AI agent security and the rise of non-deterministic risk
AI agent security refers to the tools, policies, and runtime controls that keep autonomous, language-driven software agents from exposing data, executing unsafe actions, or being hijacked by malicious prompts while operating in enterprise environments. These agents differ from traditional applications because their behavior is non-deterministic: the same input can lead to different outputs, shaped by training data and natural language context instead of fixed rules. That unpredictability widens the gap between classic security models and emerging AI-driven workflows. Where conventional software can be audited through deterministic paths, agentic AI must be treated as a shifting attack surface. As more organizations connect agents to email, CRMs, internal wikis, and production systems, small prompt changes can trigger outsized real-world consequences, turning what once looked like a narrow model risk into a primary security concern for critical business operations.
CodeIntegrity’s $5M bet on permanent guardrails for AI agents
CodeIntegrity has secured a USD 5 million (approx. RM23,000,000) seed round to build security controls for agentic AI applications that behave unpredictably in production. Co-founders CEO Steven Jung and CTO Abi Raghuram began drawing attention last year when they showed how easy it was to trick models from multiple providers into leaking private information, including compromising the note-taking app Notion in under four hours. That experiment highlighted how non-deterministic security flaws in AI agents fall outside traditional, rules-based defenses. According to GeekWire, cybersecurity-focused Syn Ventures led the round, with participation from Antler and Boost VC, bringing total funding to USD 5.25 million (approx. RM24,150,000). The startup is now piloting its product with companies in regulated industries, where auditability, data boundaries, and consistent policy enforcement are essential before AI agents can be trusted with real customer information and sensitive internal systems.
Prompt injection vulnerabilities: the new attack surface for enterprises
Prompt injection vulnerabilities are emerging as one of the most dangerous weaknesses in enterprise AI deployments. In these attacks, an adversary smuggles malicious instructions into prompts, documents, or external content that an AI agent reads. Because non-deterministic models interpret natural language instead of hardcoded commands, they can be persuaded to reveal confidential notes, forward sensitive emails, or alter records, even when the surrounding application seems secure. CodeIntegrity’s earlier demonstration against Notion showed how a simple sequence of crafted text can unravel data isolation once an AI assistant is plugged in. Traditional defenses—network filters, authentication, and static access controls—do not prevent an agent from choosing to say or do the wrong thing. As companies connect agents to wider data sets and tools, every shared workspace, ticket, and email thread becomes a potential injection point attackers can turn into a control channel.
Runtime control layers as enterprise AI guardrails
To contain non-deterministic behavior, CodeIntegrity is building a runtime control layer that sits between AI agents and enterprise systems. Acting as both translator and filter, this layer forces unpredictable models to follow strict, predictable rules about what they can say and which systems they can access. Instead of relying on human-in-the-loop review or a secondary large language model to judge outputs—approaches that are hard to scale and never fully reliable—the guardrail applies deterministic checks on every action. It can block disallowed commands, redact sensitive data, or restrict an agent to a defined subset of tools, turning high-level natural language into tightly scoped, auditable operations. As more agents move from experiments to production, these enterprise AI guardrails start to look less like optional add-ons and more like the security middleware that every serious deployment will need.
Why AI guardrails are becoming core security infrastructure
The funding behind CodeIntegrity reflects a broader shift: enterprises are treating AI agent security as an infrastructure problem, not a niche tooling issue. Non-deterministic security flaws and prompt injection vulnerabilities do not fit neatly into existing threat models, which were built around predictable applications and static APIs. That gap is giving rise to a new layer of permanent guardrails designed specifically for agentic AI. CodeIntegrity’s early focus on regulated customers hints at where demand is strongest: organizations that cannot afford opaque behavior when agents handle medical, financial, or other sensitive records. Meanwhile, the appearance of other AI security startups, such as Certiv, Raven, and Manifold Security, shows that this market is expanding rather than isolated. As Jung puts it, the race is on “to provide that deterministic control” so enterprises can deploy AI agents without accepting uncontrolled, hard-to-explain risk.