Capsule Security Exits Stealth With $7M to Stop AI Agents From Going Rogue at Runtime

TEL AVIV, Israel--(BUSINESS WIRE)--Capsule Security, a trust layer for agentic AI, today launched from stealth with a $7 million seed round led by Lama Partners alongside Forgepoint Capital International. Capsule secures the most unpredictable component in the AI stack at runtime. It prevents AI agents from being manipulated, misbehaving, or silently exfiltrating data when they access sensitive information and execute workflows inside the enterprise.

Capsule is advised by security juggernauts who have put their trust in the company's innovative approach, including Chris Krebs, the first Director of CISA; Omer Grossman, former Global CIO at CyberArk; Jim Routh, former CISO across multiple global, Fortune 500 enterprises; and Dr. Yonesy Núñez, former CISO and senior security executive across financial services.

"AI agents are a new class of privileged user, operating at machine speed with minimal oversight,” said Chris Krebs. “Legacy tools weren't built to monitor what happens between prompt and action—that's the runtime gap. Capsule closes it."

AI agents are being introduced into enterprise environments at record speed, with permissions and direct paths into critical business systems. Microsoft recently reported that more than 80% of Fortune 500 companies now use active AI agents built with low-code and no-code tools. Concurrently, coding agents are swiftly expanding the speed and scope of automation. The recent rollout of Claude Code Security, for example, is being viewed as a wake-up call that the future of cybersecurity will be shaped by deep runtime and AI capabilities, not by posture dashboards alone.

“AI agents are quickly becoming a new class of privileged user in the enterprise, except they can act at machine speed and they do not behave like deterministic software,” said Naor Paz, CEO and co-founder of Capsule Security. “That creates a dangerous gap between what security teams can govern today and what agents can do in production. Capsule closes that gap by enforcing trust at runtime, inside the execution path, so teams can move fast with agents while staying in control of what those agents can access and execute.”

ShareLeak, PipeLeak, and ClawGuard: proof points and real-world disclosures

The risk is not theoretical. In open frameworks like OpenClaw, every tool invocation becomes a decision point and potential strike. To address this, Capsule created ClawGuard, an open-source enforcer that adds a pre-invocation checkpoint before agents execute tool calls.

The same class of risk is emerging in mainstream agent platforms. Concurrent to its emergence from stealth, Capsule has published two research reports detailing zero-day vulnerabilities discovered in leading platforms, ShareLeak and PipeLeak. ShareLeak is a critical severity indirect prompt injection vulnerability in Microsoft Copilot Studio, patched and assigned CVE-2026-21520. PipeLeak, another prompt injection vulnerability, was discovered in Salesforce Agentforce, triggering through untrusted lead-form inputs to influence agent behavior and drive unsafe downstream actions. Together, the findings show how suspicious content can hijack agent goals and steer tool usage, turning routine workflows into high-impact risk paths.

Prior to exiting stealth, Capsule was also named one of six finalists in the CrowdStrike, Amazon Web Services and NVIDIA Startup Accelerator at the RSA Conference. It beat out nearly 1,000 startups to pitch Capsule’s AI-native innovation to celebrity investor and ‘Shark Tank’ Executive Producer, Robert Herjavec, among others.

“The agentic AI boom is creating an opening in runtime behavior enterprises can’t afford to ignore,” said Capsule Advisor, Omer Grossman. “The ability to secure this layer is what ultimately determines whether companies can move fast with AI without breaking trust. That is why I chose to support Capsule Security. The team is addressing the problem at its core by delivering real-time visibility and control over agent behavior, grounded in the operational reality of AI-driven environments within a fundamentally new and rapidly evolving paradigm.”

Capsule has been dubbed a representative vendor in Gartner’s market guide for “guardian agents,” a category of artificial intelligence designed to oversee and protect other AI agents as they act. Capsule’s runtime models evaluate actions in context and can block unsafe or unauthorized activity before it completes. Capsule also generates auditable telemetry designed for governance, investigation and compliance teams.

The platform is designed to secure both third-party and custom agent deployments without added infrastructure. No proxies, gateways, SDKs, or browser extensions required. Capsule supports Cursor, Claude Code, Microsoft Copilot Studio, ServiceNow, and Salesforce Agentforce and integrates with existing security workflows, enabling teams to route agent telemetry into established response processes.

“Agents have the ‘superpower’ to write and deploy code at unprecedented rates, fundamentally changing how software is built and operated,” said Ron Zalkind, Founding General Partner at Lama Partners and Board Member at Capsule Security. “With that level of power comes a new responsibility to secure it. Security leaders understand that legacy tools were never designed to interpret intent, context, and real-time behavior, which are essential for securing dynamic agentic environments. From day one, Naor and Lidan have combined deep technical rigor with clarity of vision to build a platform that allows organizations to confidently adopt AI agents while stopping dangerous actions before damage is done.”

Damien Henault, Managing Director/Partner at Forgepoint Capital International and Capsule Board Member, added, “Capsule fine-tuned Small Language Models (SLMs) to create a multi-agent system of 'Guardian Agents' that can protect AI with AI, covering both posture and low-latency runtime protection. The team is the strongest of the agent-space players, having expertise in both traditional security and deep familiarity with emerging protocols like MCP and Skills.”

About Capsule Security

Capsule Security is a runtime security layer purpose-built for enterprise AI agents. Capsule helps organizations adopt agentic AI with control and confidence by monitoring agent actions in real time and enforcing guardrails on behavior before actions are completed. Capsule was founded in 2025 by Naor Paz, CEO, formerly of F5 and Unit 8200, and Lidan Hazout, CTO, formerly VP R&D at Securedtouch (acquired by Ping Identity) and Transmit Security. It is headquartered in Tel Aviv. To stay up-to-date, follow Capsule on LinkedIn.