Capsule Security
Also known as: Capsule, ClawGuard
Runtime security layer for AI agents that detects and blocks unsafe agent behavior in real time, with agentless discovery, an agent security graph, and white box agent red teaming.
Capsule Security secures AI agents at runtime, targeting the gap between when an agent receives a prompt and when it executes an action. The platform discovers agents across homegrown systems, SaaS agent platforms, and endpoints through agentless integration, maps how agents think and act via its Agent Security Graph, and enforces policies inside the execution path, blocking risky commands, unsafe tool usage, sensitive data exposure, and unexpected action chains before they complete.
The architecture uses fine tuned small language models operating as Guardian Agents that protect AI with AI, covering posture and low latency runtime protection without proxies, gateways, SDKs, or browser extensions. Supported platforms include Cursor, Claude Code, Microsoft Copilot Studio, ServiceNow, and Salesforce Agentforce. Capsule also open sourced ClawGuard, a pre invocation checkpoint for agent tool calls, and published zero day research including ShareLeak (CVE-2026-21520, Microsoft Copilot Studio) and PipeLeak (Salesforce Agentforce).
Founded in 2025 in Tel Aviv by Naor Paz and Lidan Hazout, Capsule emerged from stealth in April 2026 with a seven million dollar seed round led by Lama Partners with Forgepoint Capital International, advised by Chris Krebs, Omer Grossman, and Jim Routh, and named a representative vendor in Gartner's guardian agents market guide.
Vendor details
Canonical URL
https://www.capsulesecurity.io
Category
Security / SOC agent
Subcategory
AI agent runtime security
Funding status
Seed; seven million dollars led by Lama Partners with Forgepoint Capital International, April 2026 per company announcement
Company status
independent
Use cases & customers
Primary use cases
Target customers
Deployment options
Integrations
Agentless integration for discovery; supports Cursor, Claude Code, Microsoft Copilot Studio, ServiceNow, and Salesforce Agentforce; routes agent telemetry into existing security workflows; ClawGuard open source enforcer for tool call checkpoints.
In practice
A security team discovers every agent running across the enterprise in minutes via agentless integration, including shadow deployments on SaaS agent platforms
Runtime models evaluate a coding agent's tool calls in context and block a data exfiltration attempt before the action completes, with full telemetry for investigation
Red teaming generates attacks against an agent's logic and prompts, feeding the findings directly into runtime protections
Sources & related URLs
Research sources
Capability coverage
7.5 / 14 capabilities · 54%
| Integrations & Tool CallingAgentless integration discovers agents across homegrown systems, SaaS agent platforms, and endpoints; supports Cursor, Claude Code, Copilot Studio, ServiceNow, and Salesforce Agentforce and routes telemetry into existing security workflows. capsulesecurity.io and SiliconANGLE launch coverage retrieved 2026-07-08. | Full |
|---|---|
| Workflow OrchestrationCapsule secures and controls other agents rather than orchestrating workflows; no workflow orchestration capability documented. capsulesecurity.io retrieved 2026-07-08. | Unable to verify |
| Knowledge Grounding & RAGThe Agent Security Graph maps relationships between agents, tools, data, and actions to reveal risky paths, grounding decisions in a runtime model; general RAG is not the framing. capsulesecurity.io retrieved 2026-07-08. | Partial |
| Human Oversight & GuardrailsEnforces security and governance policies in real time before actions execute, maintaining ownership, least privilege, and accountability across agent environments, and blocks unsafe actions. capsulesecurity.io retrieved 2026-07-08. | Full |
| Security, Identity & GovernanceSecurity is the entire product: runtime blocking of unsafe agent behavior, agent identity and ownership tracking, least privilege enforcement, and prevention of data exfiltration. capsulesecurity.io and BusinessWire launch coverage retrieved 2026-07-08. | Full |
| Observability & AuditabilityDeep real time visibility into agent actions, decisions, and execution paths, plus auditable telemetry generated for governance, investigation, and compliance teams. capsulesecurity.io and Help Net Security coverage retrieved 2026-07-08. | Full |
| Memory & State PersistenceThe security graph maintains a runtime model of agent relationships, but agent memory or state persistence as a product capability is not documented. capsulesecurity.io retrieved 2026-07-08. | Unable to verify |
| Deployment & Data ResidencyDeploys without proxies, gateways, SDKs, or browser extensions and secures both third party and custom agents without added infrastructure; specific deployment or residency models were not detailed. capsulesecurity.io and SiliconANGLE coverage retrieved 2026-07-08. | Partial |
| Prebuilt Agents, Templates & PacksShips Guardian Agents built on fine tuned small language models and the open source ClawGuard enforcer; no broader template or pack marketplace. capsulesecurity.io and BusinessWire coverage retrieved 2026-07-08. | Partial |
| Triggers & Channel CoverageContinuously monitors and intervenes at the first sign of anomalous activity, acting inline in the execution path; broader trigger and channel coverage is not the framing. capsulesecurity.io retrieved 2026-07-08. | Partial |
| Model Flexibility & RoutingRuns its own fine tuned small language models as Guardian Agents; customer model selection or routing is not documented. capsulesecurity.io and BusinessWire coverage retrieved 2026-07-08. | Unable to verify |
| APIs, SDKs & MCP ExtensibilityClawGuard is open source and installable with a single click as a pre invocation checkpoint, and Capsule integrates into existing security workflows; a broad public API or SDK is not documented. capsulesecurity.io and Security Boulevard coverage retrieved 2026-07-08. | Partial |
| Testing, Debugging & OptimizationGenerates white box AI agent red teaming to uncover weaknesses in agent logic, prompts, and behaviors, feeding attack insights back into runtime protection for continuous improvement. capsulesecurity.io retrieved 2026-07-08. | Full |
| Browser & Computer UseNo browser or computer use capability documented; Capsule explicitly requires no browser extensions. capsulesecurity.io retrieved 2026-07-08. | Unable to verify |
Recent platform changes
No recent material changes tracked yet.
Pricing
Contact sales
What is public
Nothing numeric. Product capabilities, the open source ClawGuard, and funding are public; commercial terms are not.
Billing mechanics
Not publicly documented; contact driven.
Cost watchouts
Likely priced by agents or environments under protection; the open source ClawGuard is free but the managed platform is not.
Variable cost rationale
Runtime security platforms of this type typically price by number of agents or environments secured within a contract; no usage metering that would create mid term bill variability is documented. Early stage, so packaging may shift.
Additional watchouts
Very recently launched (April 2026); packaging and pricing likely to evolve quickly.
Sales call required
Yes — required for paid access
Free / trial
ClawGuard open source enforcer is free; commercial platform pricing is not public
Key ambiguities
Entire commercial model is unpublished; the vendor only exited stealth in April 2026.
Missing data
All pricing figures, billing axis, trial terms.
Related vendors
- 7AI — Swarming agentic SOC from the Cybereason founders: sixty plus domain…
- Airrived — Agentic OS that unifies SOC, GRC, IAM, vulnerability management, IT,…
- Assail — Autonomous red teaming platform (Ares) whose AI agents discover,…
- Astelia — AI native exposure management platform from Israeli National Red…
- Clutch Security — Universal non human identity security platform that discovers,…
- CrowdStrike — Cybersecurity platform whose Charlotte AI delivers agentic…