Building an AI Guardian for Enterprise with Onyx Security CEO Maxim Bar Kogan
Episode
41 min
Read time
2 min
Topics
Startups, Leadership, Artificial Intelligence
AI-Generated Summary
Key Takeaways
- ✓Enterprise agent breakdown: In a typical enterprise today, autonomous coding agents like Claude Code and Cursor account for roughly 50% of AI deployments, low-code automation platforms represent 45%, and internally built first-party agents make up the remaining 2-5%. Autonomous coding agents are currently the fastest-growing category and arrive with virtually no built-in security controls.
- ✓Why existing security tools fail agents: Identity security requires scoped permissions, but enterprises must grant agents broad access to be useful. Endpoint and API security tools cannot evaluate agent intent — they cannot distinguish between Claude Code legitimately deleting a database versus doing so erroneously on an unrelated task. Context-aware oversight requires purpose-built tooling.
- ✓Small model triage architecture: Rather than running a full frontier model to monitor every agent action, Onyx trains small, narrow models with one function: deciding whether a smarter oversight agent needs to intervene. This two-tier approach keeps latency low and costs viable while preserving high-quality review for genuinely risky actions.
- ✓Independent vendor advantage over labs: Enterprises refuse to share historical agent behavior data with Anthropic or OpenAI, fearing it will be used for training. Third-party security vendors like Onyx can access that behavioral history without conflict of interest, enabling anomaly detection the labs structurally cannot perform — a durable competitive moat as multi-vendor AI environments expand.
- ✓Mýthos-level vulnerability risk response: Automated vulnerability research, once considered decades away, is arriving now. Security teams should prioritize immediate patching of known vulnerabilities while simultaneously deploying foundational AI-specific controls — identity lockdown, endpoint detection, and an AI security control plane — rather than waiting for labs to phase-release advanced offensive-capable models gradually.
What It Covers
Maxim Bar Kogan, CEO of Onyx Security, explains how his Israel-based startup trains specialized small models to oversee autonomous AI agents in enterprise environments, addressing a security gap that existing identity, endpoint, and API tools cannot fill as agent deployments grow exponentially across Fortune 500 companies.
Key Questions Answered
- •Enterprise agent breakdown: In a typical enterprise today, autonomous coding agents like Claude Code and Cursor account for roughly 50% of AI deployments, low-code automation platforms represent 45%, and internally built first-party agents make up the remaining 2-5%. Autonomous coding agents are currently the fastest-growing category and arrive with virtually no built-in security controls.
- •Why existing security tools fail agents: Identity security requires scoped permissions, but enterprises must grant agents broad access to be useful. Endpoint and API security tools cannot evaluate agent intent — they cannot distinguish between Claude Code legitimately deleting a database versus doing so erroneously on an unrelated task. Context-aware oversight requires purpose-built tooling.
- •Small model triage architecture: Rather than running a full frontier model to monitor every agent action, Onyx trains small, narrow models with one function: deciding whether a smarter oversight agent needs to intervene. This two-tier approach keeps latency low and costs viable while preserving high-quality review for genuinely risky actions.
- •Independent vendor advantage over labs: Enterprises refuse to share historical agent behavior data with Anthropic or OpenAI, fearing it will be used for training. Third-party security vendors like Onyx can access that behavioral history without conflict of interest, enabling anomaly detection the labs structurally cannot perform — a durable competitive moat as multi-vendor AI environments expand.
- •Mýthos-level vulnerability risk response: Automated vulnerability research, once considered decades away, is arriving now. Security teams should prioritize immediate patching of known vulnerabilities while simultaneously deploying foundational AI-specific controls — identity lockdown, endpoint detection, and an AI security control plane — rather than waiting for labs to phase-release advanced offensive-capable models gradually.
Notable Moment
Bar Kogan reveals that large enterprises are now sanctioning OpenAI's operator-level tools company-wide, driven directly by CEO mandates rather than security team approvals — a reversal of the traditional procurement flow that signals how urgency around AI productivity is overriding standard enterprise security governance processes.
You just read a 3-minute summary of a 38-minute episode.
Get No Priors: Artificial Intelligence | Technology | Startups summarized like this every Monday — plus up to 2 more podcasts, free.
Pick Your Podcasts — FreeKeep Reading
More from No Priors: Artificial Intelligence | Technology | Startups
Travel Through the Lens of AI with with Booking.com CEO Glenn Fogel
Jul 9 · 41 min
Bankless
Trump's Grand Strategy: Iran, China & The New World Order | Kamran Bokhari
Mar 18
More from No Priors: Artificial Intelligence | Technology | Startups
How Nuclear Will Unlock Energy Abundance with Valar Atomics Founder Isaiah Taylor
Jul 2 · 61 min
Beyond Biotech
Using AI to crack undruggable drug targets
Feb 13
Books, tools, and gear mentioned in this episode
SignalCast may earn commission on purchases via these links.
Tools
by OpenAI
“Bar Kogan reveals that large enterprises are now sanctioning OpenAI's operator-level tools company-wide, driven directly by CEO mandates”
by Anthropic
“In a typical enterprise today, autonomous coding agents like Claude Code and Cursor account for roughly 50% of AI deployments”
“In a typical enterprise today, autonomous coding agents like Claude Code and Cursor account for roughly 50% of AI deployments”
company
“Maxim Bar Kogan, CEO of Onyx Security, explains how his Israel-based startup trains specialized small models to oversee autonomous AI agents in enterprise environments”
More from No Priors: Artificial Intelligence | Technology | Startups
We summarize every new episode. Want them in your inbox?
Travel Through the Lens of AI with with Booking.com CEO Glenn Fogel
How Nuclear Will Unlock Energy Abundance with Valar Atomics Founder Isaiah Taylor
Why Traditional Benchmarks Fail Modern AI Models with OpenAI Research Scientist Noam Brown
Re-engineering the Semiconductor Supply Chain with Intel CEO Lip Bu Tan
Biohub: The Future of Biology is Open-Source with Co-Founders Mark Zuckerberg, Priscilla Chan, and Head of Science Alex Rives
Similar Episodes
Related episodes from other podcasts
Bankless
Mar 18
Trump's Grand Strategy: Iran, China & The New World Order | Kamran Bokhari
Beyond Biotech
Feb 13
Using AI to crack undruggable drug targets
The Full Ratchet
Feb 2
501. Spotting the Next Big Thing, Why This Cycle Is Different, Acceptable vs Unacceptable Risk, and Why Duration Is a Feature Not a Bug (Jon Callaghan)
The Ezra Klein Show
Oct 28
The Israeli Right’s Plan to Carve Up Gaza
Eye on AI
Jul 7
The Biggest AI Security Problem Isn't the Model. It's This. | Devvret Rishi
Explore Related Topics
This podcast is featured in Best AI Podcasts (2026) — ranked and reviewed with AI summaries.
Read this week's Startups & Product Podcast Insights — cross-podcast analysis updated weekly.
You're clearly into No Priors: Artificial Intelligence | Technology | Startups.
Every Monday, we deliver AI summaries of the latest episodes from No Priors: Artificial Intelligence | Technology | Startups and 192+ other podcasts. Free for one show.
Start My Monday DigestNo credit card · Unsubscribe anytime