BREAKING  Zenity secures AI agents across Copilot, Agentforce & Bedrock FUNDING  $38M Series B co-led by Third Point Ventures & DTCP RESEARCH  Zenity Labs' AgentFlayer zero-click exploits shown at Black Hat 2025 RECOGNITION  Named a 2025 Gartner Cool Vendor in Agentic AI TRiSM GROWTH  Reported 3x year-over-year growth BREAKING  Zenity secures AI agents across Copilot, Agentforce & Bedrock FUNDING  $38M Series B co-led by Third Point Ventures & DTCP RESEARCH  Zenity Labs' AgentFlayer zero-click exploits shown at Black Hat 2025 RECOGNITION  Named a 2025 Gartner Cool Vendor in Agentic AI TRiSM GROWTH  Reported 3x year-over-year growth
Company Dossier · Cybersecurity

Zenity

The security and governance platform purpose-built for AI agents.

Founded 2021 Tel Aviv & New York AI Agent Security Series B
Zenity logo on a dark background

THE MARK - Zenity's wordmark. A company betting that the next great security blind spot isn't a device or a server, but an autonomous AI agent acting on your behalf.

Filed under Enterprise Security Subject: Zenity Inc. Est. read 8 min
The Dispatch

The company watching the machines that act for you

Somewhere inside most large enterprises, an AI agent is quietly doing work no human explicitly checked. It reads an inbox, queries a customer database, drafts a reply, clicks a button in a SaaS app, and moves on to the next task. It is fast, tireless, and - until recently - almost entirely unwatched. Zenity was built for that gap.

Founded in 2021 by Ben Kliger and Michael Bargury, Zenity describes itself as the first end-to-end security and governance platform purpose-built for AI agents. The pitch is direct: as companies rush to deploy Microsoft Copilot, Salesforce Agentforce, and home-grown agents on AWS Bedrock and Google Vertex, they are creating a new attack surface that traditional, model-focused security tools were never designed to see. Zenity's job is to give security teams visibility and control over what those agents can access, what they do, and which tools they invoke.

The founders are not new to the problem. Kliger and Bargury met at Microsoft, where each held leadership roles in the company's cloud security organization, after serving in elite Israeli intelligence units. That background - offensive research paired with enterprise-scale defense - runs through everything the company builds.

"AI agents are a security blind spot: model-level guardrails don't cover what an agent actually does at runtime."

By The Numbers

Zenity at a glance

2021
Founded
$59.5M
Total raised
$38M
Series B (2024)
3x
YoY growth
What It Does

From "what did it say" to "what did it do"

Most tools in the AI security conversation stop at the model. They inspect prompts and outputs, looking for something toxic or leaked. Zenity's thesis is that the real risk lives one layer deeper - at the moment an agent actually invokes a tool, touches data, or takes an action.

An agent can be steered, through prompt injection, into misusing a powerful integration. It can reach data it should never see without that data ever appearing in a prompt. It can be over-privileged by a well-meaning configuration that quietly bypasses the model's own filters. These are execution problems, not conversation problems.

So Zenity built for the full agent lifecycle: discover every agent (including the shadow ones nobody registered), assess and harden its posture before deployment, then monitor its step-by-step behavior at runtime to detect and respond to malicious activity. The platform spans three deployment types - SaaS-managed agents, home-grown cloud agents, and agents running on end-user devices.

Its research and detection are mapped to frameworks security teams already trust, including the OWASP LLM Top 10 and MITRE ATLAS, which makes the output legible to a SOC analyst rather than a novelty.

"Zenity is the first end-to-end security and governance platform that gives enterprises visibility and control over AI agent behavior - what they access, what they do, and the tools they invoke."
The Platform

Four moving parts, one lifecycle

01 / OBSERVE

Zenity Observe

Agent discovery and inventory with real-time visibility into every agent's configuration, ownership, and runtime behavior across SaaS, cloud, and endpoint - surfacing shadow AI you didn't know existed.

Discovery & Inventory
02 / GOVERN

Zenity Govern

AI security posture management that applies secure-by-design guardrails before deployment - least-privilege access controls and policy enforcement mapped to OWASP LLM Top 10 and MITRE ATLAS.

Posture Management
03 / DEFEND

Zenity Defend (AIDR)

AI Detection and Response that monitors agents at runtime, analyzing step-level execution to catch prompt injection, tool misuse, and anomalies - and to respond when something goes wrong.

Runtime Detection
04 / ISSUES

Zenity Issues

An incident correlation engine that connects posture gaps, runtime anomalies, and behavioral intent into clear, investigable findings - so security teams see the story, not just the signal.

Correlation

Who It Serves

The buyers and the blind spot

Who uses Zenity

Large enterprises - including Fortune 500 organizations - across financial services, technology, manufacturing, energy, healthcare, and pharmaceuticals. Inside those companies, the users are security, DevSecOps, and platform teams responsible for letting the business adopt AI agents without losing control.

  • Security teams needing an inventory of every agent
  • Platform teams rolling out Copilot and Agentforce
  • DevSecOps embedding guardrails into agent pipelines

The problems it solves

  • Tool misuse & action abuse - agents steered into unintended, powerful tool invocations
  • Data exposure - sensitive data reached through actions and memory, never appearing in a prompt
  • Over-privileged agents - misconfigurations that bypass model filters
  • Visibility gaps - shadow AI with no owner and no oversight
The Difference

Why Zenity isn't just another AI filter

The AI security field is crowded with tools that guard the prompt. Zenity's differentiation is that it guards the action. It treats an agent less like a chatbot and more like an identity with access - a workload that can be discovered, scoped, monitored, and, when necessary, stopped.

