The security and governance platform purpose-built for AI agents.
THE MARK - Zenity's wordmark. A company betting that the next great security blind spot isn't a device or a server, but an autonomous AI agent acting on your behalf.
Somewhere inside most large enterprises, an AI agent is quietly doing work no human explicitly checked. It reads an inbox, queries a customer database, drafts a reply, clicks a button in a SaaS app, and moves on to the next task. It is fast, tireless, and - until recently - almost entirely unwatched. Zenity was built for that gap.
Founded in 2021 by Ben Kliger and Michael Bargury, Zenity describes itself as the first end-to-end security and governance platform purpose-built for AI agents. The pitch is direct: as companies rush to deploy Microsoft Copilot, Salesforce Agentforce, and home-grown agents on AWS Bedrock and Google Vertex, they are creating a new attack surface that traditional, model-focused security tools were never designed to see. Zenity's job is to give security teams visibility and control over what those agents can access, what they do, and which tools they invoke.
The founders are not new to the problem. Kliger and Bargury met at Microsoft, where each held leadership roles in the company's cloud security organization, after serving in elite Israeli intelligence units. That background - offensive research paired with enterprise-scale defense - runs through everything the company builds.
Most tools in the AI security conversation stop at the model. They inspect prompts and outputs, looking for something toxic or leaked. Zenity's thesis is that the real risk lives one layer deeper - at the moment an agent actually invokes a tool, touches data, or takes an action.
An agent can be steered, through prompt injection, into misusing a powerful integration. It can reach data it should never see without that data ever appearing in a prompt. It can be over-privileged by a well-meaning configuration that quietly bypasses the model's own filters. These are execution problems, not conversation problems.
So Zenity built for the full agent lifecycle: discover every agent (including the shadow ones nobody registered), assess and harden its posture before deployment, then monitor its step-by-step behavior at runtime to detect and respond to malicious activity. The platform spans three deployment types - SaaS-managed agents, home-grown cloud agents, and agents running on end-user devices.
Its research and detection are mapped to frameworks security teams already trust, including the OWASP LLM Top 10 and MITRE ATLAS, which makes the output legible to a SOC analyst rather than a novelty.
Agent discovery and inventory with real-time visibility into every agent's configuration, ownership, and runtime behavior across SaaS, cloud, and endpoint - surfacing shadow AI you didn't know existed.
Discovery & InventoryAI security posture management that applies secure-by-design guardrails before deployment - least-privilege access controls and policy enforcement mapped to OWASP LLM Top 10 and MITRE ATLAS.
Posture ManagementAI Detection and Response that monitors agents at runtime, analyzing step-level execution to catch prompt injection, tool misuse, and anomalies - and to respond when something goes wrong.
Runtime DetectionAn incident correlation engine that connects posture gaps, runtime anomalies, and behavioral intent into clear, investigable findings - so security teams see the story, not just the signal.
CorrelationLarge enterprises - including Fortune 500 organizations - across financial services, technology, manufacturing, energy, healthcare, and pharmaceuticals. Inside those companies, the users are security, DevSecOps, and platform teams responsible for letting the business adopt AI agents without losing control.
The AI security field is crowded with tools that guard the prompt. Zenity's differentiation is that it guards the action. It treats an agent less like a chatbot and more like an identity with access - a workload that can be discovered, scoped, monitored, and, when necessary, stopped.
The second difference is credibility earned through offense. Zenity Labs, the company's research arm, publishes working exploits against popular agents before adversaries can weaponize them. At Black Hat USA 2025 the team revealed "AgentFlayer," a set of zero-click exploit chains that silently hijacked agents built on ChatGPT, Microsoft Copilot Studio, Google Gemini, and Salesforce Einstein, among others. Several vendors, including OpenAI and Microsoft, shipped patches after responsible disclosure.
