Cisco researchers launch Tenet Security to lock down rogue AI agents

A group of former Cisco security researchers thinks most companies have a blind spot so big it could cost them millions — and they've raised $6 million to prove it.

Tenet Security officially launched Wednesday with a platform designed to stop rogue AI agents before they cause damage, not after. It's a concept so simple it sounds obvious: simulate what an AI agent is about to do, flag the dangerous stuff, and block it before execution. But in an enterprise landscape where companies are deploying autonomous AI agents faster than they can secure them, this kind of pre-emptive approach fills a gap that traditional security tools weren't built to address.

## The Problem Nobody Planned For

When companies deploy AI agents today, they're giving software real autonomy. These agents run code, access databases, make API calls, modify production systems, and interact with other agents — all without a human in the loop. The productivity gains are real, which is exactly why adoption is accelerating. But the security implications are staggering.

Tenet says organizations often have five times more AI agents running than their security teams realize. Five times. That means for every agent you know about, four are operating under the radar — each one a potential entry point for attackers, a source of runaway costs, or simply an unchecked decision-maker with access to your most sensitive systems.

"AI agents may be the biggest productivity unlock enterprises have seen in decades, which is why organizations are moving so quickly to deploy them," said Tenet co-founder and CEO Barak Sternberg. "But we're also entering a world where autonomous agents are interacting with systems, data and other agents in ways most security tools were never designed to understand."

This isn't theoretical. Tenet's early deployments have already surfaced real problems. One legal-sector enterprise with $1 billion in annual recurring revenue grew from two agent deployments to more than 20 in six months. Tenet blocked more than 10 attempted attacks during that time, including a critical cross-site scripting attempt that traditional security tools missed entirely. At a separate Fortune 1000 company, Tenet caught a runaway agent burning tens of thousands of dollars in token consumption over a single weekend.

## Agentjacking: The Attack Vector You Haven't Heard Of

Tenet's Threat Labs division has been studying what it calls "agentjacking" — a class of attack that manipulates an AI agent into executing attacker-controlled actions by hiding malicious instructions inside data the agent reads.

The concept is deceptively simple. An attacker plants a hidden instruction inside something the agent will process — an email, a log entry, a database record, a customer support ticket. When the agent encounters it, the instruction overrides its normal behavior. The agent executes the attacker's command using its own legitimate access and permissions.

From the security tool's perspective, nothing looks wrong. The agent is doing what it's authorized to do. No alerts fire. No anomalies trigger. The attack succeeds precisely because the agent's behavior stays within its allowed scope — it's just doing the wrong thing for the wrong reasons.

Tenet tested this across more than 100 enterprise environments and found thousands of organizations vulnerable to this type of attack. Traditional security tools — firewalls, SIEMs, endpoint detection — all missed it because they're designed to spot unauthorized actions, not authorized actions with corrupted intent.

## How Agent-Side Simulation Works

Tenet's core technology is called Agent-Side Simulation, and the name is literal. Before an AI agent executes an action, Tenet's platform simulates what that action would do. If the simulated path leads to something risky — unauthorized data access, a suspicious API call, a chain of actions that looks like agentjacking — Tenet blocks the action and ships a trace explaining why.

This is fundamentally different from traditional security approaches. Most tools detect threats after they happen, or at best flag suspicious behavior in real-time. Tenet operates before execution, in the decision-making moment. It's the difference between a security camera that records a burglary and a lock that prevents it.

The approach does come with trade-offs. Simulation adds latency to every agent action, which could be a problem in time-sensitive applications like high-frequency trading or real-time customer service. Tenet hasn't publicly disclosed its latency numbers, and that's a question enterprises will need answered before deploying at scale.

## The Founders and the Market

Sternberg and co-founder Nevo Poran aren't security newcomers. Both are offensive security researchers who worked on Cisco's AI Defense team, studying how attackers target autonomous systems. Before that, they ran Wild Pointer, a cybersecurity company that reached seven-figure annual revenue with Fortune 500 customers. Both have spoken at DEF CON and Black Hat. Their advisory board includes David Schwed, former CISO at Robinhood, and Rick Scott, former CISO at BNY Mellon.

The $6 million seed round was led by The Westly Group, which was an early backer of SentinelOne — a notable signal. SentinelOne went public in 2021 and is now a $5 billion cybersecurity company. MizMaa Ventures also participated.

The market timing is sharp. Enterprise spending on AI agents is projected to grow from virtually zero to tens of billions over the next few years, and every one of those agents needs security. The question isn't whether agent security will become a category — it's whether Tenet can establish itself before the major cybersecurity incumbents (CrowdStrike, Palo Alto Networks, SentinelOne itself) build or buy their way in.

## What This Means For You

**If you're deploying AI agents at your company:** Stop and audit. How many agents are actually running in your environment? If you're like most organizations, the answer is "more than you think." Before you deploy another one, make sure you have visibility into what each agent can access and what actions it's authorized to take. Agentjacking isn't a future threat — it's a current one, and most security tools aren't built to detect it.

**If you're a security professional:** Agent security is going to be a mandatory part of your stack within 18 months. The question is whether you adopt a solution now, while the market is nascent, or wait for your existing vendors to bolt it on. Early movers get input into product development. Late movers get whatever their SIEM vendor decides to ship.

**If you're building AI products:** Consider security at the agent level, not just the application level. Every agent that can read external data is a potential attack surface. Every agent with write access to production systems is a potential liability. Build in guardrails from day one, or you'll be paying someone else to bolt them on later.

The bottom line: AI agents are the fastest-growing attack surface in enterprise computing, and most companies don't know how many they have or what they're doing. Tenet Security is early, but the problem is real and growing. If you're working with autonomous agents — and increasingly, who isn't? — you need to start thinking about security at the agent level, not just the network or application level.