Back to vendors
E

Enclave

Also known as: Enclave AI, Agentic Security Researcher

Visit site
Security / SOC agentindependentVerified 2026-07-08

AI native agentic security researcher that hunts exploitable vulnerabilities across code and cloud, with a red team agent that verifies which findings are actually exploitable.

Enclave is an AI native, agentic security researcher that continuously hunts for exploitable vulnerabilities across a team's code and cloud. It inventories assets and groups them into security relevant sectors such as authentication, APIs, admin surfaces, uploads, identity, and background jobs so nothing exploitable stays hidden, then runs research campaigns automatically across the attack surface. A red team agent digs through code and cloud to surface issues that signature based scanners miss, from zero days to new CVEs, and verifies which findings are actually exploitable rather than flooding teams with noise. Every finding explains what is exposed, why it matters, and how it is exploited, with the affected assets, a working proof of concept, and the context defenders need to drive targeted remediation. Rather than matching known signatures, Enclave builds deep knowledge of how a customer's systems behave to predict where vulnerabilities are likely to emerge, an approach shaped by its founders' offensive security background. The company positions itself against the wave of AI generated code, which its CEO estimates already accounts for a majority of startup code, and competes with established application security tools like Snyk, Checkmarx, and Semgrep.

Vendor details

Canonical URL

https://enclave.ai

Category

Security / SOC agent

Funding status

Seed of $6M led by 8VC at a $33M valuation, emerging from stealth (March 2026), with angels Patrick Collison, Marc Benioff, Aaron Levie, and Jeremy Stoppelman. Founded by Tal Hoffman (CEO), Dvir Segev (CTO), and Yanir Tsarimi (CPO), who previously worked together in application security; Hoffman and Tsarimi served in Israel's Unit 8200.

Company status

independent

Use cases & customers

Primary use cases

AI generated code security reviewvulnerability discovery across code and cloudexploitability verificationattack surface inventory and remediation context

Target customers

engineering teamssecurity teamsAppSecstartups

Deployment options

SaaS

Integrations

Operates across both code and cloud, inventorying assets from source repositories and cloud environments. Specific integration connectors were not enumerated on the retrieved pages.

Capability coverage

5.5 / 14 capabilities · 39%

Integrations & Tool CallingEnclave inventories and researches assets across both code and cloud, implying integration with source repositories and cloud environments, but specific integration connectors are not enumerated on the retrieved pages. Partial
Workflow OrchestrationEnclave autonomously runs research campaigns across the attack surface, with a red team agent that digs through code and cloud, surfaces candidate vulnerabilities, and then verifies exploitability in a multi step, self directed loop. Full
Knowledge Grounding & RAGRather than matching known signatures, Enclave builds deep knowledge of how a customer's systems behave and inventories assets into security relevant sectors, grounding its research in the specific code and cloud context to find what scanners miss. Full
Human Oversight & GuardrailsFindings arrive with proof of concept and remediation context for human defenders to act on, keeping people in the remediation loop, but no in product approval gate or scope guardrail construct is documented. Partial
Security, Identity & GovernanceNo security certifications or data governance posture for enclave.ai were retrieved this session for this recently unstealthed company. Security practices belonging to the unrelated Enclave Networks were deliberately not used. Unable to verify
Observability & AuditabilityEvery finding explains what is exposed, why it matters, and how it is exploited, with the affected assets, a working proof of concept, and verified exploitability, giving defenders clear visibility into what the agent found and confirmed. Full
Memory & State PersistenceMaintains a persistent asset inventory and a behavioral model of how the customer's systems work to guide research, but no explicit per agent memory construct is separately documented. Partial
Deployment & Data ResidencyDelivered as a cloud SaaS platform that connects to a customer's code and cloud. No on premise or data residency options are documented on the retrieved pages. Partial
Prebuilt Agents / Templates / PacksEnclave is a single agentic security researcher. No catalog of prebuilt agents, templates, or packs is documented on the retrieved pages. Unable to verify
Triggers & Channel CoverageRuns research campaigns across the attack surface automatically and continuously, but specific event triggers and channel coverage are not detailed on the retrieved pages. Partial
Model Flexibility & RoutingNo customer selectable model or multi provider routing is documented on the retrieved pages. Enclave runs its own agentic security research. Unable to verify
APIs / SDKs / MCP ExtensibilityNo public API, SDK, or MCP surface for building on Enclave is documented on the retrieved pages for this recently launched product. Unable to verify
Testing, Debugging & OptimizationEnclave verifies the exploitability of security findings, which is security validation of the customer's systems rather than a testing, evaluation, or optimization harness for building agents. Unable to verify
Browser / Computer-useEnclave operates over code and cloud assets. No browser automation or general computer use capability is documented. Unable to verify

Recent platform changes

No recent material changes tracked yet.

Pricing

Contact sales; no public pricing. Recently out of stealth, enterprise engagement.

not disclosed

Contact onlyMedium variable cost

Cost watchouts

Recently launched, so commercial terms may still be evolving. Cost likely scales with attack surface size across code and cloud.

Variable cost rationale

Enterprise security platform with no public rate; cost likely scales with the size of the code and cloud attack surface under continuous research, but this is not disclosed.

Sales call required

Yes — required for paid access

Free / trial

No public free tier; access via the vendor

Lowest paid plan

Not public

Key ambiguities

No public pricing and no disclosed billing model for this recently unstealthed company.

Verified 2026-07-08

Contact us

Found a vendor we missed? Have feedback on the index? We'd love to hear from you.