The Money Just Noticed the Agent Security Problem

Bessemer Venture Partners published a report this week: “Securing AI agents: the defining cybersecurity challenge of 2026.” It cites Gartner projecting that 40% of enterprise applications will embed task-specific agents by end of year — up from less than 5% in 2025.

The report names MCP vulnerabilities, prompt injection, and agent identity as unsolved problems — nobody owns agent access at most companies, and security tooling hasn’t kept pace with how fast teams are shipping.

None of this is news to anyone actually building with these systems.

People running agent pipelines have been wrestling with prompt injection and MCP surface area for months. The diagnosis in the Bessemer report is accurate — it just arrives about six months after the people doing the work figured it out the hard way.

What changes now isn’t the problem. It’s the attention.

When a top-tier VC publishes something as “the defining challenge of 2026,” funding follows. Expect a wave of agent security startups. Most will build perimeter defenses for a problem that lives inside the workflow. They’ll sell dashboards showing you what your agents did after the fact, rather than controls that shape what they’re allowed to do in the first place.

The hard part — identity, least privilege, trust boundaries between agents — doesn’t lend itself to a clean product demo. So most of the money will go elsewhere first.

Watch for the gap between what gets funded and what actually needs solving.

Source: Bessemer Venture Partners