That "attack to defend" posture is a trust strategy as much as a research program: prove you understand the threat better than anyone, and enterprises believe you can defend against it. The third difference is breadth - one policy layer across competing ecosystems, so a security team isn't stitching together Microsoft's controls, Salesforce's controls, and a home-grown pipeline by hand.
The comparison the founders invite is Wiz, the cloud security company whose founders they worked under at Microsoft. Whether Zenity earns that comparison is unsettled - but the strategic blueprint is the same: find the blind spot everyone else is ignoring, then own the category.
| Round | Amount | Date | Lead / Notable investors |
|---|---|---|---|
| Seed | ~$5M | 2021 | Vertex Ventures, UpWest |
| Series A | ~$16.5M | 2022 | Intel Capital, Vertex Ventures |
| Series B | $38M | Oct 2024 | Third Point Ventures & DTCP (co-lead), M12, Intel Capital, Vertex Ventures |
Total raised to date: ~$59.5M. Early-round figures are approximate. Series B announced October 29, 2024.
"Model guardrails tell you what an agent said. Security teams need to know what it did - the tool it invoked, the data it touched, the action it took."
Ben Kliger and Michael Bargury launch Zenity to secure low-code/no-code and, increasingly, AI-driven automation.
Intel Capital leads a Series A to expand the governance platform.
The research team exposes risks in low-code/no-code and emerging AI agent platforms.
Third Point Ventures and DTCP co-lead as Zenity sharpens its focus on enterprise AI agents.
Zenity Labs discloses zero-click agent exploits at Black Hat; Gartner names Zenity a Cool Vendor in Agentic AI TRiSM.
Zenity lands on AWS Marketplace and is cited by Gartner as the first platform purpose-built for AI agents.
Business model. Zenity is B2B SaaS. It sells subscription access to its agent security platform, direct and through cloud marketplaces like AWS Marketplace, and integrates with the major agent-building ecosystems from Microsoft, Salesforce, AWS, and Google.
Where it fits. Zenity sits in the emerging AI-TRiSM (Trust, Risk and Security Management) category - the security layer that makes enterprise AI adoption defensible. Its neighbors and rivals include Prompt Security, Lasso Security, Lakera, Protect AI, Noma Security, and HiddenLayer, plus larger cloud and identity platforms extending into AI governance.
The bet. The winner in AI security won't be whoever says "no" to agents. It will be whoever makes "yes" safe. Zenity is wagering that enterprises will pay for the ability to deploy agents at scale with the same control they expect from any other governed system.
Expertise. Founder-led and research-driven, rooted in elite Israeli intelligence units and Microsoft's cloud security organization - an offensive-security mindset paired with enterprise-governance discipline.
Kliger and Bargury both led in Microsoft's cloud security organization and both served in elite Israeli intelligence units before founding Zenity.
Michael Bargury is a prolific researcher known for exposing risks in low-code/no-code and AI agent platforms - often on stage at Black Hat.
Zenity Labs demonstrates working exploits against popular AI agents before adversaries can, then works with vendors on fixes.
Zenity started in low-code/no-code security and carried the same governance thesis into the agent era as automation exploded.
Zenity provides an end-to-end security and governance platform for AI agents, giving enterprises visibility and control over what agents can access, do, and invoke across SaaS, cloud, and endpoint environments.
Zenity was founded in 2021 by Ben Kliger (CEO) and Michael Bargury (CTO), who previously held cloud security leadership roles at Microsoft.
Instead of only inspecting prompts and outputs, Zenity focuses on what an agent actually does at runtime - the tools it invokes, the data it touches, the actions it takes - to catch tool misuse, prompt injection, and over-privileged configurations.
Roughly $59.5M total, including a $38M Series B in October 2024 co-led by Third Point Ventures and DTCP, with backing from Microsoft's M12, Intel Capital, and Vertex Ventures.
Zenity secures agents across major ecosystems including Microsoft 365 Copilot and Copilot Studio, Salesforce Agentforce, AWS Bedrock, Google Vertex, ChatGPT Enterprise, and home-grown agent platforms.