Capsule Security raises $7 million Seed to secure enterprise AI agents
The Israeli startup focuses on real-time control of autonomous AI behavior inside business systems.
Capsule Security, a cybersecurity startup focused on AI agents, has emerged from stealth with $7 million in Seed funding led by Lama Partners and Forgepoint Capital International.
The company is developing what it describes as a “runtime trust layer” for agentic AI systems, aiming to monitor and control AI agents as they operate inside enterprise environments. These agents can access data, execute workflows and interact with business systems.
Capsule was founded in 2025 by CEO Naor Paz, formerly of F5 and Unit 8200, and CTO Lidan Hazout, formerly of Securedtouch and Transmit Security. It is headquartered in Tel Aviv.
Capsule said its platform is designed to prevent AI agents from being manipulated, misbehaving or exfiltrating data during execution. The system provides real-time visibility into agent actions and can block unsafe or unauthorized behavior before it is completed.
The company said its approach does not require proxies, gateways, SDKs or browser extensions and integrates with tools including Cursor, Claude Code, Microsoft Copilot Studio, ServiceNow and Salesforce Agentforce.
According to Microsoft, more than 80% of Fortune 500 companies now use active AI agents built with low-code and no-code tools.
Alongside its launch, Capsule said it identified and published two vulnerabilities in enterprise AI systems: ShareLeak in Microsoft Copilot Studio and PipeLeak in Salesforce Agentforce. The Microsoft vulnerability was assigned CVE-2026-21520 and has been patched. Salesforce also confirmed it has addressed the issue described by Capsule.
Capsule also released an open-source tool called ClawGuard, which adds a checkpoint before AI agents execute tool calls.
“AI agents are quickly becoming a new class of privileged user in the enterprise, except they can act at machine speed and they do not behave like deterministic software,” said Paz. “That creates a dangerous gap between what security teams can govern today and what agents can do in production.”
