Capsule Security Launches with $7M to Secure AI Agents

A new cybersecurity firm has emerged with a $7 million seed investment to tackle a critical vulnerability in enterprise AI. Capsule Security, backed by Lama Partners and Forgepoint Capital International, focuses on securing AI agents from manipulation, data theft, and unintended actions as they handle sensitive workflows. The company is advised by a formidable group of industry leaders, including former CISA Director Chris Krebs, former CyberArk Global CIO Omer Grossman, veteran Fortune 500 CISO Jim Routh, and former financial services security executive Dr. Yonesy Núñez.

The rapid adoption of AI agents presents a unique security challenge. These systems operate with significant permissions inside critical business systems, acting as a new class of privileged user that functions at machine speed. Microsoft reports over 80% of Fortune 500 companies now use active agents built with low-code tools, while coding agents like Claude Code are accelerating automation. Legacy security tools, however, were not designed to monitor the dynamic decision-making that occurs between a prompt and an action, creating a dangerous runtime gap.

Chris Krebs highlighted this fundamental shift, stating that legacy tools cannot monitor what happens between prompt and action. Capsule’s CEO, Naor Paz, elaborated on the risk, explaining that agents do not behave like deterministic software, creating a governance chasm. The company’s platform aims to close this gap by enforcing trust at runtime, providing visibility and control directly within the agent’s execution path to prevent unauthorized access or actions.

The threat is already materializing. Capsule’s research team has disclosed two zero-day vulnerabilities in major platforms, dubbed ShareLeak and PipeLeak. ShareLeak, a critical-severity indirect prompt injection flaw in Microsoft Copilot Studio, was assigned CVE-2026-21520 and has been patched. PipeLeak, found in Salesforce Agentforce, allowed untrusted form inputs to influence agent behavior and trigger unsafe downstream actions. These findings demonstrate how malicious content can hijack an agent’s goals and turn routine processes into high-risk pathways. To address risks in open frameworks, Capsule also released ClawGuard, an open-source tool that adds a security checkpoint before agents execute tool calls.

Advisor Omer Grossman framed the issue as an imperative, noting the agentic AI boom creates a runtime behavior opening companies cannot ignore. The ability to secure this layer determines whether organizations can adopt AI rapidly without compromising trust. Capsule’s approach uses runtime models to evaluate actions in context, blocking unsafe activity before completion and generating auditable telemetry for governance and compliance teams.

The platform is designed for seamless integration, securing both third-party and custom agents without requiring proxies, gateways, or SDKs. It supports environments including Cursor, Claude Code, Microsoft Copilot Studio, ServiceNow, and Salesforce Agentforce, feeding telemetry into existing security workflows.

Investors emphasized the novel technical demands of this space. Ron Zalkind of Lama Partners noted that agents have the “superpower” to write and deploy code at unprecedented rates, a capability that necessitates new security paradigms built to interpret intent and real-time behavior. Damien Henault of Forgepoint Capital International detailed Capsule’s technical foundation, which involves fine-tuning Small Language Models (SLMs) to create a multi-agent system of Guardian Agents. This architecture enables AI to protect AI, delivering both posture management and low-latency runtime protection, built by a team with deep expertise in both traditional security and emerging agent protocols.