SAN FRANCISCO — For a venture market that spent much of 2023 and 2024 in a defensive crouch, the first half of 2026 has looked almost giddy. The target of that enthusiasm: startups building security for autonomous AI agents, the software systems that now write code, triage alerts, and take actions inside enterprise environments with minimal human supervision. Investors who once treated "AI security" as a niche add-on to existing cybersecurity portfolios are now writing nine-figure checks for it, and strategic acquirers are following with some of the largest deals in the industry's history.
The numbers tell the story plainly. According to an aggregated analysis of Crunchbase funding data published in late March 2026, the ten most-funded agentic AI security startups have raised a combined $3.6 billion to date, while acquirers spent more than $96 billion on roughly 400 cybersecurity transactions in 2025 alone, per Momentum Cyber's year-end tally. Gartner, meanwhile, projects the broader AI cybersecurity market to grow from roughly $26 billion in 2025 to $172 billion by 2029 — a 73.9% compound annual growth rate that helps explain why generalist funds and cyber-specialist firms alike are chasing the category. Taken together, the data points to a genuine surge in agentic AI security startup funding, not a one-off outlier round.
A capital surge concentrated around a narrow window
The clearest evidence of investor urgency came in the two weeks surrounding the RSA Conference in mid-March 2026, when more than $392 million in new agentic AI security funding was announced in rapid succession. Oasis Security, a startup that manages access and governance for non-human identities such as AI agents and service accounts, raised a $120 million Series B led by Craft Ventures with participation from Sequoia Capital and Accel, bringing its total funding to $195 million. Founded in 2022 by Danny Brickman and Amit Zimerman, Oasis pitches what it calls "agentic access management" — a governance layer built for an environment where machine identities now vastly outnumber human ones inside most enterprises.
The same week, XBOW — an autonomous offensive-security platform founded by Oege de Moor, the creator of GitHub Copilot and GitHub Advanced Security — closed a $120 million Series C led by DFJ Growth and Northzone at a valuation north of $1 billion, with existing backers Sequoia Capital and Altimeter returning alongside new investors Sofina and Alkeon Capital. XBOW's pitch is unusual even by the standards of a crowded field: its AI systems perform penetration testing autonomously, and the company has publicly topped the HackerOne bug bounty leaderboard, competing directly against human researchers. XBOW has since added another $35 million from strategic investors, pushing its total raised to $237 million in a company that is not yet two years old.
Other RSAC-week rounds filled out the picture of where capital is flowing: Surf AI launched with $57 million, RunSybil — founded by an early OpenAI security hire — closed $40 million, and Qevlar AI raised a $30 million Series A with paying customers including Mercedes-Benz, Sodexo, and Orange Cyberdefense already on its books.
7AI and the "largest Series A in cybersecurity history"
No round better captures the intensity of investor appetite than 7AI's. The company, founded by former Cybereason CEO Lior Div and CTO Yonatan Striem-Amit, emerged from stealth in February 2025 and raised $130 million in a Series A led by Index Ventures, with new investor Blackstone Innovations Investments joining, just ten months later in December 2025 — a round the company and multiple outlets described as the largest Series A in cybersecurity history, bringing its total funding to $166 million. 7AI builds AI agents designed to absorb the "non-human work" of a security operations center: enriching signals, triaging alerts, and correlating telemetry. The company says its agents have processed more than 2.5 million alerts and completed over 650,000 investigations for customers including DXC Technology, which reportedly stood up its largest agentic security operation in eight weeks.
That kind of round size for a first institutional raise is itself a signal. Series A investors are no longer betting on a roadmap; they are paying premium prices for teams that have already shown enterprise SOC automation can hold up under real alert volume, and they are doing so at a pace — stealth to record-setting Series A in under a year — that would have been unusual even during the 2021 venture peak.
Identity is the theme money keeps returning to
Look across the largest rounds and acquisitions of the past year and one thread repeats: identity and access for machines, not just humans. Oasis Security's raise was explicitly framed around non-human identity governance. Data security posture management vendor Cyera, which has broadened into governing sensitive data accessed by AI systems, closed a $400 million Series F in January 2026 at a $9 billion valuation, bringing its total raised past $1.7 billion. And the largest security acquisition of all time landed squarely on the same theme: Palo Alto Networks closed its $25 billion acquisition of CyberArk on February 11, 2026 — a deal in which CyberArk shareholders received $45.00 in cash plus 2.2005 Palo Alto Networks shares per share held. Palo Alto Networks has framed the deal explicitly around securing "human, machine and agentic" identity as it integrates CyberArk's platform into its Cortex and Strata product lines, citing the risk of a "rogue agent" causing catastrophic data loss as a driving rationale.
