Evoke Security
Also known as: Evoke Security Inc, Evoke
Security platform for the agentic workforce, an EDR for AI agents that discovers every agent, model, tool and MCP, models attack paths, and blocks risky agent actions in real time.
Evoke Security is a security platform for the agentic workforce, positioned as the EDR for AI agents: every agent, every action, every connection. It treats each agent, with its broad access to email, customer data, source code and production systems, as a potential single point of failure, and gives security teams visibility and control across three functional areas. Inventory and Governance auto discovers every connected agent, model, tool, Agent Skill, MCP and data source to eliminate shadow AI. AI Security Posture Management and Threat Modeling identifies malicious skills and MCPs, maps attack paths and toxic data flows, and remediates over permissioned agents to reduce blast radius before attackers exploit them. Detection, Prevention and Response provides full visibility into every agent action with custom policies that block risky behaviors such as data exfiltration in real time, stopping rogue actions before damage is done rather than after. The platform deploys in minutes across local agents (an endpoint sensor), production agents (an SDK and proxy) and SaaS agents (a browser extension), with no disruption to employee workflows.
Vendor details
Canonical URL
https://www.evokesecurity.com/
Category
Security / SOC agent
Funding status
$4M pre seed (February 2026), led by Crosspoint Capital Partners with Red Cell Partners. Founded 2025.
Company status
private
Use cases & customers
Primary use cases
Target customers
Deployment options
Integrations
Deploys across three surfaces to see agents everywhere: a lightweight endpoint sensor for local agents, an SDK and proxy for production agents, and a browser extension for SaaS agents. Auto discovers and maps every connected agent, model, tool, Agent Skill, MCP connection and data source across email, messaging, databases and source code.
Sources & related URLs
Research sources
Capability coverage
7.5 / 14 capabilities · 54%
| Integrations & Tool CallingDeploys across three surfaces (endpoint sensor, SDK and proxy, browser extension) and auto discovers and maps every connected agent, model, tool, Agent Skill, MCP connection and data source across email, messaging, databases and source code (evokesecurity.com, PRNewswire). | Full |
|---|---|
| Workflow OrchestrationEvoke maps and monitors other agents' workflows for security but is not itself a workflow orchestration platform (evokesecurity.com, Tracxn). | Unable to verify |
| Knowledge Grounding & RAGBuilds a continuous inventory and maps attack paths and toxic data flows across the agent ecosystem, an environment graph rather than a RAG knowledge base (cybersectools listing, PRNewswire). | Partial |
| Human Oversight & GuardrailsCustom policies block risky behaviors such as data exfiltration in real time and give security teams the tools to monitor and control agent behavior across the fleet (evokesecurity.com, PRNewswire). | Full |
| Security, Identity & GovernanceA security product by design: AI security posture management, threat modeling, least privilege remediation of over permissioned agents, policy enforcement and non human identity governance (evokesecurity.com, PRNewswire, cybersectools). | Full |
| Observability & AuditabilityPositioned as EDR for AI agents with full visibility into every agent action, real time monitoring of behavior and continuous inventory (evokesecurity.com, trust center, PRNewswire). | Full |
| Memory & State PersistenceMaintains a continuous inventory and behavioral baselines of the agent fleet, a persistent state model rather than agent memory (cybersectools listing, Palo Alto roundup). | Partial |
| Deployment & Data ResidencyDeploys flexibly across contexts: an endpoint sensor for local agents, an SDK and in line proxy for production agents, and a browser extension for SaaS agents, in minutes with no workflow disruption (cybersectools listing, PRNewswire). | Full |
| Prebuilt Agents / Templates / PacksPolicies are custom and no prebuilt agent or template pack library was documented this session (evokesecurity.com). | Unable to verify |
| Triggers & Channel CoverageReal time detection triggers on agent actions and enforces blocking, an action driven security domain rather than broad channel coverage (evokesecurity.com, PRNewswire). | Partial |
| Model Flexibility & RoutingEvoke tracks and governs the models that other agents use, but its own model is not disclosed and no customer model selection applies (evokesecurity.com, cybersectools). | Unable to verify |
| APIs / SDKs / MCP ExtensibilityProvides an SDK and proxy for instrumenting production agents and is MCP aware, though a broad public developer platform was not documented (cybersectools listing, PRNewswire). | Partial |
| Testing, Debugging & OptimizationThreat modeling maps attack paths and blast radius and AI-SPM assesses build time configuration risk, a proactive risk evaluation rather than an agent testing framework (cybersectools listing, PRNewswire). | Partial |
| Browser / Computer-useThe browser extension monitors SaaS agents for security; Evoke is not itself a browser or computer use agent (cybersectools listing, evokesecurity.com). | Unable to verify |
Recent platform changes
No recent material changes tracked yet.
Pricing
No public pricing; the site directs buyers to contact Evoke. Pre seed, enterprise sales led with a demo based motion.
enterprise license, likely by agents or environments monitored
Cost watchouts
Broad coverage across local, production and SaaS agents may require deploying multiple sensors and the proxy, adding operational overhead.
Variable cost rationale
Coverage likely scales with the number of agents, endpoints and environments monitored, though no metered axis is published.
Sales call required
Yes — required for paid access
Free / trial
Demo on request; no public free tier
Lowest paid plan
None public; contact sales
Key ambiguities
Nothing numeric is public; early pre seed stage with bespoke terms.
Related vendors
- 7AI — Swarming agentic SOC from the Cybereason founders: sixty plus domain…
- Airrived — Agentic OS that unifies SOC, GRC, IAM, vulnerability management, IT,…
- Assail — Autonomous red teaming platform (Ares) whose AI agents discover,…
- Astelia — AI native exposure management platform from Israeli National Red…
- Capsule Security — Runtime security layer for AI agents that detects and blocks unsafe…
- Clutch Security — Universal non human identity security platform that discovers,…