Capsule Security debuts with $7 million funding to secure AI agent behavior

Capsule Security has launched from stealth with a $7 million seed round led by Lama Partners and Forgepoint Capital International. It prevents AI agents from being manipulated, misbehaving, or silently exfiltrating data when handling sensitive information and executing workflows.

Capsule is advised by security juggernauts who have put their trust in the company’s innovative approach, including Chris Krebs, the first Director of CISA; Omer Grossman, former Global CIO at CyberArk; Jim Routh, former CISO across multiple global, Fortune 500 enterprises; and Dr. Yonesy Núñez, former CISO and senior security executive across financial services.

“AI agents are a new class of privileged user, operating at machine speed with minimal oversight,” said Chris Krebs. “Legacy tools weren’t built to monitor what happens between prompt and action—that’s the runtime gap. Capsule closes it.”

AI agents are being introduced into enterprise environments at record speed, with permissions and direct paths into critical business systems. Microsoft recently reported that more than 80% of Fortune 500 companies now use active AI agents built with low-code and no-code tools. Concurrently, coding agents are swiftly expanding the speed and scope of automation. The recent rollout of Claude Code Security, for example, is being viewed as a wake-up call that the future of cybersecurity will be shaped by deep runtime and AI capabilities, not by posture dashboards alone.

“AI agents are quickly becoming a new class of privileged user in the enterprise, except they can act at machine speed and they do not behave like deterministic software,” said Naor Paz, CEO of Capsule Security. “That creates a dangerous gap between what security teams can govern today and what agents can do in production. Capsule closes that gap by enforcing trust at runtime, inside the execution path, so teams can move fast with agents while staying in control of what those agents can access and execute.”

ShareLeak, PipeLeak, and ClawGuard: proof points and real-world disclosures

The risk is not theoretical. In open frameworks like OpenClaw, every tool invocation becomes a decision point and potential strike. To address this, Capsule created ClawGuard, an open-source enforcer that adds a pre-invocation checkpoint before agents execute tool calls.

The same class of risk is emerging in mainstream agent platforms. Concurrent to its emergence from stealth, Capsule has published two research reports detailing zero-day vulnerabilities discovered in leading platforms, ShareLeak and PipeLeak. ShareLeak is a critical severity indirect prompt injection vulnerability in Microsoft Copilot Studio, patched and assigned CVE-2026-21520.

PipeLeak, another prompt injection vulnerability, was discovered in Salesforce Agentforce, triggering through untrusted lead-form inputs to influence agent behavior and drive unsafe downstream actions. Together, the findings show how suspicious content can hijack agent goals and steer tool usage, turning routine workflows into high-impact risk paths.

“The agentic AI boom is creating an opening in runtime behavior enterprises can’t afford to ignore,” said Capsule Advisor, Omer Grossman. “The ability to secure this layer is what ultimately determines whether companies can move fast with AI without breaking trust. That is why I chose to support Capsule Security. The team is addressing the problem at its core by delivering real-time visibility and control over agent behavior, grounded in the operational reality of AI-driven environments within a fundamentally new and rapidly evolving paradigm.”

Capsule’s runtime models evaluate actions in context and can block unsafe or unauthorized activity before it completes. Capsule also generates auditable telemetry designed for governance, investigation and compliance teams.

The platform is designed to secure both third-party and custom agent deployments without added infrastructure. No proxies, gateways, SDKs, or browser extensions required. Capsule supports Cursor, Claude Code, Microsoft Copilot Studio, ServiceNow, and Salesforce Agentforce and integrates with existing security workflows, enabling teams to route agent telemetry into established response processes.

“Agents have the ‘superpower’ to write and deploy code at unprecedented rates, fundamentally changing how software is built and operated,” said Ron Zalkind, Founding General Partner at Lama Partners and Board Member at Capsule Security.

“With that level of power comes a new responsibility to secure it. Security leaders understand that legacy tools were never designed to interpret intent, context, and real-time behavior, which are essential for securing dynamic agentic environments. From day one, Naor and Lidan have combined deep technical rigor with clarity of vision to build a platform that allows organizations to confidently adopt AI agents while stopping dangerous actions before damage is done,” Zalkind added.

“Capsule fine-tuned Small Language Models (SLMs) to create a multi-agent system of ‘Guardian Agents’ that can protect AI with AI, covering both posture and low-latency runtime protection. The team is the strongest of the agent-space players, having expertise in both traditional security and deep familiarity with emerging protocols like MCP and Skills,” Damien Henault, Managing Director/Partner at Forgepoint Capital International and Capsule Board Member, concluded.