AI agents have real jobs inside companies now. They write code, touch databases, call APIs, and make decisions without asking first. Most security tools were built to watch people, not machines that act on their own.
The Stealth Launch
Tenet Security came out of stealth earlier this week. The company raised $6 million in seed funding from The Westly Group and MizMaa Venture. Its pitch is to predict what an AI agent is about to do, then block the move before it happens instead of after. Tenet says many companies are running five times more AI agents than their security teams know about.
Barak Sternberg and Nevo Poran founded Tenet after a stretch on Cisco’s AI Defense team. Their job there was breaking AI agents, then building the defenses to stop what they’d just broken. Before that, the pair ran a company called Wild Pointer. It scaled to seven figures in yearly revenue with Fortune 500 clients, and they walked away from it to start over with Tenet. Both have spoken at DEF CON and Black Hat.
“AI agents may be the biggest productivity unlock enterprises have seen in decades, which is why organizations are moving so quickly to deploy them,” said Sternberg, Tenet’s co-founder and CEO. “But we’re also entering a world where autonomous agents are interacting with systems, data, and other agents in ways most security tools were never designed to understand.”
Predicting The Next Move
Tenet calls its core technology Agent-side Simulation. The patent-pending approach tries to predict an agent’s next move before it runs against a real system. If the predicted path looks risky, Tenet says it can step in and block it. It also logs a trace that explains why. Most security tools wait until the damage is done, then send an alert.
The company also points to a newer problem it calls Agentjacking. An attacker doesn’t need to write malware to pull this off. They just need to hide an instruction somewhere an agent will eventually read it. That could be an email, a log file, or a database entry. Once the agent reads that data, it may follow the hidden instruction instead of doing its real job. The agent never technically breaks its own permissions, so normal security tools don’t catch it. Sternberg and Poran call this a fourth kind of risk, alongside the old three of read, write, and execute. They call it ingest, and argue that nothing in the current security stack was built to watch for it.
“We’re increasingly seeing AI agents become part of the attack path itself,” said Poran, Tenet’s co-founder and CTO. “The challenge isn’t simply monitoring prompts or API traffic, but understanding and controlling agent behavior in real time.”
What Early Deployments Show
Tenet points to early deployments as evidence that the approach works. One law firm with more than $1 billion in yearly revenue saw its AI agents grow from two to more than twenty. That happened in six months. The company says it blocked more than ten attempted attacks in that stretch, including a serious cross-site scripting attempt. At a separate Fortune 1000 company, Tenet says it caught an agent that quietly ran up tens of thousands of dollars in token costs in a single weekend. The company caught it before the agent could be rolled out more broadly. I want to clarify, however, that those numbers come from Tenet. That said, they’re useful anecdotes as a starting point.
A growing list of funded startups is chasing this same problem. Each one wants the same basic thing: real visibility and control over what AI agents do once they’re set loose. Tenet’s bet is that predicting an agent’s next move beats catching it after the fact. Whether that holds up at enterprise scale and machine speed is still an open question.
