For the past several years, application security has been organized around a relatively stable model: developers write code, pipelines build and test it, and runtime controls attempt to catch what slips through. Each stage had its own tools, its own teams, and its own assumptions about where risk lived.

That model is breaking.

At RSAC 2026, the most interesting startups are not just adding 'AI' to existing categories. They are responding to a more fundamental shift: AI is compressing the software development life cycle, blurring the lines between writing code, deploying it, and operating it. In many cases, those steps are now happening simultaneously, or being driven by the same AI agents.

The result is not just more software. It is a collapse of security boundaries. And when those boundaries collapse, so do the traditional control points security teams have relied on.

Across the early-stage and next-stage exhibitors at this year's conference, a familiar pattern picks up speed. Security continues to shift left and down: into requirements and intent, into the tools that generate code, into the pipelines that assemble and ship code, and down into the runtime environments where code executes. The following startups illustrate how those control points are shifting, and why the old assumptions about where to enforce trust no longer hold.

AppSentinels: Securing Workflows, Not Just Endpoints

AppSentinels, a company with roots in API security, has expanded its scope to address security needs in AI-driven systems. As AI agents and services increasingly interact through APIs, the risk is no longer limited to individual endpoints. It lies in how those endpoints are chained together.

The company's focus is on understanding and securing how APIs are used in combination, rather than in isolation. 'It's not a single endpoint… it's the way workflows are stitched together,' said Puneet Tutliani, AppSentinels co-founder and CEO. That stitching is where problems emerge. Agents can automate complex sequences of actions across APIs, often at machine speed, exposing logic flaws, bypassing controls, or creating unintended side effects. Traditional API security tools, which focus on individual requests or endpoints, are not well-suited to detect this behavior. AppSentinels addresses this by combining continuous testing with runtime governance, modeling and monitoring workflows as they execute, with explicit support for agent-driven interactions.

Aurva: Tracking Identity and Access in an Agent-Driven World

If AppSentinels focuses on the seams in workflows, Aurva focuses on who or what is actually performing the work. Aurva centers on runtime data visibility and how information flows through applications. This year, that story shifted toward identity and access, particularly in the context of AI agents.

The underlying issue is that agents often require broad permissions to function. They access APIs, query data stores, and interact with multiple systems on behalf of users, creating complex chains of identity and authorization that are difficult to track and even harder to constrain. Aurva's approach is to monitor those chains in real time, correlating activity at the kernel level with identity and access data to understand what agents are doing, what data they are accessing, what permissions they use, and how they use those permissions. The problem is not just visibility, but understanding agent behavior. Traditional identity and access management systems define what should be allowed. Aurva attempts to show what is actually happening and where permissions may be broader than necessary. The platform is largely focused on detection and analysis rather than enforcement, but as agents become more autonomous, the ability to trace their actions across systems becomes a prerequisite for meaningful access control.

Backline: Closing the Loop Between Finding and Fixing

Backline focuses on one of the oldest challenges: what happens after vulnerabilities are found. For years, application security has excelled at generating findings but has been far less effective at ensuring those findings are fixed. This gap is widening as AI accelerates development, increasing the volume of vulnerabilities while the capacity to remediate them scales at a slower rate.

Backline's answer is to automate the remediation process itself. The company integrates with repositories and CI/CD systems to identify exploitable vulnerabilities, generate fixes, and validate those fixes through existing build and test workflows. The goal is not just prioritization but end-to-end closure. As Backline co-founder and VP of R&D Aviad Chen described it, 'The question is no longer which vulnerability matters, but how do you fix it at scale.' Earlier tools focused on triage; Backline compresses the entire loop from detection to resolution into a single automated process. The risk is introducing new errors, so the platform checks that automatically generated fixes are correct, context-aware, and safe to deploy by validating changes inside the pipeline before they reach production. In an environment where vulnerabilities can outpace human remediation, automation is moving from a convenience to a necessity.

