Skip to main content

RSAC 2026 Competitor Analysis

Four companies highlighted during an investor conversation (March 2026) as key competitors worth understanding — all RSAC 2026 Innovation Sandbox finalists alongside SecurityV0. Analysis based on public websites, press coverage, and RSAC materials; claims about competitor gaps reflect our current read of public information, not exhaustive product evaluations.

See also: Competitor UX Analysis — usability-focused analysis mapping these competitors' UX patterns to our March 2026 platform review findings. | Veza Comparison — earlier deep dive on identity governance positioning.

CompanyCategoryCore ProblemFundingTeam
Token SecurityNHI & AI Agent SecurityDiscover, govern, secure all machine identities & AI agents$32M~40
Geordie AIAI Agent Security & GovernanceReal-time behavioral observability & intervention for AI agents$6.5M~16-29
Realm LabsAI Model Security (Interpretability)Look inside AI models to detect/prevent unsafe behavior$5M+~10-20
Fig SecuritySecurity Operations ResilienceFind silent failures in SOC detection/response plumbing$38M~25

Token Security — Closest Competitor

Website: https://www.token.security/

Founded: 2023, Tel Aviv. Emerged from stealth May 2024.

Founders: Itamar Apelblat (CEO) and Ido Shlomo (CTO), both Unit 8200 alumni with 15+ years together. Apelblat led defensive cyber (IDF CISO), Shlomo led offensive operations.

Funding: $32M total — $7M seed (TLV Partners, May 2024), $20M Series A (Notable Capital, Jan 2025), $5M RSAC Innovation Sandbox award (Feb 2026). Angel investors include Shlomo Kramer (co-founder of Check Point and Cato Networks).

Named customers: HPE, HiBob, BetterHelp, Dayforce, Bloomreach, Anecdotes, Udemy, Elastic, GEHA, Klaviyo, Lemonade. Triple-digit revenue growth in 2025.

What they do

Platform discovers, manages, governs, and secures non-human identities (NHIs) and AI agents across on-premises, hybrid, and cloud. Core thesis: machine identities outnumber human identities 50:1, yet IAM tools were built for humans.

CEO framing: "Hackers don't break in; they log in. Enterprises secure human identities well but struggle with automated systems. Most can't even tell you how many machine identities they have."

Core capabilities

  1. Continuous Discovery & Contextual Visibility — discovers every NHI (service accounts, API keys, tokens, certificates) and AI agent (custom GPTs, LLM services, RAG apps, MCP servers, autonomous agents). Builds dynamic identity graph mapping entitlements, dependencies, ownership.

  2. AI Agent Intent Understanding (March 2026) — determines declared vs. observed agent purposes, enforces intent-aligned least privilege. Their newest innovation.

  3. Lifecycle Management — creation through retirement. Enforces ownership accountability, auto-decommissions orphaned identities, prevents access drift.

  4. Security Posture Management — permissions drift, right-sizing to least-privilege, overexposure elimination.

  5. Identity Threat Detection & Response (ITDR) — behavioral anomaly detection on agent activity in real-time.

  6. AI-Driven Remediation — intelligent remediation workflows with dynamic risk thresholds, generates remediation scripts and CLI commands.

AI-native features

  • Token MCP Server — industry-first Model Context Protocol server letting security teams query NHI environment via natural language in Claude, ChatGPT, Gemini, or Cursor
  • Token AI Agent — conversational assistant in the Token UI for querying inventory, posture, threats, lifecycle
  • AI Discovery Engine (July 2025) — purpose-built to reveal AI-related identities including shadow AI and MCP servers

Integrations (~50+)

AWS, Azure, GCP, Okta, Entra ID, GitHub, GitLab, CrowdStrike, SentinelOne, 1Password, HashiCorp Vault, CyberArk, Snowflake, MongoDB Atlas, Datadog, Splunk, Wiz, Jira, ServiceNow, Slack, Salesforce, Workday, Anthropic Claude, OpenAI, AWS Bedrock, Azure Foundry, and many more.

