Notifications
Clear all
Topic starter
07/06/2026 8:57 pm
TL;DR: Straiker combines autonomous red teaming and runtime monitoring for AI agents, targeting prompt injection, data leakage, and abuse in production deployments while the company says it has raised $21 million and serves enterprise customers, according to WorkOS. The deeper lesson is that testing can validate behaviour, but it cannot replace identity, authorization, and audit foundations.
NHIMG editorial — based on content published by WorkOS: Straiker for AI Agent Security: Features, Pricing, and Alternatives
By the numbers:
- Straiker emerged in 2025 and raised $21 million from Lightspeed Venture Partners and Bain Capital Ventures.
Questions worth separating out
Q: How should security teams govern AI agents that can call tools and access data?
A: Treat the agent as a governed identity, not just an application feature.
Q: Why do AI security testing tools not replace IAM controls for agents?
A: Because testing answers whether the agent behaves safely, while IAM answers who may access it and under what conditions.
Q: What do teams get wrong when they rely only on runtime detection for AI agents?
A: They confuse visibility with governance.
Practitioner guidance
- Separate validation from authorisation Map AI security testing to the controls it can influence, then assign identity, access, and audit ownership to IAM or NHI governance teams.
- Inventory every agent-facing account and token List the service accounts, API keys, OAuth grants, and privileged API scopes attached to each deployed agent.
- Bind agent activity to attributable identity evidence Ensure logs capture the human approver, the agent instance, the connected workload identity, and the downstream tools invoked.
What's in the full article
WorkOS's full article covers the operational detail this post intentionally leaves for the source:
- Product-specific feature breakdown of Ascend AI and Defend AI across testing and runtime monitoring
- WorkOS's comparison of Straiker against alternative AI security approaches and buying considerations
- Enterprise positioning details, including pricing posture, certifications, and customer examples
- The vendor's own explanation of where AI security testing fits in a broader authentication architecture
👉 Read WorkOS's analysis of Straiker for AI agent security →
AI agent security testing: what it means for IAM teams?
Explore further
08/06/2026 8:41 am
AI agent security testing is necessary, but it sits above the real governance boundary. Autonomous red teaming and runtime monitoring can reduce exposure, but they do not define who should have access, what privilege is appropriate, or how accountability is preserved. That means the enterprise still needs identity governance beneath the testing layer. Practitioners should avoid mistaking validation for control.
A few things that frame the scale:
- Companies are dedicating an average of 32.4% of their security budgets to secrets management and code security, with US organisations leading at 40.8%, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.
A question worth separating out:
A: After the identity foundation is clear. Organisations should first establish authentication, authorization, logging, and token governance for the agent, then layer in security testing and runtime monitoring. Without that sequence, the organisation may detect risk but still lack the evidence needed to contain it or assign accountability.
👉 Read our full editorial: AI agent security testing exposes the limits of IAM-first thinking
