As artificial intelligence moves beyond chatbots into autonomous agents, a new problem is quietly taking shape. These agents don’t just respond but they act. They read entire codebases, execute commands, access systems, and interact with production environments.
For companies, this shift brings speed and efficiency. But it also introduces a blind spot. Traditional security tools were not built to track autonomous behaviour at this level. What looks like normal developer activity, running scripts, calling APIs, can mask real risks when performed by AI agents at scale.
This growing gap is what San Diego-based Manifold is setting out to solve.
$8M backing to tackle a growing threat
The AI Detection and Response (AIDR) platform Manifold has raised $8 million in seed funding to build its vision of securing AI agents directly where they operate at runtime on endpoints. The round was led by Costanoa Ventures, with participation from Cherry Ventures, Rain Capital, and Modern Technical Fund.
The company has also drawn support from experienced operators in security and AI, including former Uber CSO Joe Sullivan and former Google DeepMind CISO Vijay Bolina.
The timing reflects a wider shift across the industry. AI tools are no longer experimental. Around 85% of developers already rely on coding assistants such as GitHub Copilot, Claude Code, and Cursor. The next wave, tools like Claude Cowork and OpenClaw, is expected to bring similar capabilities to every knowledge worker.
As adoption spreads, so does the risk. Autonomous agents now have access to critical systems, yet companies often lack visibility into what those agents are doing.
Built by founders who saw the problem early
Manifold’s founding team brings deep experience in AI security. Neal Swaelens and Oleksandr Yaremchuk previously co-founded Laiyer AI, where they built LLM Guard, one of the most widely used open-source tools for securing large language models.
After Layer AI was acquired by Protect AI, which was later acquired by Palo Alto, the companies joined forces with Michael McKenna. Together, they identified a fundamental issue wherein existing security approaches were built for AI that talks, not AI that acts.
Most current tools focus on monitoring prompts and outputs at the point of interaction. They rely heavily on language-based classification, which often introduces noise and overlooks the real risk posed by what happens after an AI agent takes action within a system. As agents gained autonomy, those limitations became impossible to ignore.
Approach of seeing what AI does
Manifold’s platform takes a different route. Instead of focusing on inputs and outputs, it tracks behaviour in real time. It shows what agents actually do, the tools they use, the systems they access, and the actions they execute.
Security teams gain a live map of every agent in their environment, including how each agent connects to databases, MCP servers, and external systems. If behaviour changes or drifts from the norm, it is flagged immediately.
This visibility allows teams to define what “normal” looks like and respond quickly when something doesn’t fit. It turns what was once invisible into something measurable and manageable.
Importantly, the platform is designed to work without friction. It is agentless, deploys within days, and integrates into existing infrastructure without requiring new gateways or architectural changes.
As organisations continue to adopt AI agents across roles and workflows, the need for this level of oversight is becoming unavoidable. Manifold positions itself at the centre of that shift not by slowing adoption, but by making it safer.
“Every developer today has coding agents on their laptop with access to source code, production systems, and CI/CD pipelines connected to an expanding ecosystem of MCP servers, skills, and third-party tools that no one is inspecting,” said Neal Swaelens, CEO and Co-Founder, Manifold. “With the rise of Claude Cowork, OpenClaw, and others, that same pattern is about to hit every knowledge worker. These agents don’t just talk — they execute. First-generation AI security tooling was not designed to solve for this. That’s the problem Manifold was built to solve.”
“There’s an open window to define the category for agentic security now, but it won’t be open long,” said John Cowgill, Partner at Costanoa Ventures. “Endpoint agent security is the next major layer of enterprise infrastructure. This team has already built foundational AI security tooling and deployed it at a massive scale. They know precisely where the previous generation fails. We believe they will own what comes next.”