Free / open-source tools

  • AI Privilege Guardian — free interactive tool for AI agent permission right-sizing
  • GPTs Compliance Insights (GCI) — open-source tool discovering custom GPTs and assessing security/compliance gaps

Competitive position

NHI market includes Astrix Security (#3 mindshare, 27.6%), Oasis Security (26.7%), Entro Security (#1 rated). Token differentiates by leaning into agentic AI governance rather than traditional NHI-only.

What Token has that we don't

  • Massive integration catalog (~50+ vs. our 3 connectors) — existential gap for enterprise sales
  • Named enterprise customers with testimonials (11+ logos)
  • MCP Server for natural language querying — clever distribution play
  • AI Agent Intent Modeling — declared vs. observed purpose
  • ITDR — real-time behavioral anomaly detection
  • Automated remediation (script generation, decommissioning)
  • Free/open-source lead-gen tools

Where we appear to differentiate from Token

Token offers identity graphs, blast-radius visibility, and lifecycle governance — there is real overlap. Based on public materials, these are areas where our approach differs:

  • Cross-system execution chain tracing — we trace ServiceNow Business Rule → REST Message → OAuth Entity → Azure SP → Permissions as a single deterministic chain. Token builds per-system identity graphs with entitlement mapping; their public materials don't show cross-system execution chain stitching at this granularity, though their unified graph may cover some of this
  • Temporal drift detection — version-history comparison for scope drift, ownership drift, reachability drift over time. Token does posture management but doesn't emphasize drift-specific analysis in public materials
  • Evidence packs — SHA256 integrity-hashed, timestamped, version-chained bundles for audit review. Token offers remediation scripts but no equivalent structured evidence artifact
  • Deterministic-only — Token uses AI/ML for classification and anomaly detection. Our findings are provable and walkable with no probabilistic components
  • Read-only connector model — zero blast radius deployment. Token offers automated remediation (a feature, but also a deployment risk consideration)
  • Egress classification — LLM vs. External vs. Internal at the execution chain level
  • Authority path model — full Workload → Identity → Destination → Data Domain chains with execution counts and 30-day trends

Ideas to borrow

  1. MCP Server — let CISOs query "show me all orphaned execution paths with LLM egress" in natural language. Low effort, high impact
  2. Integration breadth — accelerate connector development, publish a visible roadmap
  3. Named customer logos — even design partners on the website builds credibility
  4. Free/open-source tools — lightweight discovery tool for lead generation

Geordie AI — Significant Overlap on Agent Security

Website: https://www.geordie.ai/

Founded: April 2025, London (UK Companies House #16385054). Exited stealth September 2025.

Founders:

  • Henry Comfort (CEO) — former COO Americas at Darktrace through IPO and $5B exit
  • Hanah-Marie Darley (Chief AI & Product Officer) — decade US government intelligence, built threat research at Darktrace
  • Benji Weber (CTO) — former Senior Director of Engineering at Snyk, also Mindgard (AI security)

Backgrounds span Darktrace (IPO + $5B exit), US government intelligence, and Snyk/Mindgard.

Funding: $6.5M seed co-led by Ten Eleven Ventures and General Catalyst. Angels include executives from CyberArk, Darktrace, Deliveroo, Revolut.

Awards: Black Hat Europe 2025 Startup Spotlight Winner, CrowdStrike/AWS/NVIDIA Accelerator (2026), RSAC 2026 Innovation Sandbox finalist, SC Awards 2026 finalist.

What they do

AI Agent Security and Governance Platform purpose-built for enterprises deploying autonomous AI agents. Discovers agents across code repositories, SaaS, endpoints, and low/no-code tools. Provides behavioral observability, posture management, risk intelligence, and proactive intervention.

Core thesis: AI agents are a fundamentally new operational entity — traditional security tools (IAM, SIEM, EDR) were not designed for autonomous, non-deterministic systems.

