The Perimeter Is Now a Prompt: Security After AI
AI turned every API, agent, and identity into an attack surface — the durable winners automate defense at the speed of software.
Thesis: Security budgets don’t shrink, they reallocate — to AI-native defense
The last decade’s “cloud-first” security stack is colliding with an AI software cycle that generates new surfaces faster than humans can defend: agents calling other agents, LLM-connected apps, synthetic media, and crypto rails moving value in real time. The pattern across programs is clear: the next security leaders embed into developer workflows, automate compliance and triage with agents, and operate on top of data and identity planes — not just at the network edge. YC’s portfolio shows the arc: from early bot/fraud defense to API and confidential computing, and now to agentic SOCs and deepfake detection.
The landscape: real companies, real sub-patterns
- Cloud, APIs, and confidential compute are the new backbone. Salt Security maps APIs and AI-enabled workflows — down to agents and MCP servers — and enforces policy in production. Infisical unifies secrets, certs, and privileged access for developers and AI agents. Anjuna pushes data security into the runtime with confidential computing and private AI. Newer entries like Casco bring autonomous, year-round testing to web, API, infra, and AI systems, and Escape turns offensive security into an always-on, business-logic-aware capability.
Salt SecurityProtects organizations from getting breached through their APIs.
InfisicalUnified platform for secrets, certs, and privileged access management
AnjunaAnjuna enabled organizations to trust any infrastructure
- Agentic operations: the SOC runs on playbooks and autonomous workers. ContraForce orchestrates AI agents across Microsoft Sentinel/Defender tenants so MSPs/MSSPs can triage and respond without ballooning headcount. Agency positions AI agents as forward-deployed security and compliance engineers. On the endpoint, idemeum governs applications and privileges with AI to collapse ticket volume.
ContraForceSecurity Delivery Platform to orchestrate AI agents for Service…
AgencyAgency replaces traditional security and compliance headcount with AI.
idemeumAI-powered Application Control
- Trust, safety, and the synthetic media crisis. The generator–detector dynamic is fully here: D-ID accelerates creation of realistic AI personas and live avatars — a capability enterprises want for content but that also expands impersonation risk. Defenders answer in kind: Reality Defender brings enterprise deepfake detection via API, while Cinder provides agent-based moderation and abuse infrastructure for AI-powered platforms. Meanwhile, legacy in-app fraud stacks like Castle remain essential at the edge.
Reality DefenderEnterprise Deepfake Detection
CinderInfrastructure to protect companies from AI abuse
D-IDEnable creators and developers to generate realistic AI personas
- Compliance, revenue enablement, and buying center expansion. The compliance wedge remains potent: Vanta industrialized continuous GRC; Oneleet and Feroot Security automate frameworks from SOC 2 to PCI/HIPAA. Deal acceleration tools like Skypher automate security questionnaires, while acquired SafeBase proved trust centers are a scalable way to offload customer security reviews.
VantaVanta—the proven leader in automated compliance helping startups…
OneleetYC's most popular security compliance platform (SOC 2, ISO 27001,…
SkypherAI agent for Compliance Questionnaires Automation
SafeBaseTrust Center platform that scales customer security reviews
- Financial crime, crypto, and programmable trust. TRM Labs fuses blockchain intelligence with investigations and an emerging disruption network. Notabene coordinates Travel Rule compliance and counterparty verification for global, stablecoin-enabled payments. Quantstamp remains a keystone for Web3 security audits, while Variance applies AI agents to fraud investigations with full audit trails.
TRM LabsTRM is building a safer financial system for billions of people.
NotabeneThe Notabene platform is the trust layer for global money movement.
QuantstampSecurity auditing for Web3
VarianceAI Agents for Fraud Review and Investigations
- Devices, privacy, and human risk. AI-era device sprawl meets compliance via Swif.ai for unified MDM. Consumer privacy gets a power tool in Optery to remove personal data from brokers, and Malloc Inc detects spyware on mobile with an AI-driven approach. Workforce risk is durably human; Riot automates awareness and simulations to keep fast-growing teams out of the news.
OpteryOpt out software that removes your private info from the internet
Malloc IncAI-driven mobile cybersecurity
Swif.aiThe guardrail for AI on every device
CastleBlock bots & bad behavior
Physical and facility layers aren’t exempt: Ambient.ai unifies access control, monitoring, and incident response with an AI reasoning layer, while Munily centralizes building security and operations in LATAM — the same “always-on visibility” principle applied to the physical graph.
