Enclave
Also known as: Enclave AI, Agentic Security Researcher
AI native agentic security researcher that hunts exploitable vulnerabilities across code and cloud, with a red team agent that verifies which findings are actually exploitable.
Enclave is an AI native, agentic security researcher that continuously hunts for exploitable vulnerabilities across a team's code and cloud. It inventories assets and groups them into security relevant sectors such as authentication, APIs, admin surfaces, uploads, identity, and background jobs so nothing exploitable stays hidden, then runs research campaigns automatically across the attack surface. A red team agent digs through code and cloud to surface issues that signature based scanners miss, from zero days to new CVEs, and verifies which findings are actually exploitable rather than flooding teams with noise. Every finding explains what is exposed, why it matters, and how it is exploited, with the affected assets, a working proof of concept, and the context defenders need to drive targeted remediation. Rather than matching known signatures, Enclave builds deep knowledge of how a customer's systems behave to predict where vulnerabilities are likely to emerge, an approach shaped by its founders' offensive security background. The company positions itself against the wave of AI generated code, which its CEO estimates already accounts for a majority of startup code, and competes with established application security tools like Snyk, Checkmarx, and Semgrep.
Vendor details
Canonical URL
https://enclave.ai
Category
Security / SOC agent
Funding status
Seed of $6M led by 8VC at a $33M valuation, emerging from stealth (March 2026), with angels Patrick Collison, Marc Benioff, Aaron Levie, and Jeremy Stoppelman. Founded by Tal Hoffman (CEO), Dvir Segev (CTO), and Yanir Tsarimi (CPO), who previously worked together in application security; Hoffman and Tsarimi served in Israel's Unit 8200.
Company status
independent
Use cases & customers
Primary use cases
Target customers
Deployment options
Integrations
Operates across both code and cloud, inventorying assets from source repositories and cloud environments. Specific integration connectors were not enumerated on the retrieved pages.
Sources & related URLs
Capability coverage
5.5 / 14 capabilities · 39%
| Integrations & Tool CallingEnclave inventories and researches assets across both code and cloud, implying integration with source repositories and cloud environments, but specific integration connectors are not enumerated on the retrieved pages. | Partial |
|---|---|
| Workflow OrchestrationEnclave autonomously runs research campaigns across the attack surface, with a red team agent that digs through code and cloud, surfaces candidate vulnerabilities, and then verifies exploitability in a multi step, self directed loop. | Full |
| Knowledge Grounding & RAGRather than matching known signatures, Enclave builds deep knowledge of how a customer's systems behave and inventories assets into security relevant sectors, grounding its research in the specific code and cloud context to find what scanners miss. | Full |
| Human Oversight & GuardrailsFindings arrive with proof of concept and remediation context for human defenders to act on, keeping people in the remediation loop, but no in product approval gate or scope guardrail construct is documented. | Partial |
| Security, Identity & GovernanceNo security certifications or data governance posture for enclave.ai were retrieved this session for this recently unstealthed company. Security practices belonging to the unrelated Enclave Networks were deliberately not used. | Unable to verify |
| Observability & AuditabilityEvery finding explains what is exposed, why it matters, and how it is exploited, with the affected assets, a working proof of concept, and verified exploitability, giving defenders clear visibility into what the agent found and confirmed. | Full |
| Memory & State PersistenceMaintains a persistent asset inventory and a behavioral model of how the customer's systems work to guide research, but no explicit per agent memory construct is separately documented. | Partial |
| Deployment & Data ResidencyDelivered as a cloud SaaS platform that connects to a customer's code and cloud. No on premise or data residency options are documented on the retrieved pages. | Partial |
| Prebuilt Agents / Templates / PacksEnclave is a single agentic security researcher. No catalog of prebuilt agents, templates, or packs is documented on the retrieved pages. | Unable to verify |
| Triggers & Channel CoverageRuns research campaigns across the attack surface automatically and continuously, but specific event triggers and channel coverage are not detailed on the retrieved pages. | Partial |
| Model Flexibility & RoutingNo customer selectable model or multi provider routing is documented on the retrieved pages. Enclave runs its own agentic security research. | Unable to verify |
| APIs / SDKs / MCP ExtensibilityNo public API, SDK, or MCP surface for building on Enclave is documented on the retrieved pages for this recently launched product. | Unable to verify |
| Testing, Debugging & OptimizationEnclave verifies the exploitability of security findings, which is security validation of the customer's systems rather than a testing, evaluation, or optimization harness for building agents. | Unable to verify |
| Browser / Computer-useEnclave operates over code and cloud assets. No browser automation or general computer use capability is documented. | Unable to verify |
Pricing
Contact sales; no public pricing. Recently out of stealth, enterprise engagement.
not disclosed
Cost watchouts
Recently launched, so commercial terms may still be evolving. Cost likely scales with attack surface size across code and cloud.
Variable cost rationale
Enterprise security platform with no public rate; cost likely scales with the size of the code and cloud attack surface under continuous research, but this is not disclosed.
Sales call required
Yes — required for paid access
Free / trial
No public free tier; access via the vendor
Lowest paid plan
Not public
Key ambiguities
No public pricing and no disclosed billing model for this recently unstealthed company.
Related vendors
- 7AI — Swarming agentic SOC from the Cybereason founders: sixty plus domain…
- Airrived — Agentic OS that unifies SOC, GRC, IAM, vulnerability management, IT,…
- Assail — Autonomous red teaming platform (Ares) whose AI agents discover,…
- Astelia — AI native exposure management platform from Israeli National Red…
- Capsule Security — Runtime security layer for AI agents that detects and blocks unsafe…
- Clutch Security — Universal non human identity security platform that discovers,…