Core technology: The Beam engine

Geordie's primary differentiator. A real-time risk assessment module embedded in the agent's decision-making chain:

  • Dynamically scores actions an agent is about to perform
  • When high-risk behavior detected, modifies the agent's decision by adjusting contextual prompts, restricting tool call parameters, or substituting execution paths
  • Proactive intervention, not post-detection response — security controls embedded during execution
  • Uses "context engineering" to give agents risk context without overloading context windows

Data collection pathways

  • SSO — single sign-on authentication
  • Endpoint — lightweight collection agents on devices
  • API — cloud platform connections

Events flow through a unified pipeline to build an enterprise-level agent asset graph.

Integrations

GitHub, Cursor, Claude, OpenAI, GitLab, Azure, Mistral, Bedrock, Azure AI Foundry, Google ADK, LangChain, Pydantic AI, CrewAI, Devin, Braintrust, Splunk, Jira, Teams, Power Automate, Copilot Studio, VS Code, Zed.

Compliance framework mapping

EU AI Act, OWASP Agentic Top 10, ISO 42001, NIST AI RMF, OECD AI Guidelines, GDPR, SOC 2 Type 2.

Customer references

  • Andy Gamble (CITO, Currys): "AI agents bring transformative potential, but only if enterprises can manage risks effectively."
  • Mehdi Ghissassi (CPTO, AI71, ex-Google DeepMind): "Their focus on agent-native risk intelligence enables pushing technological boundaries."

What Geordie has that we don't

  • Beam engine — real-time intervention during agent execution (we detect; they intervene)
  • Compliance framework mapping — EU AI Act, OWASP Agentic Top 10, ISO 42001 mapped natively
  • Endpoint collection — lightweight agents for local AI agent discovery (we're API-only)
  • Agent behavioral observability — monitors tool invocations, data access, code generation in real-time
  • "10 minutes to first visibility" — fast time-to-value messaging
  • Platform-agnostic agent discovery — code repos, SaaS, endpoints, low/no-code

Where we appear to differentiate from Geordie

Geordie's product page claims cross-platform understanding and temporal awareness for agents. Based on public materials, these are areas where our approach differs:

  • Cross-system execution chain analysis — we trace deterministic chains across system boundaries (e.g., ServiceNow → Azure). Geordie discovers agents across platforms but their public materials emphasize per-agent behavioral telemetry rather than cross-system authority chain stitching
  • Ownership decay detection — temporal tracking of when accountable humans disappear from execution chains, with version-history comparison. Geordie tracks ownership but doesn't emphasize temporal degradation in public materials
  • Evidence-grade findings — SHA256 integrity-hashed evidence packs with version chaining, designed for audit review
  • Deterministic findings — no ML/probabilistic scoring. Geordie uses dynamic risk scoring
  • Standing authority analysis — "what CAN this automation reach" even when dormant. Geordie focuses on active agent behavioral monitoring
  • Egress classification — LLM/External destination classification on execution paths

Ideas to borrow

  1. Compliance framework mapping — map our 15 finding types to EU AI Act and OWASP Agentic Top 10. Low effort, high value for GRC buyers
  2. "Time to first visibility" messaging — measure and promote ours
  3. OWASP Agentic Top 10 alignment — adds credibility even without scoring

Realm Labs — Least Overlap, Different Problem

Website: https://www.realmlabs.ai/

Founded: 2023, Sunnyvale, CA. Tagline: "Securing AI from Within."

Founders:

  • Saurabh Shintre (CEO) — former AI Security Lead at Symantec and Splunk; PhD Carnegie Mellon
  • Akash Mukherjee (Head of Engineering) — former Security Lead for SLSA (Google) and PCC (Apple)
  • Piotr Mardziel (Head of AI) — Trustworthy ML expert, former TruEra & Snowflake; PhD University of Maryland

Advisors: Jason Clinton (Deputy CISO, Anthropic), Paul Kocher (Marconi Prize Winner, SSL 3.0 co-author), Nicole Perlroth (NYT cybersecurity journalist).

Funding: $5M from Crosspoint Capital Partners (March 2026). Additional investors: Tola Capital, First Rays Venture Partners, Firestreak Ventures, Silver Buckshot. RSAC 2026 Innovation Sandbox finalist.

