Where to invest in the AI agent ecosystem?
- 记忆层需独立于单一提供商,初创公司可提供中立解决方案。
- 评估领域需要独立第三方来衡量代理性能与可靠性。
- 安全性需全新架构设计,传统工具无法满足复杂需求。
With Google’s release of the Agent Payment Protocol (A2P) last month, the agent ecosystem is maturing. But the scaffolding is still incomplete.
My view: most of the underlying infrastructure will be owned by FAAMG or the large LLM labs, with only a few entry points left for startups.
IMO, the best opportunities for startups sit in three areas: memory, evaluation, and security.
1️⃣ Memory: The premise here is that memory shouldn’t be controlled by a single provider. Instead, it should be interoperable and portable across different LLMs and apps. While the majors (Google, Microsoft, OpenAI) would love to monopolize user memory, I believe GenAI usage will stay fragmented. That creates space for independent providers to manage user memory as a neutral layer. Some example of startups playing in this layer include **Letta**, **Mem0**, **supermemory**, and **Zep AI (YC W24)**
2️⃣ Evaluation: This is the equivalent of a credit bureau for agents. Just as credit bureaus are independent from banks and lenders - and exist to provide an objective credit score - we’ll need third parties to independently assess agent performance, reliability, and trustworthiness. I think this independence is critical: you don’t necessarily want the same company building the agent to also be the one grading it. Some examples of startups include **Galileo****Patronus AI****LangSmith AI**
3️⃣ Security: Agent security can’t just be patched onto existing products, I think it requires a ground-up rethink. Agents expand the attack surface: more integration points, more control points, and more sensitive data flows. This calls for new systems, not incremental updates to incumbent tools. CrowdStrike was a good example - traditional antivirus couldn’t handle cloud and endpoint complexity, and a fresh architecture redefined the category. Startups like **Auth0** and **Anon** are early movers here.
Other components - like planning, tool use, and orchestration, will likely fall to incumbents. These functions can be executed within the LLMs themselves, and standardized protocols (MCP, A2P, A2A) already exist. Also, third-party independence matters much less in these areas.
Curious to hear others’ views - where else do you see room for startups to win?
