## Introduction
The proliferation of AI agents across enterprise environments has created an unprecedented security challenge. Organizations are deploying autonomous AI systems across engineering, operations, and customer service workflows, granting these agents direct access to internal platforms and business processes. This shift creates new risks ranging from reasoning errors and hallucinations to prompt-based attacks that manipulate agent behavior.
Onyx Security, emerging from stealth in March 2026 with $40 million in funding ($5 million seed + $35 million Series A), has positioned itself as the solution to this challenge. The company is building what it calls the “Secure AI Control Plane”—a comprehensive platform designed to help enterprises securely adopt, manage, and govern AI agents at scale.
This review examines Onyx’s approach, technology, and potential to shape the future of AI security governance.
## What is Onyx Security?
Onyx Security is an agent-native security platform that provides enterprises with comprehensive visibility and control over AI agents operating within their environments. Unlike traditional security tools retrofitted for AI, Onyx was built specifically for the agentic era, understanding how autonomous AI systems reason, plan, and act differently from traditional software.
The platform operates as a control plane—similar to how cloud platforms provide control planes for managing distributed infrastructure—providing centralized visibility and governance for distributed AI agents. Onyx discovers AI agents operating within an organization, tracks their decision-making processes, and can approve, block, or modify actions when necessary to enforce security and governance policies.
The $40 million funding came from Conviction Capital and Cyberstarts, two prominent cybersecurity-focused investors, validating both the market opportunity and Onyx’s approach.
## Key Features
### Agent Discovery and Inventory
Onyx automatically discovers AI agents operating across the enterprise:
– **Comprehensive Detection**: Identifies agents across all environments (cloud, on-premise, endpoints)
– **Agent Profiling**: Documents agent capabilities, access levels, and behavioral patterns
– **Shadow AI Detection**: Surfaces unauthorized agents operating without IT visibility
– **Dependency Mapping**: Understands how agents interact with each other and enterprise systems
### Decision Tracking and Visibility
The platform provides detailed visibility into agent decision-making:
– **Reason Chain Visualization**: See how agents reached conclusions
– **Action Sequences**: Track complete chains of agent activities
– **Context Preservation**: Maintain history for audit and investigation
– **Real-Time Monitoring**: Watch agent activities as they occur
### Policy Enforcement
Onyx enables governance through policy controls:
– **Allow/Block Rules**: Control which agents can access specific resources
– **Behavior Policies**: Define acceptable agent behaviors across contexts
– **Risk-Based Controls**: Apply graduated restrictions based on task sensitivity
– **Exception Management**: Handle legitimate use cases requiring policy overrides
### Action Governance
Beyond visibility, Onyx can actively govern agent behavior:
– **Approval Workflows**: Require human approval for high-risk actions
– **Automated Interventions**: Block or modify actions that violate policies
– **Rate Limiting**: Control the pace of agent activities
– **Scope Restriction**: Limit agent access to necessary resources only
### Compliance Reporting
For organizations subject to AI regulations:
– **Audit Trails**: Complete records of agent activities and governance decisions
– **Compliance Mapping**: Align agent governance with regulatory requirements
– **Risk Reporting**: Demonstrate security posture to stakeholders
– **Incident Documentation**: Support investigation and response activities
## Pricing
Onyx Security has not publicly disclosed pricing as of May 2026. Based on enterprise security platform norms:
– **Enterprise Licensing**: Annual subscriptions based on protected agents and data volumes
– **Professional Services**: Implementation, integration, and managed services
– **Custom Contracts**: Large enterprises likely negotiate bespoke arrangements
The company’s positioning and investor backing suggest premium enterprise pricing appropriate for organizations with significant AI agent deployments. Organizations should contact Onyx directly for quotes and evaluation options.
## Pros and Cons
### Advantages
1. **Agent-Native Design**: Built specifically for AI agents rather than retrofitted from traditional security
2. **Comprehensive Coverage**: Addresses the full lifecycle from discovery through governance
3. **Strong Backing**: $40 million from cybersecurity-focused investors
4. **Experienced Team**: Founders bring relevant security and AI expertise
5. **Forward-Looking Approach**: Addresses risks that are becoming mainstream concerns
### Disadvantages
1. **New Product**: Limited production deployment and customer references
2. **No Public Pricing**: Difficulty evaluating cost-effectiveness without sales process
3. **Emerging Market**: AI agent governance is still being defined
4. **Competition**: Multiple players entering the AI security space
5. **Integration Complexity**: Deep integration requirements may extend deployment timelines
## Alternatives
### Certiv
Certiv focuses specifically on endpoint-level runtime assurance for AI agents, providing deep visibility into endpoint activities.
**Best for**: Organizations prioritizing endpoint-level agent monitoring
### Armadin
Armadin takes an offensive approach, deploying autonomous agents to test security through simulated attacks.
**Best for**: Organizations seeking continuous penetration testing of AI-enabled environments
### Microsoft Purview AI Hub
Microsoft’s compliance solution includes AI agent monitoring for Microsoft-centric organizations.
**Best for**: Enterprises heavily invested in Microsoft 365 and Azure ecosystems
### Standard Emerging Technologies Controls
Organizations can build internal governance using existing tools (SIEM, IAM, DLP) with custom policies for AI agents.
**Best for**: Organizations with strong internal security engineering capabilities
### Holistic AI
A platform focused on enterprise AI governance, risk management, and compliance.
**Best for**: Organizations seeking comprehensive AI governance beyond security
## Use Cases
### AI Agent Governance
As organizations deploy multiple AI agents for various functions, Onyx provides:
– Centralized visibility across all agents
– Consistent policy enforcement regardless of agent vendor
– Risk-based monitoring and alerting
– Audit trails for compliance
### Shadow AI Detection
Many AI agents enter organizations without IT approval:
– Discovery of unauthorized agent deployments
– Risk assessment of shadow AI
– Guided remediation pathways
– Prevention of future shadow deployments
### Supply Chain Security for AI
Third-party AI agents and AI-enabled SaaS tools create risks:
– Visibility into AI components within vendor systems
– Assessment of third-party AI agent risks
– Contractual compliance verification
– Ongoing monitoring of third-party AI behavior
### Incident Response
When AI agents behave unexpectedly:
– Complete visibility into agent reasoning and actions
– Root cause identification through decision chain analysis
– Containment through policy enforcement
– Forensic evidence for investigation
### Regulatory Compliance
Emerging AI regulations require governance capabilities:
– Documentation of AI agent oversight
– Evidence of policy enforcement
– Risk assessment and mitigation records
– Reporting for regulatory inquiries
## Verdict
Onyx Security addresses a genuine and growing challenge: how do organizations govern the proliferation of AI agents operating across their environments? The company’s “Secure AI Control Plane” concept resonates because it acknowledges that AI agents require fundamentally different governance approaches than traditional software.
The $40 million funding and backing from cybersecurity-focused investors validate the market opportunity, while the agent-native design distinguishes Onyx from traditional security vendors attempting to retrofit existing tools for AI governance.
**Rating: 7.6/10**
**Verdict**: Onyx Security is worth evaluating for organizations deploying AI agents at scale and seeking comprehensive governance capabilities. The platform’s focus on the complete agent lifecycle—from discovery through governance—addresses real enterprise needs, though buyers should carefully assess product maturity and integration requirements given the platform’s recent launch.
—
*Published: May 2026 | Category: AI Agent Tools*