Illuminate Financial is proud to participate in Straiker's $64 million Series A, led by Marathon Management Partners alongside Citi Ventures, Bain Capital Ventures, Workday Ventures, Lightspeed Venture Partners, and others.

Why Illuminate Financial is investing here

Critical financial infrastructure is increasingly being built with AI-generated code and operated by AI agents in real time. Our LP base of financial institutions and infrastructure companies including Citi, JPM, BNY, Jefferies, HSBC, TD, RBC, BNP Paribas, and more are deploying AI agents rapidly, and they represent the highest-value targets when those agents are compromised. We've been tracking AI security as a category for more than two years, beginning with our investment in Reality Defender (the "Cloudflare" for communications). When we met Ankur and Sreenath, it was clear they were attacking one of the most urgent security problems of the AI era: how to protect the agents that will increasingly operate our most critical systems.

The attack surface has fundamentally changed

Every major computing transition mints a new security category leader. PCs created Symantec. Networks created Check Point. The cloud created CrowdStrike and Wiz, two defining security companies of their era. Agentic AI is that next shift, and the attack surface is exponentially larger.

Gartner forecasts that 40% of enterprise applications will embed AI agents by the end of 2026. Worldwide AI spending is projected to grow from $1.7 trillion in 2025 to $3.3 trillion in 2027, with AI cybersecurity as the fastest-growing category, doubling in 2026 alone.

The challenge is that agents do not behave like traditional, deterministic software. They are stochastic systems that reason, call tools, read memory, use credentials, take actions, and repeat. Every step introduces a new potential attack path. Prompt injection can redirect an agent through malicious instructions hidden in a web page, email, or document. Tool-call abuse can trigger unauthorized API calls, fund transfers, data deletion, or deployments. Malicious MCP servers can sit inside the agent environment itself, intercepting or redirecting actions. Credential escalation, memory poisoning, and data exfiltration become runtime risks rather than theoretical edge cases.

Evidence of this shift is already visible. CrowdStrike's 2026 Global Threat Report found an 89% increase in attacks by AI-enabled adversaries, and Anthropic's LLM ATT&CK Navigator shows how quickly attacker behavior is moving from AI-assisted payload generation to live campaign execution. The important point is simple: the agent runtime is becoming its own security perimeter, and enterprises do not yet have a purpose-built control layer for it.

Enter: Mythos, GPT 5.6 Sol, and Open Source

In April 2026, Anthropic's Claude Mythos Preview demonstrated autonomous vulnerability discovery across major operating systems and browsers, prompting Anthropic to restrict access and launch Project Glasswing with AWS, Cisco, CrowdStrike, Google, Microsoft, and others. Two months later, OpenAI previewed GPT-5.6 Sol under a similarly gated rollout. Advanced cyber capabilities are emerging across multiple frontier labs at once, and open-source foundation models make the problem harder to contain.

Once advanced cyber capabilities move into broadly available models, they can be downloaded, fine-tuned, stripped of safeguards, and embedded into autonomous attack workflows by anyone. The threat is no longer limited to the release policies of a handful of frontier labs. It becomes a permanent capability layer in the open ecosystem. As these capabilities diffuse, the need for a dedicated agent runtime security layer becomes immediate. Straiker was built for this threat environment.

The control plane for agentic runtime security

Straiker is a three-product platform: Discover AI (agent and MCP server inventory), Ascend AI (autonomous red-teaming across agent workflows), and Defend AI (runtime detection and response). It covers every control point in the agent loop, including prompt injection, tool-call abuse, credential escalation, memory poisoning, and data exfiltration.

The key differentiator is the data flywheel. Straiker is embedded with frontier AI labs, conducting pre-release security validation before their models ship to the public. Straiker generates millions of behavioral traces across agent types, continuously improving the detection models that power Defend AI. Each new trace strengthens the system, widening the product gap over time and enabling accuracy and latency roughly 10× better than frontier model alternatives.

That product loop is reinforced by Straiker's STAR team, which publishes original research on LLM vulnerabilities, agentic AI threats, MCP exploits, zero-click data exfiltration, and runtime guardrails. The research feeds directly into Straiker's red-teaming and runtime defenses, turning frontier threat intelligence into practical controls customers can deploy today.

From zero to category pull in twelve months

Within twelve months of launch, Straiker built a paying customer base spanning cybersecurity vendors, large enterprises, and leading frontier AI labs — including Snowflake, Fortinet, Comcast, Deloitte, Coupang, Automation Anywhere, Workato, Chargebee, DirecTV, SharkNinja, and others.

The customer feedback has been some of the strongest we've encountered in any diligence process. Across structured reference calls, a consistent story emerged: customers are not looking for another AI governance dashboard. They are buying runtime protection for agents already entering production. They describe Straiker as the foundational security control for the agent runtime, purpose-built for a completely new threat surface.

The repeat founders behind the next security category

Ankur Shah (CEO) helped scale Prisma Cloud at Palo Alto Networks to hundreds of millions in ARR, making it one of the fastest-scaling cloud security businesses in history. His combination of enterprise cyber product depth and category-creation experience is exactly what this moment requires.

Sreenath Krupati (CTO) co-founded Cyberfend and sold it to Akamai, where he helped scale the business to hundreds of millions in ARR and led AI and security research across the full application security portfolio.

Illuminate is incredibly proud to back Straiker as it helps secure this generational platform shift. Ankur and Sreenath are world-class cybersecurity operators, and we believe they are building the defining security company of the agentic AI era.