Key Takeaways
- Tel Aviv based Capsule Security has emerged from stealth with a $7 million Seed round led by Lama Partners alongside Forgepoint Capital International.
- The startup, founded in 2025 by CEO Naor Paz (ex F5, Unit 8200) and CTO Lidan Hazout (ex Transmit Security), already employs about 70 people across Israel and the US.
- Capsule’s runtime trust layer integrates with Cursor, Claude Code, Microsoft Copilot Studio, ServiceNow, and Salesforce Agentforce, requiring no proxies, gateways, SDKs, or browser extensions.
- The company was selected as 1 of 6 finalists from nearly 1,000 startups in the CrowdStrike, AWS, and NVIDIA Startup Accelerator at RSA Conference.
Quick Recap
Capsule Security, a Tel Aviv based runtime security layer purpose built for enterprise AI agents, officially exited stealth on April 14, 2026 with a $7 million Seed round led by Lama Partners with participation from Forgepoint Capital International. The announcement, distributed via BusinessWire and amplified across X by outlets including Calcalistech and Security Boulevard, positions Capsule as a “trust layer for agentic AI” that blocks manipulation, misbehavior, and silent data exfiltration during agent execution.
Inside the Runtime Trust Layer
Capsule’s platform enforces controls directly inside the agent execution path, delivering real time visibility over agent actions and blocking unsafe or unauthorized behavior before it completes. At the core sits ClawGuard, an open source pre invocation checkpoint that evaluates an AI agent’s intent before tool calls are made.
The company has also fine tuned Small Language Models (SLMs) into a multi agent system of “Guardian Agents” that deliver both posture management and low latency runtime protection, according to Damien Henault of Forgepoint Capital International, who joined the Capsule board. The platform generates auditable telemetry for governance, investigation, and compliance teams, and routes signals into existing enterprise security response workflows.
Why It Matters Now?
Enterprise AI agents are increasingly behaving as privileged users with direct access to sensitive data, tools, and workflows, creating what Capsule calls the fastest growing blind spot in cybersecurity.
The Tel Aviv startup’s emergence follows research in which it exposed vulnerabilities in Microsoft and other agent platforms, underscoring the governance gap between what security teams can control and what autonomous agents can execute in production. Regulators and CISOs are accelerating demand for runtime guardrails as agentic deployments scale through tools like Copilot Studio and Salesforce Agentforce.
Competitive Comparison
The runtime AI agent security category is crowded with early stage peers. The closest comparables at similar stage and scope are Prompt Security and Zenity, both Israeli firms targeting AI agent and copilot protection.
| Feature/Metric | Capsule Security | Prompt Security | Zenity |
| Funding Stage | $7M Seed (2026) | Series A, ~$23M total | Series B, ~$54M total |
| Headquarters | Tel Aviv, Israel | Tel Aviv, Israel | Tel Aviv, Israel |
| Core Focus | Runtime trust layer for enterprise AI agents | Prompt level GenAI firewall and DLP | Agent security posture for low code copilots |
| Deployment Model | No proxies, gateways, SDKs, or browser extensions | Inline proxy and gateway | Agent and copilot scanning, posture management |
| Agentic Capabilities | ClawGuard pre invocation checkpoint, Guardian SLMs | Prompt filtering, response inspection | Discovery and guardrails for Copilot Studio, Agentforce |
| Integrations | Cursor, Claude Code, Copilot Studio, ServiceNow, Agentforce | OpenAI, Anthropic, custom LLMs | Microsoft Copilot Studio, Salesforce, ServiceNow |
Capsule wins on runtime enforcement depth and frictionless deployment with no proxies or SDKs, making it attractive for security teams that cannot tolerate added infrastructure. Zenity remains ahead on posture breadth and enterprise traction given its larger funding base, while Prompt Security is stronger for organizations primarily worried about prompt level abuse rather than tool execution.
Bayelsa Watch’s Takeaway
In my view, this raise is quietly bullish for the agentic AI stack, even though $7 million is modest by 2026 cybersecurity standards. I think Capsule is solving the right problem at the right moment because enterprise agents are now writing code in Cursor, filing tickets in ServiceNow, and closing deals in Agentforce with privileged access that most CISOs cannot actually see.
In my experience, security layers that avoid proxies and SDKs tend to win procurement battles faster, and Capsule’s architecture leans directly into that preference. I generally prefer founders with dual expertise in offense and defense, and the Paz and Hazout pairing out of Unit 8200 and Transmit Security checks that box. The CrowdStrike, AWS, and NVIDIA accelerator finalist slot against a field of nearly 1,000 is the strongest external validation here, and it signals potential strategic distribution down the line.
Sources