Backslash: Securing the AI Development Toolchain

In traditional software development pipelines, the path from idea to code was relatively controlled. Today, that path often runs through a growing set of AI tools: coding assistants, agents, plugins, Model Context Protocol (MCP) servers, and external services, many of which operate outside formal oversight. Backslash focuses on that 'in-between' layer – the AI development toolchain.

The company provides visibility into which AI tools and agents are used across an organization, along with policy controls and guardrails governing how they interact. More importantly, it attempts to control how data moves between those components, addressing risks like prompt injection and unintended data exposure. The underlying insight is that the attack surface is no longer just the codebase; it is the entire chain of tools that transform intent into output. As Backslash Field CTO Gil Friedman explained, security teams are no longer dealing with a single developer writing code but with tools that sit between the initiative and the output. Security teams often lack basic visibility into which AI tools are in use, especially as non-developers adopt them, and traditional controls struggle to capture interactions between agents, plugins, and local processes. Backslash's answer is an endpoint-level 'guardian' that inventories these components, evaluates their risk, and enforces policies regarding what can be installed or executed.

Chainloop: Building Governance Into the Software Factory

Chainloop addresses a different failure point exacerbated by AI-powered development: what happens when AI accelerates everything else. As development speeds up, governance becomes the bottleneck. Chainloop serves as a software supply chain control plane, capturing artifacts across the entire pipeline – code changes, build outputs, scan results, and deployments – to create a central, verifiable system of record. It also applies policy-as-code guardrails that automatically enforce requirements across the pipeline.

The company is not trying to be another scanning tool. It is trying to become the system that defines and enforces how software moves from commit to production. The motivation is straightforward: AI is dramatically accelerating the 'inner loop' of development, but the 'outer loop' – security, compliance, and governance – has not kept pace. As Chainloop co-founder and CEO Daniel Liszka described it, organizations can now generate and ship code faster than ever, but integration, compliance, and security are still slow. Chainloop's answer is to automate that outer loop. By defining guardrails as code and tying them directly to pipeline events, the platform enables real-time feedback loops, including for AI agents themselves. This is one of the more consequential shifts on display – governance, long treated as friction, is being reframed as infrastructure that must be automated if AI-driven development is to scale.

FireTail: Gaining Visibility Into AI Usage Across the Organization

Described as an end-to-end AI security platform, FireTail takes a step back to answer a broader question: who is using AI, and how. As AI tools proliferate, usage often spreads beyond development teams to include product managers, analysts, and other business functions. In many cases, organizations lack a clear inventory of which tools are in use, what data is being shared, and where risks may be introduced. FireTail focuses on providing that visibility.

The platform monitors both employee usage – interactions with tools like ChatGPT – and application-level usage, such as agents built on cloud AI services. It aggregates this activity into unified log streams, where it can detect potential issues like data leakage, policy violations, or anomalous behavior. 'The first use case for every customer is knowing who's using what AI service,' FireTail founder Jeremy Snyder said. From there, organizations can define policies and, in some cases, enforce them, particularly at the endpoint or browser level. This is less about enforcing behavior within the pipeline and more about establishing baseline visibility and governance across the organization. As AI adoption expands beyond engineering, that visibility may become a necessary first step for understanding exposure before deciding how to manage it.

Raven: Enforcing Trust Where Code Runs

At the far end of the software life cycle, Raven represents a different kind of shift. Instead of focusing on code before it runs, Raven focuses on what happens when it does. The company is now pushing toward runtime prevention with a more aggressive stance on what matters and what does not. The core idea is straightforward: static analysis produces large volumes of vulnerabilities, many of which are never exercised in production. At the same time, AI is reducing the time it takes to discover and exploit real weaknesses. The traditional model of scanning for known issues and prioritizing them based on CVEs is losing relevance.

