Fundz recorded $250M across five agentic-security rounds announced between Mar 17–20, 2026 (UTC).
Agentic cybersecurity moved from “interesting” to investable in a single week. Fundz funding records show $250M deployed across five security platforms between March 17 and March 20, 2026 (UTC), all centered on a shared idea: when AI systems can act autonomously, security must also operate with autonomous workflows, not manual ticket queues.
This is not a broad market recap. It’s a tight, data-backed read on a micro-burst of funding activity that clarifies how investors are underwriting the next security stack: offensive automation, guardrails embedded into AI-native development, and runtime governance for “agentic enterprises.”
Key Points: The Agentic Defender Stack (Mar 17–20, 2026)
Five funding events in four days don’t make a category by themselves—but five deals sharing the same technical language and operating model often do. The Fundz descriptions converge on “autonomous,” “agentic,” and “runtime” security as a first-class design pattern.
Key points include:
- $250M in five rounds: $120M (Xbow), $57M (Surf AI), $40M (RunSybil), $25M (Corridor), $8M (Manifold).
- Median round size: $40M: a barbell profile with one $100M+ conviction round and a dense mid-band of operator-grade checks.
- Fundz descriptions converge: “autonomous exploitation,” “agentic operations,” “controls embedded into AI coding workflows,” and “runtime monitoring of agent behavior.”
- Production evidence appears early: RunSybil’s Fundz record lists customers such as Cursor, Turbopuffer, Notion, Baseten, and Thinking Machines Lab, as well as major financial institutions.
The Bottom Line: This week’s burst suggests investors are backing security systems that work like agents—finding, constraining, and responding in continuous loops, with humans supervising outcomes rather than triaging every alert.
Fundz Data Insight
Fundz logged $250M across 5 agentic-security rounds in 4 days (Mar 17–20, 2026 UTC). The top two rounds total $177M—70.8% of the cohort's total dollars. As AI workloads become more capital-intensive, the cost of compromise rises, and security shifts from manual triage to “defender stacks” that operate in autonomous loops with human supervision.
The named trend: The Agentic Defender Stack
In this cohort, “agentic” is not a marketing adjective. It describes a product architecture: autonomous discovery/response workflows, policy enforcement within AI-native dev pipelines, and runtime governance that treats agents as monitored entities, similar to how endpoints were treated in earlier eras.
Three anomalies (why this week matters)
.png?width=550&height=367&name=Three%20anomalies%20(why%20this%20week%20matters).png)
Hotspot: Five rounds in four days
The anomaly is cadence. Five rounds landing between March 17 and March 20 compresses what typically shows up as a multi-month “theme” into a single week of disclosed capital movement.
Gap: No true micro-seed signal in the cohort
The smallest disclosed round in the set is $8M. That absence of sub-$5M “formation” rounds suggests these teams are surfacing with product maturity and early demand already established, rather than funding pure exploration.
Pivot: Security shifts left—into the AI coding workflow and runtime
Two of the five deals explicitly frame security as embedded in AI-native development and agent runtime behaviour, not just post-facto detection. That’s a design pivot: prevention and governance become part of how software is produced and operated.
Anchor visual: Deal-size distribution (Agentic security burst)
| Band | Deals | $ Raised (USD) | Share of dollars |
|---|---|---|---|
| $100M+ | 1 | $120,000,000 | 48.0% |
| $50M–$100M | 1 | $57,000,000 | 22.8% |
| $20M–$50M | 2 | $65,000,000 | 26.0% |
| <$20M | 1 | $8,000,000 | 3.2% |
| Total | 5 | $250,000,000 | 100.0% |
Source: Fundz.net • Period: Mar 17–20, 2026 (UTC) • Scope: 5 disclosed rounds totaling $250M
So what? The barbell is already visible in a five-deal sample: one $100M+ conviction check, plus a dense “operator band” where early enterprise usage tends to appear.
- Top-end concentration: the $100M+ round represents 48% of dollars.
- Mid-band density: $20M–$57M accounts for 80.8% of dollars across four deals, where execution-ready platforms tend to price into enterprise workflows.
- Low seed presence: the smallest disclosed round is $8M, consistent with teams surfacing after product maturity rather than funding pure exploration.
Three engines pulling the train (what investors are underwriting)
1) Offensive automation (autonomous discovery and exploitation)
Xbow ($120M, Series C) is described in Fundz records as autonomously finding, exploiting, and reporting web vulnerabilities, and as passing 75% of web security benchmarks with zero human intervention. RunSybil ($40M) is framed as an offensive platform that maps authentication flows and interconnected vulnerability paths, with customers listed in the Fundz description, including Cursor, Turbopuffer, Notion, Baseten, and Thinking Machines Lab.
2) Controls embedded into AI-native development (security at generation time)
Corridor ($25M, Series A) is described as building security infrastructure for AI-native development, embedding real-time controls directly into AI-driven coding workflows, shifting the security boundary from “detect later” to “prevent during creation.” This is a structural bet: if AI accelerates code production, security has to move into the same loop.
3) Runtime governance for agent behavior (the “agentic enterprise” layer)
Manifold ($8M, Seed) is positioned as AI detection & response plus governance for agentic enterprises, monitoring agent behavior at runtime and integrating with existing infrastructure for rapid deployment. Surf AI ($57M, Series A) is described as an agentic operations platform that uses AI agents plus manual controls to identify and close exposure gaps under human oversight, an execution model aimed at reducing handoffs and rework.
