Operant AI

Primary category: agent-runtime-security.

One-liner — A Kubernetes-native runtime defense platform that discovers, detects, and blocks threats against live AI apps, agents, and APIs in real time.

What it does

Operant protects AI workloads where they actually run — in production, on Kubernetes. Its 3D Runtime Defense Suite does three things in real time: Discovery (live blueprints of AI workloads, models, and APIs, including undocumented APIs and covert data flows to third-party model providers like OpenAI, Anthropic, Gemini, Cohere); Detection (runtime detection of OWASP LLM Top-10 threats — prompt injection, model theft, PII/secret/API-key leakage); and Defense (in-line blocking and redaction of sensitive data flows, quarantine of suspicious containers/models, rate- and token-limiting of AI endpoints). Add-ons include AI Gatekeeper (runtime protection for AI agents/apps across hybrid cloud) and an MCP Gateway (runtime defense for MCP-connected AI apps).

Where it sits in the stack

Primary agent-runtime-security — protection of live agentic/AI applications — with the runtime-firewall behavior of ai-runtime-security and an mcp-gateway product. Layer: model/prompt, but enforced at the cloud-native infrastructure/runtime layer. It breaks all three lethal-trifecta legs inline: screens untrusted input (prompt injection), blocks sensitive-data leakage (PII/secrets redaction), and controls egress (third-party API/data-flow blocking, token limits). Sits in the runtime path of green/yellow-zone AI workloads.

Deployment & architecture

Self-hosted, Kubernetes / cloud-native. Single-step install of a runtime agent (eBPF/sidecar-style) that observes and enforces inside the cluster — distinct from SaaS-control-plane posture tools. This makes it a fit for teams that run their own AI on K8s and want inline enforcement, not just a dashboard. Integrates around the cloud-native stack and third-party model APIs; the MCP Gateway secures agent↔tool (MCP) traffic.

Positioning & differentiators

Known for being runtime-first and infrastructure-native — it lives in the Kubernetes data path and does inline blocking/redaction, where neighbors like noma-security, zenity, and cranium lean on SaaS control planes and posture/governance. Closest comparators on the inline-enforcement axis are prisma-airs and straiker (AI-firewall runtime) and, for tool/MCP traffic, dedicated mcp-gateway players. Its differentiator is the cloud-native deployment model and OWASP-LLM-runtime coverage rather than red-teaming or compliance.

Ownership, funding & M&A

Independent, VC-backed. Founded 2020 by Vrajesh Bhavsar (CEO), Priyanka Tembey, and Ashley Roof; HQ San Francisco. ~$13.5M raised over two rounds from SineWave Ventures, Felicis, Alumni Ventures, Calm Ventures, Gaingels, and others. No M&A; no seed acquisition flag. Ownership confidence: high. (Funding figure from third-party profiles; no large disclosed round found — treat exact total as medium confidence.)

CTO / hedge-fund lens

Day-2, and specifically for shops that build and run their own AI/agent workloads on Kubernetes. If your AI is self-hosted containers and microservices, Operant gives you inline runtime protection and data-flow control that a SaaS posture tool can’t — and the MCP Gateway is timely if you’re wiring agents to tools. If your AI footprint is SaaS assistants and API calls behind an ai-gateway, Operant’s K8s-native model is a poor fit. Most hedge funds aren’t running large self-hosted AI estates, so relevance is conditional on engineering posture.

Competitors / alternatives

prisma-airs, straiker, zenity, noma-security, lasso-security, apex-security.

Open questions / to verify

  • Exact funding total and latest round date (third-party figures only).
  • Enforcement mechanism specifics (eBPF vs sidecar vs admission controller).
  • Traction outside cloud-native-heavy engineering orgs.

Sources

History

  • [2026-06-28] Stub created from seed registry.
  • [2026-06-28] Researched; established independent/VC-backed (~$13.5M), founded 2020 (Bhavsar/Tembey/Roof, San Francisco), Kubernetes-native runtime defense + AI Gatekeeper + MCP Gateway. Set ownership_confidence high; funding figure medium confidence.