Capsule Security Emerges From Stealth to Secure AI Agents at Runtime

Capsule Security today emerged from stealth to launch a platform that secures artificial intelligence (AI) agents at runtime.

Fresh off raising $7 million in seed funding, Capsule Security CEO Naor Paz said the company’s platform makes it possible for cybersecurity teams to enforce controls and governance policies across multiple types of AI agents running in a production environment.

At the core of that capability is ClawGuard, open source software that adds a pre-invocation checkpoint to assess the intent of an AI agent before agents execute tool calls. Designed to be installed with a single click, that capability then makes it possible to mitigate the cybersecurity risks in real time without requiring proxies, gateways, software development kits (SDKs) or browser extensions, said Paz.

In fact, Capsule has already published two research papers detailing zero-day vulnerabilities in AI agents that it has dubbed ShareLeak and PipeLeak, respectively. ShareLeak is a critical severity indirect prompt injection vulnerability in Microsoft Copilot Studio (CVE-2026-21520), while PipeLeak is a separate prompt injection vulnerability discovered in the Salesforce Agentforce platform.

Both vulnerabilities are susceptible to untrusted lead-form inputs that can be used to maliciously influence agent behavior in ways that can be used to exfiltrate data or compromise an entire workflow.

Prior to its formal launch today, Capsule was one of six finalists in the CrowdStrike, Amazon Web Services (AWS) and NVIDIA Startup Accelerator contest held during the recent RSA Conference.

The pace at which organizations are deploying AI agents is already far exceeding the ability of most organizations to secure them. In some cases, AI agents are being deployed in isolated environments to limit their access to, for example, email services. However, it’s only a matter of time before AI agents are pervasively deployed across IT environments. Capsule is making a case for adding a runtime framework specifically designed to enable cybersecurity teams to apply policies to any AI agents that might be deployed with or without the consent of cybersecurity teams.

There have, of course, already been several cybersecurity incidents involving AI agents. However, it’s not likely that organizations will focus on the issue until there have been a few major cybersecurity incidents. In the meantime, savvy cybersecurity teams should be moving now to secure AI agents that, like it or not, are soon going to number in the thousands within an IT environment.

For all intents and purposes, intent is now the new perimeter in the age of AI agents, said Paz. It’s simply not possible to secure IT environments without understanding the task that an AI agent is trying to accomplish, he added. The fundamental challenge is that most AI agents have been designed to accomplish a goal at all costs, which means they will aggressively attempt to access and analyze any and all data made accessible. The only way to limit the scope of those efforts is to enforce policies and controls at the point of runtime execution in a way that can be applied to any AI agent deployed.