Raven's response is to focus on behavior at runtime, rather than signatures or known vulnerabilities. By observing how code executes inside the application, the platform attempts to identify and stop exploit activity directly, regardless of whether a vulnerability has been cataloged. As Raven co-founder and CEO Roi Abitboul put it, 'We stop relying on CVEs and look at what the application is actually doing.' The company uses a kernel-level approach to observe application behavior without injecting code or modifying the runtime environment, with minimal performance impact. From that vantage point, it can identify anomalous behavior in libraries or functions and block execution in real time. This is also where Raven diverges from much of the current AI narrative: while many vendors emphasize AI-driven detection, Raven argues that AI is too slow for real-time prevention and instead uses it selectively for analysis and prioritization tasks. The result is a model that treats runtime as the ultimate control point. As AI accelerates both development and exploit generation, the gap between vulnerability discovery and exploitation continues to shrink, making runtime enforcement less of a fallback and more of a primary defense.

Seezo: Securing What Gets Built, Before Code Exists

One of the most dramatic shifts in information security is happening at the very start of the development life cycle. In previous years, application security vendors focused on scanning code after it was written. Seezo is betting that, in an AI-driven world, that is already too late. The company focuses on generating security requirements before code is written, shaping how both developers and AI agents build systems from the outset. The premise is simple: if AI is generating large volumes of code, then controlling what gets built becomes more important than analyzing what was built after the fact.

As Seezo co-founder and CEO Sandesh Mysore Anand put it, 'The cost of generating code has gone to zero, while the cost of reviewing code is still very high.' That imbalance is driving a quiet but important change. Instead of interrupting developers with scans and findings, Seezo inserts security into the requirements layer – the one place both humans and AI systems rely on to understand intent. This is not just a shift-left story; it is a recognition that when AI agents are writing code, they are also reading instructions. If those instructions include security constraints, the resulting code improves before it ever hits a pipeline. The trade-off is that this approach depends on organizations adopting a more disciplined requirements process, something many teams have historically resisted. But as AI increases output, that discipline may become less optional.

TestifySec: Turning Compliance Into a Continuous Control

TestifySec is tackling a stubborn bottleneck: compliance as a gating function. In traditional environments, proving that software meets regulatory or security requirements is slow, manual, and often disconnected from how code is actually built. That lag becomes a real problem when development accelerates, especially when AI agents are generating changes faster than teams can review them.

To answer this challenge, TestifySec moves compliance into the pipeline itself, using an evidence-based model. Instead of relying on documentation and manual audits, the platform maps code, test results, and artifacts directly to security controls and evaluates them continuously. 'Organizations can now write software fast, but we can't ship it any faster because we can't measure it,' TestifySec co-founder and CEO Cole Kennedy said. That measurement gap is what TestifySec is trying to close. The platform uses AI agents to analyze what evidence should exist for a given control, then looks for that evidence across the codebase, pipeline outputs, and supporting artifacts. In practice, developers can get feedback on compliance before code is merged, rather than waiting for a downstream audit cycle. Compliance moves from being a post hoc validation step to a continuous signal inside CI/CD. The challenge is trust: automated compliance has been promised before, and organizations tend to be cautious about replacing human validation with machine-generated assessments. But as development speed increases, the alternative may be worse – a growing backlog of software that cannot be shipped because it cannot be certified.

If there was a single takeaway from RSAC 2026, it is that the industry is no longer arguing about whether AI will change software development. It already has. What is still being worked out is where security belongs when the boundaries between development, deployment, and execution no longer hold. The vendors highlighted here are not converging on a single answer. Instead, they are redefining control points across the entire life cycle, from requirements and toolchains to pipelines, runtime, and workflows. Some of these approaches will prove more durable than others. Not every new layer will become a category, and not every claim will hold up under real-world pressure. But the direction is clear: as AI compresses the software development life cycle and accelerates both development and exploitation, security can no longer rely on isolated checkpoints. Trust has to be enforced continuously, and in more places than before.

Source: InfoWorld News