Geordie AI: Interview With Co-Founder & CEO Henry Comfort About The

Your AI agents are running right now. Sending requests, accessing APIs, touching data, making decisions. Do you know exactly what each one is doing? Not in theory — right now, in production?

Most organizations can’t answer that question. Not because they’re careless — because until very recently, the tools to answer it didn’t exist. That’s the gap Geordie AI was built to close. And this week, the cybersecurity world formally recognized it.

Geordie AI won the RSAC Innovation Sandbox 2026, beating out the most competitive field in the competition’s history to be named the most innovative startup in cybersecurity. A year before the win, they didn’t have a product. That’s the part worth understanding — because the speed of their rise tells you something important about how fast the agentic AI risk problem is growing. If you’re thinking seriously about agentic AI — what it can do, what can go wrong, and how to stay in control — this story matters.

What Geordie AI Actually Does

Strip away the enterprise security jargon and Geordie AI does one thing: it watches your AI agents and tells you what they’re actually doing — not what you programmed them to do, but what they’re doing in practice, in real time, across every environment they touch.

Their platform pulls data from code, APIs, and endpoints to build a unified picture of every agent operating inside an organization. It tracks behavior, flags risk, and — through a component called Beam — guides agent decisions before problems happen rather than responding after.

CEO and co-founder Henry Comfort described the founding insight in a recent interview with Pulse 2.0: when the team spoke to CISOs and enterprise security leaders, the same issue kept surfacing. They wanted to use agents, but they had no clear visibility into what those agents were doing or what risks they were creating. Teams were either holding back completely or moving ahead without control. Neither option was acceptable.

So Comfort and his team built something purpose-designed for agents — not a retrofitted version of existing security tools, but architecture that fits how agents actually behave: non-deterministic, autonomous, and constantly evolving.

The Security Gap AI Agent Adoption Created

Here’s the uncomfortable math. According to research cited by Geordie AI, over 70% of developers are using coding agents every day. Microsoft data puts Fortune 500 agent adoption above 80%. Meanwhile, Gartner reports that 74% of security leaders say AI agents represent a completely new attack vector in their organization.

That’s a lot of people running something they also believe is a new kind of threat. And the tools built to manage that threat — traditional proxies and gateways — don’t fit the problem. As Geordie’s own documentation puts it: put up gateways to stay safe, and you add latency that kills the business value. Agents become slow, expensive, and unreliable. Skip the gateways and you lose visibility entirely.

Think about what that means in practice. You deploy an agent to handle customer data, run queries, coordinate with third-party services. The agent has access to real systems. It’s making decisions you designed it to make — but also potentially making decisions you didn’t anticipate, because that’s what non-deterministic systems do. If you’re monitoring through a gateway, you’ve created a bottleneck that slows everything down. If you’re not monitoring at all, you’re flying blind.

Owkin, one of Geordie’s early customers, was running agents across more than 15 different platforms before they engaged with Geordie’s team. They couldn’t confidently answer where their agents were, how they were being used, or what risks they were creating. Once they had visibility, the impact was immediate: they identified personal account usage at the endpoint level and migrated that activity into approved enterprise environments, directly reducing data leakage risk. That’s not a theoretical improvement — that’s a governance gap that had real exposure inside it.

How Beam’s Context Engineering Changes the Control Model

Here’s what makes Geordie’s technical approach worth paying attention to — and this is the thing that earned them the RSAC win, not just their category selection.

Beam, their real-time risk mitigation engine, doesn’t operate like a traditional security tool. It doesn’t sit in front of your agents and inspect traffic. It doesn’t require a specific software toolkit to be built into your agent architecture. Instead, it uses something Geordie calls context engineering — applying policy guidance to agent decisions as they happen, in context, based on what the agent is actually trying to do.

The practical result: agents stay aligned with enterprise rules without workflow disruption, and the platform adds no meaningful latency because there’s no gateway in the path. It works across cloud environments, code-level agents, and endpoint agents without requiring re-architecture. You don’t need to rebuild what you’ve already deployed.

That’s a genuinely different control model. Traditional security thinks in terms of access: who can get to what. Geordie’s approach thinks in terms of behavior: what are they actually doing once they have access. The shift matters because agents with legitimate access can still create serious risk through unintended behavior — and access controls catch none of that.

