CURRENT | Market Pulse

The Definitional Gap

The $8 Billion Word Problem

By Rina Takahashi— February 25, 2026

Feature image for article: The $8 Billion Word Problem

In February 2026, five companies raised a combined $8 billion for agent infrastructure. Every single one pitched "reliability." Temporal meant something specific by that word. Daytona meant something different. Databricks, something else entirely. Astelia, yet another thing. Four layers of the stack, four theories of where agents actually break. Somewhere in procurement offices right now, teams are choosing between these theories, locking into a definition the market hasn't finished writing.

The Definitional Gap

The $8 Billion Word Problem

By Rina Takahashi— February 25, 2026

In February 2026, five companies raised a combined $8 billion for agent infrastructure. Every single one pitched "reliability." Temporal meant something specific by that word. Daytona meant something different. Databricks, something else entirely. Astelia, yet another thing. Four layers of the stack, four theories of where agents actually break. Somewhere in procurement offices right now, teams are choosing between these theories, locking into a definition the market hasn't finished writing.

Five Definitions

Five agent infrastructure companies raised a combined $7.5 billion in February. All of them are selling "reliability." None of them means the same thing by it.

Temporal wants your agent to survive a crash. Daytona wants it safely exploring parallel paths without poisoning production. Databricks wants the data layer underneath to hold. Astelia wants your security team to stop drowning in false positives. Basis wants a tax return that's actually correct.

Same category label, five genuinely different products. The grid below makes the divergence concrete.

Five Definitions

Five agent infrastructure companies raised a combined $7.5 billion in February. All of them are selling "reliability." None of them means the same thing by it.

Temporal wants your agent to survive a crash. Daytona wants it safely exploring parallel paths without poisoning production. Databricks wants the data layer underneath to hold. Astelia wants your security team to stop drowning in false positives. Basis wants a tax return that's actually correct.

Same category label, five genuinely different products. The grid below makes the divergence concrete.

State Persistence

Temporal Raises $300M for Durable Agent Execution

Temporal's $300M Series D at a $5B valuation, led by a16z, funds infrastructure for long-running stateful agents that recover from failures without losing progress. Cloud processes 300K+ agent actions per second. OpenAI and Nordstrom are among the installed base.

Sandboxed Execution

Daytona's $24M Bet on Agent-Native Sandboxes

Daytona's Series A, led by FirstMark Capital, builds isolated execution environments where agents launch sandboxes in milliseconds, fork into parallel decision paths, and snapshot mid-execution. Hit $1M ARR in under three months, doubled it six weeks later.

Data Infrastructure

Databricks Closes $7B Round for Agent Data

Databricks' $7B financing at a $134B valuation doubles down on Lakebase, a serverless Postgres database purpose-built for AI agents, and Genie, its conversational AI layer. Revenue run rate surpasses $5.4B with 65% year-over-year growth.

Security Prioritization

Astelia Raises $35M to Find Real Vulnerabilities

Astelia's combined seed and Series A, led by Index Ventures and Team8, deploys autonomous agents that map enterprise environments and surface which vulnerabilities are actually exploitable. In some deployments, roughly 30 out of nearly 3 million proved genuinely reachable.

Domain Accuracy

Basis Hits $1.15B Valuation Automating Accounting Work

Basis raised $100M Series B led by Accel for long-horizon agents that autonomously complete complex accounting workflows, including the first AI-completed end-to-end 1065 tax return. Roughly 30% of the top 25 U.S. accounting firms now use the platform.

Research Radar

Security Threat Modeling for Emerging AI-Agent Protocols: A Comparative Analysis of MCP, A2A, Agora, and ANP

Applies structured threat analysis to four agent communication protocols and finds twelve distinct protocol-level risks with no shared security framework across them. "Security" carries quietly different meanings in each protocol's design assumptions.

How deep does the fragmentation go?

The definitional gaps visible in commercial agent deployments run all the way down to the protocol layer itself.

Why now?

Published weeks before NIST's March 9 deadline for public comment on agent security, landing squarely in the gap NIST is trying to close.

Autonomous Agents on Blockchains: Standards, Execution Models, and Trust Boundaries

A systematic review of 317 works maps the agent-blockchain interface and finds current authorization frameworks insufficient for agents executing financial transactions. Proposes a five-tier taxonomy by agent authority level, flagging multi-agent collusion as a distinct, underexplored risk.

What does the taxonomy reveal?

Five authority tiers from read-only analytics to autonomous signing, each carrying security implications that existing standards don't address.

Where does authorization break?

As agents gain financial transaction capabilities, "authorized to act" splinters across execution contexts with no shared interface standard.

