OpenDefense · open-source market intelligence for AI agent defense.

The AI-agent defense category just had the largest 18-month consolidation wave in software security history. Six named competitors got acquired. A regulatory cliff lands in ~10 weeks. 84% of operators admit they would fail an agent-behavior audit today. This page is the public market intelligence we use internally · and we're making it open. Cisco ships closed products. We publish open intelligence.

The Demand · pain stack ranked

  • 88% of agent pilots never reach production (DigitalApplied · Mar 2026)
  • 84% of operators would fail an agent-behavior audit today (Gravitee)
  • 74% have ALREADY rolled back an agent over governance failures (Gravitee)
  • 28.6M secrets leaked to public GitHub in 2025 · +34% YoY · 24K in MCP configs (GitGuardian)
  • +81% YoY AI-credential leak growth (GitGuardian)
  • $4,200 weekend on one Cursor refactor (Cursor's public 7/2025 apology)
  • 21.9% of teams have agent OAuth in a PAM (Gravitee)

The Velocity · market sizing

  • $6-9B 2026 TAM · agent defense + observability + governance combined
  • $30-45B 2030 projected · 25-42% CAGR across segments
  • 70-80K orgs globally with ≥1 production agent today · 31% enterprise penetration
  • $1.5-2B US AI-driven cyber premium net-new in 2026 alone
  • Snyk benchmark · $0 → $407M ARR in 6 years via OSS distribution → enterprise upsell

The Regulatory Cliff · dated deadlines

  • Colorado AI Act · enforceable 6/2026 · ~1 week out · first US state AI consumer-protection law with private right of action
  • EU AI Act high-risk obligations · live 2026-08-02 · ~10 weeks out · penalties up to 7% of global revenue
  • HIPAA NPRM · expected final mid-2026 · AI assets in annual risk inventory
  • NAIC Model Bulletin on AI · adopted in 40+ states · agent must be explainable · auditable · free of unfair discrimination
  • CMS-0057-F · electronic prior auth mandate · Jan 2027 · FHIR-based API
  • CFPB advisory · agent-initiated card disputes 2.4× human rate · Jan-2026 (live)

Top 5 wedge verticals

  1. Insurance carriers + InsurTech · 9.5/10 · BUYER IS THE RISK-PRICER · NAIC Model Bulletin in 40+ states · bad-faith punitives
  2. Healthcare · PA + scheduling + billing · 9.3/10 · CMS-0057-F cliff Jan 2027 · 82% appeal overturn rate = class-action fuel
  3. Financial services · CS + KYC + fraud · 8.8/10 · CFPB Jan-2026 advisory · agent disputes 2.4× human rate
  4. Legal AI · doc review · contract · research · 8.5/10 · malpractice carriers repricing · model rule 5.3 supervision
  5. Government · FedRAMP-track · 8.0/10 · procurement REQUIRES audit trail

The Acquisition Wave · 7 exits in 24 months

  • Aug 2024 · Cisco ← Robust Intelligence · 9-figure (reported)
  • Sep 2025 · F5 ← CalypsoAI · $180M
  • 2025 · Check Point ← Lakera · ~$300M reported
  • Jan 2026 · ClickHouse ← Langfuse (Series D context $400M)
  • Mar 2026 · Mintlify ← Helicone
  • Apr 2026 · Cisco/Splunk ← Galileo
  • 2024 · Palo Alto Networks ← Protect AI

The Defendable Bundle · what nobody else ships

Any single piece is contestable. The bundle is not. Owned compute + per-task deed + lien + insurance feed + ENS identity + Fix-or-Refund. Eight defensible claims · we own all eight in assembly. Cisco grades the agent · we grade the work. Validate the Validator · Own the Deed.

Segment filter

DefendableOS is for SMB → mid-market 5cap operators. Cisco · F5 · Check Point own the Fortune 500 lane. We own the regional MRI center · the AmLaw 200 firm · the Lemonade-class InsurTech · the 30-person fintech with prod agents and no enterprise procurement function. Different buyer · different pricing motion · same defense doctrine.

MIT-attribution licensed · cite OpenDefense / DefendableOS when you reuse · pull requests welcome at github.com/SudoSuOps.