Back to vendors
C

Capsule Security

Also known as: Capsule, ClawGuard

Visit site
Security / SOC agentindependentVerified 2026-07-08

Runtime security layer for AI agents that detects and blocks unsafe agent behavior in real time, with agentless discovery, an agent security graph, and white box agent red teaming.

Capsule Security secures AI agents at runtime, targeting the gap between when an agent receives a prompt and when it executes an action. The platform discovers agents across homegrown systems, SaaS agent platforms, and endpoints through agentless integration, maps how agents think and act via its Agent Security Graph, and enforces policies inside the execution path, blocking risky commands, unsafe tool usage, sensitive data exposure, and unexpected action chains before they complete.

The architecture uses fine tuned small language models operating as Guardian Agents that protect AI with AI, covering posture and low latency runtime protection without proxies, gateways, SDKs, or browser extensions. Supported platforms include Cursor, Claude Code, Microsoft Copilot Studio, ServiceNow, and Salesforce Agentforce. Capsule also open sourced ClawGuard, a pre invocation checkpoint for agent tool calls, and published zero day research including ShareLeak (CVE-2026-21520, Microsoft Copilot Studio) and PipeLeak (Salesforce Agentforce).

Founded in 2025 in Tel Aviv by Naor Paz and Lidan Hazout, Capsule emerged from stealth in April 2026 with a seven million dollar seed round led by Lama Partners with Forgepoint Capital International, advised by Chris Krebs, Omer Grossman, and Jim Routh, and named a representative vendor in Gartner's guardian agents market guide.

Vendor details

Canonical URL

https://www.capsulesecurity.io

Category

Security / SOC agent

Subcategory

AI agent runtime security

Funding status

Seed; seven million dollars led by Lama Partners with Forgepoint Capital International, April 2026 per company announcement

Company status

independent

Use cases & customers

Primary use cases

Runtime blocking of unsafe agent actionsAI agent discovery and inventoryAgent identity, ownership, and least privilegeWhite box agent red teamingAuditable agent telemetry for governance

Target customers

Enterprise security teamsPlatform owners deploying AI agentsGovernance and compliance teams

Deployment options

SaaS

Integrations

Agentless integration for discovery; supports Cursor, Claude Code, Microsoft Copilot Studio, ServiceNow, and Salesforce Agentforce; routes agent telemetry into existing security workflows; ClawGuard open source enforcer for tool call checkpoints.

In practice

A security team discovers every agent running across the enterprise in minutes via agentless integration, including shadow deployments on SaaS agent platforms

Runtime models evaluate a coding agent's tool calls in context and block a data exfiltration attempt before the action completes, with full telemetry for investigation

Red teaming generates attacks against an agent's logic and prompts, feeding the findings directly into runtime protections

Capability coverage

7.5 / 14 capabilities · 54%

Integrations & Tool CallingAgentless integration discovers agents across homegrown systems, SaaS agent platforms, and endpoints; supports Cursor, Claude Code, Copilot Studio, ServiceNow, and Salesforce Agentforce and routes telemetry into existing security workflows. capsulesecurity.io and SiliconANGLE launch coverage retrieved 2026-07-08. Full
Workflow OrchestrationCapsule secures and controls other agents rather than orchestrating workflows; no workflow orchestration capability documented. capsulesecurity.io retrieved 2026-07-08. Unable to verify
Knowledge Grounding & RAGThe Agent Security Graph maps relationships between agents, tools, data, and actions to reveal risky paths, grounding decisions in a runtime model; general RAG is not the framing. capsulesecurity.io retrieved 2026-07-08. Partial
Human Oversight & GuardrailsEnforces security and governance policies in real time before actions execute, maintaining ownership, least privilege, and accountability across agent environments, and blocks unsafe actions. capsulesecurity.io retrieved 2026-07-08. Full
Security, Identity & GovernanceSecurity is the entire product: runtime blocking of unsafe agent behavior, agent identity and ownership tracking, least privilege enforcement, and prevention of data exfiltration. capsulesecurity.io and BusinessWire launch coverage retrieved 2026-07-08. Full
Observability & AuditabilityDeep real time visibility into agent actions, decisions, and execution paths, plus auditable telemetry generated for governance, investigation, and compliance teams. capsulesecurity.io and Help Net Security coverage retrieved 2026-07-08. Full
Memory & State PersistenceThe security graph maintains a runtime model of agent relationships, but agent memory or state persistence as a product capability is not documented. capsulesecurity.io retrieved 2026-07-08. Unable to verify
Deployment & Data ResidencyDeploys without proxies, gateways, SDKs, or browser extensions and secures both third party and custom agents without added infrastructure; specific deployment or residency models were not detailed. capsulesecurity.io and SiliconANGLE coverage retrieved 2026-07-08. Partial
Prebuilt Agents, Templates & PacksShips Guardian Agents built on fine tuned small language models and the open source ClawGuard enforcer; no broader template or pack marketplace. capsulesecurity.io and BusinessWire coverage retrieved 2026-07-08. Partial
Triggers & Channel CoverageContinuously monitors and intervenes at the first sign of anomalous activity, acting inline in the execution path; broader trigger and channel coverage is not the framing. capsulesecurity.io retrieved 2026-07-08. Partial
Model Flexibility & RoutingRuns its own fine tuned small language models as Guardian Agents; customer model selection or routing is not documented. capsulesecurity.io and BusinessWire coverage retrieved 2026-07-08. Unable to verify
APIs, SDKs & MCP ExtensibilityClawGuard is open source and installable with a single click as a pre invocation checkpoint, and Capsule integrates into existing security workflows; a broad public API or SDK is not documented. capsulesecurity.io and Security Boulevard coverage retrieved 2026-07-08. Partial
Testing, Debugging & OptimizationGenerates white box AI agent red teaming to uncover weaknesses in agent logic, prompts, and behaviors, feeding attack insights back into runtime protection for continuous improvement. capsulesecurity.io retrieved 2026-07-08. Full
Browser & Computer UseNo browser or computer use capability documented; Capsule explicitly requires no browser extensions. capsulesecurity.io retrieved 2026-07-08. Unable to verify

Recent platform changes

No recent material changes tracked yet.

Pricing

Contact sales

Contact onlyLow variable cost

What is public

Nothing numeric. Product capabilities, the open source ClawGuard, and funding are public; commercial terms are not.

Billing mechanics

Not publicly documented; contact driven.

Cost watchouts

Likely priced by agents or environments under protection; the open source ClawGuard is free but the managed platform is not.

Variable cost rationale

Runtime security platforms of this type typically price by number of agents or environments secured within a contract; no usage metering that would create mid term bill variability is documented. Early stage, so packaging may shift.

Additional watchouts

Very recently launched (April 2026); packaging and pricing likely to evolve quickly.

Sales call required

Yes — required for paid access

Free / trial

ClawGuard open source enforcer is free; commercial platform pricing is not public

Key ambiguities

Entire commercial model is unpublished; the vendor only exited stealth in April 2026.

Missing data

All pricing figures, billing axis, trial terms.

Verified 2026-07-08

Contact us

Found a vendor we missed? Have feedback on the index? We'd love to hear from you.