Since April, I have been tracking the development of security startups, particularly in the areas related to agents and agent workflows. At that time, there were only a handful of security companies researching the concept of agents and making tangible progress.
In just over six months, I have seen a significant increase in newly established companies or those emerging from stealth mode. This article is a snapshot of the current solutions I have been tracking, as well as how I am aligning them with the market.
Before diving into the details, it is necessary to understand my approach, as mapping the market landscape is not an exact science. My knowledge of companies mostly comes from their outward marketing materials. Where possible, I try to engage directly with companies and conduct on-site product assessments. I also talk to investors and peers in the market to gain their perspectives on specific companies or emerging fields. I am sure I will miss some companies and may misclassify others. This map is my best effort for strategic planning and monitoring in this field.
In a recent blog post, I provided some clarifications on how to define agents and measure implementation. In my view, an agent consists of components, and implementation can be measured from multiple dimensions, including autonomy, functional scope, method scale, and whether the agent has personality and interactive methods. My market map utilizes the range on the vertical axis and autonomy on the horizontal axis to further segment the solutions. Finally, I use color to unify companies with specific spaces.
Below are several emerging fields I have identified from the companies listed on the map. To me, emerging fields refer to several companies operating in the space and those growing over time.
Incident Triage
Despite the booming automation technologies applied to SOC portions, SOAR is now considered a dead end. Companies in the triage space are using agent workflows to perform triage steps that humans currently do or that were previously automated with SOAR. These companies are working to enhance SOC staffing, reduce mundane business tasks, and apply artificial intelligence to assist in forming judgments with response suggestions.
Dropzone.AI is one of the best examples of a company in this space that is very transparent in its marketing and has a clear value proposition. I also like CommandZero and its approach to compiling analyst work into an expert system and using AI to assist in automating tasks. In the long run, I believe many existing XDR solutions (many of which have SOAR capabilities) will begin to add more triage automation features to their products, forcing solutions in this field to expand beyond SOC work.
Code Vulnerability Analysis
Given the advancements in artificial intelligence, I expect the volume of code to increase dramatically, especially machine-generated code. Unfortunately, not all code is secure, nor does all code follow best practices. Several startups are applying agents to continuously review source code, whether post-commit or in CI/CD pipelines, to identify vulnerabilities and propose one-click merge fixes. I suspect that many of these solutions will also incorporate methods for analyzing configurations and deployment scripts to achieve best/safe practices, further strengthening investments in left-shifting.
Pixee AI is one of the most interesting solutions on the market so far. Their agent functionality resembles that of a security engineer, capable of handling scan results, identifying vulnerabilities, and then proposing fix suggestions that can be merged into the code. The team notes that they also aim to address other code-related challenges, such as quality, performance, and other automation-ready use cases. I am also keeping an eye on Github and its advanced security products. Github Copilot has been at the forefront of applying generative AI in its solutions, and I hope to see their innovations extend into their security products.
Security Copilots/Agents
Generative AI has empowered natural language in new ways, allowing users to express their intentions or ask questions through prompts for detailed responses. This new interaction style has spawned “copilot” products aimed at significantly enhancing security operations in the market. There are several startups in this space, but large platform providers also offer many “copilot” products as part of broader security suites. Security copilots provide users with a universal interface to interact with AI for answering questions, forming detections or queries, compiling reports, and other tasks spread across the security organization. Their main value proposition is to stitch together a fragmented security ecosystem using natural language.
Given my previous experience running the Microsoft Security Copilot product, I have a bias towards this solution and believe it has already engaged in and will continue to drive significant innovation. In my view, another large company that has done a lot of innovation is SentinelOne with their Purple AI product. I particularly like the implementation of notebooks and how they integrate AI capabilities across various security workflows. In the startup space, Simbian AI seems to be the most forward-looking, initially starting with natural language copilots but later pivoting to include custom agents matched to different security tasks.
Noteworthy Summons
The following companies belong to existing market categories, but their approaches using artificial intelligence have caught my attention.
-
XBOW. Founded by former Github Copilot and offensive security professionals, XBOW is dedicated to using agents for offensive security work. I appreciate their assessment-driven development approach and their use cases shared on their website. Recently, I have started to see CVEs created by XBOW agents, further demonstrating how the agent process is applied. -
Torq. Initially a SOAR solution, Torq has been ahead of the market, focusing on delivering customer value. In recent years, they have started to pay more attention to SOC use cases, and when generative AI began to gain popularity, they were among the first to adopt the technology in their assistant interface. Since then, the company has raised $70 million in a massive Series C funding round aimed at further driving the application of AI. Given their rich workflows and integrations, I look forward to seeing some interesting outcomes from that team. -
Bricklayer. Founded by the former CEO of Threatconnect, Bricklayer is the first security solution I have seen that employs specific security agents capable of collaboratively completing tasks. Anyone who has used Autogen, CrewAI, Swarm, or LlamaAgents knows the power of multi-agent architectures. Bricklayer offers a production-grade interface for building your own agents and attaching them to workloads. -
Opnova. Unfortunately, not every security workflow can be automated. Customers have historically had to rely on enterprise-provided APIs for developers to achieve automation. Opnova is leveraging current advancements in AI to enable machines to “learn” workflows, regardless of how APIs are structured, and complete these tasks. -
Splx. Generative AI introduces new technologies that can attack and exploit in novel ways. Splx uses agents to automate red teaming processes against generative AI models. Their approach is similar to Microsoft’s open-source PyRIT project but has expanded on the use of agents for automation.