Cyata Emerges from Stealth with $8.5M Funding to Secure AI Agents in Enterprise Environments

How can enterprises keep systems safe as AI agents join human employees? Cyata launches with a new, dedicated solution

Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now You thought generative AI was a technological tidal wave of change coming for enterprises, but the truth is -- at 2.5 years since the launch of ChatGPT -- the change is only getting started. A whopping 96% of IT and data executives plan to increase their use of AI agents this year alone, according to a recent survey from Cloudera covered by CIO. However, with this comes a whole host of other considerations for the organizations moving in this direction, perhaps foremost of which: how to protect the security of the organization's software, data, and other digital systems, especially as more and more agents arrive that can conduct actions autonomously, on their own, with minimal human oversight? Cyata, a Tel Aviv-based cybersecurity startup, was founded to tackle this mission head on and is today emerging from stealth to show enterprises how. It's backed by $8.5 million in seed funding led by TLV Partners with participation from notable angel investors and former Cellebrite CEOs Ron Serber and Yossi Carmil. Meanwhile, Cellebrite's former VP of Business Development Shahar Tal serves as Cyata's co-founder and CEO. Cellebrite, you may recall, is the infamous security firm that developed ways to bypass the security or "crack" Apple's highly secure and encrypted iPhone for law enforcement customers, so the bonafides of the founders are real. "This is a paradigm shift," said Tal in an interview with VentureBeat. "Like the move to cloud, we're watching software change in front of us. Enterprises need new guardrails to handle the velocity and autonomy of these systems." A new control dashboard for agentic identities Cyata's platform introduces a purpose-built solution to govern what it refers to as "agentic identities" -- AI actors that perform tasks autonomously. "These agents don't work like traditional identities -- they spin up in milliseconds, fork into sub-agents, make privileged calls, and vanish before IAM or PAM systems can react," Tal explained. "They're faster, more privileged, and more error-prone. The legacy IAM tooling simply can't handle that architecture." The offering includes three integrated capabilities: * Automated discovery of AI agents across all of the enterprise's working environments * Real-time forensic observability * Granular access control "We're the control plane for authentic identities of autonomous digital workers," Tal explained. "The moment an agent authenticates, we recognize it, trace what it's doing, and enforce least privilege in real time." Cyata automatically scans cloud and SaaS environments to surface all AI agents in use and maps each to a human owner. It then monitors agent behavior for risky access patterns or anomalies and maintains a full audit trail of actions, including intent. "We fingerprint agents by detecting behaviors that don't match human activity -- like high-speed actions, technical headers, or unusual access patterns," Tal added. Real-time justification and AI-to-AI verification One of Cyata's most novel features is its ability to interrogate agents for their intent in natural language. When an agent attempts to execute a task, Cyata can prompt it for an explanation and then evaluate the justification using both rules-based logic and AI. "One of the nice things about AI agents is they speak English," said Tal. "We can ask them why they're calling a tool, and they'll provide evaluable, contextual justifications we can assess for validity." The platform uses AI models to assess these justifications in real time, creating an added layer of interpretability and risk scoring. "We use certain AI models to evaluate justifications from agents. It's AI evaluating AI -- scoring context and intent as part of our risk assessment," Tal explained. But what about malicious agents spun up by hackers or cyber criminals? Cyata is ready for those, too, as Tal outlined. "We want to make sure that this is an agent coming from the source," he said. "So for example, coming from the Copilot environment, so that's a good signal. Or maybe it's been doing correct things for a while now. Or if it's a new identity and we've never seen it, that's a bit more risky. So we have to evaluate the entire risk for each of these tool call requests." From discovery to deployment in 48 hrs. Cyata emphasizes a rapid deployment model, offering near-immediate value to enterprise security and identity teams. Integration with common platforms like Microsoft Copilot, Salesforce AgentForce, and other popular identity providers is already supported. "We've designed our system to integrate very quickly," said Tal. "Within 48 hours, we can scan cloud environments, copilots, and other tools to surface agentic identities and their risks." Once discovered, Cyata connects each AI agent to a human stakeholder for accountability, helping bridge the gap between legacy identity systems and the emerging AI workforce. Beyond the developers The growing use of AI agents isn't limited to technical teams. While developers were an early audience, Cyata quickly realized adoption was broader. "Initially, we thought developers would be the primary audience. But we've seen non-developers deploying agents rapidly -- sales, finance, support -- so centralized governance became essential," Tal noted. Organizations often discover unexpected usage patterns once Cyata is deployed. In several cases, tools like Cursor or Copilot were found to be acting with elevated permissions, impersonating users, or accessing sensitive data without oversight. "We've seen cases where companies think they haven't deployed AI, but suddenly there's Cursor or Copilot running in full impersonation mode, acting on someone's behalf. It's already happening," Tal said. Future-proofing AI agent identity and compliance for enterprises Cyata's platform operates in multiple modes -- from passive monitoring to active enforcement -- allowing security teams to adopt it without disrupting workflows. The system can flag risky activity, suggest mitigations, or enforce human approvals for high-privilege actions. Pricing follows a SaaS model, based on the number of managed agentic identities. The company sees its role as not just patching current gaps, but preparing enterprises for a broader shift in how work is conducted. With a team of cybersecurity veterans from Unit 8200, Check Point, and Cellebrite, Cyata is positioned to lead in this emerging category. The company will unveil new research at the upcoming Black Hat conference and is building out a partnership program to deepen integrations with identity vendors and enterprise platforms. As AI agents become more prevalent, Cyata is betting that enterprises will need better tools to understand who -- or what -- is acting on their behalf.

