New‑Wave AI Governance: Lumia Raises $18M to Secure Autonomous Agents in the Enterprise

What happened

Lumia, an “agentic AI security and governance” platform, announced that it has raised $18 million in a seed funding round led by Team8, with participation from New Era.

Alongside the funding, Lumia appointed Admiral Michael Rogers (former Director of the NSA and Commander of U.S. Cyber Command) to its advisory board.

Who is affected

• Enterprises rapidly adopting AI, especially those integrating autonomous or task‑specific AI agents into workflow.
• CISOs and security teams responsible for managing risk, compliance, and oversight as AI becomes more embedded in business processes.
• Industries handling sensitive data, such as financial services, technology, and other regulated sectors, where misuse, leakage, or unauthorized AI actions carry serious consequences.

Why CISOs should care

As enterprise adoption of AI agents accelerates, with some analysts predicting a jump from “less than 5%” today to 40% of applications embedding task‑specific AI agents within a year, traditional security tools and controls may fall short.

Autonomous agents can draft contracts, process sensitive data, and trigger actions outside traditional IT workflows, creating blind spots, compliance challenges, and new attack surfaces.

Lumia’s platform claims to close that “governance gap,” giving organizations context‑aware visibility and control over AI‑agent behavior, permissions, and system interactions.

3 Practical Actions for CISOs

1. Perform an internal AI‑agent audit: Identify where autonomous agents (or AI tools) are already in use: which departments, what tasks, what data they touch. This gives you a baseline for risk exposure.
2. Establish AI usage policies now: Define clear guardrails around who can deploy AI agents, what data they can access, what actions they can perform, and under what permissions. Adopt a governance‑first mindset before usage scales.
3. Evaluate infrastructure‑native AI governance solutions: Consider platforms that can provide network‑level visibility and enforcement, without requiring extensive endpoint modifications, especially for environments with high data sensitivity or regulatory burden.