What they do

Applied interpretability — looking inside AI model internals (attention patterns, token probabilities, internal CoT) rather than just monitoring inputs/outputs. Three products:

Realm Prism (AI Observability) — flagship. Five-layer observability framework:

  1. Infrastructure — CPU/GPU load, memory, hardware
  2. Data — data quality, distribution drift, RAG timeliness
  3. Application — LLM logs, tool calls, API errors
  4. Internal (Realm's innovation) — attention patterns, internal CoT, token probabilities. Claims to identify brain regions where harmful information is stored
  5. Output — hallucination, factual accuracy, bias, compliance

Supports batch analysis, real-time sidecar, inline guardrails, and managed endpoint deployment modes. Captures 100,000+ semantic concepts.

Realm OmniGuard (AI Firewall) — blocks harmful content, jailbreaks, prompt injection across text, audio, images, video. 50+ languages. EU AI Safety Act compliance.

DataRealm (Data Governance & DLP) — monitors sensitive data flowing to AI models. Crawls SharePoint, OneDrive, S3, Google Drive, Slack, GitHub. Graph-based access control. Petabyte-scale scanning.

Key technical limitation

Requires access to model internals — best suited for open-weight models. Integration with fully closed proprietary models (GPT-4, Claude) is more challenging.

Validation

CTF challenge (Sept 2025): 100+ participants, 2,000+ attacks, zero successful breaches of the fourth defense layer.

Customers

  • A ride-sharing leader (likely Uber/Lyft)
  • Anthropic (Jason Clinton on advisory board)
  • A Big 3 management consulting firm
  • Bolo AI (case study: secure RAG chatbot on SharePoint)

Overlap assessment

LOW — almost orthogonal to SecurityV0. They secure AI model internals; we secure execution authority chains.

Partial overlap: DataRealm's approach to data flowing to AI models relates to our egress classification. They crawl systems to find sensitive data; we classify egress destinations at the execution chain level. Complementary perspectives on the "data leaking to LLMs" problem.

Ideas to borrow

  1. Sharpen our LLM egress messaging — same CISO fear, different angle
  2. CTF challenge as marketing/credibility tactic

Fig Security — Tangential, Different Domain

Website: https://www.fig.security/

Founded: March 2025, New York + Tel Aviv. Emerged from stealth March 3, 2026.

Founders:

  • Gal Shafir (CEO) — led teams at Siemplify through $500M acquisition by Google; led global security architecture for Google Cloud Security (SecOps). Harvard Business School
  • Nir Loya Dahan (CPO) — former VP Product at Cymulate; product leadership at Siemplify
  • Roy Haimof (CTO) — started cybersecurity at age 16; former Director of Engineering at Cymulate

All Unit 8200 / Mamram veterans.

Funding: $38M total — $8M seed (Team8), $30M Series A (Ten Eleven Ventures). Angel investors include Doug Merritt (former CEO Splunk), Rene Bonvanie (former CMO Palo Alto Networks), Daniel Bernard (CBO CrowdStrike), founders of Demisto and Siemplify. RSAC 2026 Innovation Sandbox finalist.

What they do

Pioneering "Security Operations Resilience" — ensuring detection and response systems actually function correctly as infrastructure changes. Core insight: dashboards show green even when things are broken.

CEO quote: "The most dangerous failures in security are the ones you do not know about. If a detection hasn't been triggered in months, teams often can't tell whether that reflects true safety or a breakdown somewhere in the plumbing."

Core capabilities

  1. Autonomous Discovery & Mapping — traces data lineage: Data Sources → Data Pipelines → Detection Layer → Response Layer
  2. Continuous Validation — monitors whether detection rules receive needed data and fire correctly
  3. Data Pipeline Health — tracks flow health at every stage
  4. Dependency Analysis — maps inter-tool dependencies, surfaces downstream impact
  5. Change Impact Alerting — alerts when changes impair detection/response coverage
  6. Simulation — test proposed changes before deploying to production
  7. Stack-Agnostic — works across heterogeneous multi-vendor environments

Traction

Multiple Fortune 100 customers deployed. Low double-digits customer count (~1 year after founding). Plans to reach 50-100 customers by end of 2026. ~25 employees, planning to triple by year-end.