Cyata Security gets $8.5M in funding to help companies get a grip on their AI agents - SiliconANGLE

Cyata Security gets $8.5M in funding to help companies get a grip on their AI agents Artificial intelligence security startup Cyata Security Ltd. is looking to rein in out-of-control AI agents after closing on an $8.5 million seed funding round, it announced today. The round was led by TLV Partners and saw backing from Ron Serber and Yossi Carmil - two former chief executives of the digital forensics company Cellebrite DI Ltd., which once famously hacked Apple Inc.'s iOS operating system. The startup says it's trying to address what has rapidly become a key security gap in enterprise computing environments today, with AI agents gaining virtually unrestricted access to critical systems and applications, without any oversight, governance or identity management. AI agents have emerged as the big cheese of AI systems this year, thanks to their promised ability to automate numerous business processes and tasks with minimal human supervision, dramatically increasing productivity. They can be thought of as "digital employees," and they can perform many tasks much faster, and more affordably, than humans, which explains why enterprises are scrambling to implement them. But there's a big danger to unleashing AI agents in any enterprise environment. Though they do accelerate automation in many aspects of business, they can only do so by accessing sensitive databases, writing code and triggering automated actions. They do this with little to no oversight, operating outside traditional identity frameworks, because the speed at which they work means it's impossible for humans to keep watch over them. According to Cyata co-founder and CEO Shahar Tal (pictured, center), this is incredibly risky because AI agents have the ability to do some very damaging things, such as rewriting essential application code, sharing secrets, leaking confidential data and even moving money between financial accounts. As a rule, they operate without standing privileges, no secret rotation and with no audit trails. The risk is exacerbated because, unlike human employees who have human resources records and attend security training workshops, or service accounts that follow predictable patterns, AI agents are dynamic. What this means is that they can spawn instantly, fan out across multiple workflows and carry out autonomous actions without anyone watching. But they're also susceptible to "hallucinations," which can lead to them to make erroneous decisions, and there's a risk that they could be hacked and manipulated by malicious actors. "AI agents represent the biggest leap in enterprise technology since the cloud -- a self-scaling, sleepless workforce that codes, analyzes and executes in seconds," Tal said. To protect against these risks, Cyata has developed an "agentic control plane" that enables comprehensive visibility into the agentic systems operating within any cloud environment, including chatbots, coding bots and task-driven agents. Cyata's core offering is an automated AI agent discovery tool that scans the customer's cloud and software-as-a-service environments and their identity management systems. It does this in order to spot behavioral patterns in tool usage, application programming interface tools and so on that suggest an AI agent is behind them. Once it spots an unauthorized AI agent, it will lock them down and enforce least privilege to prevent them from causing any damage. In addition, Cyata offers forensic observability tools for authorized AI agents, allowing a detailed audit trail to be created of their activity. It can even capture the intent of AI agents by forcing them to justify their reasoning, in real time. Once it spots AI agents and understands what they're doing, it can then implement appropriate granular access controls and permissions, restricting them only to the systems and databases they need to access. "We focus on the actors, not the LLMs," Tal explained, referring to the large language models that power AI agents. "Agents, not models, are the ones making the decisions and triggering risk. We give security teams identity-grade controls specifically for AI agents, so they can unlock their power without losing control." Tal says this is necessary because existing identity access management and privileged access management tools simply don't work with AI agents. They're designed for human users and long-lived service accounts, whereas AI agents tend to spin up in seconds, share credentials with other agents, and then disappear before they're even noticed. Robert Burns, chief security officer at Thales Cybersecurity SA, said AI agents introduce a layer of complexity that traditional identity tools lack the scope to deal with. "[AI agents'] ability to act autonomously, scale rapidly, and interact across systems challenges existing models in new ways," Burns explained. "Cyata's focused work in this space highlights risks that many organizations haven't yet fully surfaced." TLV Partners' Brian Sack said he's expecting there will be massive demand for a platform such as Cyata's in the coming years, because he believes that agentic AI adoption is likely to increase tenfold within the next year or two. "Our generalist approach often leads us to invest in cybersecurity companies based on trends we identify outside the traditional security vertical, and the rise of AI agents is exactly that." he said. "Cyata's team... is uniquely positioned to define and lead this critical new category before organizations face potentially catastrophic breaches."