Onyx Security

We’re excited to share that Onyx now integrates with the Claude Compliance API, extending our agentic AI security coverage for Anthropic to the conversation layer. This means that the chats, uploaded files, projects, and activity logs in Claude Enterprise flow into the Onyx platform and can be analyzed in real-time. Pair that with what Onyx already sees from Claude on the endpoint and in the browser, and you get full visibility, governance, and security in one place. This integration unlocks 4 key benefits with no disruption to employees: 1️⃣ Observability. See every Claude conversation by employee, alongside all your other AI usage, in one control plane. 2️⃣ Governance. Write a policy in plain English and get alerted the moment something crosses it. 3️⃣ Security Posture. Continuously assess your Claude assets for misconfigurations and provide steps to harden posture. 4️⃣ Runtime Security. Surface sensitive data like secrets, PII, and source code, and flag anomalous activity before it turns into an incident. To learn more about this integration, visit https://lnkd.in/gN7fhD8Y #Cybersecurity #AISecurity #AgenticAI #AIagents #AIRisk #AIGovernance #AIControlPlane

Shared a few thoughts with CTech by Calcalist about our journey, culture, and growth. Grateful for the feature, but even more grateful for the people I get to work with every day in IL and the US. Maxim Bar Kogan Gil Elbaz Noa D. Mor Shiri Rob Witmer Yuval Neuhaus Moshe Kanooni Lotem Guy Mark Loewenstein Timothy Youngblood, CISSP Adi Erez Hod Asor Tali Dvorkin Amanda Parks George Snowflack Stephen Fitzgerald David Carroll

AI agents are not inherently accountable for their actions, but with the right controls, companies can maintain oversight by steering behavior, blocking risky actions, or requiring human approval when needed. Gil Elbaz, our Co-founder & Chief AI Officer, sat down with John C. of Hg to discuss why AI controls are necessary and how they can be a catalyst to increased agent adoption and velocity in the enterprise. 🎧 Don't miss the full podcast (link in the comments). 🌐 Visit our website to learn how Onyx Security can help deliver on your AI governance and security initiatives: https://onyx.security/ #Cybersecurity #AISecurity #AgenticAI #AIagents #AIRisk #AIGovernance #AIControlPlane

Our very own Rob Witmer joined the Cyber GTM Talk podcast to discuss his journey at Onyx, building a world-class go-to-market organization, and what it takes to win in one of the most dynamic markets to date. The conversation between Rob and Andrew is full of insights from Rob's 26 year career in the software industry. Don't miss it! 🎧 Podcast link in the comments.

Prompt injection ends when the session ends. Memory poisoning doesn't. Modern AI agents don't just reason from static instructions. They learn from experience. Past interactions, summaries, and procedural patterns are increasingly stored in long-term memory systems and indexed through vector embeddings for later retrieval. When a new query arrives, the agent retrieves similar past experiences and pulls them directly into its reasoning chain as demonstrations of normal behaviour. Many current agent architectures treat retrieved memories as highly trusted context and perform limited validation of their provenance. They are, from the agent's perspective, part of their own history. Memory poisoning targets the retrieval layer rather than the inference layer. The model behaves exactly as designed. It is simply reasoning over compromised historical context. This is why MINJA, published at NeurIPS 2025, remains one of the most important blueprints for practical memory poisoning attacks. The research demonstrated extremely high memory injection success rates across GPT-4o, Gemini, and Llama-based agents, with some configurations approaching 98%. More importantly, poisoned memories often appeared completely legitimate when viewed in isolation. Crucially, upgrading to newer reasoning-heavy models doesn't solve this problem. Research suggests it may amplify it. A model that is better at following complex patterns can become even more faithful to a poisoned memory once it is retrieved. The attack path is simple. An attacker plants fabricated "successful" task completions inside documentation, repositories, emails, or shared knowledge sources. An agent later processes that content and stores it as memory. Days or weeks later, an unrelated task triggers a similarity search that retrieves the poisoned memory and incorporates it into a new decision. The payload never looks malicious. It looks like the agent's own past behaviour. This is why memory poisoning is fundamentally different from prompt injection. Prompt injection targets the current session. Memory poisoning persists across sessions, model updates, and redeployments because the compromise lives in the data layer. #OWASP recognised this in its 2026 Agentic Top 10, dedicating a standalone category to it: ASI06: Memory and Context Poisoning. Real defence requires capabilities most organisations do not yet have: memory provenance tracking, trust-aware retrieval, temporal trust decay, and behavioural monitoring that can identify when an agent begins relying on patterns it should never have learned. At Onyx Security, this is exactly the problem space we are building for. The research is published. The attack paths are documented. The building blocks for these architectures are already deployed across enterprise agent ecosystems. The question is not whether memory poisoning will happen. The question is whether you'll know when it already has.

