This weekend I installed Claude Cowork on my desktop. This morning I created a skill that told Claude how to access the IT-Harvest Dashboard, where we have descriptions of 4,025 cybersecurity vendors, including 417 AI Security startups.
I then supplied it with the remaining list of AI Security vendors to be posted here to Substack. It systematically searched the Dashboard and copied the descriptions into a text file which I cut and pasted below.
If you want to jump into Claude Cowork this is a good tutorial.
If you want to automate research for report writing definitely reach out to get a demo of the Dashboard.
Safeguard.sh provides a software supply chain security platform that performs 100-level deep dependency scanning across source code, containers, and AI models. The platform includes an IDE Extension that secures code during development and uses reachability analysis to reduce false positives by 80%. It delivers autonomous auto-fix remediation capabilities that achieve 92% faster remediation times and generates and manages CycloneDX and SPDX SBOMs automatically with version control, centralized repositories, and SLSA provenance attestation. The platform includes a Third Party Risk Manager for validating vendor SBOMs before integration and continuous supplier monitoring with automated policy enforcement. It operates a Zero CVE Components registry with 6,000+ vetted open-source packages screened for malware, SLSA compliance, and dependency confusion risks. Safeguard.sh supports deployment across 15+ cloud platforms including AWS, Azure, and GCP, as well as on-premises Kubernetes and Docker environments, air-gapped networks, and classified infrastructure.
The platform provides complete tenant isolation, end-to-end encryption with AES-256 at rest and TLS 1.3 in transit, multi-factor authentication, role-based access control, real-time threat detection with 24/7 SOC monitoring, and automated incident response. It maintains 99.99% uptime SLA with sub-100ms API latency and processes 10 million daily scans at 100,000+ components per second. The platform is built for FedRAMP HIGH and IL7 compliance and operates completely offline without cloud dependencies for classified and defense environments.
Strike48, a spin-out from Devo, is an agentic log intelligence platform that unifies logs and AI to deliver comprehensive coverage, autonomous investigation, and orchestrated response. Built on 15 years of petabyte-scale log infrastructure management, the platform features a ground-up agentic architecture with three core components: a Log Intelligence Layer supporting parse-at-query and flexible deployment, Prospector Studio for building and managing custom agents without dedicated AI teams, and Agentic Packages of vetted, production-ready agents. The platform deploys purpose-built micro agents designed for specific tasks that investigate, correlate, hand off to one another, and respond autonomously across security operations, IT operations, and compliance use cases.
For security operations, Strike48 handles alert triage and threat investigation, manages workflows and incident coordination, and monitors threat intelligence feeds and security advisories. For IT operations, the platform automates incident troubleshooting, password resets, and access provisioning while identifying performance bottlenecks, monitoring cloud spending, and continuously watching infrastructure for degradation and outages. The platform offers a no-code agent builder enabling teams to design custom monitoring and automation workflows, visual orchestration combining deterministic logic with AI reasoning, real-time data visualizations, and centralized incident management. It maintains complete data isolation within customer tenants with no cross-customer model training, supports SOC2, GDPR, and SOC3 compliance standards, and provides full transparency and control over agent actions and data access.
ThirdLaw provides an operational layer for enterprise AI that delivers visibility, evaluation, and control. The company makes enterprise AI safer to run and easier to control, building specifically for day-two operations. Their core capabilities include monitoring how AI is used across applications and agents, assessing AI interactions against safety and security expectations, and runtime interventions that support human review.
Their solutions address specific enterprise AI operational needs including AI investigation and response, which enables teams to link evidence across systems, preserve decision context, and route findings to existing SIEM, SOAR, and ITSM workflows. They offer AI runtime protection that enforces policy at the point of decision, making each AI decision policy-aware with outcomes based on scope and severity. Additional capabilities include agent and tool controls that govern tool execution to control risk at the moment of impact, AI data protection that prevents internal documents and restricted content from appearing in context or responses outside approved scopes, and AI governance frameworks for policy management and compliance oversight.
Tropico Security operates a preemptive defense platform that predicts, deceives, and neutralizes cyberattacks before they cause damage. The platform deploys AI honeypot mazes and emulators to trap attackers in controlled environments, analyzing their tactics and techniques in real time. It detects lateral movements of ransomware using SMB and RDP emulators while stalling encryption phases to give security teams response time. The system creates a secondary Active Directory that exposes attacker tactics while protecting the real deployment, and defends Entra ID against phishing attacks. Tropico tracks stolen data on dark-web forums by feeding attackers AI-generated information instead of real company data, helping identify threat actors. The platform uses defensive phishing pages to recover compromised credentials and shut down active campaigns. It collects intelligence from multiple sources including external and internal honeypot mazes, dark-web monitoring, SIEM alerts, and client threat intelligence.
Tropico serves critical industries including banking and fintech, aerospace and defense, logistics and transportation, telecommunications, and utilities. For each sector, the platform anticipates attack campaigns, forecasts state-sponsored threats, monitors early indicators of credential theft and ransomware activity, and provides early-warning detection of cyberattacks targeting operations before escalation occurs.
