Current agent security frameworks assume that capability and vulnerability can be decoupled and addressed independently, but an agent's attack surface—prompt injection, tool misuse, memory poisoning, identity spoofing—scales directly with the capabilities operators require. Hardening an agent against OWASP's agentic top-10 risks requires removing or restricting the very features that make the agent useful. No design pattern or security primitive exists that provides capability without proportional vulnerability.

Today every new tool, memory store, or permission granted to an agent opens a new attack vector, and teams must choose between a useful agent and a secure one — there's no primitive that dynamically scopes security controls to the exact capability surface in use.

Platform engineering and security teams at companies deploying production AI agents (e.g., customer-facing copilots, internal automation agents) who are currently hand-rolling guardrails per deployment.

Enterprises are stalling agent deployments because security review is a blocker with no good tooling; adjacent spend on API gateways (Kong, Apigee), WAFs, and SAST tools proves willingness to pay for infra-level security, and the OWASP Agentic Top-10 release has made this a board-level conversation.

MVP is a lightweight policy-as-code sidecar/proxy that sits between the agent runtime and its tools/memory/identity providers; it introspects the agent's declared capability manifest and auto-generates a least-privilege 'risk envelope' — dynamic allow-lists, call-rate limits, input/output sanitization, and anomaly triggers — that tightens or loosens in real time as capabilities are added or removed. Ship as an open-source SDK with a hosted policy dashboard.

Subset of the ~$8B application security market intersecting the rapidly growing AI agent platform market; conservatively $500M+ within 3 years as agent deployments hit mainstream enterprise.