Building an AI Guardian for Enterprise with Onyx Security CEO Maxim Barkogan
Maxim Barkogan (co-founder/CEO, Onyx Security — Israel-based) with Sarah Guo + Elad Gil on No Priors. The thesis: as enterprises deploy increasingly autonomous agents (Claude Code, Cowork, OpenClaw), **the risk of illegitimate or incorrect agent actions grows exponentially — and enterprises have no way to stop adoption, so they need a layer that reduces the chance of bad agent actions.** Onyx **trains specialised models and builds agents to oversee other agents** — 'agents to watch the AI agents.' The founding bet was AutoGPT-era (2023): *'it gave everyone a glimpse — what if the models were good enough? How do we oversee very smart agents when one day they're managing your water supply, your power grid?'* They were nearly too early (*'is anyone going to do this before you run out of money?'*) until reasoning models + Claude Code made autonomous agents real and enterprise-adopted. A sharp data point on the **enterprise data-sovereignty wedge**: *'enterprises today are not willing to have Anthropic or OpenAI keep that historical [agent-behaviour] data because they know these are very data-hungry companies that will want to train on that data'* — the same intelligence-sovereignty concern running through this week's All-In. The recent incidents motivating buyers: *'agents accidentally publishing code and tokens they weren't supposed to.'*
Key points
- **The category bet: oversight of autonomous agents, not DLP-for-chatbots.** *'The consensus risk story two years ago was basically DLP for chatbots — what are employees putting into ChatGPT? Now we have something close to market-wide panic.'* Onyx pivoted to **agent-action oversight** off the AutoGPT signal — *'the first really autonomous agent running on LLMs... Claude Code today is not dissimilar to AutoGPT, they were just early before the models were ready.'* **A clean read on where enterprise-AI security spend is rotating** — from input-filtering to action-monitoring.
- **The product: train models + build agents that oversee other agents.** *'Onyx really does two things — we train models and build agents that can oversee other agents.'* The need is driven by autonomy: the low-code/connector-based platforms enterprises first built to feel safe *'ended up being quite limited, so we didn't get the productivity gains'* — the real gains came from *'very unleashed agents that could do everything, with much less controls baked in,'* which is exactly what created the oversight gap.
- **The enterprise data-sovereignty wedge — a concrete commercial reason Anthropic/OpenAI can't own this layer.** *'Enterprises today are not willing to have Anthropic or OpenAI keep that historical [agent-behaviour] data because they know these are very data-hungry companies that will want to train on that data.'* **Directly reinforces [the intelligence-sovereignty / control-plane theme in this week's All-In](/issues/2026-05-31)** — the structural case for a neutral oversight layer that doesn't feed the frontier labs.
- **Real incidents are creating real urgency.** *'We've seen agents accidentally publishing code and tokens they weren't supposed to. Enterprises are realising the risk is growing exponentially and they don't have any way to stop the adoption — they just now have to do something to reduce the chance of these agent actions being illegitimate or incorrect.'* **The buying trigger is post-incident, not theoretical** — a leading indicator that agent-security is becoming a line-item, not a research topic.
- **Anthropic's enterprise revenue IS the agent-adoption signal.** *'Anthropic's revenue is coming from enterprises that are paying for Claude Code to do a lot of the work that developers used to do.'* **Ties the agent-security thesis directly to [the Anthropic $44B-ARR / Claude-Code-adoption story in this week's 20VC roundtable](/issues/2026-05-31)** — the same Claude Code deployments driving Anthropic's revenue are the ones creating Onyx's market.
- **The long-horizon framing: overseeing superhuman agents.** Barkogan was *'eye-pilled even back then — models are going to be way smarter than us, how do we oversee very smart, very capable agents when they start managing really important stuff?'* **A founder explicitly building for the world the All-In / Andreessen episodes debate philosophically** — the practical infrastructure layer underneath the AI-safety conversation.
Notable quotes
As you're exponentially doing more things with AIs you're going to start having really bad actions happen. We've seen agents accidentally publishing code and tokens that they weren't supposed to. Enterprises are realizing that risk is growing exponentially and they don't have any way to stop the adoption.
Enterprises today are not willing to have Anthropic or OpenAI keep that historical data because they know these are very data-hungry companies that will want to train on that data.
Onix really does two things. Number one is we train models and build agents that can oversee other agents.
Claude Code today is not dissimilar to AutoGPT. Back then they were a bit early before the models were ready, but the concept was right.
Anthropic's revenue is coming from enterprises that are paying for Claude Code to do a lot of the work that developers used to do.
Themes
- Enterprise AI-agent security
- Data sovereignty vs frontier labs
- Autonomous agent adoption & risk
- Claude Code enterprise penetration
- AI-safety as infrastructure