Building an AI Guardian for Enterprise with Onyx Security CEO Maxim Bar Kogan
Maxim Bar Kogan, CEO of Onyx Security, discusses building AI agents to oversee other AI agents in enterprise environments. He explains how existing security tools are insufficient for governing autonomous agents, why Onyx trains specialized small models for this purpose, and why independent third-party oversight of AI is structurally necessary rather than something foundation model labs can solve themselves.
Summary
Maxim Bar Kogan, co-founder and CEO of Israel-based Onyx Security, sits down with host Sarah to discuss the company's mission to build AI guardians for enterprise AI deployments. The conversation begins with the origin story of Onyx, tracing back to AutoGPT as the pivotal moment that made Bar Kogan envision a future where highly capable autonomous agents would require independent oversight. He notes that while he was considered too early when founding the company, the rapid adoption of coding agents like Claude Code and Copilot validated the thesis before the company ran out of money.
Bar Kogan describes Onyx's core product as an 'AI control plane' that hooks into enterprise AI systems to monitor and validate agent actions. He breaks down enterprise AI adoption into three categories: low-code SaaS automation platforms (roughly 45%), autonomous coding agents and assistants (over 50% and fastest growing), and first-party custom-built agents (approximately 2%). He emphasizes that autonomous coding agents are the fastest-growing segment and typically come without any built-in controls.
The discussion explores why traditional security tools — identity management, endpoint security, API security, and proxies — are insufficient for governing AI agents. The core problem is that these tools lack the contextual understanding of what an AI agent is 'thinking' or planning, making it impossible to distinguish legitimate from illegitimate actions based on the action alone. For example, a coding agent deleting a database could be either a valid task or a dangerous mistake depending entirely on context.
Bar Kogan explains Onyx's technical approach: training small, specialized models that are highly efficient at one specific task — determining when a more sophisticated agent-level review is needed. This creates a layered system where lightweight models handle routine monitoring cheaply and quickly, while more capable agents are invoked only for high-risk decisions. He uses the analogy of chess grandmasters making most moves intuitively but pausing deeply on critical positions.
On the question of why foundation model labs cannot simply solve this problem themselves, Bar Kogan argues two structural points: first, enterprise buyers psychologically require independent third-party verification, similar to not trusting a car dealer to certify the car they're selling; second, Onyx has access to historical behavioral data about agents that enterprises won't share with the AI vendors themselves due to concerns about training data use. He also notes the multi-vendor reality of enterprise AI means no single lab can provide unified oversight.
The conversation touches on the threat of 'mythos-level' models dramatically lowering the cost of vulnerability discovery, which Bar Kogan frames as a genuine and underappreciated risk. He recommends enterprises invest immediately in foundational security controls rather than waiting, and advocates for broad access to advanced models rather than restricted rollouts, arguing that adversaries will develop these capabilities regardless.
Bar Kogan also discusses the Israeli security ecosystem's advantage — deep familiarity with how security teams operate day-to-day, what they care about, and what motivates them — as a key differentiator in building products security buyers actually adopt. He closes with a forward-looking view that security teams themselves will increasingly be run by agents, and that Onyx is already designing its systems to serve both human and agent end users.
Key Insights
- Bar Kogan argues that traditional identity and endpoint security tools fail against autonomous AI agents because those tools cannot understand the context or intent behind an agent's actions — they can see what is happening but not why.
- Onyx's core technical innovation is training very small, cheap models specialized solely at detecting when a more capable oversight agent needs to be invoked, solving the cost and latency problem of using frontier models for continuous monitoring.
- Bar Kogan claims that enterprises are unwilling to share historical agent behavior data with Anthropic or OpenAI because they fear those companies will use it for model training — giving independent security vendors like Onyx a structural data advantage.
- Bar Kogan distinguishes two categories of AI agent errors: 'silly mistakes' that will be solved by smarter models, and a growing category of semi-independent or misaligned judgments that grow more common as models get smarter and may be structurally harder for labs to fix.
- Bar Kogan argues that the enterprise security market is structurally open to a large independent AI oversight company because buyers psychologically require third-party verification — they won't trust the AI vendor to certify its own product's safety.
- Bar Kogan claims over 50% of AI usage in a typical enterprise customer is now autonomous coding agents and assistants, with that category growing faster than low-code automation platforms.
- Bar Kogan believes mechanistic interpretability research will become far more tractable once AI models are significantly smarter than humans, as those models will be better equipped to analyze the internal structure of other models.
- Bar Kogan argues that enterprises restricting AI adoption to a narrow set of approved tools are making a strategic mistake because the landscape is shifting so quickly that bets on specific vendors may become outdated within months.
Topics
Full transcript available for MurmurCast members
Sign Up to Access