AI Agent Security Market Emerges as Enterprises Struggle With Runtime Governance

A new category of security tooling is taking shape around the governance of autonomous AI agents, as enterprises discover that traditional access controls and identity systems were not designed for software that writes and deploys code on its own.

Tel Aviv-based Capsule Security emerged from stealth in mid-April with a platform designed to monitor and block risky AI agent behavior in real time, disclosing that it had already identified vulnerabilities in systems operated by Microsoft and Salesforce. The company was selected as one of six finalists from nearly 1,000 startups in the CrowdStrike, Amazon Web Services, and NVIDIA accelerator at the RSA Conference. Capsule employs roughly 70 people across Israel and the United States and was founded in 2025 by CEO Naor Paz, formerly of F5 and Unit 8200, and CTO Lidan Hazout, previously VP of R&D at SecuredTouch and Transmit Security.

KnowBe4, known for human-focused security awareness training, announced its Agent Risk Manager product on April 15, positioning the tool as a solution to what it calls the "agentic paradox"—giving AI agents enough autonomy to be productive without making them destructive. The company is expanding its AI-native agent suite, AIDA, and claims to be the only platform delivering this depth of autonomous capability in human risk management.

"Agents have the 'super power' to write and deploy code at unprecedented rates, fundamentally changing how software is built and operated," said Ron Zalkind, founding general partner at Lama Partners, an investor in Capsule. Omer Grossman, a Capsule advisor and former Global CIO at CyberArk, added that "the agentic AI boom is creating an opening in runtime behavior enterprises can't afford to ignore."

Capsule's approach centers on "guardian agents," AI systems that monitor and control other agents. The platform is designed to operate without additional infrastructure such as proxies, gateways, or SDKs, and supports systems including Cursor, Claude Code, Microsoft Copilot Studio, ServiceNow, and Salesforce Agentforce. Gartner has named Capsule a representative vendor in its market guide for this emerging category.

(The rise of agent-specific security tools reflects a broader enterprise challenge: AI systems are being deployed in operational technology and supply chain environments where rapid iteration collides with legacy governance frameworks. Multiple reports from industrial and legal sectors indicate that agents may already be operating on devices with access to critical systems, even without formal rollout approval.)

The security gap is appearing across sectors. Supply chain consultancy Maine Pointe noted in mid-April that many AI investments are failing to deliver expected ROI because the technology is deployed without rethinking underlying processes. Justice Sonia Sotomayor told law students on April 9 that AI "has the potential to perpetuate the very best in us and the very worst of us," urging them to master the technology as a tool. Meanwhile, legal analysts are warning that the use of AI does not alter fundamental obligations of accuracy, reasonableness, and accountability—the legal risk lies not in the existence of hallucinations but in the failure to govern and verify them.

The agent security market is forming as enterprises confront a maturity gap in access control, credential hygiene, and identity attribution. Studies show problems in distinguishing AI agent actions from human actions, and the rapid expansion of agentic systems is exposing weaknesses that traditional security architectures were not built to address.