Security for the agentic workforce. Agents don't wait for permission - and neither do the threats targeting them.
Sunnyvale, CA. The company card for a two-year-old startup that decided the safest way to protect an AI agent was to spend all day trying to break it. Two-thirds of the payroll does exactly that.
Companies are handing AI agents real access to real systems - inboxes, code repos, customer records. Straiker's pitch is that this new kind of employee needs a new kind of security guard.
Here is a thing that is true and slightly alarming at the same time: a lot of large companies have, over the past 18 months, quietly given software agents the ability to read their email, write to their databases, and call their internal tools - the kind of access you'd normally make a human badge in for. The agents are fast, they're tireless, and they do not, in the traditional sense, wait for permission. That's the selling point. It's also the problem.
Straiker, a two-year-old company headquartered on South Murphy Avenue in Sunnyvale, exists because that access is a gift to attackers. If you can trick an AI agent into misreading an instruction - a poisoned document here, a cleverly worded email there - you can potentially get it to do things its owner never intended. Straiker's own research team found that in testing, 91% of attacks on productivity agents ended in silent data exfiltration and 36% of attacks on coding agents achieved remote code execution. "Silent" is the operative word. The agent does its job, the data walks out the door, and nobody files an incident report because nobody noticed.
The company calls itself "the agentic security company," which is a bold claim to plant a flag on, but it has the résumés to make it. Co-founder and CEO Ankur Shah previously ran Prisma Cloud at Palo Alto Networks as SVP and GM, a business he helped scale by a reported 50x over five years. Co-founder and CTO Sreenath Kurupati spent 20-plus years in security and AI, most recently leading AI and security research at Akamai after it acquired the fraud-detection company he founded. These are not people new to the idea that attackers are patient and well-funded.
Straiker's platform breaks the job into three parts, which is a tidy structure and also happens to mirror how a real adversary thinks. First you find the attack surface, then you probe it, then you guard it.
Discover AI maps every AI agent, MCP server, and workflow already running across an enterprise - and Straiker's data suggests companies routinely underestimate that count. (One of its more quotable findings: 28.6% of cataloged MCP tools are, in its phrasing, "dangerous on their face.") Ascend AI is the adversarial engine - it continuously red-teams those agents before deployment, hunting for prompt injection, goal hijacking, tool misuse, and inter-agent manipulation. Defend AI is the runtime layer, blocking identity abuse, memory poisoning, data exfiltration, and resource exploitation while the agents are live, and doing it without adding the kind of latency that would make anyone turn it off.
The elegant part - the part that makes an engineer nod - is that these two halves talk to each other. Every attack Ascend AI discovers automatically sharpens Defend AI's detection engine. Offense feeds defense in a closed loop, so the product gets meaner over time without a human having to hand-write a new rule for every fresh exploit. Most security tools don't get to learn from their own red team. Straiker built the red team into the product.
Inventories the agents, MCP servers, and AI workflows running across the enterprise - revealing the full AI attack surface, including the parts nobody knew were live.
An adversarial red-teaming engine that continuously attacks agents before deployment to expose prompt injection, goal hijacking, tool misuse, and inter-agent manipulation.
Runtime protection that detects and blocks identity abuse, memory poisoning, data exfiltration, and resource exploitation - without slowing the agents down.
"Agents don't wait for permission and neither do the threats targeting them."
The most unusual fact about Straiker isn't in its funding round - it's in its org chart. Roughly two-thirds of the company works in a threat-research group called STAR Labs, drawing people from FireEye, Mandiant, Microsoft, Meta, and the U.S. Department of Defense. Their job is not to ship features. It's to produce original threat intelligence by breaking AI agents, and to feed everything they learn straight back into the product.
This is a deliberate bet. Plenty of security vendors buy threat feeds; Straiker generates its own, which is why its marketing can cite specific, uncomfortable numbers instead of vague warnings. When STAR Labs finds a new way to hijack a coding agent, that finding doesn't become a blog post and nothing else - it becomes a detection rule in Defend AI. The research team is, in a real sense, the R&D department and the marketing department at once.
It's also a hedge against the pace of the field. AI agent attack techniques are being invented faster than any static rulebook can keep up with. A company that keeps most of its people on offense is betting that the threats will keep changing - and, so far, they are right often enough that Fortune 500 enterprises and frontier AI labs are paying for it.
Existing backers Bain Capital Ventures and Lightspeed re-upped in the Series A - a signal that early investors liked what the first year produced.
Straiker says its customers span Fortune 500 enterprises and leading frontier AI labs. Publicly referenced names include:
"Straiker helped remove the security blindspot in our B2B AI Application."
- Ken Ricketts, Coupa
Ankur Shah and Sreenath Kurupati start Straiker to build AI-native security for AI applications and agents.
Straiker launches publicly with initial funding from Lightspeed and Bain Capital Ventures.
Named a Cybersecurity Stars Awards 2026 winner for AI security testing / red teaming; STAR Labs publishes original agent-threat research.
Marathon Management Partners leads; Citi Ventures, Illuminate Financial and Workday Ventures join. Total raised reaches $85M as run-rate revenue grows more than 15x in under a year.