Aten Security · Founded 2025 · San Francisco
Authorized is not
the same as safe.
Every security tool in a live production stack was working exactly as designed. Identity and AISPM posture controls were in place, but none of them stopped the DROP TABLE from running. That is the gap Thoth is built to close.
The origin
Built on real production behavioral data.
We built behavioral enforcement infrastructure for enterprise environments from the ground up, learning one thing deeply: the authorization story is never enough. What happens after access is granted is where controls usually fail.
That insight became Thoth. The MOSES behavioral engine has been running in production since July 2025. We didn't build a prototype first and ask questions later. We applied a proven enforcement engine to enterprise AI runtime risk.
When AI agents became real production systems with access to billing APIs, customer databases, and external services, we saw the same gap emerge. The authorization story was good. The post-authorization story was nonexistent.
Apr 2025
Aten Security founded in San Francisco. Mission: close the post-approval security gap that every other enterprise tool ignores.
Aug 2025
MOSES behavioral detection engine ships: two-tier analysis in production. Fast-ML classifies in <100ms; Deep-LLM handles the 15% that needs depth.
Nov 2025
Pivot to AI Agent Runtime Security (AIRS). Autonomous agents running on enterprise credentials is the exact gap MOSES was built to close. Thoth SDK development begins.
Mar 2026
RSA launch. Thoth goes public. Shadow mode ships with free onboarding. AARM TWG membership confirmed as a runtime implementer.
Apr 2026
Design partner pilots active across financial services, healthcare, and enterprise tech. First enforcement contracts in final stages.
Founder
Nyah Check
Founding engineer at Altitude Networks (acq. by CoinList) and early contributor at Komand Security (acq. by Rapid7). Staff Security Engineer at Anchorage Digital, the federally chartered crypto bank where he built security infrastructure for institutional-grade digital asset custody.
He built the MOSES behavioral detection engine from scratch, in production since August 2025. The same engine now enforces policy on autonomous AI agent actions in under 100ms.
Nyah Check
Founder & CEO · Aten Security
“If an agent can act in production, the decision layer in front of it has to hold under pressure.”
How we build
Design principles.
Evidence over assertion
Every blocked action generates a tamper-evident receipt. Claims about AI safety mean nothing without proof it held.
Fail-safe by default
If Thoth is unreachable, sensitive actions do not run. The enforcement layer is designed for production failure modes.
Observe before block
Security teams need to see behavior before they enforce. Observation mode is the default rollout path.
Behavioral, not signature
Known-bad lists break down with autonomous agents. We focus on behavior and drift from expected intent.
Advisory board
Advised by people who've lived the problem.
Security leaders who have managed identity, access, and risk in large production environments.
Caleb Sima
GP, White Rabbit VC
Ex-CISO, Robinhood · Databricks
Active co-seller. Built security programs at two of the highest-profile fintech companies.
Frederick Lee
CISO, Reddit
Ex-CISO, Gusto · Twilio
Design partner on the Reddit internal agent audit. CISO-to-CISO referrals are one of our strongest channels.
Shaun Blackburn
CISO, True Anomaly
Ex-CISO, Gemini · Airbnb · Netflix
Sponsor of the Gemini $90K enforcement pilot, our first contracted enforcement customer.
Prem Iyer
SVP, Palo Alto Networks
Enterprise GTM strategy. Helps us map Thoth into real security programs, not slideware.
Ecosystem
AARM Foundation: Technical Working Group Member.
Aten Security is a confirmed TWG member of the AARM Foundation (AI Agent Risk Management), serving as a runtime implementer alongside Noma and Formal Security. Membership was confirmed on April 2, 2026.
AARM conformance review is underway. Passing means Thoth carries the AARM conformant badge, an industry-recognized signal that our runtime enforcement meets the AARM spec.
Get in touch