Written by: Will
This is the seventh article in the YC W26 series analysis (ranked 10th by writing order). This article looks at Security—seven companies, not many but with a clear direction: AI is simultaneously changing both attacks and defenses.
The speed of attacks has surpassed the speed of defense
In September 2025, Anthropic discovered that state-level hackers from China autonomously completed 80-90% of attacks using AI—thousands of requests per second, and no human team can keep up with this speed.
This is the reality that the security industry is facing: attackers have begun using AI, while defenders are still relying on human resources. Companies conduct penetration tests once a year, and by the time the report comes out, the codebase has already changed. The ratio of security team members to development team members is about 1:100—security engineers simply cannot keep up.
The seven Security companies in YC W26 are divided into two lines: one focuses on offense (using AI to simulate attacks to find vulnerabilities) and the other on defense (using AI to protect systems from attacks).
First, the conclusion: 3 takeaways
1. Hex Security found serious vulnerabilities in dozens of YC companies within weeks—SQL injections exposed billions of records, PoC worms could infect entire networks, gaining access to hundreds of codebases. It is estimated that it prevented potential losses exceeding $3 billion. This is not a promise on a PowerPoint slide, but real results from penetration testing. "Using AI to attack" is no longer a threat forecast; it is happening.
2. Clam (which we detailed in the OpenClaw article) provides a security layer for AI agents. As agents become more prevalent, agent security will become an independent category—not just a subset of "cybersecurity," but a completely new market.
3. The seven companies cover multiple links in the security chain: offensive testing (Hex Security), agent security (Clam), crime detection (Lexius), information firewalls (Velum Labs), anti-fraud (BeeSafe AI), internet defense (Crosslayer Labs), and risk control tools (MouseCat). The dispersed focus indicates that AI security is still in its early stages and has not formed a dominant product paradigm.
Offensive line: using AI to simulate attacks
Hex Security
Official website: https://hex.co/
AI agent automated penetration testing—continuously finding vulnerabilities, chaining attack paths, delivering reproducible remediation plans.
Core data: Found serious vulnerabilities in dozens of YC companies within weeks, estimated to prevent potential losses exceeding $3 billion. Open-sourced the HexStrike AI MCP toolkit (150+ security tools), allowing Claude/GPT and other AIs to run penetration tests directly. 10,000 monthly visits.
Team highlights: Three founders Huzaifa, Ahmad, and Prama. Huzaifa previously worked in software development at PlayAI, AWS, Capital One, and developed a consumer application with millions of downloads. In college, reverse-engineered all mainstream ATS recruiting platforms and created Talently—a tool that automatically sends out over 200,000 job applications. "I have always enjoyed breaking things."
Business model: Ongoing AI penetration testing to replace traditional annual one-time manual testing. Traditional penetration testing is costly, time-consuming, and by the time the report comes out, the code has already changed.
Competition/Risks: The field is heating up—Escape (YC 2023, just raised $18M in Series A), MindFort, ZeroPath, and Winfunc are all conducting AI penetration testing. Major companies like Snyk and Cobalt are also expanding in this direction.
Hex Security's core argument is that security testing must become continuous, rather than annual. The code is changing daily, and attackers are using AI every day; annual penetration testing is a "timely misalignment" business model. AI agents can perform continuous testing—automatically running after each code submission and automatically checking after each new vulnerability disclosure.
BuildMVPFast's analysis article made a point: "agent governance is the next moat." Who can audit, control, and verify what agents have done and why—this is more defensible than better models and better prompts.
Defensive line: using AI to protect systems
Clam has been detailed in the OpenClaw article—providing a "semantic firewall" for AI assistants such as OpenClaw, intercepting sensitive information leaks, malicious command injections, and malicious code executions. The two founders: Vaibhav previously worked at Augment Code on containerized AI programming tools, and Anshul is the founding engineer of HappyRobot. 8000 monthly visits. No repetition here.
Official website: https://tryclam.com/
Lexius (8000 monthly visits) focuses on AI crime detection. The direction is quite broad—using AI to identify and prevent various criminal activities.
Velum Labs (2000 monthly visits) creates a "firewall for information access between AI and humans." This direction is very specific: when AI agents access corporate data, how can we ensure they only see what they are supposed to? Not all data should be visible to AI—salary information, customer privacy, trade secrets; these need a "firewall" to separate them.
BeeSafe AI (1000 monthly visits) focuses on AI anti-fraud—"stopping it before the fraud reaches your customers." Targeting banks and financial institutions.
Crosslayer Labs focuses on internet security defense—protecting, monitoring, and defending your internet presence.
MouseCat offers a risk control AI toolkit—providing AI tools for risk teams.
Examining the seven companies together
A few observations:
First, the speed of offensive AI security (Hex Security) is much faster than that of defensive security. The reason is intuitive: attackers only need to find one vulnerability, while defenders need to close all vulnerabilities. AI serves as a "multiplier" for attackers, while it is a "diminisher" for defenders—this is asymmetric.
Second, among the seven companies, only one (Clam) specializes in agent security. Considering that there are 56 agent companies in the entire W26, this ratio is clearly insufficient. Agent security may currently be one of the most underestimated directions.
Third, these seven companies have a direct supply-demand relationship with those in the previous articles. Patientdesk.ai from the Healthcare article handles patient data and requires security assurance, Sponge from the Fintech article requires anti-fraud measures for funding agents, and all agents from the Infrastructure article need a security layer. Security is not a standalone track—it is a prerequisite for every track.
Insights for Chinese teams
First, there is a market for AI penetration testing in China. The Chinese cybersecurity industry (Qihoo 360, Sangfor, Anheng Information, etc.) primarily focuses on traditional security products, and AI penetration testing is still a blue ocean. However, it is important to note: doing "offensive security" in China requires compliance qualifications, and the regulatory barriers are higher than in the USA.
Second, agent security may be a window of first-mover advantage in China. The regulations on AI-generated content in China are stricter than in the USA (algorithm filing, content review), and companies deploying AI agents must ensure compliance in their outputs. "Adding compliance barriers to AI agents for Chinese enterprises" is a pressing need, and the regulatory barriers themselves serve as a moat.
Takeaway judgments
1. The speed of attacks has exceeded the speed of defenses. The number of vulnerabilities found by Hex Security within weeks in YC companies highlights the issue—most companies' security defenses remain at the "human + annual penetration testing" stage. AI has turned attacks into continuous, automated processes, and defense must keep pace.
2. Agent security is an emerging independent category. Among the 56 agent companies, only one is a dedicated agent security company—this gap will be filled. The security incidents discussed in the OpenClaw article (memory files being tampered with, unauthorized agent behavior, plugin supply chain poisoning) will only increase.
3. Security is a "tax" for all AI tracks—whether you are working in Healthcare, Fintech, or DevTools, as long as you use AI agents, a security layer is required. This means that the potential customers for security companies are the entire AI ecosystem, not just the security industry.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