Our Chief Strategy Officer Timothy Youngblood, CISSP, a 4x Fortune 500 CISO, sat down with Declan Waters on The Watershed podcast to talk AI risk, agentic AI, and what security leaders need to do right now. Here are 4 key takeaways from the conversation: 1️⃣ Governance first. Before anything else, establish what "approved AI" looks like in your organization. Governance defines the outcomes the business wants, and that drives everything else. 2️⃣ Agentic AI moves at machine speed. A human making an error might cause one incident. An AI agent can replicate that same error 840 times before anyone notices. The old "wait and triage" model is dead. 3️⃣ Every AI agent needs a human owner. When something goes wrong, and eventually it will, someone needs to be accountable. If you haven't assigned ownership, you're tolerating risk. 4️⃣ Prevention over response. You no longer get the luxury of identifying a vulnerability and patching before an outbreak. Security must operate at machine speed. Tim also covered regulation and why it's not keeping pace, how to build a security culture that actually sticks, and lessons from 30 years as a Fortune 500 CISO. There's a lot more in the full episode, and it's worth a listen. 🎙️ The Watershed with Declan Waters — link in comments. #Cybersecurity #AISecurity #AgenticAI #AIagents #CISO #AIRisk #AIGovernance #AIControlPlane

If you'll be at the Gartner Security and Risk Management Summit next week, join us for the best gathering outside the event. After a packed first day of sessions, unwind at the GuidePoint Security happy hour, proudly sponsored by Onyx. We're bringing together security leaders for an evening of great conversation and real peer connection. We hope to see you there! 🌐 Registration link in the comments. #GartnerSEC #AISecurity #AIAgents #Cybersecurity #AIGovernance

🎙️ Our CEO Maxim Bar Kogan joined Sarah Guo on No Priors this week for a wide-ranging conversation on what it takes to control AI agents. The discussion centered around the complexities of supervising and securing agents in the enterprise, including: 1️⃣ Why vendor-independent oversight isn't just a nice-to-have. 2️⃣ Why the go-to architectural shortcut for AI security fundamentally can't work for agents, and what you need instead. 3️⃣ How Onyx trains models specifically to watch other models, and why it matters more as agent autonomy increases. 4️⃣ Mechanistic interpretability as a live security tool, not just a research curiosity. 5️⃣ Bridging the governance gap between the labs, enterprises, and regulators. 6️⃣ Why Maxim is all-in on #AGI even while building a company designed around AI risk, and why he thinks those two things are more compatible than they sound. This 41 minutes of rich, substantive conversation is worth the full listen. 🎧 Link in comments #AIControlPlane #AISecurity #AgenticAI #Cybersecurity #AIGovernance #AIagents #AI #NoPriorsPod

📣 Calling all security leaders in #LosAngeles! Join us at Nobu on June 3rd to talk about one of the most important topics on the menu: AI agent security. AI agents are already in use across your environment without the necessary visibility, governance, or security. Don't get rolled by AI insecurity! 🍣 Looking forward to fresh perspectives, great company, and a few security insights worth savoring. There are only a few spots left. Send us a note if you're interested in attending.

Looking forward to speaking on the challenges and risk posed by AI to the workforce at the GBTA Education Day in Niagara Falls this week. Onyx Security #EducationDay #GBTA