The past six months have made one thing clear: agentic AI is no longer a research topic. Forrester's Q4 2025 AI Pulse Survey found that 50% of enterprises are actively piloting agentic AI, and 24% already have it running in production. Agents are writing code, sending emails, querying databases, calling APIs, and executing trades — autonomously, at machine speed, with minimal human oversight.
The security industry noticed. At RSAC 2026, the annual Innovation Sandbox competition — the industry's most watched showcase for early-stage cybersecurity startups — fielded its most AI-concentrated cohort in its twenty-year history. Seven of the ten finalists either secure AI systems, use AI as a core detection engine, or defend humans against AI-powered attacks. The winner, Geordie AI, was recognized for its governance platform giving enterprises real-time visibility into their agentic footprint.
But there is a gap none of them fill.
Every one of the ten finalists operates at the observability layer, the pre-deployment layer, or the identity inventory layer. None of them place a hard gate — a verified, biometric stop — in the actual execution path of an agent tool call. None of them answer the question that keeps enterprise security teams up at night: how do I guarantee that an irreversible action cannot execute without a verified human authorizing it, in the moment, with their identity on the line?
That is the problem TruClaw was built to solve.
TruClaw is an agentic biometric guardrail plugin. It intercepts tool calls in the before_tool_call hook — the last checkpoint before an agent's instruction becomes a real-world action. When the classifier identifies a dangerous call (a deletion, a deployment, a financial transfer, a bulk communication), it fires a push notification to the operator's iOS device, demands a biometric challenge, and only releases execution if a Secure Enclave-signed JWT is returned and verified. No tap, no action. The approval is cryptographically attributed, device-bound, and non-repudiable.
The table below maps TruClaw against all ten RSAC 2026 Innovation Sandbox finalists across the dimensions that matter for agentic execution security: whether the product places a hard execution gate, whether it incorporates biometric identity, and whether it operates inside the live agent call path at runtime.
| Company | Category | Core value prop | Execution gate | Biometric identity | Runtime interception |
|---|---|---|---|---|---|
| TruClaw | Agentic execution authorization | Biometric hard gate in the before_tool_call path; blocks irreversible agent actions pending Secure Enclave-signed human approval | ✓ Hard block | ✓ Secure Enclave JWT | ✓ before_tool_call hook |
| Geordie AI 🏆 | Agentic AI security & governance | Real-time visibility into enterprise agent footprint; monitors posture and behavior, identifies and mitigates risk at the observability layer | ✗ | ✗ | ~ Monitoring, not blocking |
| Token Security | Non-human identity (NHI) security | Discovers, classifies, and governs machine identities and service accounts; prevents NHI-based lateral movement | ✗ | ✗ | ✗ |
| Clearly AI | AI-automated security & privacy reviews | Replaces manual security/privacy review workflows with AI agents; 90%+ reduction in review cycle time | ✗ | ✗ | ✗ |
| Fig Security | Detection drift & SecOps change simulation | Simulates how infrastructure changes ripple through the detection stack before deployment; prevents silent monitoring gaps | ✗ | ✗ | ✗ |
| Realm Labs | LLM internal observability | Inspects LLM attention patterns and chain-of-thought during inference to detect manipulation and adversarial inputs from inside the model | ✗ | ✗ | ~ Inference-time, not tool-call layer |
| Charm Security | Agentic anti-fraud / social engineering defense | AI agents that detect and intervene against scams and social engineering targeting humans in real time | ✗ | ✗ | ✗ |
| Glide Identity | Identity security posture management | Continuously assesses and remediates identity risk across cloud and SaaS; bridges gaps between IAM and security teams | ✗ | ~ Identity mgmt, not biometric auth | ✗ |
| Humanix | Human threat detection & response | Real-time detection of social engineering during live interactions; intervenes before credentials or data are compromised | ✗ | ✗ | ~ Real-time, but human-facing |
| Crash Override | Offensive security / red team automation | Automates adversarial testing and red team exercises at scale; continuously validates security controls against real attack patterns | ✗ | ✗ | ✗ |
| ZeroPath | AI-powered AppSec / code vulnerability detection | Uses AI to find exploitable vulnerabilities in code and prioritize remediation; reduces false-positive noise in SAST/DAST pipelines | ✗ | ✗ | ✗ |
✓ = yes ✗ = no ~ = partial or adjacent | 🏆 = RSAC 2026 Innovation Sandbox winner
The pattern is unambiguous. Every finalist in the most AI-concentrated RSAC Innovation Sandbox cohort ever assembled operates either before execution (pre-deployment reviews, red team simulation, code scanning) or alongside it (observability, monitoring, identity posture). None of them block. None of them require the human to put their biometric on the line before an action runs.
The closest company in the room is Geordie AI — the winner — and its platform is explicitly an observability and governance tool. It tells you what your agents are doing. TruClaw stops what they shouldn't be doing. These are not competing products; they are complementary layers of the same stack.
The deeper point is about accountability. Observability tells you what happened after the fact. A cryptographically signed, biometrically gated approval tells you who authorized it, on which device, at what time, before it happened. For enterprises moving agentic AI into production — where agents touch customer data, financial systems, and production infrastructure — that distinction is the difference between an audit log and a control.
TruClaw is available as a plugin for the OpenClaw agent platform and as a guardrail layer for Google ADK-based agents.
References
- TruClaw — OpenClaw plugin implementation —
github.com/sanjaymk908/trukyc-openclaw - TruClaw — Google ADK implementation —
github.com/sanjaymk908/trukyc-adk - RSAC 2026 Innovation Sandbox — Top 10 Finalists announcement
- RSAC 2026 Innovation Sandbox — Winner announcement (Geordie AI)
- Forrester: RSAC Innovation Sandbox 2026 — Two Sides of AI on Display
