The RSAC Innovation Sandbox is cybersecurity’s biggest startup launchpad. Past finalists have collectively raised over $50 billion in subsequent investment, with 100+ acquisitions — including companies like Wiz, CrowdStrike, and Phantom (now Splunk SOAR).

This year’s competition kicks off Monday, March 23 in San Francisco. And the finalists tell you exactly where the industry thinks the next $50 billion is heading: AI agent security.

The Known Finalists

RSAC selects 10 finalists from hundreds of submissions. While the full list hasn’t been publicly confirmed, several finalists have been identified:

Token Security — Intent-Based Identity for Agents

The pitch: Static permissions fail for AI agents because agent behavior is non-deterministic and goal-oriented. Two agents with identical access can behave completely differently based on what they’re trying to accomplish.

The product: Intent-based AI agent security that discovers agents, understands their declared and observed intent, dynamically enforces least-privilege policies aligned to purpose, and governs the full agent lifecycle.

Why it matters: Token Security treats identity as the control plane for autonomous systems — the enforcement layer that governs what agents can access based on what they’re supposed to do. Available now; demos at booth South Hall 1969.

Backed by: Notable Capital, Crosspoint Capital, TLV Partners.

Geordie AI — Agent-Native Runtime Security

The pitch: AI agents are a fundamentally new operational entity. Existing security tools — built for humans and traditional software — break when applied to systems that are non-deterministic, generate 10-20x more activity than humans, and chain actions across enterprise systems.

The product: Agent-native security platform providing real-time discovery, continuous behavior monitoring, and risk control specifically built for AI agents.

Why it matters: Founded by Henry Comfort (ex-COO, Darktrace) and Benji Weber (ex-CTO, Snyk) — the DNA of autonomous detection meets developer-first security. Their five pain points (no unified visibility, no capability auditing, non-deterministic behavior, expanding risk surface, cascading agent-to-agent failures) read like a checklist of what every CISO is worried about.

Backed by: $6.5M from Ten Eleven Ventures and General Catalyst.

Charm Security — AI Anti-Fraud for the Deepfake Era

The pitch: Generative AI has fundamentally changed fraud. AI-enabled social engineering — personalized phishing, synthetic voice, deepfake video — has lowered the attack threshold while dramatically increasing success rates.

The product: Agentic AI-powered anti-fraud platform focused on detecting and preventing new-generation social engineering attacks that bypass traditional transaction monitoring and identity verification.

Why it matters: Founded by Roy Zur, a 15-year veteran of Israel’s 8200 cyber intelligence unit, with CTO Avichai Ben from Transmit Security and Microsoft. $8M seed from Team8.

Realm Labs — CMU CyLab Venture

Selected from CMU’s CyLab ecosystem, details on Realm Labs’ specific product are limited ahead of the pitch. CyLab is Carnegie Mellon’s security and privacy research institute — a frequent source of companies that define new security categories.

Fig Security — Detection Reliability

Israel-US startup (founded 2025) focused on guarding the reliability of security detection systems — ensuring that the security tools enterprises rely on actually work correctly. A meta-security play.

The Bigger Picture

What’s notable about this year’s Sandbox isn’t just the individual companies — it’s the pattern. Multiple finalists are building for a world where autonomous AI agents are the primary security challenge, not just another category of software to protect.

This tracks with the broader RSAC 2026 landscape where we’ve mapped 25+ agent security product launches in a two-week window:

The Innovation Sandbox competition starts Monday morning, March 23. Previous winners have gone on to define categories worth billions. Given the lineup, this year’s winner may define the category of AI agent security itself.

Sources: CMU CyLab · SecurityBoulevard · RSAC Conference