The second difference is credibility earned through offense. Zenity Labs, the company's research arm, publishes working exploits against popular agents before adversaries can weaponize them. At Black Hat USA 2025 the team revealed "AgentFlayer," a set of zero-click exploit chains that silently hijacked agents built on ChatGPT, Microsoft Copilot Studio, Google Gemini, and Salesforce Einstein, among others. Several vendors, including OpenAI and Microsoft, shipped patches after responsible disclosure.

That "attack to defend" posture is a trust strategy as much as a research program: prove you understand the threat better than anyone, and enterprises believe you can defend against it. The third difference is breadth - one policy layer across competing ecosystems, so a security team isn't stitching together Microsoft's controls, Salesforce's controls, and a home-grown pipeline by hand.

The comparison the founders invite is Wiz, the cloud security company whose founders they worked under at Microsoft. Whether Zenity earns that comparison is unsettled - but the strategic blueprint is the same: find the blind spot everyone else is ignoring, then own the category.

The Money

Funding history

RoundAmountDateLead / Notable investors
Seed~$5M2021Vertex Ventures, UpWest
Series A~$16.5M2022Intel Capital, Vertex Ventures
Series B$38MOct 2024Third Point Ventures & DTCP (co-lead), M12, Intel Capital, Vertex Ventures

Total raised to date: ~$59.5M. Early-round figures are approximate. Series B announced October 29, 2024.


In Their Words

"Model guardrails tell you what an agent said. Security teams need to know what it did - the tool it invoked, the data it touched, the action it took."

- The Zenity thesis, paraphrased from company materials
The Record

How it got here

2021

Zenity founded

Ben Kliger and Michael Bargury launch Zenity to secure low-code/no-code and, increasingly, AI-driven automation.

2022

Series A

Intel Capital leads a Series A to expand the governance platform.

2023

Zenity Labs builds a reputation

The research team exposes risks in low-code/no-code and emerging AI agent platforms.

2024

$38M Series B

Third Point Ventures and DTCP co-lead as Zenity sharpens its focus on enterprise AI agents.

2025

AgentFlayer & Gartner recognition

Zenity Labs discloses zero-click agent exploits at Black Hat; Gartner names Zenity a Cool Vendor in Agentic AI TRiSM.

2026

AWS Marketplace & category leadership

Zenity lands on AWS Marketplace and is cited by Gartner as the first platform purpose-built for AI agents.

The Business

Model, market, and where it fits

Business model. Zenity is B2B SaaS. It sells subscription access to its agent security platform, direct and through cloud marketplaces like AWS Marketplace, and integrates with the major agent-building ecosystems from Microsoft, Salesforce, AWS, and Google.

Where it fits. Zenity sits in the emerging AI-TRiSM (Trust, Risk and Security Management) category - the security layer that makes enterprise AI adoption defensible. Its neighbors and rivals include Prompt Security, Lasso Security, Lakera, Protect AI, Noma Security, and HiddenLayer, plus larger cloud and identity platforms extending into AI governance.

The bet. The winner in AI security won't be whoever says "no" to agents. It will be whoever makes "yes" safe. Zenity is wagering that enterprises will pay for the ability to deploy agents at scale with the same control they expect from any other governed system.

Expertise. Founder-led and research-driven, rooted in elite Israeli intelligence units and Microsoft's cloud security organization - an offensive-security mindset paired with enterprise-governance discipline.

Field Notes

Four things worth knowing

They met at Microsoft

Kliger and Bargury both led in Microsoft's cloud security organization and both served in elite Israeli intelligence units before founding Zenity.

The CTO breaks things publicly

Michael Bargury is a prolific researcher known for exposing risks in low-code/no-code and AI agent platforms - often on stage at Black Hat.

Attack to defend

Zenity Labs demonstrates working exploits against popular AI agents before adversaries can, then works with vendors on fixes.

Same problem, bigger scale

Zenity started in low-code/no-code security and carried the same governance thesis into the agent era as automation exploded.


Questions

Frequently asked

What does Zenity do?

Zenity provides an end-to-end security and governance platform for AI agents, giving enterprises visibility and control over what agents can access, do, and invoke across SaaS, cloud, and endpoint environments.

Who founded Zenity and when?

Zenity was founded in 2021 by Ben Kliger (CEO) and Michael Bargury (CTO), who previously held cloud security leadership roles at Microsoft.

How is Zenity different from model-level AI security?

Instead of only inspecting prompts and outputs, Zenity focuses on what an agent actually does at runtime - the tools it invokes, the data it touches, the actions it takes - to catch tool misuse, prompt injection, and over-privileged configurations.

How much funding has Zenity raised?

Roughly $59.5M total, including a $38M Series B in October 2024 co-led by Third Point Ventures and DTCP, with backing from Microsoft's M12, Intel Capital, and Vertex Ventures.

Which AI agent platforms does Zenity support?

Zenity secures agents across major ecosystems including Microsoft 365 Copilot and Copilot Studio, Salesforce Agentforce, AWS Bedrock, Google Vertex, ChatGPT Enterprise, and home-grown agent platforms.

Watch & Learn

Interviews & demos

YouTube · Channel

Zenity on YouTube

Product demos & talks ↗
Research

AgentFlayer at Black Hat 2025

Read the disclosure ↗
Founder Interview

Ben Kliger on AI's blind spot

Read the interview ↗
Connect

Find Zenity

Share this profile