Agentic Security Marketmap

Since April, I've been tracking the security startup space, specifically as it relates to agents and agentic workflows. Back then, there were a handful of security companies leaning into the concept of agents and demonstrating real progress. In just over 6 months, I've seen sizable increase in new companies being formed or coming out of stealth. This post is a snapshot of the current solutions I track and how I align them in the market.

Before diving into the details, it's worth understanding my methodology as building a market map isn't an exact science. Much of my understanding of companies is derived from their outward-facing marketing materials. When possible, I try to speak with companies directly and see the product. I will also speak with investors and other peers in the market to get their views on a given company or emerging space. I am most certainly missing companies and I have likely misclassified some. This map is a best effort for my own strategic planning and monitoring of the space.

Map Structure

In a recent post, I added some clarity to how I define agents and measure implementations. For me, agents are made up of components and implementations can be measured using various dimensions including level of autonomy, scope of function, scale of approach and whether the agent has a personality and interaction method. My market map makes use of scope on the vertical and autonomy on the horizontal axises to provide greater segmentation between solutions. Finally, I use color to align companies to a given space.

Emerging Agentic Security Areas

Below are a few areas I've seen emerging from the various companies listed in the map. Emerging areas for me are several companies operating in the space and an increased growth over time.

Incident Triage

SOAR is now considered dead, though automation applied to portions of the SOC is very much thriving. Companies in the triage space are using agentic workflows to perform the triage steps humans would do today, or what was previously automated with SOAR. These companies are striving to augment staffing in a SOC, reducing the mundane operational work and applying AI to assist in forming a verdict with response recommendations.

Dropzone.AI is one of the best examples I have seen for a company in this space with very transparent marketing and a clear value proposition. I also like CommandZero and their approach to codifying what an analyst does within an expert system and using AI to aid in the automation efforts. Long-term, I believe that many existing XDR solutions, many of which have SOAR capabilities, will begin adding more triage automation into their products forcing solutions in this space to expand to jobs beyond the SOC.

Code Vulnerability Analysis

Given advancements in AI, I expect to see a dramatic rise in code, especially that generated by machines. Unfortunately, not all of this code will be safe or follow best practices. Several startups are applying agents to continuously review source code, either post-commit or within CI/CD pipelines, to identify vulnerabilities and propose a fix that can easily merge with one-click. I suspect many of these solutions will also incorporate ways to analyze configurations and deployment scripts for best/secure practices, further strengthening any investments in shifting-left.

Pixee AI has been one of the more interesting solutions in market thus far. Their agent functions like a security engineer, processing scan results and finding vulnerabilities and then proposing fixes that can be merged into code. The team has noted their aspirations to also tackle other code-related challenges like quality, performance and and other use cases that are ripe for automation. I also pay attention to Github and their advanced security offerings. Github Copilot has been at the forefront of applying generative AI within their solutions and I'd expect to see their innovations extend to their security offerings.

Security Copilots/Agents

Generative AI has given new power to natural language, enabling users to express their intent, or ask question using prompts to get back detailed responses. This new interaction method has given rise to "copilot" offerings aiming to dramatically augment how security is done in the market. There are a few startups in this space, but many copilot offerings also exist as part of a broader security suite in larger platform providers. Security copilots offer users a general interface to interact with an AI to answer questions, form detections or queries, summarize reports and a several other tasks spread across the security organization. Their primary value proposition is using natural language to stitch together the fragmented security ecosystem.

Given my background as previously running the Microsoft Security Copilot product, I have a bias towards that solution and believe a lot of innovative work was and continues to take place there. Another larger company I see doing very innovative work would be SentinelOne and their Purple AI offering. I specifically like the notebook implementation and how they have integrated AI features across various security workflows. In the startup space, Simbian AI has appear the most forward-thinking, initially starting with a natural language copilot, but shifting to include bespoke agents aligned to different security jobs.

Notable Call-outs

The companies below fall within existing market categories, but standout to me for their approach to using AI.

• XBOW. Founded by ex-Github Copilot and offensive security practitioners, XBOW company is focused on using agents for offensive security work. I like their approach of eval-driven development and the use cases they share on their website. More recently, I've started to see CVEs being created by the XBOW agent, further demonstrating how agentic processes can be applied.
• Torq. Originally a SOAR solution, Torq has always appeared one step ahead of the market, leaning into customer value. In recent years, they began to focus more heavily on SOC use cases and when generative AI became popular, they were one of the first to adopt the technology within an assistant interface. Since then, the company has raised a large $70M series C aimed at furthering their efforts to incorporate AI. Given their rich set of workflows and integrations, I expect to see some interesting outcomes from the team.
• Bricklayer. Founded by former CEO of Threatconnect, Bricklayer was the first security solution I saw to embrace security-specific agents that can work together to solve tasks. Anyone who has messed around with Autogen, CrewAI, Swarm or LlamaAgents knows the power of multi-agent architectures. Bricklayer provides a production-level interface to build your own agents and attach them to workloads.
• Opnova. Unfortunately, not every workflow in security can be automated. Customers have historically had to rely on organizations to provide APIs to enable developers to automate. Opnova is using current AI advancements to have machines "learn" a workflow, regardless of API and complete those task.
• Splx. Generative AI has introduced a new technology that can attacked and exploited in new ways. Splx leverages agents to automate the red teaming process against generative AI models. Their approach is similar to the opensource PyRIT project from Microsoft, though extended to use agents to automate more.

Parting Notes

It's been really exciting to see so much innovation in security in such a short period of time and I don't anticipate it slowing down anytime soon. I want to extend a big thanks to Cole Grolmus, Adrian Sanabria and Pramod Gosavi, who's LinkedIn posts asking about or discussing agentic security companies helped fill in some gaps I had in my own research. As previously stated, I know I've missed some companies and have maybe misclassified others. If your company is not in my map or you think it's in the wrong spot, or you want to demonstrate some concepts you're working on, send me a message!