VisionHeight is a pre-attack intelligence and control platform designed to identify and stop threats before weaponization occurs. The platform operates through three core components: Pulse Sensors provide proprietary telemetry across worldwide datacenter IPs to detect malicious infrastructure during build-out, identifying threats 2-8 weeks before weaponization; an Infrastructure Intelligence Graph and Explainable Risk Engine map complete adversary campaigns with reason codes, confidence levels, and temporal context rather than isolated indicators; and Decision Sync integrates directly with security tools including SIEM, EDR, firewall, WAF, and identity systems to propagate policies autonomously across the security stack.
The platform provides unified, pre-attack cyber risk intelligence by fusing multiple intelligence sources — including proprietary datacenter IP signals, internal SIEM/EDR data, attack surface intelligence, and network traffic — into one verified intelligence layer. This approach addresses the problem of security teams operating with fragmented tools and high false positive rates. According to the company, VisionHeight eliminates 70-80% of VPN/CDN false positives and can reduce alert volumes significantly while surfacing actual infrastructure risks.
Zepo provides an agentic social intelligence platform designed to protect organizations from AI-driven social engineering threats targeting employees. The platform enables organizations to simulate realistic, AI-powered social engineering attacks including deepfakes, voice calls, cross-platform messages, and personalized phishing to identify human vulnerabilities. It monitors employee activity in real time across multiple channels including email, chat, messaging apps, and collaboration platforms, flagging suspicious activity the moment it appears to enable organizations to act before threats escalate into actual incidents.
Zepo integrates behavioral training with live threat detection to create a unified, proactive defense layer, combining human risk assessment with immediate threat detection rather than relying solely on traditional training tools and email filters. The platform provides centralized visibility of an organization’s human risk, allowing security teams to track employee performance, identify weak points, and receive actionable metrics adapted to each employee’s behavior. Zepo’s mission centers on redefining human-centric security by addressing the gap created as attackers exploit generative AI and move toward multi-vector, personalized attacks on employees, focusing on protecting what happens at the human level rather than solely at the system level.
Zynap is a preemptive cybersecurity platform that combines threat intelligence, AI agents, and automated workflows to shift security operations from reactive response to proactive attack prevention. The company’s mission is to outsmart cybercrime by delivering advanced technology and actionable threat intelligence that enables organizations to protect themselves before attacks occur, empowering enterprises and managed security service providers to stay ahead of evolving threats.
Zynap’s AI-powered platform unifies internal and external data sources to turn raw threat data into real-time, actionable foresight, tracking over 900 threat actors, monitoring more than 25,000 victims of tracked campaigns, identifying over 300,000 CVEs, and maintaining records of more than 20,000 exploits and proofs of concept. The platform features context-aware AI agents called NINA that serve as the cognitive core, automating security workflows with human oversight, along with an intelligent automation canvas enabling low-code/no-code workflow design that connects tools and orchestrates actions across security environments. Zynap delivers measurable outcomes including 95% faster remediation, 85% faster incident analysis, automation of 90% of security tasks, and 5x greater threat relevance, designed specifically for MSSPs and Fortune 2000 companies seeking agile, scalable tools that integrate seamlessly with existing security infrastructure.
And here are even more vendors added since I started publishing these updates.
Above Security is an insider risk management platform that deploys purpose-built AI agents to detect, investigate, and respond to insider threats. The company’s tagline — “Checkmate, insider threat” — reflects its mission to solve the blind spots left by traditional data loss prevention and behavioral analytics tools. Above Security raised $50M to build a suite of agents that address distinct threat scenarios: the Data Exfiltration Agent connects behavioral signals, permissions, and contextual data into a unified, human-readable picture of potential data theft; the Inappropriate Use Agent identifies policy violations and misuse patterns while favoring coaching over punitive action; and additional agents monitor for behavioral drift and employee churn risk. The platform’s core philosophy is that “comprehensive security comes from understanding intent,” positioning it as a solution for organizations that need to distinguish malicious insiders from negligent employees without creating friction for legitimate users.
Ntur, operating under the product name Agent Vault, provides a zero-trust security platform designed specifically for agentic AI systems. As enterprises deploy AI agents with access to tools, APIs, and sensitive data, Ntur addresses the new attack surface these agents create. The platform’s operating principle — “never trust, cryptographically enforce” — extends zero-trust architecture into the AI agent layer by cryptographically enforcing tool execution policies rather than relying on behavioral trust assumptions. Agent Vault monitors for behavioral drift in AI agents, flags deviations from expected execution patterns, and guarantees compliance with enterprise policy frameworks. The platform is built for regulated industries where AI agents must operate under strict governance, providing security teams with visibility into agent actions, tool invocations, and access patterns across the agentic stack.
Aether AI delivers continuous, AI-powered penetration testing designed to outpace AI-enabled adversaries. The company positions its platform as the “world’s most dangerous Attack AI, defending you” — an offensive AI system turned toward defensive purposes that operates continuously across internal and external attack vectors. Built on more than 15 years of experience breaching hardened targets, Aether AI claims to identify more vulnerabilities than human penetration testers and operate faster than traditional red teams, at a fraction of the cost of manual testing engagements. The platform covers the full attack surface — network, application, identity, and cloud — running simulated attacks on an ongoing basis rather than in periodic point-in-time assessments. Certain advanced capabilities are currently restricted to organizations operating within Five Eyes (FVEY) allied countries, reflecting the platform’s classification-relevant origins and the sensitivity of some of its offensive techniques.
