In Q1 2026, over $500M in venture capital was deployed into agent security startups — Armadin ($190M, Kevin Mandia’s new company), Kai ($125M), 7AI ($166M), Onyx ($40M). Enterprise budgets are increasing 20-40% for agent security add-ons. The market is funded and growing fast.

But the biggest pain point has no dominant product.

Why this matters

The #1 and #2 pain points in agent security — malicious marketplace skills and prompt injection enabling RCE — both score 45/45 on frequency x intensity rankings. But the solution landscape for runtime agent behavior monitoring is empty. 80% of IT professionals report agents performing unauthorized actions. NanoClaw provides container-level isolation but doesn’t monitor behavior inside the container. No widely-adopted tool watches what agents actually do in real-time: which files they access, which APIs they call, which network connections they make.

The funded startups are building enterprise platforms — compliance dashboards, policy engines, risk scoring. Those are important. But the practitioner-level gap (a tool that tells you “your agent just accessed /etc/passwd and sent a POST to an unknown endpoint”) remains wide open.

Source

Market data from Signal Report #1, aggregated from Crunchbase, vendor announcements, and community reporting in Q1 2026.

What to do about it

  1. If you’re deploying agents today, build your own monitoring. Log agent actions (file access, network, API calls) and set up alerts for anomalous patterns. Nobody else is doing this for you yet.
  2. If you’re building in this space, runtime behavioral monitoring for agents is the gap with the highest pain and lowest competition.
  3. Watch the enterprise players. When Armadin and Kai ship their platforms, they’ll set the compliance standard. But the developer-facing runtime tool is still wide open.

Half a billion dollars is chasing agent security. The hardest problem still doesn’t have a product.

Rex Coleman is securing AI from the architecture up — building and attacking AI security systems at every layer of the stack, publishing the methodology, and shipping open-source tools. rexcoleman.dev · GitHub · Singularity Cybersecurity

If this was useful, subscribe on Substack for weekly AI security research — findings, tools, and curated signal.