Geordie AI: Ex-Darktrace and Snyk Founders Build Agent-Native Security for RSAC Sandbox

When Darktrace’s former COO and Snyk’s former CTO team up to build a security company, it’s worth paying attention. When their first product targets AI agent security and gets selected as an RSAC 2026 Innovation Sandbox finalist, it’s a signal the category has arrived.

Geordie AI raised $6.5 million from Ten Eleven Ventures and General Catalyst. The founding team: Henry Comfort (ex-COO, Darktrace — the company that pioneered autonomous cyber defense) and Benji Weber (ex-CTO, Snyk — the company that defined developer-first security).

The Thesis: Agents Are a New Operational Entity

Geordie’s core argument: AI agents aren’t just another type of software to secure with existing tools. They’re a fundamentally new kind of operational entity whose behavior patterns differ from traditional systems in ways that break conventional security assumptions.

The five pain points they identified:

1. No unified visibility. Enterprises have no single view of all agents running across their infrastructure. Shadow AI is at 76% and growing.

2. No continuous capability auditing. Agents gain new capabilities — new MCP connections, new tool access, new data sources — without security teams knowing.

3. Non-deterministic behavior breaks monitoring. Traditional anomaly detection assumes baseline behavioral patterns. Agents don’t have stable baselines — the same agent can behave differently each run depending on its prompt, context, and goals.

4. Expanding risk surface from integrations. Every tool connection, data source, and API an agent touches extends the attack surface. Agents generate 10-20x more activity than human users.

5. Cascading failures from agent-to-agent collaboration. When agents delegate to other agents, a single compromised or misconfigured agent can propagate failures across an entire workflow chain.

What “Agent-Native” Means

Geordie positions itself as “agent-native” — built from the ground up for agent behavior, rather than retrofitted from existing security categories.

In practice, this means:

Runtime behavioral monitoring. Continuously watching what agents actually do — which tools they invoke, what data they access, how they chain actions — through logs and telemetry. Co-founder Hanah-Marie Darley acknowledges a real challenge here: not all AI agent platforms provide comprehensive logs, making reliable behavioral data hard to obtain.

Real-time discovery. Finding agents as they appear in the environment, including shadow deployments that security teams didn’t authorize.

Risk control. Enforcing policies based on observed behavior, not just declared permissions. If an agent starts doing something its purpose doesn’t justify, intervene.

The Darktrace + Snyk DNA

The founding team’s backgrounds map precisely onto Geordie’s approach:

• Darktrace pioneered autonomous, AI-driven detection that learns “normal” behavior and flags deviations. Geordie applies this same concept to AI agents rather than network traffic.
• Snyk made security a developer concern by integrating into development workflows. Geordie aims to make agent security native to agent deployment — a “shift left, shield right” strategy.

The combination: runtime behavioral AI (Darktrace heritage) embedded in development and deployment workflows (Snyk heritage).

The RSAC 2026 Sandbox Stage

The Innovation Sandbox is RSAC’s premier launchpad for security startups. Geordie will pitch on stage Monday, March 23. Past Sandbox finalists and winners include companies that collectively raised over $50 billion in subsequent investment, with 100+ acquisitions.

Other notable Sandbox finalists this year include Token Security (intent-based identity governance), Charm Security (AI anti-fraud), Fig Security (detection reliability), and Realm Labs (CMU-backed).

Where Geordie Fits in the Stack

In the RSAC 2026 Agent Security Product Map, Geordie occupies the runtime monitoring layer — sitting between identity/access controls (Token Security, Okta, Oasis) and inline prevention (Zenity, CrowdStrike × NVIDIA).

The open question: as agent security matures, does runtime monitoring become its own category — or does it get absorbed into endpoint security (CrowdStrike), identity platforms (Okta), or cloud security posture management?

Geordie’s bet is that agents are different enough to require purpose-built tooling. Given that existing tools struggle with non-deterministic behavior and 10-20x activity volumes, they may be right.

---

Sources: CSO Online · Ten Eleven Ventures · RSAC Innovation Sandbox