - Website: tumeryk.com - Founded: 2024 - Country: USA - Categories: Runtime & Guardrails, Observability & Governance - Founders: Rohit Valia - Capabilities: AI Trust Score Guardrails — real-time security and governance for GenAI agents and applications; jailbreak detection, bias monitoring, content moderation, defined "AI Trust Zone"; shadow AI discovery and risk scoring via integration with Wiz (AI-SPM partnership); auto-generated AI Trust Score per discovered AI asset. - Sensors/Integration: Real-time guardrail enforcement at the agent/application level; integration with Wiz for asset discovery; AWS Marketplace deployment. - Protections: Jailbreak detection, bias and harmful-output mitigation, content moderation, governance over enterprise chatbots and embedded GenAI applications. - Differentiator: AI Trust Score as a quantitative, per-asset metric is unusual on this list; Deep Wiz partnership for AI asset discovery distinguishes from standalone guardrail vendors. ### Twine Security - Website: twinesecurity.com - Founded: 2023 - Country: Israel - Funding: $12M - Categories: Agentic Identity, Observability & Governance - Founders: Benny Porat - Investors: Ten Eleven Ventures, Dell Technologies Capital - Capabilities: AI Digital Employees for cybersecurity; first digital employee Alex is an IAM expert handling Identity Silos and HR system bonding, full audit tracing, app onboarding on existing IGA, User Access Reviews (UAR), retrospective access audits, Principle of Least Privilege (PoLP) implementation, SaaS MFA enforcement, entitlement optimization, access profile and policy creation, account ownership integrity, stale account cleanup, lifecycle management; Alex follows a detect-analyze-plan-remediate workflow. - Sensors/Integration: SaaS platform integrating with existing IGA, IdP, HR systems, and SaaS apps; Deloitte partnership for IAM deployments; SOC 2, GDPR, ISO 27001:2022 certified. - Protections: Automated ticket-load reduction (41% in 180 days at Fortune 500 customer), entitlement reduction (76% via agentic UAR at Fortune 500 healthcare), stale account cleanup, MFA enforcement gaps, principle-of-least-privilege enforcement, lifecycle automation. - Differentiator: Distinctive AI-employee framing — Alex is a defensive AI agent that does IAM work rather than a platform securing other agents (inverse positioning from most NHI vendors here); 2025 Gartner Cool Vendor in Identity-First Security; RSAC 2025 Innovation Sandbox finalist; Forbes Cloud 100 Rising Star. ### Unbound - Website: getunbound.ai - Founded: 2023 - Country: USA - Funding: $4M - Categories: Agentic Network Security, Observability & Governance, Agentic Code Security, MCP & LLM Gateways - Founders: Rajaram Srinivasan, Vignesh Subbiah - Investors: Race Capital, Y Combinator, Massive, Wayfinder Ventures, Pioneer Fund - Capabilities: GenAI security platform and AI Gateway that discovers and governs employee GenAI usage and intelligently reroutes sensitive prompts to secure self-hosted open-source models; now an Agent Access Security Broker (AASB) that discovers, assesses and governs AI coding agents and their MCP connections across the org. - Sensors/Integration: AI Gateway connecting to common AI tools; integrations with coding agents (Cursor, Roo, internal copilots) and MCP servers; processes millions of agent actions weekly. - Protections: Real-time monitoring, PII/secret redaction and prompt rerouting; blocks sensitive-data leaks to unvetted models and MCP servers; policy enforcement over autonomous coding-agent actions; has prevented 7,000+ potential data leaks. - Differentiator: Founded 2023; pivoted from a GenAI DLP gateway to an Agent Access Security Broker purpose-built for AI coding agents and MCP governance; cuts AI tooling cost up to 70% via model routing. ### Unseen Security - Website: unseensecurity.ai - Founded: 2025 - Country: Netherlands - Categories: Observability & Governance, Runtime & Guardrails - Capabilities: Discovery and governance of all GenAI/Shadow AI usage plus a secure multi-LLM chat gateway to ChatGPT, Claude, Gemini, and Copilot. - Sensors/Integration: Monitors employee AI tool usage, prompts, and integrations across browsers and SaaS. - Protections: Redirects users from risky tools to a governed environment, enforces data policies, blocks proprietary data from training public models. - Differentiator: Combines an AI firewall with pay-per-use multi-LLM access that replaces costly per-seat AI licenses. ### Valarian Technologies - Website: valarian.com - Founded: 2023 - Country: UK - Funding: $20M+ - Categories: Model Security, Sandboxing & Secure Envs, Agentic Network Security - Founders: Max Buchan, Josh McLaughlin - Investors: Scout Ventures, AIN Ventures - Capabilities: ACRA AI private AI model hosting platform for on-premise deployment in secure environments; zero-trust architecture; tactical/defense-focused AI workloads; air-gapped and disconnected deployment support; broader Valarian secure communications platform extending to AI. - Sensors/Integration: On-premise and air-gapped deployment; zero-trust network architecture; integration with secure enclaves and tactical comms; tamper-resistant hardware support. - Protections: AI workloads isolated in zero-trust architectures; air-gapped operation for sensitive government and defense missions; tamper-resistant deployment; supports classified AI workloads inaccessible to commercial cloud AI providers. - Differentiator: Defense and tactical-focused AI security positioning rare among AI security startups; targets government, defense, and critical infrastructure use cases requiring fully isolated AI; zero-trust + AI combination is increasingly relevant for sovereign AI demands. ### Valence Security - Website: valencesecurity.com - Founded: 2021 - Country: Israel - Funding: $32M - Categories: Agentic SSPM, Agentic Identity, Observability & Governance, Agentic Data Governance - Founders: Yoni Shohet, Shlomi Matichin - Investors: YL Ventures, M12, Porsche Ventures, Akamai Technologies, Alumni Ventures - Capabilities: SaaS security platform extending into AI risk management; SaaS-to-SaaS connection mapping and risk analysis; OAuth grant discovery and remediation across the SaaS estate; configuration drift detection; data exposure analysis (overshared files, public links, external collaborators); shadow AI app discovery via SaaS integration footprint; non-human identity inventory across SaaS apps; lifecycle workflows for risky integrations and orphaned tokens. - Sensors/Integration: Agentless SaaS-to-SaaS API integrations across the SSPM footprint; OAuth-aware; identity-graph data model. - Protections: OAuth token revocation for risky AI integrations, misconfiguration remediation, data oversharing remediation, automated lifecycle workflows for shadow integrations. - Differentiator: Established SSPM vendor extending into AI agent governance via the SaaS-to-SaaS integration graph — the same data substrate that catches risky human-installed SaaS apps now catches AI tools and agents authorizing into the SaaS estate. ### Verax - Website: verax.ai - Founded: 2024 - Country: USA - Funding: $7.6M - Categories: Runtime & Guardrails, Observability & Governance - Founders: Leonid Feinberg, Oren Gev - Investors: TQ Ventures, Concept Ventures, Cardumen Capital, Seedcamp, InMotion Ventures, XTX Ventures - Capabilities: Enterprise AI control layer (Verax Protect / Control) providing real-time detection and correction of LLM hallucinations, data-leakage prevention, and PII access control across AI applications and agents. - Sensors/Integration: Inline layer monitoring AI prompts and responses; integrates across enterprise AI applications. - Protections: Real-time hallucination detection and correction; blocks sensitive-data leakage; enforces PII access controls and content policies on AI outputs. - Differentiator: Emphasizes output trustworthiness (hallucination detection and correction) alongside guardrails, targeting AI reliability as much as security. ### Verosek - Website: verosek.com - Founded: 2026 - Country: USA - Categories: MCP & LLM Gateways, Runtime & Guardrails, Observability & Governance - Founders: Vats Shah - Capabilities: AI + MCP gateway that sits as one layer between apps and every AI agent, acting as a drop-in replacement for the OpenAI, Anthropic, and Gemini SDKs. Routes LLM calls to any provider, executes MCP tools with per-key access control, and runs 24 security checks across input, output, tool output, and session drift. Detects prompt injection and jailbreaks via a multilingual classifier, blocks indirect injection through post-tool scanning of SQL rows and Slack messages, prevents PII/secret exfiltration with a multilingual PII engine plus secret-regex patterns, and flags off-topic drift and hallucination using per-key topic centroids and grounding verdicts. Every step is signed and audited. - Sensors/Integration: Gateway between apps and models/tools; 50 MCP tool connectors across databases, SDLC, knowledge systems, search, automation, and