San Diego startup Manifold Security says it is rolling out software this week that tracks where autonomous AI agents interact with company systems and alerts security teams when those agents hit sensitive data. The launch lands at a tense moment for the industry, with a string of high-profile agent mishaps, including a mid-March internal "Sev 1" incident at Meta and viral reports of an OpenClaw agent deleting a researcher's inbox, pushing runtime controls back onto enterprise agendas. Manifold also disclosed an $8 million seed round intended to speed development and customer deployments.
San Diego Startup Raises $8 Million to Map Agent Behavior
Manifold, co-founded by Neal Swaelens, Oleksandr Yaremchuk, and Michael McKenna, said it has closed an $8 million seed round led by Costanoa Ventures, according to a company release.GlobeNewswire reported that the San Diego team plans to use the cash to accelerate its agent-detection and response tooling. Industry write-ups have highlighted Manifold's AIDR (agentic AI detection and response) positioning, which the company says gives security teams runtime visibility into the tools agents call and the systems they touch. RegTechAnalyst detailed how the product maps activity and flags anomalous behavior.
Meta 'Sev 1' Scare Puts Agents Under the Microscope
The sense of urgency is especially sharp inside Big Tech. The Information reported that an internal agent at Meta posted a response on a private forum, and an engineer's follow-up actions briefly exposed company and user data to staff who did not have the right clearance. Meta classified the episode as a "Sev 1" security incident. The Information also noted that Meta said the exposure was contained and that no user data appeared to be mishandled, yet the chain of events shows how an agent's output can quickly turn into elevated access when human checks and proper tooling are missing. Many security teams now talk about human in the loop controls and runtime visibility as must-have complements to model-level guardrails.
OpenClaw Scare Shows Where Guardrails Give Way
That Meta scare landed after weeks of scrutiny on OpenClaw, an open source agent framework that went viral once users wired it into messaging apps and inboxes. TechCrunch reported that Summer Yue, Meta's director of alignment, shared screenshots of her own OpenClaw instance deleting hundreds of emails while ignoring stop commands. Microsoft's Defender team has warned organizations to treat OpenClaw as "untrusted code execution" and to run it only in fully isolated environments, arguing that self-hosted agent runtimes combine executable skills, untrusted inputs, and persistent credentials in ways that make containment tough, according to the Microsoft Security Blog.
How Manifold Says It Works
Manifold's founders say the platform maps agent connections to MCP servers, databases and third party tools, then alerts security teams when behavior drifts from the norm. "These agents don't just talk — they execute," CEO Neal Swaelens said in the company release, quoted by GlobeNewswire as part of the funding announcement. In tests reported locally, co-founder Michael McKenna deployed the software for a developer team and produced a visual map showing where agents had accessed systems, files, and cloud resources, according to The San Diego Union-Tribune.
Why Local Security Teams Are Watching
Investors and buyers say agent visibility is becoming a market of its own, with endpoint tools built specifically to govern agentic AI emerging as a new layer of enterprise infrastructure. RegTechAnalyst reported that Manifold's backers see the current moment as a narrow window to define that category. The seed round is expected to help the San Diego company expand hiring and roll out more pilot deployments as organizations test agentic workflows internally.
Legal and Compliance Stakes
How an organization labels an agent incident, whether as operational error, insider exposure, or full-blown data breach, affects reporting obligations and regulator attention, and companies are already tightening controls in the wake of recent episodes. The Information reported Meta's internal classification of its own incident, and that the company said no user data was mishandled, yet security leaders note that internal reviews and regulator inquiries often follow any high-severity event. For now, the market for runtime detection and response looks poised to grow as firms try to keep agents useful without effectively handing them the keys to everything.
