Straiker raises $64M to secure the AI agent workforce

Straiker, a Mountain View startup positioning itself as the security layer for production AI agents, has closed a $64 million Series A, bringing total funding to $85 million. Marathon Management Partners led, with Citi Ventures, Illuminate Financial, and Workday Ventures joining, plus Bain Capital Ventures and Lightspeed. The pitch: AI agents are the fastest-growing workforce in the enterprise, and traditional controls were not designed for a workforce that reasons and acts on its own.

The workforce framing for the agentic security market

The single most important sentence in the Straiker announcement is the framing. The press release calls AI agents the fastest-growing workforce in the enterprise, and the rest of the document is built around the implication: if you accept the framing, then the security problem is not a new product category, it is an identity and access problem with a different kind of worker. The team cites the IDC forecast of more than one billion AI agents deployed across enterprises by 2029, 40x the number in 2025, and treats the forecast as the operating context for everything the platform is built to do. That is a different starting point from the legacy application security vendors, who are still reasoning about code, packages, and infrastructure.

The two concrete numbers from STAR Labs, Straiker's adversarial testing arm, sharpen the case. The team found that 36 percent of successful attacks on coding agents resulted in remote code execution, and 91 percent of attacks on productivity agents led to silent data exfiltration, with no malware and no stolen credentials. Both numbers are high enough to break the assumption that an agent inside the enterprise perimeter is a known and trusted actor, and they explain why the company is positioning around three capabilities rather than one. Discovery, pre-deployment adversarial testing, and runtime protection are the three products, and the data layer that links them is the moat. Threats detected in production feed back into the testing harness, and vulnerabilities found in testing harden the runtime monitor, so the platform gets sharper as more customers put more agents through it.

The Meta support agent incident from this spring is the worked example. Reuters reported that attackers manipulated Meta's AI support agent into changing account emails and bypassing two-factor authentication, hijacking more than 20,000 Instagram accounts without ever breaching Meta's core systems. The attack chain did not require a vulnerability, an exploit, or a stolen credential, which is why it ended up in the Straiker press release and not in a CVE database. The agent did exactly what it was designed to do, and the design was the problem. That is the gap Straiker is selling into, and the same gap that the Forrester Identiverse 2026 recap called the new IAM front.

How Straiker fits the broader agentic security market

Straiker is one of three agentic security companies that have raised material rounds in the last 60 days, and the pattern across the cohort is worth watching. The others, Arcade and the recent Cisco intent to acquire WideField Security, are selling complementary pieces of the same problem. Arcade is positioning as the secure action layer that mediates what agents are allowed to do at the moment of execution, and WideField is bringing identity and access management discipline to the agent side of the ledger. Straiker is the closest to the legacy application security vendors in terms of product shape, because discovery, testing, and runtime protection is the same triad that endpoint detection and response vendors sell into the endpoint market. The interesting question is whether the buyer at the customer is the CISO, the head of AI, or a new function, and the press release hints that the answer is the CISO for now, with the head of AI as the secondary buyer.

The leadership team is built to sell to the CISO. CEO Ankur Shah previously scaled Palo Alto Networks' Prisma Cloud business as SVP and GM, and CTO Sreenath Kurupati led AI and security research at Akamai after the company acquired Cyberfend, the fraud detection startup he founded. Both have spent their careers selling to enterprise security buyers, and the early customer list, which the company describes as Fortune 500 enterprises and frontier AI labs, is consistent with that buyer. The board addition is also a signal. Gokul Rajaram, the founding partner of Marathon who is joining the Straiker board, has a track record as a product and go-to-market operator at Square, Pinterest, and DoorDash, and Marathon's lead position suggests the firm is underwriting the go-to-market as much as the technology.

The strategic question is whether the agentic security category is large enough to support three independent companies plus the legacy application security vendors all pivoting into the same space. The IDC number, 1 billion agents by 2029 at 40x the 2025 base, is large enough on paper. The harder question is whether the customers will buy a new product category or whether the legacy application security vendors will absorb the agentic workload as a feature. The PR Newswire announcement positions Straiker as the company that already has the data, the customer list, and the testing methodology, and the Series A is the bet that the customer will pay for a dedicated product before the legacy vendors catch up.

An inventory, a test, and a runtime gate for 2026

The most important thing an enterprise security team can do in the next 90 days is take an honest inventory of which agents are running in the environment, what they can access, and what they have already done. The Straiker STAR Labs data shows that 91 percent of attacks on productivity agents lead to silent data exfiltration, which is the kind of failure mode that does not show up in a SIEM dashboard until the data is already gone. The first step is discovery, and the second step is a clean separation between the agents that are sanctioned by the IT organization and the agents that have been provisioned by line-of-business teams without security review. That gap is where most of the damage happens, and it is the gap that the Enterprise AI Governance Checklist for 2026 was built to close.

The second thing is to require pre-deployment adversarial testing for any agent that will touch production data, especially coding agents and productivity agents. The 36 percent remote code execution rate from STAR Labs is a hard number, and it is the kind of number that justifies a pre-deployment gate. The third thing is to instrument the runtime environment so that an agent that is acting out of policy is stopped before it can exfiltrate, not after. The Straiker runtime protection product is one option, and the recent Dapr 1.18 Verifiable Execution release is a complementary open-source option for teams that want to instrument the runtime themselves.

The Series A is the cleanest signal yet that the agentic security category is large enough to support venture-scale companies, and that the legacy application security vendors are not going to absorb the workload as a feature. The next 90 days will tell whether the early customers pay for the dedicated product or whether the category gets pulled into the existing application security stack by consolidation. Either way, the inventory, the pre-deployment testing, and the runtime instrumentation are the three things every enterprise security team needs to put in place, regardless of which vendor ends up winning the agentic security market. The funding announcement is in the PR Newswire writeup.