Why Winning RSAC 2026 Signals More Than a Good Product

Henry Comfort came to Geordie from Darktrace, where he led global operations through IPO and the company’s eventual acquisition by Thoma Bravo for over $5 billion in 2024. Before that, he built statistical models for professional football club recruitment. Non-traditional doesn’t begin to cover it — but the Darktrace background matters. Darktrace built its reputation on behavioral AI for network security at a time when most people thought the problem was too early or too theoretical. The parallel to where Geordie sits now is direct.

Geordie raised a $6.5 million seed round led by General Catalyst and Ten Eleven Ventures, then added a $5 million investment from RSAC itself for their Innovation Sandbox performance — bringing early funding to approximately $11.5 million. Their initial target market is $2.5 billion, focused on enterprises with more than 1,000 employees in the US and Europe, with the expectation that figure grows as agent adoption expands.

But the more telling signal is the timing. They went from no product to best-in-show at the world’s leading cybersecurity conference in roughly one year. That speed isn’t just a founder story — it reflects how urgently the market needs what they’re building. The problem is already here. The enterprise teams know it. The funding community knows it. RSAC just made it official.

Some founders just know when they’re onto something. Beacon’s shining a light on how Henry Comfort is building AI that actually gets people.

What This Means for AI Agent Deployments Right Now

Let’s translate this from enterprise security news to practical implications for anyone running AI agents — whether that’s a business deploying internal workflow automation or an individual using a personal agent that touches real accounts and data.

The core insight from Geordie’s work isn’t that agents are dangerous. It’s that invisible agents are dangerous. The risk isn’t the technology — it’s the absence of visibility into what the technology is doing. And that’s a solvable problem, not a reason to pull back.

If you’re exploring what AI agent platforms look like in practice, or looking at where the ecosystem is heading, the emergence of agent-native governance tools is a signal that the infrastructure layer is maturing. Governance tools don’t slow adoption — they’re what makes sustained adoption possible. You can see a related lens on this in our piece on whether your workplace is actually set up for AI agents.

What to Do With This Information

• Audit your agent footprint. If you’re running agents across multiple platforms, tools, or services, do you have a clear inventory? Not a theoretical one — can you list every active agent, what it has access to, and what it’s been doing in the last 24 hours? If not, that’s the gap Geordie was built for.
• Don’t treat gateway security as equivalent to agent governance. Putting a proxy in front of your agents tells you about traffic. It doesn’t tell you about behavior. Those are different problems. Know which one you’re actually solving.
• Watch Geordie’s Beam product closely. Context engineering as a control mechanism is architecturally interesting. If it delivers on the zero-latency promise at scale, it changes the cost-benefit math on enterprise agent governance meaningfully.
• Track the RSAC Innovation Sandbox as an early signal. The sandbox has a history of identifying real security categories before they become obvious. Darktrace’s approach to behavioral AI was considered early and theoretical — until it wasn’t. Treat Geordie’s win as a category marker, not just a company milestone.

Geordie AI and RSAC 2026: What the Win Tells Us About Agentic AI Risk

• Geordie AI won the RSAC Innovation Sandbox 2026, named the most innovative cybersecurity startup in the world — approximately one year after launching their product.
• More than 80% of Fortune 500 companies are already using AI agents, while 74% of security leaders say those same agents represent a new attack vector — a gap that existing security tools weren’t designed to close.
• Geordie’s platform provides real-time behavioral visibility across agents operating in code, APIs, and endpoints without requiring gateway architecture, eliminating the latency tradeoff that made previous security approaches unusable at scale.
• Their Beam engine uses context engineering to guide agent behavior proactively rather than reacting after incidents — a fundamentally different model from traditional access control.
• Geordie has raised approximately $11.5 million in early funding ($6.5M seed from General Catalyst and Ten Eleven Ventures, plus $5M from RSAC) and is targeting an initial market of $2.5 billion focused on enterprises with 1,000+ employees.

The teams that build agent governance into their deployment strategy from the start won’t just have fewer incidents. They’ll have the visibility to scale agent use faster — because they’ll trust what their agents are doing. The ones that skip this step will eventually hit a forcing event: a data leak, a compliance flag, a board question nobody can answer. Governance isn’t the thing that slows agent adoption. It’s the thing that makes it durable.