Capsule Security Exits Stealth to Stop Rogue AI Agents at Runtime

TEL AVIV, Israel – April 15, 2026 – As enterprises rush to deploy autonomous AI systems, a new and formidable security threat is emerging from within. Capsule Security, a Tel Aviv-based startup, launched from stealth today with a $7 million seed round to address this challenge, aiming to secure AI agents before they can be manipulated or cause catastrophic damage.

The funding round, led by Lama Partners and Forgepoint Capital International, will fuel the company's mission to close what it calls the “runtime gap”—a critical blind spot in enterprise security. While traditional tools monitor network traffic and user permissions, they are ill-equipped to police the complex, high-speed actions of AI agents operating with privileged access to sensitive corporate systems.

“AI agents are a new class of privileged user, operating at machine speed with minimal oversight,” said Chris Krebs, the first Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and an advisor to Capsule. “Legacy tools weren't built to monitor what happens between prompt and action—that's the runtime gap. Capsule closes it.”

The Rise of the Agentic Threat

The adoption of agentic AI—autonomous systems that can set goals, plan multi-step actions, and interact with other software—is exploding. Microsoft recently reported that over 80% of Fortune 500 companies are using active AI agents built with low-code tools. These agents are being integrated into everything from customer service and coding to sales and internal operations, acting on behalf of the enterprise.

This rapid integration creates a new attack surface. Unlike deterministic software, AI agents can be influenced by the data they process, making them vulnerable to manipulation. A malicious actor doesn't need to breach a firewall if they can trick an AI agent into exfiltrating data for them. This risk is compounded by the fact that agents often require broad permissions to perform their tasks, effectively becoming super-users with the potential to cause widespread disruption.

“AI agents are quickly becoming a new class of privileged user in the enterprise, except they can act at machine speed and they do not behave like deterministic software,” said Naor Paz, CEO and co-founder of Capsule Security. “That creates a dangerous gap between what security teams can govern today and what agents can do in production.”

From Theory to Reality: ShareLeak and PipeLeak

To prove the risk is not merely theoretical, Capsule's research team has already discovered and disclosed two significant zero-day vulnerabilities in major enterprise platforms. The findings demonstrate how routine workflows can be turned into high-impact security breaches.

The first, dubbed ShareLeak, was a critical-severity indirect prompt injection vulnerability found in Microsoft Copilot Studio. By embedding a malicious payload into a standard SharePoint form field, attackers could hijack the agent's instructions, causing it to leak sensitive data. The vulnerability was patched by Microsoft and assigned CVE-2026-21520.

The second, PipeLeak, was a similar prompt injection flaw discovered in Salesforce Agentforce. Malicious instructions hidden within a public-facing lead form could be triggered when an internal employee asked the agent to process the lead. This allowed the agent to be manipulated into performing unsafe actions, such as exfiltrating CRM data to an external server.

These real-world disclosures highlight a fundamental challenge: securing the unpredictable behavior of AI agents at the moment they act. To help the broader community, Capsule has also released ClawGuard, an open-source tool that adds a pre-invocation checkpoint before agents in open frameworks execute tool calls, mitigating some of this risk.

A New Paradigm: The 'Guardian Agent'

Capsule Security's approach places it at the forefront of an emerging market category identified by industry analyst firm Gartner: guardian agents. These are specialized AI systems designed to oversee, protect, and govern other AI agents in real time.

Instead of relying on static rules, guardian agents evaluate an AI agent's proposed actions in full context, considering its intent, the data it's accessing, and the tools it wants to use. Capsule’s platform functions as this guardian, creating a trust layer that can block unsafe or unauthorized activity before it completes. The system also generates detailed audit trails for governance, compliance, and incident investigation.

“The agentic AI boom is creating an opening in runtime behavior enterprises can’t afford to ignore,” noted Capsule Advisor Omer Grossman, former Global CIO at CyberArk. “The ability to secure this layer is what ultimately determines whether companies can move fast with AI without breaking trust.”

The platform is designed for seamless integration, supporting major agent deployments like Microsoft Copilot Studio, ServiceNow, and Salesforce Agentforce without requiring proxies, gateways, or SDKs. This allows security teams to monitor agent activity and route telemetry into their existing response workflows.

Backed by Security and Investment Heavyweights

The startup's ambitious vision is backed by a roster of cybersecurity veterans and strategic investors. Beyond Krebs and Grossman, the advisory board includes Jim Routh, a former CISO at multiple Fortune 500 companies, and Dr. Yonesy Núñez, a senior security executive with deep experience in the financial sector. This brain trust provides deep insight into the operational realities of enterprise security.

The investment from Lama Partners and Forgepoint Capital International, a prominent venture firm specializing in cybersecurity, further validates the market need. “Security leaders understand that legacy tools were never designed to interpret intent, context, and real-time behavior, which are essential for securing dynamic agentic environments,” said Ron Zalkind, Founding General Partner at Lama Partners.

Prior to its public launch, Capsule was also named a finalist in the prestigious CrowdStrike, AWS, and NVIDIA Startup Accelerator at the RSA Conference, selected from nearly 1,000 startups. As organizations increasingly hand over the keys to their most critical systems to AI, the ability to ensure these powerful new agents act as intended is no longer a luxury, but a fundamental requirement for a secure digital future.