observability; 12 OpenAI endpoints plus native Anthropic and Gemini support; DBeaver-style per-key access control; post-tool execution scanning before responses reach the model. Under 30ms overhead per request. - Protections: FAIL_CLOSED by default — every tool call scanned, every decision signed. Inline blocking of prompt injection, jailbreaks, indirect injection, and PII/secret exfiltration; off-topic drift and hallucination grounding checks; tamper-evident HMAC-SHA256 audit traces with offline verification; AES-256-GCM encryption; deterministic checks with offline ML aligned to NIST AI RMF. - Differentiator: Enforces what agents are actually allowed to do at the tool boundary, not just in the prompt — typed per-key access control and post-tool scanning rather than prompt-only guardrails. Drop-in SDK replacement (just change the base URL), signed audit receipts, and self-hosted, managed-cloud, or air-gapped deployment. ### Vijil - Website: vijil.ai - Founded: 2023 - Country: USA - Funding: $23M - Categories: AI Red Teaming, Runtime & Guardrails - Founders: Vin Sharma, Subho Majumdar, Zdravko Pantic - Investors: Mayfield, Gradient Ventures, Brightmind Partners - Capabilities: Tests, hardens, and continuously defends enterprise AI agents via Vijil Evaluate, Vijil Dome, and Vijil Darwin. - Sensors/Integration: Automated stress tests, behavioral/compliance evaluations, plus live monitoring of agent inputs/outputs and production telemetry. - Protections: Vijil Dome blocks out-of-policy or unsafe inputs/outputs at runtime while Darwin proposes adaptive fixes. - Differentiator: Closed-loop agentic resiliency that learns from production attacks; Gartner Cool Vendor in agentic AI TRiSM. ### Virtue AI - Website: virtueai.com - Founded: 2024 - Country: USA - Funding: $30M - Categories: AI Red Teaming, Runtime & Guardrails, Observability & Governance, Model Security - Founders: Bo Li, Dawn Song, Sanmi Koyejo, Carlos Guestrin - Investors: Lightspeed Venture Partners, Walden Catalyst Ventures - Capabilities: AI-native security platform for agentic frameworks and LLM applications; AgentSuite product line covering red teaming, runtime guardrails, and security testing for agent workflows; deep technical research backing including academic AI safety expertise; broad coverage of prompt injection, jailbreaks, agent manipulation, and adversarial-ML attacks against models themselves. - Sensors/Integration: SDK and API integrations for embedding into LLM applications and agent frameworks; cloud-delivered red-teaming engine; integrates with major LLM providers and frameworks (LangChain, LlamaIndex, etc.) at the framework level. - Protections: Red-team-driven discovery of vulnerabilities before production; runtime guardrails inline-blocking attacks at inference time; model-layer protections distinct from prompt-level filtering; framework-aware controls that understand agent workflow context (not just per-prompt). - Differentiator: Strong academic AI-safety research heritage (CMU and other top labs) translating into a commercial security product — differentiates from competitors with primarily security backgrounds; AI-native architecture (vs traditional security retrofitted to AI) is the positioning pitch; Targets the high-end of the market where buyers care about defensive techniques being grounded in published research rather than heuristics. ### Vorlon - Website: vorlon.io - Founded: 2023 - Country: USA - Funding: $15.7M - Categories: Observability & Governance, Agentic Identity, MCP & LLM Gateways - Founders: Amir Khayat, Amichay Spivak - Investors: Accel, Shield Capital - Capabilities: Agentic Ecosystem Security Platform; AI Agent Flight Recorder — captures continuous cross-app audit trail of every agent action (every identity, SaaS app, API endpoint, data classification, downstream system touched) built on patented DataMatrix intelligent simulation technology; AI Agent Action Center for coordinated response; immutable + queryable record available in minutes; secures the "agentic ecosystem"; detects new MCP servers connecting agents to sensitive data; supports custom (dynamic) rules. - Sensors/Integration: Third-party API + SaaS monitoring; continuous near-real-time analysis; integrates with SIEM/SOAR/ITSM. - Protections: Cross-app forensics (reconstruct full picture from fragmented platform-specific logs), agent action audit trail, intelligent simulation for proactive exposure management, custom rule-based detections. - Differentiator: "AI Agent Flight