Glilot Capital recently led a $61M round for Jazz because the market is ready for a fundamental platform shift.

This investment isn’t just about a new tool; it’s about backing a team that is finally solving the core problem of data risk. 

For years, I watched security teams fight a battle they couldn’t win in Data Loss Prevention (DLP). They’ve been trapped in a cycle of drowning in alerts from tools that flag every policy violation but lack the context to identify actual risk.

The industry’s answer was always the same: more rules, more tuning, more noise. We accepted that DLP was destined to be a noisy, high-friction compliance checkbox relying on overworked analysts to guess the business context behind machine generated alerts. The noise floor rose, burnout became a feature, not a bug, and the actual risk of data loss never really moved.

That disconnect was impossible to ignore as an investor. 

When I first met the team at Jazz,. They weren’t pitching slightly better classification or flashier. dashboards. Instead,  they presented a radical shift: a DLP system built to understand the organization it protects.

This moves the conversation from pattern matching to true intent. While modern competitors apply a thin layer of AI to the same broken, rule-based framework, Jazz replaces guesswork with ground truth. It asks the only question that matters: Why is this data moving, and what does that mean for the business? 

The technology is game-changing, but the team sealed the deal. Ido, Jake, Yonatan, and Noam refused to build more of the same. No more brittle rules. No more alert storms. No more forcing security teams to choose between protecting data and breaking the business. Their discipline was evident in every conversation. They moved past the broken status quo to build a system grounded in how business actually works.

That clarity resonated deeply in our discussions with CISOs. Many had felt the same frustration for years but lacked a viable alternative. What stood out was that the founders didn’t just have a pitch; they shared the customer’s pain. There was no over-selling, no trend-chasing, just an honest diagnosis of a broken system and a credible path to fixing it.

In a world of SaaS, remote work, and GenAI, static rules are obsolete. We are witnessing a “perfect storm” in the cyber domain, where AI has acted as the ultimate catalyst, drastically accelerating the movement of data while simultaneously shattering traditional defense frameworks. Glilot Capital led the Jazz round because we believe real security comes from understanding reality, not just writing more policies. Jazz isn’t just an iteration, it’s the breakthrough the category has been waiting for.

If 2025 was the year everyone experimented with AI, 2026 is the year no one can pretend it’s still a side project. We’ve crossed a quiet but irreversible threshold: the shift from an AI-assisted economy to an AI-native one.

This is no longer about chatbots that summarize emails or draft code snippets. The dominant actors of 2026 are autonomous AI agents, digital entities that can reason, plan, make decisions, and execute complex workflows with little to no human supervision. In practice, that means AI is no longer just advising us. It is doing the work.

The productivity upside is enormous. But so is the blast radius when something goes wrong.

From Tools to a Digital Workforce

The defining story of 2026 is what many are already calling the Agentic Pivot. Organizations are no longer merely adopting new tools. They are managing a parallel, invisible workforce made up of software agents.

In many enterprises, machine identities now outnumber human employees by an almost absurd margin. The current estimate of roughly 82 non-human identities for every one human would have sounded like science fiction just a few years ago. Yet this is the new normal. These agents don’t wait for prompts or instructions in a chat window. They pursue goals. They chain actions together. They call APIs, modify databases, ship code, and revise their plans on the fly as new information arrives.

The economic implication is profound. AI’s value has moved decisively beyond content generation and into labor substitution. We are watching the early formation of an economy where execution itself, not just ideation is automated.

The Rise of the Invisible Attack

As agents are woven into critical systems, they quietly expand the attack surface. And unlike the loud breaches of the past, many of the most dangerous threats in 2026 are subtle, delayed, and hard to detect.

One of the most destabilizing trends is data poisoning, once a theoretical concern, has become operational. Attackers are no longer focused solely on stealing data or disrupting runtime behavior. Instead, they target the models themselves, specifically how those models are trained. By corrupting a surprisingly small number of training samples, sometimes as few as a few hundred adversaries can implant backdoors into systems used in healthcare, finance, or enterprise security. The danger isn’t immediate failure. It’s a delayed, selective malfunction.

A fraud model that learns to ignore certain transactions. A medical system that misclassifies specific edge cases. These “sleeper” vulnerabilities can sit dormant for months before being exploited.

At the same time, identity has become the soft underbelly of the agentic world. As agents gain permission to move money, deploy infrastructure, or modify production code, their credentials become prime targets. API keys and tokens sprawl across organizations, often without clear ownership or visibility. The result is a growing population of “shadow agents,” autonomous systems operating with real privileges but little oversight.

Why 2026 Belongs to the Defenders

For all the justified anxiety, this is not a story of inevitable loss. In fact, 2026 may be remembered as the year defenders finally caught up.

Security teams, long overwhelmed by alert fatigue and talent shortages, are increasingly turning to agents of their own. The modern Security Operations Center is evolving into something closer to an autonomous system. Tier-1 analysis, the endless triage of alerts and logs, is now up to 90% automated in leading platforms. Human analysts are being pulled up the stack, focusing on strategy, investigation, and design rather than manual sorting.

Alongside this, a new class of “AI firewalls” has emerged. These governance layers act as real-time circuit breakers, monitoring agent behavior, detecting prompt injections, and blocking misuse before it cascades. Rather than trying to predict every failure mode, defenders are shifting toward outcome-driven security: high-level mandates like “secure this perimeter” or “prevent unauthorized fund movement,” enforced by defensive agents that can adapt dynamically.

The Gavel Finally Drops

Perhaps the most consequential change of 2026 is cultural rather than technical. AI risk has moved decisively into the boardroom.

Regulators are no longer content with abstract principles. The EU AI Act is entering its most forceful phase, with strict obligations for high-risk systems in areas like employment and critical infrastructure. More importantly, legal theory is catching up with reality. We expect the first major cases in which executives are held personally liable for the actions of autonomous agents operating under their authority and control..

And yet, a dangerous gap remains. Despite widespread adoption, only a small fraction of organizations roughly 6% by current estimates have a mature AI security strategy. Innovation is racing ahead of governance, and history suggests that this is where crises are born.

Closing Thoughts

As we move deeper into 2026, the line between success and failure is becoming clear. It is not about who adopts AI the fastest, but who governs it the best.

Organizations that treat AI agents like trusted employees, with identity management, monitoring, clear boundaries, and accountability, will unlock extraordinary leverage. Those that grant autonomy without oversight may discover, too late, that speed without control is just another form of risk.

The agentic era is here. The only open question is whether we choose to manage it or let it manage us.

Security leaders and CISOs were being asked to make high-stakes decisions based on partial signals.

The Israeli startup aims to replace assumption-based defenses with real-time security insight.