cd /news/ai-safety/launch-hn-traceforce-yc-s26-company-… · home topics ai-safety article
[ARTICLE · art-62451] src=news.ycombinator.com ↗ pub= topic=ai-safety verified=true sentiment=· neutral

Launch HN: Traceforce (YC S26) – Company-wide security monitoring for AI apps

Traceforce, a Y Combinator S26 startup founded by Xia and Varun, launched a company-wide security monitoring platform for AI applications. The tool provides real-time visibility into AI agents running on employee devices, enabling security teams to detect and prevent unsafe actions such as data leaks or destructive commands. Already deployed across 1,000 devices at 10 organizations, Traceforce aims to help small to medium enterprises manage AI-related security risks without slowing down productivity.

read3 min views1 publishedJul 16, 2026

| |||||||||||||||| 2 points by | Hey HN, we’re Xia and Varun, the founders of Traceforce ( The purpose of Traceforce is to: - Give a company’s employees a standardized way to ensure that AI software running on their device is operating safely - Give the company’s security team visibility of the activities of AI software on the company’s devices, and to detect and prevent unsafe actions and security breaches as early as possible. How Traceforce works 1. Traceforce is installed on each device as a lightweight binary and browser extension. 2. Within 30 minutes, the device is up live data to the company profile, displaying all the AI agents/apps running across all company devices on a dashboard. 3. Company security staff can monitor the activity of all the agents in real time, implement controls, and be alerted to any security risks as soon as they arise. Here’s the video demo: The inspiration for Traceforce came via Xia’s experience as Director of Engineering at a startup called Clumio (which was acquired by Commvault in Oct 2024). Being able to monitor how team members are using AI without slowing them down was a top priority at Clumio. After speaking with 50+ CISOs and CIOs, it became clear that this is a much-needed solution right now across industries. We keep hearing that new AI features are being adopted so quickly and so broadly that visibility and control just can't keep up. Traceforce is transparent about what we monitor and collect. By default, Traceforce collects only metadata and telemetry about the AI applications, MCPs, and tools running on a device. Security teams can enable options to inspect tool calls for the purpose of detecting, warning on, or blocking predefined high-risk or potentially destructive actions. All content inspection happens locally on the device. User prompts are never stored unless explicitly configured by the organization's security administrators. We work closely with end-users of the product, and once they understand what is being monitored/shared, they actually have great comfort that they have a powerful layer of protection on their device to prevent security incidents. It enables them to just focus on their work without worrying about what leaks and breaches may be happening under the hood without their awareness. Traceforce is currently deployed across more than 1,000 devices at 10 organizations. On average, we discover over 15 AI applications per device with each application connected to 5-10 MCPs. We've helped customers identify exposed plaintext secrets in MCP configurations, prevent API keys from leaking through AI-generated code, and warn developers before executing potentially destructive commands such as “DROP TABLE”. Our "warn and acknowledge" approach has been especially well received, giving developers the freedom to work while helping them avoid costly mistakes. We're looking to work with security, IT, and AI platform teams at small to medium enterprises (200+ employees) that are rapidly adopting AI coding assistants, ChatGPT, Claude, and MCPs. If you're struggling to understand what AI tools people use to boost their productivity or need a practical way to reduce AI-related security risk without slowing folks down, we'd love to talk. You can get started with a free trial at | ||||||||||||||| Applications are open till July 27. |

── more in #ai-safety 4 stories · sorted by recency
── more on @traceforce 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/launch-hn-traceforce…] indexed:0 read:3min 2026-07-16 ·