Eighteen months ago, “agentic AI” was a slide in a deck. Today it’s a category absorbing more than half of all global venture dollars: AI startups captured 53% of global VC in the first half of 2026 alone. Every founder pitch now has an agent in it somewhere, and every fund (including ours) is trying to figure out where the durable value actually sits once the novelty wears off.
At Remagine Ventures, we’ve been mapping this space closely, including through IsraelVC, where we recently charted the named funds behind ten Israeli agentic AI startups that raised in the last few months (more on that below). The exercise crystallised something we’d been feeling in deal flow for a while: “agentic AI” is not one category. It’s at least two, and they have almost nothing in common as investments.
Infrastructure vs. Vertical: two very different bets
Agent infrastructure is the plumbing: runtimes, sandboxes, orchestration layers, identity and permissions, observability, evaluation, and security/control planes that make it possible to run an agent in a production environment without it doing something catastrophic. This is the “picks and shovels” layer. It’s technically hard, often defensible through deep systems work, and it sells to other AI builders as much as to enterprises.
Vertical AI agents are the applications: agents that do a job, like triaging support tickets, running procurement workflows, doing compliance review, managing revenue operations, or writing code in a specific framework. This is where the outcomes live, and increasingly where the capital is concentrating. Vertical agents account for roughly half of 2026 agentic AI deal volume and an even larger share of dollars deployed, with the busiest verticals being cybersecurity, healthcare operations, finance ops, procurement, compliance, and customer-facing support.
The infrastructure layer is smaller in capital terms but disproportionately active. Investors are chasing the execution and control layers that make agents safe enough to deploy in regulated or high-stakes environments. That’s a tell: the market has moved from “can we build an agent” to “can we trust an agent,” and that question is an infrastructure problem before it’s a product problem.
For founders, this distinction matters enormously when you’re raising. Infrastructure pitches need to prove technical depth and a path to being the standard that vertical builders depend on. Vertical pitches need to prove workflow ownership, data moats, and that you’re not just a thin wrapper that the underlying model provider could absorb in a quarter. Investors have sharpened their filters accordingly: proprietary data, novel architecture, and deep integration into a customer’s workflow are now the line between a credible pitch and “a prompt with a UI.”
The three problems every agentic AI founder eventually hits
Whichever side of the infra/vertical line you sit on, there are structural challenges in this category that are different in kind, not just degree, from the SaaS era most of us grew up investing in.
1. Token costs are quietly eating the business model. This is the one that catches founders off guard, because it doesn’t show up until you have real usage. AI features are compressing gross margins from the 80-90% SaaS founders are used to down to 50-60%, because every agent action is a metered compute event, not a marginal-cost-zero software interaction. Goldman Sachs projects token consumption could grow roughly 24x, to around 120 quadrillion tokens a month, between 2026 and 2030.
And critically, falling per-token prices have not translated into falling bills, because usage intensity (longer contexts, more agent steps, more autonomous loops) is growing faster than prices are dropping. Several companies have reported blowing through their entire annual token budget in a single quarter. Aaron Levie’s recent post on this, token costs are becoming one of the hottest issues in AI economics captures exactly the dynamic we’re seeing across our portfolio: usage growth outpacing unit economics improvement, and founders discovering that “more usage” isn’t automatically “more margin.”
As tokens take on a significant amount of the cost of any given workflow, then companies will inevitably want to ensure that their dollars go into the most efficient use of tokens for the particular job at hand.
Aaron Levie, Box CEO
The startups we find most compelling right now are the ones treating cost governance and pricing architecture as a product problem from day one, not a finance afterthought to solve post-PMF. Marking up tokens is a race to the bottom; the winners are the ones who design around consumption rather than reselling it.
2. Non-determinism breaks the QA playbook. Traditional software is deterministic: same input, same output, testable, debuggable, repeatable. Agents are not. The same prompt, the same workflow, run twice, can produce two different action sequences, and in a multi-step agentic chain, small probabilistic deviations compound. This isn’t a bug to be fixed; it’s the nature of the technology, and it means founders building in this space need fundamentally different approaches to evaluation, monitoring, guardrails, and rollback than anything in the previous software generation’s toolkit. We’d argue this is the reason the “control plane” sub-category of infrastructure (evals, observability, agent monitoring) has become one of the most actively funded corners of the market: enterprises will not deploy what they cannot predict, audit, or roll back.
3. Security is a different shape of problem entirely. Giving an autonomous system the ability to take actions (call APIs, move money, touch customer data, write and execute code) opens an attack surface that didn’t exist in the chatbot era. Prompt injection, data exfiltration through tool use, identity and permission sprawl across agent fleets, and the simple fact that an agent can be socially engineered the way a human employee can: these are not edge cases, they’re the central design challenge. It’s no surprise that some of the sharpest recent rounds we’ve tracked are security-for-agents plays (Onyx Security’s $35M Series A with Conviction, building on an earlier Cyberstarts seed, is a good regional example). Expect “agent security” to do for this wave what “cloud security” did for the SaaS wave, except compressed into a fraction of the time.
Where we’re spending our time
As an early-stage fund with deep Israeli roots and a thesis around founders building from “the edge” (gaming, consumer, and now agentic systems), we’re drawn to teams that treat these three challenges (cost, non-determinism, security) not as risks to be managed around the edges, but as the actual product surface area. The founders who are going to build enduring companies here are the ones designing for unpredictable, metered, adversarial environments from the first commit, not retrofitting governance once an enterprise customer asks an uncomfortable question in a security review.
We mapped 32 named funds across just ten recent Israeli agentic AI raises, from Team8 and Glilot to Insight Partners, Index Ventures, and Lightspeed, which tells you how fast capital is moving into this space.
See the full breakdown on IsraelVC
He is a former General Partner at Google Ventures (GV) in Europe, former head of Google for Entrepreneurs in Europe, and founding head of Campus London, Google's first startup hub. Eze writes on Israeli tech, venture capital, artificial intelligence, and founder strategy.
He is also the founder of Techbikers, a nonprofit that brings together the startup ecosystem on cycling challenges in support of Room to Read.
- Agentic AI: Picks and Shovels vs. the Gold Itself - June 8, 2026
- Israel’s Space-Tech Moment: From Beresheet to Space-Based AI - June 7, 2026
- Weekly Firgun Newsletter – June 5 2026 - June 5, 2026