Recorder" is rare in the space — most observability competitors focus on prompt/response logs; Vorlon captures the full cross-application action chain of agent behavior; Gartner Emerging Tech: Intelligent Simulation report inclusion; CRN 2025 Stellar Startup. ### Wald AI - Website: wald.ai - Founded: 2023 - Country: USA - Funding: $4M - Categories: Agentic Data Governance, Runtime & Guardrails - Founders: Vinay Goel, Ritesh Ahuja - Investors: Entrada Ventures, Inventus Capital Partners - Capabilities: Secure gateway letting enterprises use ChatGPT, Gemini and other AI assistants while protecting sensitive business data with contextual DLP. - Sensors/Integration: Inspects prompts and uploads in real time to detect PII and proprietary data using context-aware classification. - Protections: Automatically redacts/sanitizes and encrypts prompts before they reach AI providers, with zero data retention (HIPAA/GDPR/CCPA). - Differentiator: Contextual redaction that preserves prompt usefulness rather than crude blocking, with zero data retention. ### Wallarm - Website: wallarm.com - Founded: 2016 - Country: USA - Funding: $75M - Categories: Agentic Network Security, Runtime & Guardrails, MCP & LLM Gateways, Observability & Governance - Founders: Stepan Ilyin, Ivan Novikov, Shayne Higdon - Investors: Toba Capital, Y Combinator, Runa Capital, Partech, AltaIR Capital, Amino Capital - Capabilities: API-first security platform with dedicated "Protect Agentic AI" product line; extends established API security (WAAP, API discovery, schema enforcement, anomaly detection) to AI agents and AI-enabled APIs; agent-aware traffic inspection understanding LLM endpoints, MCP servers, and embedding APIs; AI-specific anomaly detection beyond traditional API abuse patterns; integrated AI security posture across the broader API estate. - Sensors/Integration: Inline API gateway and WAF-style proxy in front of AI agents and LLM endpoints; cloud-delivered or self-hosted deployment options; integrates with major API gateways (Kong, Apigee, AWS API Gateway) for traffic inspection; agent-aware schema and traffic learning. - Protections: Inline blocking of agent-specific attacks (prompt injection, jailbreak attempts) at the API layer; AI-aware anomaly detection catching abuse patterns specific to LLM and agent traffic; rate limiting and abuse prevention on AI endpoints; schema enforcement for MCP and other agent protocols. - Differentiator: API-first framing means AI agent security is positioned as a natural extension of API security rather than a separate product category; Broader API security platform appeals to buyers who want one vendor across traditional APIs and AI agents. ### Waxell - Website: waxell.ai - Founded: 2025 - Country: USA - Categories: Observability & Governance, Runtime & Guardrails, MCP & LLM Gateways - Capabilities: Three products — Connect (MCP coordination: policy checks, PII scanning, audit trails per tool call, rug-pull detection, human-in-the-loop approvals); Observe (auto-instrumented tracing across LLM/tool calls, 50+ policy categories); Runtime (governed durable execution, checkpoint/replay, kill switches, isolated envs). - Sensors/Integration: OpenTelemetry-native auto-instrumentation; 200+ libraries, 12+ frameworks (LangChain, CrewAI, AutoGen, LlamaIndex, Semantic Kernel); works with Claude, GPT, Gemini, custom agents. - Protections: Per-tool-call policy enforcement, PII detection/redaction, cost budgets, kill switches, rug-pull alerts, isolated execution; SOC 2 Type II, HIPAA/PCI-DSS profiles; US/EU data residency. - Differentiator: Governance plane separating control from agent behavior so autonomy evolves while control stays stable; operator-led, execution-guarantee focus for revenue-critical production systems. ### Weagle - Website: weagle.ai - Founded: 2020 - Country: Italy - Categories: Agentic Browser Security, Agentic Data Governance - Investors: UniCredit Start Lab, Ventive - Capabilities: All-in-one platform protecting enterprises from data exposure across browsers, search engines, and LLMs, including anonymized search and AI chat data masking. - Sensors/Integration: Monitors browser/search/LLM traffic and user behavior to detect sensitive data. - Protections: Masks sensitive data in AI prompts/uploads, anonymizes queries, and auto-deletes stored sensitive data on a 24-hour cycle. - Differentiator: Browser- and search-centric data protection extended to LLM prompt masking; ISO 9001/27001 certified. ### White Circle - Website: whitecircle.ai - Founded: 2025 - Country: France - Funding: $11M - Categories: Runtime & Guardrails, AI Red Teaming - Founders: Denis Shilov - Investors: Angels from OpenAI, Anthropic, DeepMind, Mistral & Hugging Face, Olivier Pomel (Datadog CEO) - Capabilities: AI control layer that sits between users and AI models; automatically red-teams AI systems for failures, jailbreaks and hallucinations, enforces custom low-latency guardrails in real time, and monitors behavior with analytics and user clustering; maintains the open CircleGuardBench benchmark for LLM guard systems. - Sensors/Integration: Single API / proxy intercepting model inputs and outputs in real time; specialized in-house guard models; 150+ language coverage. - Protections: Real-time blocking of harmful content, prompt injection, jailbreaks, sensitive-data leakage and abusive users; model-drift detection; per-company custom policy enforcement. - Differentiator: Paris-based (founded 2025); has served 1B+ API requests; publishes CircleGuardBench and KillBench research. ### WhyLabs - Website: whylabs.ai - Founded: 2019 - Country: USA - Funding: $14M - Categories: Runtime & Guardrails, AI-SPM - Founders: Alessya Visnjic, Andy Dang, Sam Gracie, Maria Karaivanova - Investors: Madrona Venture Group, Bezos Expeditions, AI Fund - Capabilities: AI observatory for monitoring data/model health plus real-time LLM safety/security guardrails via the open-source LangKit toolkit. - Sensors/Integration: Extracts signals from prompts and responses including sentiment, toxicity, text quality, PII detection, and jailbreak detection. - Protections: Detects and helps block toxic outputs, jailbreaks, prompt injection, sensitive-data leakage, and hallucinations in real time. - Differentiator: Mature ML/data observability plus open-source LLM security guardrails (LangKit); acquired by Apple (early 2025). ### Willow - Website: withwillow.ai - Founded: 2026 - Country: Israel - Funding: $7M - Categories: MCP & LLM Gateways, Agentic Identity, Observability & Governance - Founders: Eyal Ben Ezra, Shalev Shalit, Idan Chetrit - Investors: Hetz Ventures, Avishai Abrahami, Nir Zohar - Capabilities: "Basecamp" for bring-your-own AI agents — every agent gets an identity, scoped permissions, and full audit trail; 1000+ connectors; API-to-MCP conversion; reusable pre-permissioned skills bundling multiple tools; shadow AI + vibe-coded app discovery; Slack-based approval workflows; PII protection; OWASP LLM06 coverage. - Sensors/Integration: Control plane that brokers agent access to tools/MCP servers; IdP integration with Okta, Entra, JumpCloud; SIEM forwarding; Slack integration; deep tool-action introspection. - Protections: Identity-verified per-agent action, scoped permissions inside each tool (sub-tool granularity), least-privilege skill bundles, Slack-routed approval gates for risky actions, real-time containment, audit trail tied to a real employee; SOC 1, SOC 2, GDPR compliant. - Differentiator: Explicit "we run the forest, not just the gateway" thesis vs. routing-only MCP gateways; Sub-tool permission granularity is rare on this list; Open-source projects MCP-S OAuth and Secure MCP Gateway. ### WitnessAI - Website: witness.ai - Founded: 2023 - Country: USA - Funding: $27.5M - Categories: Runtime & Guardrails, Agentic Network Security, Observability & Governance - Founders: Rick Caccia - Investors: Ballistic Ventures - Capabilities: Observe / Control / Protect modules — AI usage discovery, intent-based classification, four-action policy enforcement (allow/warn/block/route), bidirectional runtime defense (prompts + responses), agent observability + MCP server fingerprinting + intent classification. - Sensors/Integration: Network-layer, agentless, zero-install, proxy-less — no endpoint agent, no browser extension; single-tenant deployment with BYOK encryption. - Protections: Prompt-and-response inspection, PII/PCI-DSS-mapped controls (PCI 4.0.1), agent identity linkage (human-to-agent chain of responsibility), regulatory risk analytics, identity-linked audit trails. - Differentiator: Zero-install agentless architecture is unusually rare; Explicit PCI DSS 4.0.1 mapping; Single-tenant + BYOK appeals to regulated enterprises. ### Zendata - Website: zendata.dev - Founded: 2021 - Country: USA - Funding: $3.68M - Categories: Observability & Governance, Agentic Data Governance - Founders: Narayana Pappu, Pedro Pinango - Investors: PayPal Ventures, Entrepreneurs Roundtable Accelerator, Sputnik ATX - Capabilities: AI risk signal