This Is HUGE
← April 6, 2027 edition

clam

Enterprise-grade security for AI agents

Clam Puts a Firewall Between Your AI Agent and Everything It Should Not Touch

By Jess Tran

AISecurityDeveloper Tools
Visit Official Site →

The Macro: AI Agents Have a Massive Security Problem

AI agents are getting more powerful every month. They can browse the web, execute code, access databases, send emails, and interact with APIs. That capability is genuinely useful. It is also genuinely terrifying from a security perspective.

The problem is that these agents operate with broad access to data and systems, and the frameworks that power them were not built with security as a primary concern. Prompt injection attacks can trick agents into exfiltrating sensitive data. Agents can accidentally include personal information like SSNs, credit card numbers, or private keys in their outputs. Malicious code can be injected through tool calls. These are not theoretical risks. Security researchers have demonstrated all of them in production environments.

The enterprise response has been predictable: do not use AI agents. That works until your competitor starts using them and moves faster than you do. The real answer is security infrastructure that lets organizations use AI agents safely. Something that sits between the agent and the outside world and blocks the dangerous stuff without killing the useful stuff.

This is a problem category, not a product category. There is no established market leader. Nobody owns “AI agent security” yet. That makes it wide open for a company that moves fast and builds the right primitives.

The Micro: A Semantic Firewall at the Network Level

Anshul Paul and Vaibhav Agrawal founded Clam, formerly called Baseframe. Anshul was the first full-time engineer at HappyRobot during its Series B, focusing on AI communication and enterprise integrations. He studied EECS and Business at UC Berkeley. Vaibhav was a fellow at Sutter Hill Ventures and worked on data infrastructure at Sigma Computing and agent orchestration at Augment Code.

Clam deploys what they call a “Semantic Firewall” that sits around an AI agent’s environment at the network level. It scans everything the agent sends outbound for personal information leaks like SSNs, credit card numbers, and private keys. It checks for prompt injection attempts including jailbreaks and instruction overrides. And it scans for malicious code.

The positioning is smart. Clam is not trying to make agents safer by changing the agents. It works at the network boundary, which means it is agent-framework-agnostic. Whether you are running OpenClaw, a custom agent stack, or something else entirely, Clam sits at the perimeter and filters the traffic. That architectural decision matters because the AI agent market is fragmented and changing fast. Being agnostic to the agent framework means Clam does not have to bet on which agent platform wins.

They are a two-person team from San Francisco, part of YC Winter 2026 working with Gustaf Alstromer.

The Verdict

Clam is building for a problem that is only going to get bigger. As AI agents get more capable and more widely deployed, the security surface area grows proportionally. Every enterprise that deploys agents will need something like a semantic firewall. The market timing is excellent.

The risk is that the security incumbents build this. Palo Alto Networks, CrowdStrike, and Zscaler all have the resources and customer relationships to add AI agent security features. But they are also focused on their existing product lines, and the semantic analysis required for AI agent security is genuinely different from traditional network security. It requires understanding natural language, code semantics, and data sensitivity in ways that existing firewalls do not.

In 30 days, I want to see the false positive rate. If Clam blocks legitimate agent actions too aggressively, users will disable it. In 60 days, the question is enterprise adoption. How many companies are running Clam in production? In 90 days, I want to know about the detection coverage. How many known prompt injection techniques does Clam catch? If the answer is “most of them,” this is essential infrastructure. If it is “some of them,” it is a nice-to-have.

Visit Official Site →
← Back to April 6, 2027 edition

More on this

Salus Catches Your AI Agent's Mistakes Before They Cost You Thousands

Salus is an API that wraps around AI agents to inspect and block incorrect actions before they execute, preventing the kind of costly mistakes that evals and observability tools only catch after the damage is done.

Replicas Gives Your Coding Agents Their Own Sandboxed Development Environments So They Stop Trashing Your Branch

Replicas lets engineering teams delegate tasks to AI coding agents that run in sandboxed VMs with full development environments, accessible from GitHub, Slack, Linear, or a web dashboard, and reportedly shipping over 30% of pull requests for some teams.

Primitive Is Building the Communication Stack That Autonomous Agents Need to Talk to the World

Primitive is building the communication infrastructure that fully autonomous agents need to interact with the outside world, handling the email, messaging, and notification layers that agents cannot currently access on their own.