AI Investment Portfolio 2026: How Wiz’s Founder Built Multiple Startup Positions

After selling Wiz to Google for $32 billion, founder Assaf Rappaport is building an AI portfolio focused on infrastructure and autonomous security.

Assaf Rappaport, the co-founder of Wiz, is quietly building one of the tech industry’s most focused artificial intelligence investment portfolios. Following Wiz’s $32 billion sale to Google—the largest exit in Israeli tech history—Rappaport has deployed capital into at least ten startups by mid-2026, concentrating his bets on what he calls the “agentic and infrastructure layer” of AI. Rather than chasing consumer applications or large language models, he’s backing companies solving concrete problems in autonomous defense, identity security, and memory systems. This approach reflects a founder who spent years scaling one of cybersecurity’s most valuable unicorns and recognizes where AI’s practical value will concentrate next.

The portfolio reveals a thesis: AI’s most valuable applications in 2026 are not generalist chatbots or image generators, but specialized autonomous systems that handle specific, high-stakes problems. Each investment targets a different layer of infrastructure or a distinct security vulnerability in an AI-driven world. For instance, Frame Security is tackling behavioral analytics within organizations, while A Security is building systems that automatically simulate and defend against cyber attacks. These aren’t bets on AI dominance. They’re bets on AI as a tool that needs to be defended, secured, and layered with human oversight.

Table of Contents

What Is an Agentic AI Investment Portfolio and Why Focus There?

The term “agentic AI” refers to autonomous systems that can perceive environments, make decisions, and take actions with minimal human intervention. Unlike chatbots that respond to prompts, agentic systems run continuously, learn from feedback, and execute complex workflows. For investors, this layer represents the practical frontier—where AI stops being a novelty and becomes infrastructure. Rappaport’s concentration on this area signals confidence that 2026’s highest-value applications require autonomous, specialized agents rather than generalist models.

Infrastructure plays an equally crucial role in Rappaport’s thesis. Companies that build the scaffolding upon which agents run—memory systems that let agents learn, identity verification for secure agent interactions, threat detection for agent-generated attacks—become foundational. This echoes his experience at Wiz, where the company built a platform approach to cybersecurity rather than a point solution. By investing across multiple layers of the agentic stack, Rappaport is hedging against any single technology becoming dominant while positioning himself across the infrastructure layer that all agentic systems will require.

The Infrastructure Imperative Behind Agentic AI Investments

Building AI infrastructure differs fundamentally from building AI applications. An application solves a specific user problem. Infrastructure enables other companies to build applications more cheaply, faster, or at greater scale. Rappaport’s portfolio leans heavily toward infrastructure, which means his returns depend on whether the broader industry adopts these foundational layers. This carries a risk: if the industry standardizes around different infrastructure—say, a different memory architecture or identity protocol—then specialist infrastructure plays may become obsolete. The security angle adds another dimension.

As autonomous agents proliferate, the attack surface explodes. An agent that can act on behalf of a human or access critical systems becomes a target. Attackers will seek to compromise agents, manipulate their decisions, or trick them into destructive actions. Companies that can defend these agents—or detect when agents themselves have been compromised—will become essential. Rappaport’s focus on identity security, behavioral analytics, and autonomous defense reflects this reality. He’s not betting that agents will be safe by default. He’s betting that companies solving agent security will be irreplaceable once agents are everywhere.

Rappaport’s Notable 2026 AI Investments in Agentic Security StartupsFrame Security50$MA Security37$MOcean Security28$MSource: Assaf Rappaport’s 2026 deal spree: Inside the Wiz founder’s expanding AI investment map | CTech

Frame Security’s Human-Risk Detection: Reading Behavior Inside Organizations

Frame Security, which raised $50 million in May 2026, represents one of the clearest examples of Rappaport’s infrastructure thesis at work. The company focuses on human-risk detection and behavioral analytics—identifying when someone inside an organization is behaving suspiciously, whether due to a compromised account, malicious intent, or simple negligence. This matters increasingly because autonomous agents will be making decisions inside corporate networks, and the risk of a compromised agent or a human misusing an agent grows as these systems spread. Behavioral analytics is not new, but combining it with autonomous agent monitoring is.

A Frame customer might deploy agents to manage infrastructure, handle customer support, or process transactions. Frame watches how those agents behave and how humans interact with them. If an agent suddenly starts exfiltrating data, or if a human begins asking an agent to do something outside its normal scope, Frame flags it. The business model is straightforward: organizations will pay for this visibility, especially as they rely more on autonomous systems. The limitation is that behavioral analytics generates false positives—flagging innocent behavior as suspicious—and tuning systems to reduce noise while catching real threats remains challenging.

A Security’s Autonomous Defense Layer: Proactive Attack Simulation

A Security raised $37 million in combined seed and follow-on financing and is building what amounts to an autonomous cyber defense system. Rather than passively detecting attacks, A Security’s agents simulate them. The system proactively breaks into a company’s own infrastructure, documents vulnerabilities, and automatically deploys patches or mitigations. This represents a fundamental shift: defense moves from reactive (detect and respond to breaches) to proactive (continuously try to break your own systems and fix them before attackers find the weaknesses).