platform for data privacy and governance across applications and data pipelines; runtime guardrails for LLM and multi-agent workflows; model drift and bias monitoring; consent enforcement; third-party risk visibility; automated red-teaming; PII discovery and protection across CI/CD. - Sensors/Integration: Integrations with existing ML infrastructure; CI/CD pipeline hooks; data lineage tracing; consent and policy signal collection. - Protections: Automated PII discovery and protection; consent enforcement at data pipeline ingress; bias and drift alerts on production models; third-party AI risk assessments for procurement decisions. - Differentiator: San Francisco startup positioning as the 'security and compliance layer for AI systems' rather than pure data privacy, distinguishing Zendata from older privacy-only tools. ### ZenGuard - Website: zenguard.ai - Founded: 2024 - Country: USA - Funding: $150K - Categories: Runtime & Guardrails - Founders: Galym Uteulin, Baur Krykpayev - Investors: Entrepreneurs Roundtable Accelerator, MOST Ventures, Sand Hill North - Capabilities: AI agent security testing + runtime protection in a single product; prompt injection detection, data leak detection, vulnerability scanning; OWASP LLM Top 10-mapped attack library; pre-deployment security evaluation and continuous runtime monitoring. - Sensors/Integration: SDK / API integration into AI applications and agents; runtime guardrails inline with LLM calls. - Protections: Real-time prompt injection block, data exfiltration block, jailbreak detection, OWASP LLM Top 10 coverage, vulnerability scanning before deployment. - Differentiator: Explicit OWASP LLM Top 10 positioning; Combines red-team testing + runtime protection in a single lightweight product (vs. multi-module platforms). ### Zenity - Website: zenity.io - Founded: 2021 - Country: Israel - Funding: $55M - Categories: Agentic SSPM, Observability & Governance, Runtime & Guardrails - Founders: Ben Kliger, Michael Bargury - Investors: Third Point Ventures, Intel Capital, Vertex Ventures - Capabilities: Build-time + runtime security for AI agents and citizen-developer apps, Clarity Agent + stateful threat engine, intent-aware detection of tool calls / memory access / data usage patterns, shadow AI discovery, OWASP + MITRE policy enforcement. - Sensors/Integration: Platform-deep API integrations into Microsoft Copilot Studio, Salesforce Agentforce, AWS Bedrock, Azure AI Foundry, Power Platform. - Protections: Real-time runtime enforcement on agents, build-time controls (authentication, secret-handling, over-sharing), policy enforcement across Copilot Studio / Agentforce / Bedrock / Foundry. - Differentiator: Named "Company to Beat" in AI Agent Governance in Gartner 2026 report; Pioneer of LCNC/citizen-dev security space; Deepest LCNC-platform coverage. ### Ziosec - Website: ziosec.com - Founded: 2024 - Country: USA - Funding: $2.1M - Categories: Runtime & Guardrails, Agentic Code Security, AI Red Teaming - Founders: Aaron Walls, Andrius Useckas - Investors: Superhero Capital, Access Venture Partners, LAUNCH (Jason Calacanis), Greater Colorado Venture Fund - Capabilities: Security platform for hardening OpenClaw AI agents against attacks; security scanning of agent definitions and configurations; data exfiltration prevention specific to agent contexts; privilege escalation detection in multi-step agent workflows; open-source components published alongside commercial offerings; OpenClaw-specific tooling positioning Ziosec as the security partner of choice for that framework ecosystem. - Sensors/Integration: OpenClaw-native integration — sits within the OpenClaw framework as security middleware; scans agent definitions and runtime behavior; complements (rather than replaces) general-purpose AI security platforms. - Protections: Hardens OpenClaw agents against prompt injection, data exfiltration, and privilege escalation; security scanning catches misconfigurations in agent definitions; runtime enforcement for the OpenClaw runtime; open-source release patterns build community trust and adoption. - Differentiator: Framework-specific positioning (OpenClaw) is distinctive — most AI security vendors target framework-agnostic horizontal coverage, while Ziosec goes deep on a single ecosystem; Open-source release strategy aligns with the OpenClaw community; Notable that Prompt Security's ClawSec product targets the same OpenClaw ecosystem — Ziosec and ClawSec are direct competitors in the niche of OpenClaw-specific security.