Batch cohorts: when the bet concentrated
- Winter 2018 was a fulcrum: Sqreen, Vanta, Anjuna, and Quantstamp together read as a deliberate bet on application security, continuous compliance, confidential compute, and crypto safety — a cohesive stack for cloud-first enterprises.
- Winter 2022 heated the AI abuse and privacy frontier: Reality Defender, Agency, Cinder, Optery, and Munily framed the “AI-as-attacker” era and the need for agentic defense and consumer privacy.
- Summer 2021 clustered agentic SOC and endpoint control: ContraForce, idemeum, and Malloc Inc all leaned into AI-driven response and endpoint autonomy.
- The early guardrails were laid in 2015–2016: Smyte, Cymmetria, ThinAir, Castle, and Salt Security — bots, deception, data, and APIs — forecasting today’s adversarial, app-centric world.
- Winter 2023 shows the offensive/identity synthesis: Infisical, Escape, and Variance. And the theme isn’t cooling: Summer 2024’s Clearly AI pushes automated security/privacy reviews deeper into the buyer’s workflow, while Spring 2025’s Casco makes autonomous testing year-round.
Shared characteristics of the emerging winners
- AI-native, not AI-bolted-on: platforms like Cyble, ContraForce, and Agency use agents to operate programs, not just analyze alerts.
- Developer-embedded distribution: Infisical, Escape, and even Termius meet engineers where they work — vaults, CI, and SSH — reducing procurement friction.
- Compliance as GTM wedge to revenue: Vanta, Oneleet, Feroot Security, and Skypher convert “checkbox costs” into revenue accelerants.
- Network effects in risk: TRM Labs and Notabene improve with every integration and case; Quantstamp compounds expertise across audits.
What’s working — and what isn’t
- Evidence of outcomes: acquisitions validated multiple approaches — Sqreen, SafeBase, Templarbit, Cymmetria, Smyte, and Clickfacts. These exits spanned appsec, trust center ops, deception, abuse, and ad-fraud — the market pays for reduced risk and faster sales.
- Casualties teach the edges: Datree (Kubernetes misconfiguration control) and ThinAir (data security) are inactive — signals that narrow controls without adjacent automation or distribution can stall.
- Adaptations matter: many contenders explicitly pivoted or renamed — Salt Security, Riot, Upfort, D-ID, Cyble, Canix, Swif.ai, Castle, Variance, Escape, Malloc Inc, Anjuna, and Agency. In security, evolution is a feature, not a bug.
Risks and tarpits
- Point-tool purgatory: buyers drown in vendors. Products without strong adjacent surfaces (identity, data, runtime) struggle.
- AI false positives and explainability: agentic SOCs like ContraForce and investigative tools like Variance win only if they’re auditable and enforce SOPs.
- Compliance commoditization: platforms such as Vanta, Oneleet, and Clearly AI must keep moving up-stack to risk, not just reports.
- Adversarial ML and synthetic media: detectors like Reality Defender fight a moving target as generators advance.
- Regulatory volatility on-chain: TRM Labs, Notabene, and Quantstamp must thread global policy shifts while scaling networks.
Why now — and the outlook
AI has collapsed attacker costs. The response must be software-speed defense: autonomous testing (Casco), runtime-embedded controls (Salt Security, Anjuna), identity-first protection (Infisical, idemeum), and agentic operations (Agency, ContraForce). Budget reallocation favors platforms that both reduce risk and unblock revenue — trust centers (SafeBase), questionnaire automation (Skypher), and continuous GRC (Vanta, Oneleet).
The next category leaders will unify three planes: identity (who and what is acting), data (what’s sensitive and where it flows), and automation (agents executing policy). YC’s cross-batch signal is that this unification is underway. In a world where the perimeter is a prompt, the durable moats will be agentic execution, developer-native distribution, and networks that get smarter with every event.
Key companies in this memo
The headline bets — outcomes and all. (+27 more linked throughout the piece.)
Salt SecurityProtects organizations from getting breached through their APIs.
InfisicalUnified platform for secrets, certs, and privileged access management
AnjunaAnjuna enabled organizations to trust any infrastructure
ContraForceSecurity Delivery Platform to orchestrate AI agents for Service…
AgencyAgency replaces traditional security and compliance headcount with AI.
Reality DefenderEnterprise Deepfake Detection
CinderInfrastructure to protect companies from AI abuse
VantaVanta—the proven leader in automated compliance helping startups…
OneleetYC's most popular security compliance platform (SOC 2, ISO 27001,…
TRM LabsTRM is building a safer financial system for billions of people.
NotabeneThe Notabene platform is the trust layer for global money movement.
QuantstampSecurity auditing for Web3