Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now
You thought generative AI was a technological tidal wave of change coming for enterprises, but the truth is — at 2.5 years since the launch of ChatGPT — the change is only getting started. A whopping 96% of IT and data executives plan to increase their use of AI agents this year alone, according to a recent survey from Cloudera covered by CIO.
However, with this comes a whole host of other considerations for the organizations moving in this direction, perhaps foremost of which: how to protect the security of the organization’s software, data, and other digital systems, especially as more and more agents arrive that can conduct actions autonomously, on their own, with minimal human oversight?
Cyata, a Tel Aviv-based cybersecurity startup, was founded to tackle this mission head on and is today emerging from stealth to show enterprises how.
It’s backed by $8.5 million in seed funding led by TLV Partners with participation from notable angel investors and former Cellebrite CEOs Ron Serber and Yossi Carmil. Meanwhile, Cellebrite’s former VP of Business Development Shahar Tal serves as Cyata’s co-founder and CEO. Cellebrite, you may recall, is the infamous security firm that developed ways to bypass the security or “crack” Apple’s highly secure and encrypted iPhone for law enforcement customers, so the bonafides of the founders are real.
“This is a paradigm shift,” said Tal in an interview with VentureBeat. “Like the move to cloud, we’re watching software change in front of us. Enterprises need new guardrails to handle the velocity and autonomy of these systems.”
The AI Impact Series Returns to San Francisco – August 5
The next phase of AI is here – are you ready? Join leaders from Block, GSK, and SAP for an exclusive look at how autonomous agents are reshaping enterprise workflows – from real-time decision-making to end-to-end automation.
Secure your spot now – space is limited: https://bit.ly/3GuuPLF
A new control dashboard for agentic identities
Cyata’s platform introduces a purpose-built solution to govern what it refers to as “agentic identities”—AI actors that perform tasks autonomously.
“These agents don’t work like traditional identities—they spin up in milliseconds, fork into sub-agents, make privileged calls, and vanish before IAM or PAM systems can react,” Tal explained. “They’re faster, more privileged, and more error-prone. The legacy IAM tooling simply can’t handle that architecture.”
The offering includes three integrated capabilities:
- Automated discovery of AI agents across all of the enterprise’s working environments
- Real-time forensic observability
- Granular access control
“We’re the control plane for authentic identities of autonomous digital workers,” Tal explained. “The moment an agent authenticates, we recognize it, trace what it’s doing, and enforce least privilege in real time.”
Cyata automatically scans cloud and SaaS environments to surface all AI agents in use and maps each to a human owner.
It then monitors agent behavior for risky access patterns or anomalies and maintains a full audit trail of actions, including intent.
“We fingerprint agents by detecting behaviors that don’t match human activity—like high-speed actions, technical headers, or unusual access patterns,” Tal added.
Real-time justification and AI-to-AI verification
One of Cyata’s most novel features is its ability to interrogate agents for their intent in natural language. When an agent attempts to execute a task, Cyata can prompt it for an explanation and then evaluate the justification using both rules-based logic and AI.
“One of the nice things about AI agents is they speak English,” said Tal. “We can ask them why they’re calling a tool, and they’ll provide evaluable, contextual justifications we can assess for validity.”
The platform uses AI models to assess these justifications in real time, creating an added layer of interpretability and risk scoring.
“We use certain AI models to evaluate justifications from agents. It’s AI evaluating AI—scoring context and intent as part of our risk assessment,” Tal explained.
But what about malicious agents spun up by hackers or cyber criminals? Cyata is ready for those, too, as Tal outlined.
“We want to make sure that this is an agent coming from the source,” he said. “So for example, coming from the Copilot environment, so that’s a good signal. Or maybe it’s been doing correct things for a while now. Or if it’s a new identity and we’ve never seen it, that’s a bit more risky. So we have to evaluate the entire risk for each of these tool call requests.”
From discovery to deployment in 48 hrs.
Cyata emphasizes a rapid deployment model, offering near-immediate value to enterprise security and identity teams.
Integration with common platforms like Microsoft Copilot, Salesforce AgentForce, and other popular identity providers is already supported.
“We’ve designed our system to integrate very quickly,” said Tal. “Within 48 hours, we can scan cloud environments, copilots, and other tools to surface agentic identities and their risks.”
Once discovered, Cyata connects each AI agent to a human stakeholder for accountability, helping bridge the gap between legacy identity systems and the emerging AI workforce.
Beyond the developers
The growing use of AI agents isn’t limited to technical teams. While developers were an early audience, Cyata quickly realized adoption was broader.
“Initially, we thought developers would be the primary audience. But we’ve seen non-developers deploying agents rapidly—sales, finance, support—so centralized governance became essential,” Tal noted.
Organizations often discover unexpected usage patterns once Cyata is deployed.
In several cases, tools like Cursor or Copilot were found to be acting with elevated permissions, impersonating users, or accessing sensitive data without oversight.
“We’ve seen cases where companies think they haven’t deployed AI, but suddenly there’s Cursor or Copilot running in full impersonation mode, acting on someone’s behalf. It’s already happening,” Tal said.
Future-proofing AI agent identity and compliance for enterprises
Cyata’s platform operates in multiple modes—from passive monitoring to active enforcement—allowing security teams to adopt it without disrupting workflows.
The system can flag risky activity, suggest mitigations, or enforce human approvals for high-privilege actions. Pricing follows a SaaS model, based on the number of managed agentic identities.
The company sees its role as not just patching current gaps, but preparing enterprises for a broader shift in how work is conducted.
With a team of cybersecurity veterans from Unit 8200, Check Point, and Cellebrite, Cyata is positioned to lead in this emerging category. The company will unveil new research at the upcoming Black Hat conference and is building out a partnership program to deepen integrations with identity vendors and enterprise platforms.
As AI agents become more prevalent, Cyata is betting that enterprises will need better tools to understand who—or what—is acting on their behalf.
