Securing enterprise agents: Q&A with Straiker Co-founder and CEO Ankur Shah
Key Highlights
- As AI shifts from content generation to agents, organizations must secure “actors” that can reason and operate across systems, not just applications.
- Straiker has a unique set of tools to defend against agent threats: visibility (Discover), pre-deployment testing (Ascend) and real-time protection (Defend).
- Legacy tools lack the ability to detect attacks that exploit prompts, reasoning and tool use, showing the value of purpose-built platforms like Straiker.
Enterprise adoption of AI, particularly with autonomous agents, shows no sign of slowing down. The value of moving beyond traditional chatbots, typically constrained to pre-defined workflows, for AI agents capable of independently booking meetings and handling customer interactions, is increasingly clear.
As a result, companies have been deploying agents at a rapid rate, so quick in fact that securing these agents has become a challenge. According to Gartner, 40% of enterprise applications are expected to incorporate AI agents, making cybersecurity a top risk for 2026. As a category, AI cybersecurity is projected to post a 24% CAGR, rising from $25 billion today to $94 billion by 2030.
The current moment calls for solutions that put companies on the front foot, enabling them to detect and block novel, autonomous attacks. That is why we are excited to announce our investment in Straiker, a security platform purpose-built to tackle these critical threats.
Founded by Ankur Shah and Sreenath Kurupati, then launched in 2025, Straiker guards against attacks on AI agents, including prompt manipulation, data leakage and autonomous decision hijacking. For Citi Ventures, we see an investment in Straiker as an opportunity to both better understand the current threat landscape and help shape how enterprises defend against it.
We sat down with Ankur to discuss his company, its product line and why Straiker is poised to help enterprises thrive in the agentic era.
(Citi Ventures) You were a startup builder before helping scale Prisma Cloud into a leading cloud security platform. What did that full journey teach you, and how did it shape your decision to become a founder and co-found Straiker with Sreenath?
(Ankur) One lesson stood out across every technology cycle I’ve experienced: whenever a new computing paradigm emerges, security initially gets treated as a feature. Eventually, organizations realize it’s a platform problem.
I saw that firsthand during the cloud transition. Early on, security teams tried to extend traditional tools and processes into cloud environments. That worked for a while, but cloud ultimately changed the operating model so fundamentally that entirely new categories emerged. The companies that won were those that recognized the architectural shift early and built specifically for it.
Sreenath and I saw the same pattern unfolding with AI. Enterprises were moving beyond experimentation and beginning to deploy AI systems that could reason, access data, use tools and take actions. We believed that securing those systems would require a fundamentally different approach than securing applications, endpoint, networks or cloud infrastructure. That conviction led us to start Straiker.
(Citi Ventures) Major shifts in technology (e.g. internet, cloud, mobile) have created new security categories. When did you realize that agentic AI was the next inflection point, and was there a specific moment or incident that inspired you to act?
(Ankur) The realization came when AI moved from generating content to taking actions.
For the first generation of enterprise AI, the focus was on chatbots and copilots. The primary risks were around content generation, data exposure and model misuse. As we watched autonomous agents emerge, the risk profile changed dramatically. Agents could access enterprise systems, retrieve sensitive information, invoke tools, write code and execute multi-step workflows with limited human involvement.
The moment it clicked for us was recognizing that agents weren’t simply another application. They were becoming operators inside the enterprise. Once software can independently reason and act across systems, you’re no longer securing an application. You’re securing an autonomous actor. That’s when we became convinced that agentic security would become its own category.
(Citi Ventures) Straiker has three products: Discover AI, for agent security posture management, Ascend AI for adversarial testing and Defend AI for runtime security. Why does agentic security require all three, and where do you think enterprises should begin?
(Ankur) The challenge with agentic security is that organizations often don’t know where agents exist, how they’re being used, or what they’re capable of accessing.
That’s why we think about the problem as a lifecycle.
First, enterprises need visibility. Discover AI helps organizations understand their agent footprint, where agents are operating, what tools they can access, and what risks they introduce.
Second, agents need to be tested before deployment. Ascend AI adversarially tests agents to identify vulnerabilities such as prompt injection, tool misuse, data exfiltration and unsafe actions.
Finally, no amount of testing can anticipate every real-world scenario. Defend AI provides runtime protection by monitoring agent behavior, detecting threats and enforcing policies as agents operate in production.
Most organizations should begin with visibility. You cannot secure what you cannot see. Once you understand your agent landscape, you can prioritize testing and runtime controls based on business risk.
(Citi Ventures) What does an attack on an enterprise AI agent look like? What is inherently different in such an event compared to other attacks? And why don’t current solutions catch them or measure up? What can Straiker do that legacy vendors retrofitting their existing tools can’t?
(Ankur) Traditional cybersecurity largely focuses on protecting systems from unauthorized access. Agentic security introduces a different challenge: an authorized entity behaving in an unauthorized way.
An attacker may never exploit a vulnerability in the traditional sense. Instead, they manipulate the information the agent sees, influence its reasoning process or exploit the tools and permissions the agent has been granted. The result may be unauthorized data access, unsafe actions, financial transactions, code modifications or business process manipulation.
What’s fundamentally different is that the attack path often flows through prompts, reasoning chains, memory, retrieval systems and tool interactions rather than network packets or application exploits.
Legacy security platforms were designed to inspect users, devices, applications, and network traffic. They were not built to understand agent intent, reasoning, or behavior. Straiker was designed specifically for autonomous systems. We analyze the full agent interaction graph, including prompts, context, tool usage, memory, and actions, allowing us to detect risks that traditional security controls simply cannot observe.
(Citi Ventures) Why are financial services companies valuable customers for you? And what are the related challenges of working with financial services firms?
(Ankur) Financial institutions are among the earliest adopters of AI because the potential value is enormous. Agents can improve productivity, accelerate workflows, enhance customer experiences and unlock new efficiencies across the organization.
At the same time, those in financial services operate some of the most complex and highly regulated environments in the world. They manage sensitive customer data, critical financial systems and high-value transactions. That combination makes them particularly thoughtful about AI adoption.
What we find is that financial services companies are not asking whether they will deploy AI agents. They are asking how to deploy them safely. That’s where agentic security becomes essential. The challenge is that financial institutions require a high degree of trust, governance, explainability and operational rigor. The bar is appropriately high, which makes them demanding but highly strategic partners.
(Citi Ventures) If a CISO at a major enterprise is reading this and hasn't started thinking about agentic security yet, what's the one thing you'd want them to do first thing tomorrow morning?
(Ankur) Start by asking a simple question: “How many autonomous agents are operating in my environment today, and what can they access?”
Most CISOs are surprised by the answer.
The reality is that agents are already entering organizations through coding assistants, productivity platforms, customer-facing applications, internal automation systems and employee-created workflows. In many cases, they are being adopted faster than governance frameworks can keep up.
Before thinking about policies, tools or budgets, organizations need a comprehensive view of their agentic landscape, including their capabilities and impacts. Once you understand where agents exist and what actions they can take, you can begin making informed decisions about testing, governance and runtime security.
The future enterprise will be powered by agents. The sooner security teams understand their agent footprint, the better positioned they’ll be to enable innovation while managing risk.
For more information, email Jelena Zec at jelena.zec@citi.com.
To learn more about Citi Ventures and our portfolio, click click here.