Most security teams are still thinking about AI the old way, as a chatbot you type questions into and get answers back. That model is rapidly becoming irrelevant.

Today’s AI systems don’t just generate text. They call your APIs, access your SaaS apps, modify your databases, and trigger real-world actions, autonomously, at machine speed, across every system they’re connected to. The moment an AI agent can act, the entire security equation changes.

In the past several months, I collaborated with some friends in SafenAI, reviewing 75+ startups, shortlisting 50, and conducting 30+ direct conversations with founders building in this space. What follows is what we found.

What Is AI Agent Security?

Think of a traditional AI assistant like a consultant locked in a room, they can read documents and give you advice, but they can’t actually do anything without you physically carrying out each step. An AI agent is more like handing that consultant a full set of keys to your office, your systems, and your vendors, and telling them to get the job done.

That’s enormously powerful. It’s also a fundamentally different threat surface.

When an AI agent is compromised, it doesn’t just say something harmful, it does something harmful. It can silently exfiltrate data over months. It can execute fund transfers. It can spread across connected systems before any human notices. These attacks have already happened:

• A healthcare AI agent silently leaked patient data for 3 months before discovery — $14M in losses.

• EchoLeak (CVE-2025-32711) achieved zero-interaction data exfiltration. No user action needed.

• A nation-state attack on Anthropic completed its entire kill chain before human detection was even possible.

This is not a theoretical risk. It’s happening now.

The Landscape: 50 Companies, 4 Categories

We mapped the emerging AI agent security market into four primary categories, each addressing a distinct layer of the problem.

1. Discovery & Security Posture Management (12 companies)

OptimusLabs, Evoke Security, Akto, Zenity, Oryo, Nokod Security, Noma Security, MCPTotal, Helmet, Onyx Security, Geordie AI, Obot

The core question: What agents are actually running in your environment, and what are they doing?

Most organizations have no idea how many AI agents are deployed across their teams. Shadow agents, built by developers or business units without formal security review, are already common. This category gives CISOs the visibility they need before they can do anything else. It consistently wins the first enterprise budget in AI security.

2. Identity & Access Management (10 companies)

Arcade.dev, Descope, Natoma, Keycard, Pomerium, WorkOS, Identity Machines, DeepTrail, Sonoma, Opti AI

The core question: When an agent acts on behalf of a user, how do you ensure it only has access to what it actually needs?

Human IAM has been a solved problem for decades. Agent IAM is brand new. Agents need delegated identities, scoped tokens that expire, just-in-time access provisioning, and the ability to revoke permissions mid-task. None of the traditional IAM playbooks transfer directly.

3. Runtime Security (18 companies)

Runlayer, Aira Security, ZenGuard, Operant AI, Vijil, Straiker, Giskard, Adversa AI, Pillar Security, Virtue AI, Tenet Security, Skyrelis, Aiceberg, Gopher Security, PromptArmor, Fortifai, CodeIntegrity, Xyra Security

The core question: Can you detect and stop a dangerous action before it executes?

This is the most active area of the market, 18 companies, the largest category. The critical differentiator is whether a vendor can block a harmful action in real time, or only observe and alert after the fact. Vendors with enforcement capability (not just monitoring) are building the most defensible positions.

4. Governance & Audit (10 companies)

Barndoor AI, EqtyLab, WitnessAI, SurePath AI, Liminal AI, MintMCP, Lumia Security, Beltic, Lunar Dev, Eve Security

The core question: When something goes wrong, can you prove what happened, why, and who authorized it?

Regulatory pressure is real and accelerating. The EU AI Act, California’s 2026 behavioral compliance requirements, and board-level risk mandates in regulated industries are creating budget line items for agent governance that didn’t exist 18 months ago.

3 Insights From the Data

Insight 1: Runtime is the moat，but only if you can block, not just watch

With 27 of 50 companies covering runtime protection in some form, it’s the most contested layer. But there’s a sharp divide: companies that can intercept and block a dangerous action before it executes versus those that can only log and alert after.

This distinction matters enormously. An agent that deletes a database or transfers funds does the damage in milliseconds. Alerting after the fact is nearly useless. Watch this gap widen over the next 12 months.

Insight 2: Visibility wins first, but it won’t win forever

Discovery & SPM is where enterprise needed to start. CISOs have a simple rule: you can’t secure what you can’t see. Knowing what agents exist, what tools they can access, and what they’ve been doing is the obvious first purchase.

But visibility is also the most commoditizable layer. Once the market matures, discovery features will get bundled into broader platforms, and standalone SPM vendors will face pressure. The smart ones are already extending into enforcement. Personally, I feel that governance will be the budgeting area while you cannot start without discovery.

Insight 3: Agent attacks are designed to be invisible

Agent attacks are designed to be invisible. They operate silently over weeks or months, completing their objectives before any human ever sees a flag. The healthcare breach mentioned above ran for a full quarter undetected. The companies being attacked right now mostly don’t know it yet. By the time detection capability improves, the damage is already done.

What’s Next

This blog is a preview. We are releasing a full research report covering:

• Detailed company profiles and capability breakdowns across all 50 companies

• The complete lifecycle coverage matrix (how each company maps to Design, Build, Runtime, and Governance stages)

• Framework mapping to NIST CAISI, OWASP Top 10 for Agents, and MAESTRO

• Other analysis of this market and some insights

To get notified when it drops, follow my newsletter or us at luma.com/Safenai.

SafenAI is a lightweight industry research and collaboration initiative focused on AI infrastructure governance, enterprise AI operational risk, AI progress and AI-era security challenges.

Collaborate with security leaders, operators, founders, and researchers on governance frameworks, infrastructure risk discussions, AI operational trust, and enterprise AI adoption considerations through research, events, and educational initiatives.

The post The New Security Problem Nobody Saw Coming: AI Agent Security appeared first on Chasing Polaris – Wickey's blog.

*** This is a Security Bloggers Network syndicated blog from Chasing Polaris - Wickey's blog authored by Wickey Wang. Read the original post at: https://wickey.substack.com/p/new-security-problem-nobody-saw-coming-ai-agent-wickey-jqhqc