Y Combinator opened its first ever Spring batch in 2025, moving to four cohorts per year to speed funding cycles and capture momentum in AI-driven startups.
The headline for this cohort is agentic AI. Across the batch a large portion of companies are building autonomous or semi-autonomous agents that perform tasks end-to-end. That trend matters for security people because agentic systems change the attack surface: they create chained workflows, automated decision points, and new trust boundaries between models, data stores, and external systems. Business Insider and YC trackers flagged that roughly half the cohort were agentic projects and highlighted several security adjacent teams worth watching.
A few concrete companies illustrate where practical risk and opportunity meet. Casco offers adversarial testing for AI agents, simulating attacks against agent workflows to surface vulnerabilities before they hit production. That kind of red teaming for agentic pipelines is exactly the capability many enterprises will need as they pilot autonomous workflows.
Kirana AI is another useful case. They are building an on‑prem GPU appliance that processes store camera feeds to detect theft, safety issues, and out‑of‑stock events. Their architecture — running inference locally rather than sending raw video to the cloud — is a pragmatic answer to latency and privacy concerns, but it also forces operators to manage physical hardware, updating models at the edge, and securing local compute. If you deploy similar appliances, expect a mix of IT and physical security responsibilities.
There are also companies focused on operational security improvements for existing workflows. YC’s category pages and company profiles show teams building tools to automate evidence processing for law enforcement and to surface compliance gaps in AI deployments. These startups lower the bar for adoption, but they require clear policies around data retention, consent, and auditability.
What does this mean for security teams evaluating YC startup tech or similar vendors right now? Practical guidance:
-
Start with threat modeling for the agent not just the model. Map inputs, outputs, downstream actions, and human override points. Agentic systems often perform multi‑step tasks that can be hijacked at any step.
-
Demand adversarial testing and red teaming. Firms like Casco are emerging to provide these services. If a vendor cannot demonstrate deliberate adversarial tests, treat their claims of safety as unproven.
-
Prefer on‑prem or hybrid inference for sensitive video and PII when possible. On‑prem GPUs reduce raw data exfil risk but increase device lifecycle and patching responsibilities. Build operational checklists for model updates, MDM for appliances, and incident playbooks for compromised edge devices.
-
Insist on observability and audits. Agentic actions must be logged with sufficient context to reconstruct decisions and to support compliance or forensics. Standard model telemetry is not enough.
-
Pilot with narrow scopes and human‑in‑the‑loop gates. Let agents automate low‑risk tasks first and instrument the handoff points aggressively. This reduces blast radius and gives teams time to build guardrails.
From a product and investment lens the spring 2025 cohort is notable because YC continues the programmatic $500,000 backing and emphasizes rapid iteration during the April to June timeframe. If you are a security buyer, vendor, or integrator, this is a good moment to set up pilot agreements, define acceptance criteria that include adversarial testing, and think through on‑prem vs cloud tradeoffs before production rollouts.
Finally, watch for ecosystem players that combine open tooling with hardened deployments. Open agent frameworks and model toolchains reduce vendor lock‑in, but security teams must pair them with hardened deployment templates and operations playbooks. The Spring 2025 crop shows both commercial red teams and edge security startups emerging in parallel. That combination is the practical path to deploying agentic AI without turning your SOC into a fire brigade.