Overlap assessment

LOW — different domain entirely. Fig validates SOC plumbing; SecurityV0 finds governance gaps in autonomous execution.

Both address "invisible risks" but in different domains. Fig: "Your detection rules silently stopped working." SecurityV0: "Your orphaned automations are silently executing with standing authority."

Ideas to borrow

  1. "Green dashboards lie" messaging — powerful. Our equivalent: "Your IGA shows compliance. Your orphaned automations disagree."
  2. Simulation / what-if — "What's the blast radius if this SP is compromised?" Natural extension of our authority path data
  3. Speed of traction — $38M raised, Fortune 100 deployed, 25 employees, 1 year old. Shows what's possible with right team + investor backing

Comparative Matrix

Based on public materials as of March 2026. Competitors may have unlisted capabilities.

CapabilitySV0TokenGeordieRealmFig
NHI/Agent DiscoveryYesYesYesNoNo
Cross-System Chain TracingCoreNot emphasizedNot emphasizedNoNo
Temporal Drift DetectionCoreNot emphasizedNot emphasizedNoNo
Ownership Decay DetectionCorePartial (lifecycle)Partial (posture)NoNo
Evidence Packs (audit-grade)CoreNot visibleNot visibleNoNo
LLM Egress ClassificationYesNot visibleNot visiblePartialNo
Deterministic-Only FindingsYesNo (uses ML)No (scoring)No (ML)Unknown
Read-Only DeploymentYesNo (remediates)No (intervenes)NoYes
Real-Time InterventionNoYesYes (Beam)YesNo
AI/NL Query InterfaceNoYes (MCP)NoNoNo
Compliance Mapping in UINoNoYesPartialNo
Named CustomersNoYes (11+)NoPartialYes
Integration Breadth350+20+~10Unknown
Automated RemediationNoYesYesYesNo
Free/Open-Source ToolsNoYesNoPlaygroundNo

Strategic Takeaways

Our defensible moat

Core capabilities where we appear differentiated based on public competitor materials:

  1. Cross-system execution chain tracing with deterministic evidence — traces ServiceNow → OAuth → Azure SP → Permissions across system boundaries. No competitor publicly demonstrates equivalent cross-system chain stitching
  2. Temporal drift detection — version-history comparison for scope, ownership, and reachability drift over time. Competitors offer posture management but don't emphasize drift-specific analysis
  3. SHA256 integrity-hashed evidence packs — timestamped, version-chained bundles designed for audit review. No equivalent structured evidence artifact visible in competitor products
  4. Deterministic-only philosophy — no ML, no probabilistic scoring, every finding provable and walkable

Our biggest gaps

  1. Integration breadth — 3 connectors vs. Token's 50+. Existential for enterprise sales
  2. No named customers — everyone else has logos or anonymized case studies
  3. Compliance mapping not surfaced in UI — we have OWASP Agentic Top 10 mapping documented internally but it's invisible in the product. Surfacing it is Phase 1.3 in the action plan
  4. No AI/NL query interface — Token's MCP server is a compelling distribution play for the agentic era
  5. No real-time / intervention story — we need a narrative for continuous monitoring even if we stay read-only

Highest-value actions

  1. Build an MCP server for SecurityV0 — natural language querying of authority paths, findings, evidence. Quick win, aligns with technical direction
  2. Surface existing OWASP mapping in UI — the mapping exists, just needs rendering as badges on Risk Cluster cards and Finding Detail pages (Phase 1.3)
  3. Accelerate AWS IAM connector — ADRs exist, need to ship
  4. Sharpen "green dashboards lie" messaging — "Your IGA shows compliance. Your orphaned automations disagree."
  5. Add what-if blast radius simulation — "What happens if this SP is compromised?" leveraging existing authority path data

Where we should NOT follow competitors

  • Don't add ML/scoring — our deterministic stance is a differentiator, not a weakness. Regulated/audit-heavy buyers value provable findings
  • Don't add write-back/remediation yet — read-only is a deployment advantage in risk-averse enterprises
  • Don't chase Realm's model interpretability — completely different problem space, would dilute focus