Security Agents and Agent Security
Once we had GenAI, it did not take long to supply LLMs with tools and the ability to use them. The LLM is granted agency to use the tools to affect change. There are travel booking agents from Naval, Expedia, Kayak, and Hopper. Navan is even branching out into general purpose agents. There are dozens of note taking agents for meetings. There are sales agents, procurement agents, HR agents. Any one service may spin up dozens of agents to accomplish a task.
All of these agents pose a serious security problem. What controls are in place? How are permissions granted? How are they audited?
Here are some of the components that put a vendor into the Agent Security subcategory of AI Security:
• Action-level RBAC (Roll Based Access Control).
• T ool-call governance (Which tools? When? How?).
• Pre/post-execution policy checks.
• Guarding agent memory + context.
• Observability + audit trails.
• Detecting agent drift, deception, or runaway loops.
• MCP server hardening.
• API access control for autonomous agents.
• Simulation / sandboxing of agent actions.
Agents are a new a form of machine identity and should not be lumped in with human identity governance. Lifecycles can be short and ephemeral. It is no surprise that we have discovered 16 vendors that focus on AI Agents.
| Company | Country | Investment ($M) | Employees |
|---|---|---|---|
| Identity Machines | Canada | - | 53 |
| Token Security | Israel | $27M | 48 |
| Akto | USA | $4.5M | 29 |
| GuardiAgent | Switzerland | - | 23 |
| TensorOpera AI | USA | $13.2M | 21 |
| Invariant Labs | Switzerland | - | 7 |
| Multifactor | USA | $15M | 4 |
| Dash Security | USA | - | 3 |
| Alter | USA | $0.5M | 3 |
| GuardionAI | USA | - | 2 |
| ZenGuard | USA | $0.15M | 2 |
| Geordie | United Kingdom | - | 0 |
| Superagent | USA | - | 0 |
| Glide Identity | USA | $20M | 23 |
| intentyx | India | $0.5M | 11 |
| Unbound | USA | $0.5M | 11 |