An AI agent leaked Instagram and Facebook user data. This San Diego startup is building the fix. Manifold Security is sounding the alarm on these security breaches with new software, and recently raised $8 million at launch. Manifold Security, a San Diego-based AI detection and response platform, was founded by CEO, Neal Swaelens, CTO, Oleksandr Yaremchuk, and CRO, Michael McKenna. You didn’t press send. You didn’t authorize the wire transfer. You didn’t even know it happened. An AI agent did it for you. They work autonomously by reading files, analyzing photos and sourcing your personal data. But once they’re running, they can multiply and access things they were never meant to, without you even knowing. Manifold Security, a San Diego startup, is sounding the alarm on these security breaches with a new software and has recently raised $8 million at launch. The software allows developers to monitor what autonomous agents access and receive alerts when agents have strayed from an assignment or accessed sensitive information. Mike McKenna, co-founder of Manifold, recently deployed his security software for a team of developers. In a few clicks, he generated a map showing where the agents had accessed — and how they’ve multiplied. “The security team let out an audible ‘wow,’” he said. “They hadn’t realized how many agents they had running or how permissive the whole setup had become. Nobody had made a deliberate decision to allow any of it. The agents had just spun up, connected, and inherited access along the way.”when it accessed sensitive user data without permission and exposed that data to engineers at the company. It was classified as a “Sev 1” security breach — one of the highest severity levels — and the tech giant had no idea. “It’s pretty profound, because out of all people, Meta should know what they’re doing,” said Andy Thompson, lead of offensive security research at Palo Alto Networks, a multinational cybersecurity company. “AI models are Wild West. And the value here is being able to map the behavior of these AI agents when they go rogue.” In the past year, the proliferation of AI agents has been exponential — software downloads to deploy them rose from 80,000 to 14 million, according to the AI Security Institute. A platform called OpenClaw has gained popularity among everyday consumers for creating agents, costing from $6 to $200 per month depending on usage.The AI became obsessed with purchasing guacamole, repeatedly trying to buy it even after the user told it to stop.OpenClaw went rogue and deleted the entire personal Gmail inbox of Meta Superintelligence Lab executive, Summer Yue, after she asked the bot to “clean up her emails.” The largest adoption has come from big tech companies and developers, but executives outside of Silicon Valley are increasingly pushing to implement them. Instead of deploying sound security practices, companies under pressure to start using AI are granting models unprecedented security privileges, Thompson explained. It’s worrisome as the next generation of hackers increasingly targets AI agents. Thompson regularly stages attacks on these agents to study how to best guard against real threats. He recently tricked an HR agent into surrendering company data. “If you take all the special jailbreak prompts, put it in white text at the bottom of the resume, you’re not going to read that, but the AI does,” he said. A human would not have granted Thompson access to internal records, but by secretly prompting the AI agent, he said he “hijacked their Slack API key, and so basically, I hired myself.” That is just one example of an agent going rogue, and why he says it’s important that people and companies begin to monitor agentic deployment.San Diego loses population as immigration nosedives. What are the consequences? Its schools are falling apart, and voters won’t pass a bond. Could a little-used tactic help this district?Santee fire that prompted evacuations at shopping center charred 5 acres ‘Character of our community is diminished.’ Borrego Springs group asks for short-term rental regulationsWeak Pacific storm expected to largely bypass San Diego County this week