Investor diligence map (how to evaluate “agentic” beyond the label)
In an agentic security pitch, “autonomous” is easy to say and hard to validate. The diligence advantage comes from forcing each startup to prove: (1) what the system can do without a human, (2) where humans must supervise, and (3) what evidence is captured when the system acts.
- Autonomy boundary: What actions can the platform take end-to-end without human input?
- Verification loop: What evidence is logged so outcomes are auditable (not just plausible)?
- Integration surface: Where does it plug in (SDLC, runtime, SOC), and how invasive is adoption?
- Failure modes: What happens when the agent is wrong—does it degrade safely?
Geography and disclosure (what the dataset can and can’t prove)
One caution: in this five-deal cohort, location fields are not consistently populated in the Fundz export. Xbow is listed with a Seattle location in the funding record, while Surf AI is described as NYC-based in its Fundz description. Investors should treat geography here as narrative context, not a quantified city leaderboard, unless location disclosure is complete in the underlying records.
External context (not the claim)
Momentum Cyber’s 2025 year-end almanac estimates $20.7B raised across 820 cybersecurity financing transactions in 2025. Their 2025 year-end M&A report also cites $119B in total strategic activity across acquisitions, IPOs and financings (including $96B of M&A across 400 transactions). This context helps situate the $250M “agentic security” burst without treating it as a full-market proxy.
Fundz Projection: What’s likely to happen next
Working projection (data-led, not a guarantee): This cohort already shows a barbell pattern (one $100M+ conviction round and a dense $20M–$57M “operator band”). If the category is real, the next 60–90 days should produce repeatable follow-through signals, not just more “agentic” labeling.
- Next 30 days: Expect more “operator band” financings ($20M–$60M) as adjacent teams surface with customer proof, integrations, and measurable outcomes (time-to-fix, false-positive load reduction, coverage expansion).
- Next 60 days: Watch for consolidation of the stack into three repeatable layers: (1) offensive automation, (2) SDLC-embedded controls for AI-native development, and (3) runtime governance for agent behavior. The winners will publish evidence loops (what is autonomous vs supervised, and what is logged).
- Next 90 days: If this becomes a durable category, incumbents will start partnering or acquiring for “runtime governance” and “AI-native controls,” because these features are harder to bolt on than traditional detection.
How to use this: Treat “agentic” as a diligence filter. The investable edge is evidence: autonomy boundaries, audit logs, failure-mode behavior, and integration friction.
Near-term watchlist (signals adjacent to the five-deal burst)
Outside the Mar 17–20 window, Fundz records also show additional “AI security/control plane/agent governance” activity earlier in March, including Bold Security ($40M, Mar 12), Onyx Security ($40M, Mar 12), Quantro Security (Seed, amount undisclosed, Mar 12), and Certiv ($4.2M, Pre-Seed, Mar 16). Consider these as adjacent signals rather than part of the $250M cohort.
Outlook: What breaks next if the category is real
If this cluster represents a durable category and not a one-week coincidence, the next visible moves will be operational: enterprise reference customers surfacing, SOC integrations becoming standard, and measurable “time-to-closure” improvements replacing abstract AI claims. The supply chain will also fill in quickly: governance layers, endpoint runtime monitors, and developer-first security controls designed for AI-generated code will likely proliferate.
Investor action checklist (14 / 30 / 60 days)
- Next 14 days: Track follow-through signals: benchmark claims, customer expansion, and production proof points that validate autonomy.
- Next 30 days: Map the second-order layer: governance, SDLC controls, and runtime monitoring tools that become “must-have” companions to autonomous coding and autonomous security testing.
- Next 60 days: Watch conversion evidence: procurement cycles, integration wins, security policy enforcement at scale, and consolidation interest from incumbents.
Investor FAQs: Decoding the Agentic Security Burst
What does this period include?
This analysis covers five disclosed funding rounds dated Mar 17–20, 2026 (UTC) in Fundz records, totaling $250M. The framing is intentionally narrow to isolate a short burst of agentic-security activity.
Why call this “agentic” instead of “AI security”?
Because the Fundz descriptions emphasize systems that act in goal-oriented workflows (discover, exploit, enforce, close exposure gaps) with humans supervising outcomes rather than manually triaging every step. The distinction is operational, not semantic.
Does this replace traditional detection tools?
Not immediately. The more likely near-term pattern is layering: agentic discovery and embedded controls reduce exposure creation. At the same time, runtime governance and response platforms monitor and manage what autonomous systems do after deployment.
What would make this “real” within a quarter?
Repeatability. More companies are raising in the same design pattern, more customers publicly referenced, and clearer metrics around autonomy (time-to-fix, false-positive load reduction, benchmark performance under defined conditions).
How should investors operationalize this report?
Use it as a map of where autonomy is being funded: offensive automation, SDLC-embedded controls, and runtime governance. Then track follow-through: customer adoption, integrations, and the evidence trail that proves agents are improving outcomes, not just producing plausible narratives.
Methodology and limitations
- Scope: Five disclosed funding rounds dated Mar 17–20, 2026 (UTC) totaling $250M.
- Validation: Amounts, dates, and company descriptions reflect Fundz's proprietary datasets (company-reported or disclosed, Fundz verified).
- Normalization: USD at entry time.
- Limitations: This is a narrow cohort analysis; not all records include fully populated location fields; undisclosed amounts and late updates may change totals.
- Projection note: Forward-looking statements are working observations derived from the disclosed deal pattern in this cohort plus adjacent signals in Fundz records; they are not guarantees.