Capsule and Offroad: Inside the $7M Stealth Launches Securing the Next Frontier of Enterprise AI Agents

Capsule was founded in 2025 by Naor Paz and Lidan Hazout, veterans of F5 and Israel's Unit 8200 intelligence unit, respectively . Offroad's founding team has not been detailed at the same granular level in its initial coverage, but the company is building what it calls an "agentic identity security team" for enterprises .

What Capsule Security Does: The Runtime Trust Layer

Capsule Security positions its product as a runtime trust layer for AI agents. The core idea is that existing security tools stop too early—they scan prompts, check model configurations, and gate access, but they do not watch what an agent actually does once it starts executing tasks. Capsule calls this the "runtime gap," the window between a prompt and a completed action where prompt injections, data exfiltration, and unauthorized tool calls can occur without detection .

The platform monitors agent activities in real time, imposes behavioral guardrails before actions are finalized, and enforces governance policies without requiring SDKs, proxies, or heavy integration . In its launch announcement, the company specifically cited its ability to detect and prevent prompt-injection exfiltration vectors such as ShareLeak and PipeLeak . It also released an open-source project called ClawGuard to instrument agent behavior and accelerate enterprise adoption .

Capsule was a finalist in CrowdStrike's Startup Accelerator, and its advisory bench includes Chris Krebs, the inaugural director of CISA; Omer Grossman, former Global CIO at CyberArk; and Jim Routh, a former CISO at multiple Fortune 500 companies .

What Offroad Does: Agentic Identity Security

Offroad takes a different angle. Instead of securing agent actions at runtime, it builds AI agents that autonomously manage identity risk across modern enterprise systems . The company's platform deploys purpose-built agents that gather context across dozens of fragmented systems—identity providers, cloud consoles, SaaS tools—uncover real-time identity threats and posture risks, and then either resolve them directly or alert the right people with contextualized information .

This agentic approach is a direct response to the scale problem in identity security. Enterprises now operate a mix of human users, machine identities, and AI agents, each requiring different controls. Traditional behavioral baselines break down when AI agents operate 24/7 at speeds a human analyst cannot match. Security teams lack visibility across dozens of systems, and manual investigation has become unsustainable . Offroad's thesis is that the only way to secure a system of autonomous agents is with autonomous defenders.

Market Trends Driving AI Agent Identity Governance

The simultaneous emergence of these two companies is not a coincidence. The market is reshaping itself around three structural shifts that make AI agent identity governance urgent.

Proliferation of non-human identities. Enterprises now run thousands of machine identities and a growing population of AI agents, each requiring its own security posture. Traditional IAM frameworks were designed for humans and do not map cleanly onto agentic workflows .

Scale and speed of AI agents. AI agents can execute tasks continuously at speeds no human can monitor. Security operations that rely on manual review or static rules cannot keep up .

Runtime blind spots. Most security tools inspect prompts and configurations but do not track agent behavior during execution. Capsule's emphasis on the runtime gap is resonating because the attack surface created by tool-calling agents—agents that can read databases, send emails, and invoke APIs—is largely unmonitored in production .

Analyst aggregations suggest the top 10 agentic AI security startups have raised a combined $3.6 billion, a figure that reflects both the urgency of the problem and the speed at which VCs are moving to back founders with intelligence community and enterprise security pedigrees .

Related Cybersecurity Developments

The Capsule and Offroad launches are part of a broader cluster of agentic security startups that have emerged or announced funding in roughly the same window.

• Copperhelm exited stealth on April 30, 2026, with a $7 million seed round for what it calls the sector's first agentic cloud security platform. Its AI agents automate cloud security operations on top of a "Context Lake" architecture .
• Keycard launched an identity and access management platform for multi-agent AI applications in May 2026, giving autonomous AI agents verifiable, cryptographically secured identities with per-task, narrowly scoped permissions. The company originally emerged from stealth in October 2025 with $38 million in combined seed and Series A funding .
• AiStrike raised $7 million in seed funding in January 2026 for Agentic Cyber Defense-as-a-Service, which proactively protects cloud assets before incidents occur .
• Daylight Security raised $7 million in February 2026 for a managed detection and response model that combines AI agents with human analysts in a hybrid MDR framework .
• Fabrix Security emerged from stealth in September 2025 with $8 million for an AI-native identity security platform that targets both human and non-human digital identities .

Earlier pioneers in the space include 7AI, which launched in February 2025 with a $36 million seed round , and Straiker, which emerged with $21 million in March 2025 to help enterprises secure AI applications and agents . Raven raised $20 million in combined seed and post-seed funding in March 2026 for runtime cloud-native application protection that also covers AI agent behavior .

The accumulation of these launches—at least seven publicly announced rounds in the $7 million-to-$38 million range within the last 12 months—indicates that AI agent security is not a single category but a rapidly fragmenting landscape. Runtime protection, identity governance, cloud security automation, and managed defense-as-a-service are all developing in parallel, often with overlapping capabilities but distinctly different entry points.

The question for CISOs and platform teams is no longer whether to secure AI agents, but which layer of the stack to prioritize first—and whether the solution should be an identity-first architecture like Offroad's or a runtime-first architecture like Capsule's.