The real telltale sign this week is not the commercial rollout of Agents, but that the business of “governing Agents” has secured capital valuation ahead of Agent applications themselves.

From SVTR’s perspective, the most noteworthy takeaway from the latest round of financing is not how many Agent startups have secured funding, but the emergence of an entire cohort of firms dedicated exclusively to Agent governance, whose valuation timelines run well ahead of actual enterprise-level Agent deployments. While the market is still debating how many jobs Agents can replace, investors are already pouring capital into addressing a separate question: once Agents are fully operational, who will monitor their activity, restrict their access permissions, and shut them down in the event of malfunctions.

In short, while the practical capabilities of Agents remain under scrutiny, their inherent risk of going rogue has already been assigned a monetary value. This new intermediate management layer tasked with monitoring, security governance, workflow orchestration and activity logging is evolving into a standalone, revenue-generating infrastructure segment. Its core trait is that it leans more heavily into pure software architecture than execution-layer Agent products, enabling these businesses to command valuation multiples typical of pure software firms. Within the current financing landscape, most general-purpose productivity Agent projects are stuck at small seed-stage funding rounds, whereas several Agent governance startups have hit post-money valuations nearing $200 million at their Series A financing. We previously analyzed vertical Agent tracks in our last briefing—such as Sierra applying software valuation multiples to service-focused business models—and will not revisit that detail here. To draw a clear distinction: our prior coverage focused on which roles Agents displace, while this analysis centers on the third-party entities tasked with overseeing Agents.

Signal 1 | A full cohort of firms focusing on governance has emerged within a single funding batch, while corresponding execution-layer deployment has yet to gain meaningful traction.

First, examine the concentration of these enterprises.

• Gray Swan: Develops adversarial security testing and protection frameworks for models and Agents; secured a $40 million Series A round. Its core team hails from CMU, with founder Zico Kolter, a widely cited scholar in AI safety research.

• Geordie AI: Monitors Agent behaviors and access permissions within enterprise systems; closed a $30 million Series A financing, valuing the company at approximately $180 million post-money, with founding talent sourced from Darktrace.

• Canyon Code: Specializes in orchestrating interactions and dependency relationships between distinct Agents, having raised $5 million in funding.

• Modiqo: Converts validated Agent execution logic into reusable workflow modules, with $3 million in raised capital.

• Trajectory: Conducts ongoing model retraining using real-world end-user interaction data; secured a $15 million seed round resulting in a $115 million post-money valuation, with investment participation from Jeff Dean and Fei-Fei Li.

Adding Tekst, which builds process intelligence solutions, and Tensormesh, focused on cutting inference costs, nearly ten companies in this same funding cohort center their businesses on enabling observability, constraint management and reusability for Agents.

What stands out is this counterintuitive market dynamic: the enterprise-grade Agents these companies are built to support have not yet been widely deployed across industries. The market is building out full-suite management tooling for a technology still in limited mainstream adoption, reversing the typical industry development sequence. Traditionally, a technology scales into widespread use first, operational failures surface thereafter, and governance demands arise reactively in response. By contrast, funding is flowing nearly concurrently to governance-focused and execution-layer Agent developers in this cycle, with financing for certain governance verticals landing even ahead of mainstream Agent rollout.

Here comes the question: What exactly is being purchased with this money if the implementation team has not yet achieved scale growth?

Signal 2 | What enterprises pay upfront to purchase is “controllability” rather than “capability”

The answer lies within clients’ budget structures. The initial budget that enterprises are ready to spend on Agents is shifting focus from “how much work it can accomplish” to “whether it will behave erratically”.

The valuation of Geordie AI best illustrates this trend. Focused on Agent behavior monitoring, permission auditing and risk interception, the firm secured a post-money valuation of approximately 180 million US dollars at its Series A funding round, even though the Agents it monitors have not yet been fully deployed within most enterprises. Investors set such a valuation not based on the value generated by Agents, but on the potential costs stemming from unregulated Agent behaviors. A system capable of stopping Agents from corrupting data, conducting unauthorized operations or leaking confidential information before such incidents occur matters to enterprises not for “efficiency improvement”, but for enabling “confidence in adoption”. Security and observability have evolved into the critical toggle that moves an Agent from PoC to formal production deployment, instead of supplementary fixes implemented post-launch.

Gray Swan presents the same market shift from another perspective. It specializes in pre-launch adversarial testing and red team exercises, turning the verification of “whether an Agent can be manipulated into malicious conduct” into an outsourced service. This business model carries a clear implication: enterprises acknowledge their inability to fully govern Agents in-house and therefore outsource the associated governance risks. This clearly proves that controllability has transitioned from an internal responsibility of engineering teams to an independent procurement category.

Once controllability becomes a standalone paid service, a more fundamental question emerges: given its separability in pricing, does it still follow the same valuation framework as core execution capabilities?

Signal 3｜A divide is emerging between the governance layer and the execution layer, with the former poised to command software-style valuations

This is the most risky yet high-conviction call in this analysis. Valuation rationales for the governance layer and execution layer are diverging.