The consolidation didn't stop there. Palo Alto Networks also acquired Protect AI, an AI/ML security specialist, in a deal reported at roughly $500 million. ServiceNow spent a combined $11.6 billion scooping up Armis ($7.75 billion), Moveworks ($2.85 billion), and Veza (roughly $1 billion). And Alphabet closed its long-pending $32 billion acquisition of cloud security vendor Wiz in March 2026. Strategic acquirers, in other words, are validating the same thesis venture investors are funding: that identity, access, and governance infrastructure has to be rebuilt for a world where software agents — not just software — act on a company's behalf.
Smaller bets on a newer risk: agent-to-agent protocols
Beneath the mega-rounds, a narrower and earlier-stage category has also started attracting capital: security for the Model Context Protocol (MCP) and similar agent-to-agent and agent-to-tool communication standards that let AI systems call external tools and data sources. Roughly $40 million has gone into four early-stage players in this specific niche — Operant AI ($13.5 million), Runlayer ($11 million), Helmet Security ($9 million), and Manufact ($6.3 million) — a small fraction of the $3.6 billion flowing to the category's leaders, but notable because it shows investors underwriting risk in infrastructure that barely existed as a named attack surface eighteen months ago.
Security-focused agentic AI applied to the SOC itself is also drawing distinct interest beyond 7AI, with investors backing companies like Dropzone AI, which raised a $37 million Series B in July 2025, and Noma Security, which closed a $100 million Series B the same month, alongside WitnessAI's $58 million Series B in January 2026. Each is making a version of the same bet: that AI agents will increasingly defend enterprises against AI-driven and AI-accelerated attacks, and that whoever builds the trust and governance layer underneath those agents captures durable value.
Why the renewed bet makes sense — and where the risk sits
None of this funding activity exists in a vacuum. Enterprises have moved from experimenting with copilots to granting AI agents standing credentials, write access to repositories and ticketing systems, and the ability to call internal APIs and third-party tools autonomously. Every one of those capabilities creates a new non-human identity, a new credential to rotate, and a new potential path for a compromised or manipulated agent to touch production systems. Investors are, in effect, funding the control plane for a workforce that doesn't sleep, doesn't request access reviews on its own, and can be manipulated through the same prompts and tool outputs it is designed to act on.
That is precisely why the category's biggest checks have clustered around identity governance, access management, and autonomous testing rather than around any single "AI firewall" product. The problem investors are underwriting isn't one vulnerability class — it's a structural shift in who, or what, holds credentials and executes changes inside enterprise software. Whether the current pace of agentic AI security startup funding sustains itself through 2027 will likely depend on whether these newly funded platforms can show the same outcomes 7AI and Oasis have started to demonstrate: measurable reductions in incident response time and identity sprawl, not just growing headcount and burn.
How Safeguard Helps
The funding surge described above is a signal worth taking seriously, not just for security teams evaluating point products, but for anyone responsible for the software supply chain that AI agents now touch. Agentic AI doesn't operate in isolation — it pulls dependencies, triggers CI/CD pipelines, opens pull requests, and increasingly ships code with far less human review than in years past. Every one of those actions runs through the same supply chain surface Safeguard is built to protect.
Safeguard helps organizations extend supply chain security practices to cover the agents now embedded in their development lifecycle. That means verifying the provenance and integrity of packages and dependencies that AI coding agents pull into a build — not just the ones a human engineer selected. It means treating an AI agent's write access to repositories, package registries, and CI/CD systems with the same scrutiny as a human contributor's credentials, including monitoring for anomalous commit patterns, unexpected dependency changes, or configuration drift introduced by an autonomous agent without a human catching it in review. And it means maintaining accurate SBOMs and build provenance records that account for AI-assisted and AI-generated code, so that when an agent introduces a vulnerable or malicious component, security teams can trace exactly where it entered the pipeline and what it touched downstream.
As venture capital and strategic acquirers pour billions into securing the identities and actions of AI agents, Safeguard focuses on the layer those agents depend on to function at all: the software supply chain itself. Non-human identity governance and autonomous red-teaming matter, but they don't answer the question of whether the code, packages, and build artifacts an agent is working with can be trusted in the first place. That's the gap Safeguard closes — giving security and engineering teams the visibility and controls to adopt agentic AI without inheriting supply chain risk they can't see.