The agents are coming.

For security leaders inside the world’s big banks, retailers and corporations, that means a wakeup call akin to Paul Revere’s ride. For cyber startups, it means opportunity.

“The ground is shaking,” says security investor Oren Yunger. “The surface is completely revamped for technologists, and security professionals specifically.”

Yunger’s firm, Notable Capital, recently surveyed the cyber chiefs at 100-plus large companies alongside Morgan Stanley for their Rising in Cyber 2026 report.

What they found: while 71% of responding organizations said they already use AI agents in production; more than 50% categorize their security for such AI tools as early-stage or immature.

Startups – both veteran ones and brand-new, AI native ones – are eager to help bridge that gap. Early-stage cyber startups are flush with venture capital and able to open doors earlier than they might have in the past. They’re able to integrate faster, and use AI themselves to cover more ground.

And the redrawn rules of engagement for the AI era are bringing back into play certain security risks, like phishing and identity theft, that previously seemed mostly solved.

“This reinvigoration of areas of security that have been around for a long time, they’re getting revitalized with new and better ways of doing things,” says Sublime Security founder and CEO Josh Kamdjou.

Sublime – which counts customers ranging from tech leaders Ramp and Snowflake to pharma maker Roche and candy giant Mars – is one of several AI-enabled email security to appear on Notable Capital’s Rising in Cyber 2026, its third annual list of 30 most promising cybersecurity startups.

Upstarts has teamed up with Notable as a media partner on the report and related unranked list. We played no part in the selection process, which weighed input of nearly 150 practicing security professionals, but received early access to review the findings, and discuss them with several prominent chief information security officers (CISOs).

We also reached out to several list-making startups of our own choosing for their perspective, including Sublime and 1Password, making a push in agentic identity management. (While nine of this year’s 30 listees are Notable portfolio companies, neither interviewed startup is backed by the firm.)

We break down why it pays to be early-stage; why agents have so many different faces; and how to impress potential buyers like Glean, where CISO Sunil Agrawal wants founders to think more holistically. Plus, why at 1Password, CTO Nancy Wang says it’s not just about who has the best model.

We’ll be moderating a panel discussion tonight with OpenAI and the CISOs of Cerebras and TransUnion at a private event for list makers and security leaders hosted by Notable and the New York Stock Exchange. If any clips become fair game, we’ll be sure to share them in days to come.

Read the full Rising in Cyber list and report here.

When it pays to be early

According to the report’s data, only one segment of cyber startups grew their total funding raised from VC in 2025: Series A and B startups, which combined for $5.5 billion in total funding, on a higher count of deals.

From our conversations with practitioners, that’s no surprise for a few factors:

• Security teams at bigger companies are meeting with early-stage startups frequently right now

• Such startups are more likely to have launched post ChatGPT, on the ‘AI native’ side of the divide

• They have an easier time selling, as big companies are more willing to solve last-mile integrations or customize their software themselves versus wait

At Glean, Agrawal says he only hires engineers capable of building their own tooling to correct gaps, even on the security team. Every startup should offer an MCP or other hooks like a skill, or APIs, for them to do so on top.

“I don’t need you to create that fancy dashboard, or alerting, and so on,” he says. “I will do that myself.”

Secret agents

With most CISOs reporting they’re early in their agentic security journey, they also voted for access and control for agents as their most concerning AI-based threat (21%) for the next 12 months.

It’s no surprise that the Rising in Cyber list features a number of startups tackling different agent angles: access, identity, observability, runtime. Agentic security will only gain more prominence as users begin to authorize agents to automatically make financial decisions like purchases and refunds, notes Yunger.

Even as a builder for the category at 1Password, Wang says she “hounded” her security team for months to be able to take advantage of Anthropic’s Claude and OpenAI’s Codex agents in production, which required a two-month review.

How many tools one buyer will really want is unclear. “The market is still very much in exploration mode,” she says.

A smaller number of companies on the list offer “AI for security,” where the AI tooling itself is the differentiated product, like Terra Security, which promises continuous AI driven penetration testing to find vulnerabilities.

Model, genius

Against the backdrop of Anthropic’s Project Glasswing, a response to supposed game-changing capabilities in its new Mythos model; and OpenAI announcing its Daybreak security program yesterday, it seems like everyone in security is debating how frontier models factor into capabilities both for attackers and defenders.

Glean’s approach, as a potential buyer of new tools: give the best model access to the security team to try to wreak havoc from the inside, says Agrawal. His team is the biggest user of tokens among the engineering organization. “We’re not waiting for these models to be widely available,” he says.

At 1Password, Wang has a different spin. If, as we’ve covered previously in Upstarts, Claude Code using existing models is already powerful enough to expose vulnerabilities, the game changes.

“It’s less about who has the best model, and more like who has the model that I can best control,” she says.

Startups can impress, according to our anonymous leading CISO, who wasn’t authorized to speak on the record, by showing more context around their findings. It’s one thing to identify 100 vulnerabilities; it’s more valuable to identify three urgent ones, and flag 97 for a future patch.

“Context is going to be king,” they say.

Heat check

To hear Yunger tell it, we are just weeks away from the kinds of large scale attacks that could have major economic impact, enough to be “impossible to ignore.”

What is the sense of urgency right now among buyers of security startup tools? Per the survey, budgets for CISOs are growing — but not as fast as they could to meet demand for AI tooling, or for AI enablement to become a bigger part of the budget.

“It’s coming from a place of concern, but not necessarily fear,” says Wang at 1Password.

At Sublime, Kamdjou warns that while AI-enabled attacks will be more unpredictable and fast-evolving, many of the solutions out there are ‘snake oil.’ “There’s a lot of noise and flashy tools out there,” he says.

From a CISO perspective, Agrawal at Glean says there’s no point in being “scared" about AI.” “Stop worrying, start going back to your first principles,” he advises. “Start identifying the entire risk surface.”

And our unnamed corporate CISO says that for some security teams, this is a moment they’ve expected to come.

Does that make the job more fun, more stressful, or both?

“I think the industry is ready for the challenge,” they reply. “There’ll be moments where it’s not going to be fun.”