On May 28, an AI security startup called Geordie raised $30 million in a Series A led by Balderton Capital. The round values the company at approximately $180 million — reportedly the largest Series A for a European cybersecurity startup. ARR grew 1,300% in the first five months of 2026. And the company won RSAC’s Innovation Sandbox, the security industry’s most-watched emerging-company prize.

If you build agentic systems for enterprise customers, this is not a funding story. It is a procurement warning.

What Geordie Does

Geordie’s pitch is “air traffic control” for enterprise AI agents — a governance layer that answers four questions security teams now ask before approving any agent deployment:

  1. Which agents exist in our environment, and what are they doing right now?
  2. What data and systems can each agent access?
  3. What has each agent done — full, evidence-quality audit trail?
  4. Can we constrain or shut down an agent without blocking the entire deployment?

Their product called Beam provides runtime behavior shaping — it can limit what an agent does without requiring the builder to rebuild the agent. Customers include AlphaSense (tens of thousands of agents) and Owkin (hundreds of agents spanning 50+ petabytes of biomedical data).

The company was founded by Henry Comfort (former COO Americas at Darktrace), Hanah Darley (former Director of Security and AI Strategy at Darktrace), and Benji Weber (former Senior Director of Engineering at Snyk). The founding team understood both the attacker’s view (Darktrace) and the application security view (Snyk). That combination is exactly what enterprise security teams are looking for.

The Data Behind the Gate

The Geordie raise is large because the problem is large — and because security teams are now blocking deployments because of it.

A few data points that explain the investor thesis:

  • 88% of organizations reported confirmed or suspected AI agent security incidents in the past year (AI Automation Global, Kiteworks)
  • 65% of firms reported being hit by AI agent security incidents in 2026
  • 45.6% of enterprises use shared credentials for agent-to-agent authentication — no individual accountability, no per-agent revocation possible
  • Organizations with over-privileged AI systems have a 4.5x higher incident rate than those enforcing least-privilege, per Teleport’s 2026 research
  • 92% of security professionals are concerned about the impact of AI agents on their security posture (Darktrace 2026 State of AI Cybersecurity)

The most striking gap: the vast majority of enterprise executives express confidence in their AI governance. But only 14.4% of AI agents that went live in enterprise environments did so with full security and IT approval, per multiple 2026 enterprise security surveys. The rest got deployed — and then security had to catch up.

That gap is now closing — not by slowing down AI adoption, but by making governance a deployment prerequisite.

The Attack Pattern Builders Need to Understand

The dominant real-world attack vector against agents in 2026 is prompt injection via untrusted content.

An agent authorized to read support tickets and write to a CRM is a fully legitimate, well-scoped agent. The attack is the malicious support ticket: crafted content designed to redirect the agent into taking actions the attacker wants — exfiltrating customer data the agent legitimately has access to, creating accounts, or pivoting to other systems. The agent is doing exactly what it was built to do; the inputs have been weaponized.

This is the top risk class in the OWASP GenAI Exploit Round-up Report for Q1 2026. It is the attack pattern that enterprise security teams are most concerned about because:

  • The agent has legitimate credentials, so perimeter defenses don’t stop it
  • The action looks authorized from the system’s point of view
  • Most logging infrastructure doesn’t capture the full chain from input to action

The builders who are getting through enterprise security review are the ones who designed for this from the start — not the ones who bolted on governance after a security team asked hard questions.

What This Means for Your Build

If you’re shipping agentic systems to enterprise customers, your architecture will now be evaluated against roughly these questions:

Agent identity: Does each agent have its own credential, or do agents share credentials? Shared credentials mean no per-agent accountability, no targeted revocation, and no audit trail that a security team can present to a compliance auditor.

Least-privilege scoping: Does your agent have access to everything it might ever need, or only what each specific task requires? Over-privilege is the forcing function behind the 4.5x incident rate gap.

Audit trail completeness: Can you show a security team — end to end — what input the agent received, what it did, and what data it touched? Incomplete logging is increasingly a hard blocker in enterprise procurement.

Prompt injection surface: Where does your agent receive untrusted content? Support tickets, documents, emails, web pages, database fields — any of these can be weaponized. Does your architecture validate or sanitize before the agent acts? Does it limit what actions the agent can take in response to that content?

Governance compatibility: Can your agent be monitored by a third-party governance layer without architectural changes? The Geordie raise suggests that enterprise security teams want to drop in a governance layer across all vendors, not ask each vendor to implement governance differently.

The Business Signal

The $30M raise matters for a reason beyond the product. Balderton Capital, General Catalyst, and Crosspoint Capital don’t fund governance tooling at a $180M valuation unless enterprise procurement teams are already blocking or slowing agentic deployments for lack of it. Investors follow the stall point. The stall point is now security review.

Geordie’s 1,300% ARR growth in five months is the same signal from the revenue side. Companies that are getting deals done in 2026 have already figured out how to pass security review — or they’re paying a vendor like Geordie to help them do it.

The builders who treat this as someone else’s problem will hit a wall when they get to enterprise sales. The builders who design for agent identity, least-privilege, audit trails, and prompt injection resistance from the start will find security review a checkbox rather than a blocker.

Geordie AI announced their Series A on May 28, 2026. Their RSAC Innovation Sandbox award was announced at RSA Conference 2026. Statistics on enterprise AI agent security incidents from Kiteworks, AI Automation Global, Teleport, and Darktrace 2026 research reports. OWASP GenAI Exploit Round-up Q1 2026 is publicly available at genai.owasp.org.