AI agent safety funding surges past $100 million（約160億円） in 18 months, but most controls rely on agents choosing to use them—creating a structural weakness that separates real businesses from feature acquisitions.

What happened: Galileo raised $68 million（約110億円） in Series B funding, Geordie AI closed $30 million（約48億円） in Series A on June 8, and CodeIntegrity secured $5 million（約8億円） in seed funding in May. Two earlier entrants—Invariant Labs (acquired by Snyk in June 2025) and Lakera (bought by Check Point in September)—have already exited through acquisition. These companies provide controls, filters, and gateways that govern what AI agents can do when they access real systems.

Why it matters: The core problem is architectural: nearly all funded controls work only if the agent agrees to invoke them—what the article calls an 'honor system.' This means an agent can bypass them entirely. The structural question that matters is whether a control sits on the only path to an action (making it impossible to route around) or on a path the agent can choose to skip. Investors and buyers are consolidating around this category before it matures, and incumbents like Snyk and Check Point are acquiring early-stage companies, which typically signals the controls risk becoming platform features rather than standalone products.

What to watch: The regulatory deadline is August 2, 2026, when EU AI Act high-risk obligations take effect, yet only 20 percent of organizations have mature AI governance according to Deloitte's 2026 work. The competitive edge will go to companies that can demonstrate verified, unbypassable enforcement—controls with formal verification that a machine can check—rather than filters or gateways that depend on agent cooperation. The label 'runtime security' or 'agent governance' will become commoditized within two quarters as every agent tool adopts it.