Capsule Security, a Tel Aviv-based startup focused on securing enterprise AI agents, has emerged from stealth with a platform designed to monitor and control agent behavior in real time, alongside a $7 million seed round led by Lama Partners and Forgepoint Capital International.
The company is targeting what it describes as one of the fastest-growing blind spots in cybersecurity: AI agents operating with direct access to enterprise systems.
Unlike traditional security tools, Capsule focuses on runtime behavior, aiming to prevent agents from being manipulated, misbehaving or silently exfiltrating sensitive data as they execute tasks.
AI agents are being deployed across enterprises at a rapid pace, often with broad permissions and access to critical systems. Microsoft has said more than 80% of Fortune 500 companies now use active AI agents built with low-code or no-code tools.
“AI agents are quickly becoming a new class of privileged user in the enterprise, except they can act at machine speed and they do not behave like deterministic software,” said Naor Paz, CEO and co-founder of Capsule Security.
“That creates a dangerous gap between what security teams can govern today and what agents can do in production. Capsule closes that gap by enforcing trust at runtime, inside the execution path, so teams can move fast with agents while staying in control of what those agents can access and execute.”
To demonstrate the risks, Capsule disclosed two vulnerabilities affecting major platforms.
One, dubbed ShareLeak, is a critical indirect prompt injection flaw in Microsoft Copilot Studio, assigned CVE-2026-21520 and since patched. Another, PipeLeak, was identified in Salesforce Agentforce, where malicious input could influence agent behavior and trigger unsafe downstream actions.
The company said both cases show how seemingly routine workflows can be hijacked, allowing attackers to steer agent decisions and misuse connected tools.
Capsule has also released ClawGuard, an open-source enforcement layer that inserts a checkpoint before an AI agent executes a tool call, aiming to reduce the risk of abuse in open frameworks.
The platform is designed to operate without additional infrastructure such as proxies, gateways or SDKs, and supports systems including Cursor, Claude Code, Microsoft Copilot Studio, ServiceNow and Salesforce Agentforce.
Capsule’s approach centers on what it calls “guardian agents,” AI systems that monitor and control other agents. The company has been named a representative vendor in Gartner’s market guide for this emerging category.
“The agentic AI boom is creating an opening in runtime behavior enterprises can’t afford to ignore,” said Omer Grossman, a Capsule advisor and former Global CIO at CyberArk.
“The ability to secure this layer is what ultimately determines whether companies can move fast with AI without breaking trust.”
The company was founded in 2025 by CEO Naor Paz, formerly of F5 and Unit 8200, and CTO Lidan Hazout, previously VP of R&D at SecuredTouch and Transmit Security.
Capsule employs about 70 people across Israel and the United States and operates from Tel Aviv.
Its early traction includes selection as one of six finalists in the CrowdStrike, Amazon Web Services and NVIDIA Startup Accelerator at the RSA Conference, where it was chosen from nearly 1,000 startups to present its technology.
Investors say the shift toward autonomous AI systems requires a new security model.
“Agents have the ‘super power’ to write and deploy code at unprecedented rates, fundamentally changing how software is built and operated,” said Ron Zalkind, founding general partner at Lama Partners.
“With that level of power comes a new responsibility to secure it.”
Capsule said its platform generates auditable telemetry for compliance and investigation teams, while enabling organizations to integrate agent monitoring into existing security workflows.
As enterprises accelerate adoption of AI agents, the company is betting that real-time oversight, rather than static controls, will become a core layer of cybersecurity infrastructure.