Straiker's $64M: your AI agents are attack surface
Straiker raised $64M to secure enterprise AI agents. Its research: 36% of coding-agent attacks hit RCE, 91% of productivity-agent attacks led to silent data theft.
Everyone's racing to put AI agents into production — agents that read your inbox, run your queries, touch your repo. Here's the part that doesn't make the demo: an agent with permissions is a new way into your systems, and it's one almost nobody is watching. A startup just raised $64 million on exactly that gap, and the numbers it published to justify the round should give any operator pause.
What actually happened
On June 29, Straiker announced a $64 million Series A led by Marathon Management Partners, with Citi Ventures, Illuminate Financial, and Workday Ventures joining, plus existing backers Bain Capital Ventures and Lightspeed. Per SiliconANGLE, that brings total funding to $85 million, and run-rate revenue has grown more than 15x in under a year. The company sells one thing: security for AI agents — discovering them across an org, adversarially testing them before deployment, and monitoring them at runtime.
The hook is the research. Straiker's STAR Labs team reported that 36% of successful attacks on coding agents resulted in remote code execution, and 91% of attacks on productivity agents led to silent data theft — exfiltration with no alarm, no crash, no trace. The people building this company came from the security trenches: CEO Ankur Shah scaled Palo Alto Networks' Prisma Cloud; CTO Sreenath Kurupati led AI security research at Akamai. They're betting the agentic workforce gets attacked the way every new software layer eventually does — and the data says it already is.
Why it matters for your business
You don't need a Fortune 500 agent fleet to have this exposure. If you wired up one agent that can run shell commands, or one that reads customer records and drafts replies, you built a door. A coding agent tricked into remote code execution is a machine running attacker commands with your credentials. A productivity agent leaking data silently is the worst kind of breach — the one you find out about from someone else.
The move isn't to stop building agents. It's to treat each one like the privileged software it is. Scope its permissions to the minimum it needs — read-only where read-only works. Test it with hostile inputs before it goes live, not after. Log what it does and actually look at the logs. The uncomfortable truth of the STAR Labs numbers is that agent attacks mostly succeed quietly, so "we haven't seen a problem" is not evidence of safety. It's evidence you're not looking.
Key takeaways
- Straiker raised a $64M Series A (June 29) to secure enterprise AI agents; total funding now $85M, run-rate revenue up 15x in under a year
- Its STAR Labs research: 36% of successful coding-agent attacks reached remote code execution; 91% of productivity-agent attacks led to silent data theft
- An agent with permissions is privileged software and a new attack surface — most of these attacks succeed without any visible signal
- Scope permissions to the minimum, test agents with hostile inputs before launch, and log and review what they actually do
Deploying agents that touch real systems? We scope permissions, test against hostile inputs, and wire in logging you can actually audit — so an agent stays a tool, not a door. See how we build safe automation or book a review.
Sources: Straiker, SiliconANGLE.
- #ai-security
- #agentic-security
- #ai-agents
- #straiker
- #automation
Tommy Rush — Founder, Rush Commerce
Operator turned builder. 15+ years running operations — now shipping the systems businesses run on. More
Get The Rush Report weekly — one email, zero fluff.
Keep reading
LiteLLM RCE: your AI gateway is now attack surface
CVE-2026-42271 turns LiteLLM into unauthenticated remote code execution and API-key theft. What the AI proxy layer means for your security.
Read itQualcomm buys Modular: the AI portability layer got acquired
Qualcomm's ~$3.9B all-stock buy of Modular puts the 'run AI on any chip' software layer inside a chipmaker. Here's what it means for staying vendor-agnostic.
Read it