Keep It Simple Security
The control plane for AI agents.
Agents request - kiss decides and executes.
The problem
Hand an agent your keys and it becomes the operator. Security teams lose the control surface.
One compromised agent leaks its keys - and your entire integration surface with them.
Agents over-execute, hallucinate, or get prompt-injected - with nothing between intent and impact.
No central record of what happened, who authorized it, or why.
The principle
Agents decide what to do. kiss decides if it's allowed - validating each request against your real business logic and data first.
“Refund $85 to cus_123.”
Agent asks. Holds no credentials.
Static policies
Dynamic business values
All pass → kiss runs it.
Your credentials, your systems - never the agent's.
Attacks we stop
Authorization says yes. Only a check against an independent business record says wrong. That check is the product.
update_direct_deposit → attacker acctpay_invoice $48k → attacker IBANdeploy(app, env=production)export(scope=ALL, dest=external)How it works
Submits intent - action, identity, context. No credentials of its own.
Validates against your policy, business data, and risk. Allow, deny, or ask.
Runs it through managed connectors. Keys never leave our infrastructure.
A full record per action: who, what, decision, and result.
Why now
Every platform is shipping agents. We're one breach away from execution security becoming mandatory - and there's no incumbent.
$39B
TAM by 2030
Agentic AI governance and policy management market, growing ~40% a year.
40%
Enterprise apps by 2026
Will embed task-specific AI agents, up from under 5% in 2025.
45:1
Non-human identities
Machine and agent identities now outnumber humans - each needs credential and execution control.
Differentiation
Owning execution is table stakes - access tools broker credentials inline too. Our wedge is the business-logic check against your system of record.
Okta, Entra
Grants access to systems. Whatever holds the credential can do anything it allows.
Oasis, Aembit
Brokers credentials inline and checks static policy - proves the agent is allowed. An in-scope action with the wrong values still passes.
The business-logic layer
Static policies
Limits, allowed operations, environments.
Dynamic business values
Does this action match the order, ticket, or PR that justifies it?
Identity tools prove the right agent is acting. kiss proves it's doing the right thing - verified against your records, before it runs.
Traction
2
Design partners
Pre-revenue
Stage
Design partners
















Business model
Land with security teams, expand as agent volume grows. Revenue scales with governed actions.
Team
From $50K/yr
Business
From $150K/yr
Enterprise
Custom
The ask
A $10M seed gives us ~24 months of runway to take the platform to GA, hire the rare authorization and security talent the category demands, convert design partners into paying enterprise customers, and reach Series A metrics.
$5M
50%
Engineering
$2.5M
25%
Go-to-market
$1.5M
15%
Security & compliance
$1M
10%
Operations
What this funding gets us
Round details
Use of funds
$10M takes the control plane to GA, earns the trust signals enterprises demand, and proves the wedge with paying customers - in 24 months.
Control plane & policy engine
$3.2MConnectors & runtime execution
$1.8MGo-to-market
$2.5MSecurity & compliance
$1.5MOperations & leadership
$1.0M24-month milestone path
Q1-Q2
Control plane to GA
Q2-Q3
First paying enterprises
Q3-Q4
SOC 2 Type II
Q4+
Series A metrics
Hiring plan
We build the control plane to GA while standing up the commercial motion to convert design partners and land the first paying enterprise logos.
55%
Product
30%
GTM
15%
Security & compliance
Distributed systems
+5-6Runtime authorization
+3-4Connectors & integrations
+2-3Design-partner success
+2-3Enterprise GTM
+4-5Security & compliance
+2-3Comparable companies
The companies that owned access and identity raised big early rounds. The agent-security cohort is funded today - but none check whether an in-scope action is actually right.
Category-defining infra
HashiCorp (Vault)
$10M Series AOkta
$10M Series BWiz
$100M+ earlyThe agent-security cohort
Aembit
$25M+Oasis Security
$40M+Astrix Security
$40M+They prove the agent is allowed. $10M lets us own the layer that proves it's right.
The team



We'll walk you through the product, the vision, and the round.
dev@kiss-security.com
Download one pager