As pointed out in the previous analysis, the execution layer (vertical Agents in particular) faces an awkward economic model: it replaces professional services, featuring the gross margin structure and delivery costs typical of service-based businesses, yet frequently gets valued as software. The governance layer operates differently. Functions including monitoring, security, orchestration and retraining are inherently horizontal, standardizable and reusable as the number of Agents expands. The marginal cost of onboarding the 100th Agent onto one monitoring system is drastically lower than that of the first, a defining characteristic of genuine software.

This will drive a valuation reversal: market participants assume software valuation multiples belong to task-performing Agents, but in reality, enterprises that oversee Agent operations may be the true beneficiaries of such multiples. Trajectory secured a post-money valuation of $115 million at its seed funding round not by executing specific tasks, but by occupying the horizontal niche of continuous model improvement; every real-world user interaction from new clients fuels and reinforces its unified feedback flywheel. Tensormesh follows a comparable logic: it does not build Agents itself but drives down operational costs for all existing Agents.

This dividing line merits close ongoing monitoring. If this trend holds true, capital markets will increasingly assign software valuation premiums to the horizontal Agent management layer over the near term, while pricing task-focused vertical Agents against metrics aligned with traditional service industries. Put simply, the most software-like segment within the Agent economy may not be the Agent products themselves.

Causes | Why Now

Why is this signal emerging at this moment instead of earlier or later? Three developments have converged within the same timeframe.

First, Agents have evolved from “being able to chat” to “being able to take practical action”, marking a qualitative shift in capability boundaries. Capable of tool invocation, data modification and autonomous sequential decision-making, such Agents now carry concrete and costly risks if out of control, turning governance from an optional add-on into an indispensable prerequisite for deployment.

Second, actual cases of unauthorized operation and malfunctions from leading Agent developers have circulated among enterprises, shifting buyers’ priority from evaluating functional merits to first enquiring about contingency plans for potential failures.

Third, having suffered valuation losses on vertical Agent businesses due to inappropriate software-style pricing for service-oriented offerings, capital investors are proactively hunting for software-like segments across the Agent industrial chain, with governance-related sectors successfully attracting this redirected investment.

Essentially, the current market momentum hinges on investment betting not on Agents’ present capabilities, but their future potential.

Impact | Who Will Be Affected

For entrepreneurs, a clear market positioning window has emerged. If you are building execution-layer Agents, one critical pitfall to watch out for: your core value may not lie in the actual tasks you complete for clients, but in your ability to deliver observable and controllable mechanisms that convince clients to deploy your Agent into production environments. Embedding controllability as an intrinsic product feature rather than an afterthought for compliance directly determines the valuation multiple you can secure in your next financing round. For those developing governance-layer products, sustainable competitive moats do not stem from isolated functional modules—monitoring, testing and orchestration features can all be quickly replicated. Instead, the true edge lies in evolving into a horizontal standard layer that becomes increasingly irreplaceable as more Agents connect to it and more data accumulates; this is exactly the market positioning contested by Trajectory and Geordie.

For investors, this calls for two distinct valuation methodologies. Higher software valuation multiples are justifiable for governance-layer and feedback-layer enterprises thanks to their robust reusability and tangible network effects. In contrast, vertical execution-layer Agent businesses need to be valued strictly based on delivery costs and gross profit margins, and investors should avoid overpaying using software multiples lured by the narrative of AI replacing professional services. A practical due diligence step involves splitting an Agent firm’s revenue into two buckets: income generated from task execution and income from risk assurance services. The proportion of revenue from the latter often serves as a better indicator of the company’s long-term fair valuation than its revenue growth rate.

For large platform operators, foundational model providers will likely integrate core monitoring, logging and access permission functionalities natively into their platforms. Independent governance vendors therefore must pursue deeper technical depth, broader industry coverage and stricter neutrality to sustain viable market space. For enterprise buyers, the primary evaluation benchmark for Agent procurement is shifting from capability demos to security and observability requirements, which will be included in procurement checklists as early as the PoC phase.

Verification: Three Core Metrics Worth Tracking

Over the next 90 days, validate this judgment via three quantifiable metrics.

First, the valuation multiple gap between governance-layer and execution-layer businesses. Track the financing multiples of companies focused on the new round of governance-layer functions (monitoring, security, orchestration and retraining), and calculate their multiple differential against general or vertical execution-layer Agents over the same period. A sustained widening of the gap confirms industry divergence.

Second, the priority ranking of “security and observability” on corporate Agent procurement lists. Based on publicly available enterprise AI procurement cases and RFPs, tally the percentage of instances where “observability, security and compliance” is specified as a mandatory prerequisite instead of an optional add-on. A notable uptick within 90 days validates the second indicator.

Third, the disparity in the number of financing deals for Agent governance-layer ventures between China and the US. Compare newly closed financing rounds targeting Agent governance-layer (excluding execution-layer) businesses in the US, UK and China across the 90-day window. If US-backed deal volume retains its lead with no narrowing gap, the Sino-US structural divergence outlined in the first indicator is substantiated.