For large organizations managing thousands of servers, applications, and network segments, proactive simulation at scale has never been economically feasible. Security teams can run occasional penetration tests, but continuous automated red-teaming by autonomous agents changes the calculus. An organization might reduce mean time to detection (MTTD) for vulnerabilities from weeks to hours. The risk, however, is that an overly aggressive autonomous defense agent could disrupt legitimate operations—shutting down services, blocking traffic, or making changes that conflict with business needs. Tuning agents to be thorough without being disruptive is itself a significant engineering challenge.

Ocean Security’s Email Defense Against AI-Generated Social Engineering

Ocean Security raised $28 million across seed and Series A rounds and is addressing a specific, urgent problem: AI-generated phishing and social engineering attacks directed at email. As language models improve, generating convincing fake emails becomes trivial. A phishing email that previously required human craftsmanship and trial-and-error can now be generated in seconds, personalized to the recipient, and deployed at scale. Ocean Security is building agentic email defense—agents that understand email context, detect AI-generated social engineering patterns, and stop attacks before they reach users. The urgency here is not hypothetical.

By 2026, security teams are already seeing a surge in AI-generated phishing attacks. Tools that make email defense more human than organizational controls alone become a necessity, not a luxury. Ocean Security’s approach assumes that email will remain a critical attack vector and that agentic defense systems will evolve faster than agentic attack generation. The limitation is that as attackers improve their email generation techniques—making fake emails more contextual, better written, and more personally tailored—defenders must continuously upgrade their agents to detect new patterns. It becomes an ongoing arms race rather than a solved problem.

Portfolio Construction: Betting on Multiple Layers Without Betting Everything

Rappaport’s decision to invest in at least ten startups across security, infrastructure, and defense layers reflects a deliberate portfolio strategy. Rather than placing a single massive bet on one agentic AI company or one security problem, he’s diversifying across the vertical. This approach mirrors how successful venture investors operate: they spread capital across multiple bets because the outcome of any single investment is highly uncertain. Some of his companies will be acquired by larger security vendors. Others may fail.

A few might become independent multi-billion-dollar companies. The strategy also insulates him against technological shifts. If one approach to agentic memory becomes standard, companies building alternative memory systems might struggle. But if he’s invested in memory startups using different architectures and methodologies, at least one is likely to succeed. This diversification comes with a tradeoff: no single investment in his portfolio may produce the returns that a concentrated bet on one breakout company could. But his portfolio as a whole is more likely to generate strong returns because the risk of total loss is lower.

Patterns Across Seed, Series A, and the Infrastructure Bet

The companies in Rappaport’s portfolio span different funding stages. Frame Security, A Security, and Ocean Security are all relatively early in their fundraising history (seed to Series A by mid-2026), which suggests Rappaport is investing at a stage where valuations are lower and ownership percentages are higher, but the company building work is just beginning. This pattern—investing across early-stage companies in a specific domain—works when the investor has pattern recognition about which teams, problems, and technical approaches will win. Rappaport’s advantage is that he built a major company in cybersecurity.

He understands which problems matter to enterprise customers, which technical approaches scale, and which founders have the execution capacity to build durable businesses. Investors without that operating experience often struggle to evaluate early-stage infrastructure companies because the technical choices and team composition that matter are invisible to outsiders. His portfolio of investments in agentic AI and security infrastructure is, in effect, a bet that his judgment about what matters—applied to this new domain—will prove accurate across multiple companies. By mid-2026, these companies are still executing against their initial visions, but the foundation for his portfolio’s returns is being laid through their product development and customer acquisition.

Frequently Asked Questions

Why is Rappaport focusing on security applications of agentic AI rather than consumer or enterprise productivity applications?

Security is his domain expertise, and it’s where autonomous systems face the highest-stakes problems. Securing agents that control critical systems is urgent and necessary, whereas consumer productivity applications are still experimental. His focus reflects both his background and a genuine market need.

What’s the difference between A Security’s autonomous defense and traditional penetration testing?

Traditional pen testing is manual, episodic, and expensive. A Security’s agents can continuously simulate attacks, find new vulnerabilities, and propose fixes without human labor. This enables proactive defense at scale that was previously impossible.

Could Ocean Security’s email defense become obsolete if email becomes less important?

Possibly, but email remains the primary vector for social engineering and phishing attacks in 2026. Even if email use declines, the problem of detecting and stopping AI-generated deception in messaging systems will persist across other platforms.

How does investing in ten early-stage companies differ from investing in one larger company?

The portfolio approach spreads risk across many bets, increasing the odds that at least some succeed. The tradeoff is that no single investment may produce the exceptional returns that backing one breakout company could deliver.

What could derail Rappaport’s agentic AI investment thesis?

If autonomous agents prove harder to build reliably than expected, or if agentic AI remains a narrow technical solution rather than a broad infrastructure layer, these companies’ addressable markets could shrink. Regulatory restriction on agent deployment would also significantly impact the thesis.


You Might Also Like