Building an AI Guardian for Enterprise with Onyx Security CEO Maxim Bar Kogan

We are now closer than ever before to living in a world where AI agents are smart enough to run our power grids and manage water supplies. How do we keep them from going rogue? Sarah Guo sits down with Maxim Bar Kogan, founder and CEO of Onyx Securities, to explore the complexities of supervising and securing autonomous agents at the enterprise level. Maxim explains Onyx’s product as an AI control plane, which oversees the permissions and flexible contexts of agents while balancing latency, cost, and reliability. He also discusses how current controls have insufficient context to monitor agent intent, tradeoffs for gradual model rollout, the need for vendor-independent oversight, and Israel’s growing AI and security talent ecosystem. Plus, why Maxim is all-in on AGI. Sign up for new podcasts every week. Email feedback to show@no-priors.com Follow us on Twitter: @NoPriorsPod | @Saranormous | @EladGil | @maximbarkogan Chapters: 00:00 – Cold Open 00:45 – Maxim Bar Kogan Introduction 01:10 – AutoGPT and Betting on Agent Actions 05:17 – What Onyx Product Does 07:47 – State of Deployment in Large Enterprises 09:58 – Securing Agents 12:45 – Why Proxies Don’t Work 14:11 – Why Onyx Trains Its Own Models 18:38 – Onyx’s Talent Culture 21:24 – Mechanistic Interpretability 23:35 – How Onyx Builds Customer Trust 25:10 – Mitigating Risk at the Foundational Level 27:45 – Phased Rollout of Glasswing and Daybreak 29:11 – Large Enterprise Holdouts 30:46 – Onyx and the Larger AI Security Space 32:36 – Should Labs Address Model Trust and Governance? 36:56 – What Needs to Happen in Security 39:14 – Why Maxim is AGI-Pilled 41:15 – Conclusion

Maxim Bar KoganguestSarah Guohost

May 28, 202641mWatch on YouTube ↗

WHAT IT’S REALLY ABOUT

Onyx builds AI oversight for enterprise agents amid accelerating risks

Onyx’s core product vision is “agents that watch agents,” providing an AI control plane that monitors and intervenes on risky or illegitimate agent actions as enterprise agent activity scales exponentially.
Maxim argues traditional security controls (identity, endpoint, API security) lack the intent/context needed to judge whether an AI agent’s actions are appropriate, making purpose-built AI oversight necessary.
Rather than relying on always-on “smart reviewer” agents (too costly/slow), Onyx trains small specialized models to cheaply detect when to escalate to deeper, smarter review—analogous to blitz-chess intuition vs. calculation on critical moves.
Enterprise adoption is shifting rapidly toward highly autonomous coding agents (e.g., Claude Code), with “ban AI” holdouts becoming rare; companies increasingly accept adoption is inevitable and focus on risk reduction.
The rise of “Mythos-level” automated vulnerability discovery compresses defender timelines, increasing urgency for foundational controls for the new AI attack surface and raising questions about lab-led governance vs. independent security vendors.

IDEAS WORTH REMEMBERING

5 ideas

Agent security becomes mandatory as action volume explodes.

Maxim’s thesis is that enterprises can’t meaningfully slow adoption, while agent-generated actions scale 100x–1,000,000x; human-in-the-loop review breaks, so automated legitimacy checks become foundational.

Existing controls fail because they can’t interpret “why” an agent is acting.

Identity, endpoint, and API tools can enforce permissions or detect anomalies, but they don’t understand the agent’s goal/plan; the same destructive API call may be correct in one task and catastrophic in another.

A proxy is not the solution; it’s just one possible integration point.

Even if you can route traffic through a proxy, the hard problem remains decisioning—determining whether a given tool call is appropriate—especially when the acting model may be among the smartest available.

Oversight must be hierarchical to be economically viable.

Running a “frontier model reviewer” for every action is prohibitive in cost and latency; Onyx’s approach is small models that flag critical moments for deeper analysis, minimizing escalations while avoiding misses.

Training “narrow but sharp” models can beat general intelligence for oversight triggers.

Onyx focuses on models that are not broadly capable, but are highly reliable at one job: deciding when to call in heavier review, similar to learned intuition in fast time controls in chess.

WORDS WORTH SAVING

5 quotes

As you're exponentially doing more things with the AIs, you're gonna start having really bad actions happen.

— Maxim Bar Kogan

We need someone to be able to tell that all of these actions that are now happening by these AIs that we're adopting are legitimate, because that number, the number of these actions is growing exponentially.

— Maxim Bar Kogan

The hard problem is understanding if what I should do now.

— Maxim Bar Kogan

They're very small. They're, they almost can't do anything else other than be able to say, "Should I have a smarter agent look at this?"

— Maxim Bar Kogan

If you have AI companies that are $10 trillion companies, we think you want a company that is not the vendor of the AI itself to oversee and help you control what AI is doing.

— Maxim Bar Kogan

AutoGPT as early agent inflection pointAI control plane for enterprise agentsWhy traditional security tools lack agent intent contextWhy proxies/policy engines are insufficient aloneTraining small specialized oversight models for cost/latencyMechanistic interpretability as part of long-term controlEnterprise trust dynamics and vendor independence

High quality AI-generated summary created from speaker-labeled transcript.

Get more out of YouTube videos.

High quality summaries for YouTube videos. Accurate transcripts to search & find moments. Powered by ChatGPT & Claude AI.