CyberAGI markets its platform, branded Excalibur, as an “AI Security Department in a Box” — a self-contained security operations and offensive testing system that runs entirely within the customer’s own infrastructure. Excalibur is deployed on NVIDIA DGX Spark hardware, giving it local AI compute without requiring data to leave the customer environment, a design the company emphasizes as providing private AI with zero data exfiltration risk. The platform features a living threat risk map that continuously models attack paths and identifies choke points across the organization’s environment, allowing security teams to visualize where adversaries are most likely to move and which controls are most strategically valuable. Excalibur includes pentest orchestration capabilities that enable repeatable, scheduled attack simulations, visual evidence reporting through a Notion-like editor for documenting findings in a shareable format, and a CISO dashboard providing executive-level risk visibility. The platform is designed for security teams that want offensive and defensive capabilities unified in a single air-gapped deployment without dependency on cloud-based AI services.
Hackerdogs positions itself as a “Chief Intelligence Partner” for organizations that need decision-grade threat intelligence rather than raw data feeds. The platform deploys autonomous AI agents that actively pursue answers to security questions — probing internal and external sources, correlating findings, and delivering evidence-backed intelligence — rather than simply aggregating and analyzing existing data. Core capabilities include one-click attack surface discovery that maps an organization’s external exposure, continuous scheduling of intelligence collection runs, and autonomous AI agent probing that operates without manual analyst tasking. Hackerdogs integrates with Claude and the Model Context Protocol (MCP), allowing security teams to query the platform through conversational interfaces and pipe intelligence directly into their existing toolchains. The platform is built on the premise that traditional threat intelligence tools produce too much noise and too little actionable signal, and that AI agents capable of pursuing targeted intelligence objectives can replace much of the manual analyst work involved in staying ahead of adversaries.
Threat-Watch is a managed security service provider that offers to “replace your entire cybersecurity department minus the CISO” — providing comprehensive outsourced security operations for organizations that lack the resources to build in-house security teams. The service is powered by Xcitium zero-trust EDR technology and ConnectSecure for attack surface management, combining endpoint protection with continuous vulnerability visibility. Threat-Watch’s service portfolio includes 24/7 SOC threat detection and monitoring, managed incident response, compliance consulting for ISO 27001 and NIS2 frameworks, and employee phishing simulation and security awareness training. The company backs its MDR service with a $1 million ransomware breach warranty, providing financial accountability for the coverage it delivers. Threat-Watch is designed for small and mid-sized enterprises that need enterprise-grade security capabilities but cannot justify the headcount or tooling costs of a fully staffed internal security function.
PurpleSec is an adaptive AI security company founded in 2019 by veterans with Department of Defense training, focused on securing AI systems and the organizations that build them. The company’s flagship innovation is PromptShield™, an intent-aware AI protection layer that analyzes prompts and AI interactions for malicious intent, jailbreak attempts, and policy violations before they reach the underlying model. PurpleSec’s product suite spans both AI-native security and traditional enterprise security: the AI Firewall provides runtime protection for AI deployments; the Prompt Analyzer allows security teams to evaluate prompt inputs for risk; the AI Security Framework offers governance and compliance guidance for AI programs; and a Free AI Risk Assessment helps organizations baseline their exposure. On the managed services side, PurpleSec offers a Virtual CISO program and Managed XDR for broader security operations. The company targets AI builders, systems integrators, and enterprises navigating the security implications of deploying generative AI in production environments.
SOC Jedi.ai is an AI SOC analyst platform designed to conduct alert investigations with the speed and accuracy of an experienced Level 1 analyst — automating 90% of L1 triage work and providing 24/7 coverage without analyst fatigue. The platform operates through a pipeline of specialized agents: an orchestrator agent ingests incoming alerts, scores them using prior investigation verdicts, filters noise, and forwards unique threats for deeper analysis; a malware analysis agent decodes and decompiles files, analyzes code logic and behavior, detects malicious patterns, and issues risk reports; an attack surface agent performs continuous asset discovery, simulates attack paths under safe testing conditions, prioritizes findings by business risk, and delivers actionable remediation reports; and a dark web monitoring agent tracks leaks by corporate domain, correlates and classifies exposures, and aids deep leak investigations. Underlying the agent layer is a four-stage processing pipeline: alert data collection from SIEMs, data lakes, log managers, and REST APIs; enrichment via aggregation, threat feeds, IOC matching, and RAG; analysis for correlation, attack chain mapping, and incident summarization; and investigation delivery providing full narrative reports on what happened, how, and what to do next. The platform operates entirely within the client’s secure environment, is customizable to integrate with existing security tools and workflows, and is designed for rapid deployment with minimal setup overhead.
That wraps up the promised updates to Guardians of the Machine Age: Why AI Security Will Define the Future of Digital Defense.