Agent2Agent Threats in Safety-Critical LLM Assistants: A Human-Centric Taxonomy

Examines A2A's structural trust gap: the protocol draws no distinction between human-originated and agent-originated instructions. Both enter a receiving agent's context window with equivalent privilege, collapsing a trust boundary that governance frameworks quietly assume exists.

What boundary is missing?

When human and agent instructions carry identical privilege at the protocol level, a foundational governance assumption simply evaporates.

Who feels this first?

Safety-critical deployments on A2A face a structural mismatch between the authorization boundaries they assume and those that actually exist.

A Survey of Agent Interoperability Protocols: MCP, ACP, A2A, and ANP

Surveys the agent interoperability landscape and confirms a familiar pattern: protocols were built for capability first, security second. Fragmented practices across frameworks make integration, security, and scaling of LLM-driven agent communication genuinely difficult.

Is piecemeal retrofitting enough?

The survey corroborates that protocol-by-protocol security patching won't substitute for a unified cross-protocol framework.

Why did this happen?

Protocol development simply outran security standardization, and the resulting fragmentation looks increasingly structural rather than incidental.

Research Radar

Security Threat Modeling for Emerging AI-Agent Protocols: A Comparative Analysis of MCP, A2A, Agora, and ANP

Applies structured threat analysis to four agent communication protocols and finds twelve distinct protocol-level risks with no shared security framework across them. "Security" carries quietly different meanings in each protocol's design assumptions.

How deep does the fragmentation go?

The definitional gaps visible in commercial agent deployments run all the way down to the protocol layer itself.

Why now?

Published weeks before NIST's March 9 deadline for public comment on agent security, landing squarely in the gap NIST is trying to close.

Research Radar

Autonomous Agents on Blockchains: Standards, Execution Models, and Trust Boundaries

A systematic review of 317 works maps the agent-blockchain interface and finds current authorization frameworks insufficient for agents executing financial transactions. Proposes a five-tier taxonomy by agent authority level, flagging multi-agent collusion as a distinct, underexplored risk.

What does the taxonomy reveal?

Five authority tiers from read-only analytics to autonomous signing, each carrying security implications that existing standards don't address.

Where does authorization break?

As agents gain financial transaction capabilities, "authorized to act" splinters across execution contexts with no shared interface standard.

Research Radar

Agent2Agent Threats in Safety-Critical LLM Assistants: A Human-Centric Taxonomy

Examines A2A's structural trust gap: the protocol draws no distinction between human-originated and agent-originated instructions. Both enter a receiving agent's context window with equivalent privilege, collapsing a trust boundary that governance frameworks quietly assume exists.

What boundary is missing?

When human and agent instructions carry identical privilege at the protocol level, a foundational governance assumption simply evaporates.

Who feels this first?

Safety-critical deployments on A2A face a structural mismatch between the authorization boundaries they assume and those that actually exist.

Research Radar

A Survey of Agent Interoperability Protocols: MCP, ACP, A2A, and ANP

Surveys the agent interoperability landscape and confirms a familiar pattern: protocols were built for capability first, security second. Fragmented practices across frameworks make integration, security, and scaling of LLM-driven agent communication genuinely difficult.

Is piecemeal retrofitting enough?

The survey corroborates that protocol-by-protocol security patching won't substitute for a unified cross-protocol framework.

Why did this happen?

Protocol development simply outran security standardization, and the resulting fragmentation looks increasingly structural rather than incidental.

The Easy Domain

Basis Raises $100M at $1.15B Valuation, Betting That Accounting Is Where Agents Can Actually Be Correct

Basis just closed a $100 million Series B led by Accel, with GV and Khosla Ventures participating, at a $1.15 billion valuation. The interesting thing here is the domain, not the check size.

Accounting is one of the rare professional fields where "correct" has a precise, externally verifiable definition. Debits equal credits. Tax codes are codified. Audit standards exist and are enforceable. The specification work that most agent deployments struggle to define has been done by the profession itself, over centuries.

That the largest domain-specific agent bet lands where verification is easiest tells you something about everywhere else.

The Easy Domain

Basis Raises $100M at $1.15B Valuation, Betting That Accounting Is Where Agents Can Actually Be Correct

Basis just closed a $100 million Series B led by Accel, with GV and Khosla Ventures participating, at a $1.15 billion valuation. The interesting thing here is the domain, not the check size.

Accounting is one of the rare professional fields where "correct" has a precise, externally verifiable definition. Debits equal credits. Tax codes are codified. Audit standards exist and are enforceable. The specification work that most agent deployments struggle to define has been done by the profession itself, over centuries.

That the largest domain-specific agent bet lands where verification is easiest tells you something about everywhere else.

Market traction:

Basis reports roughly 30% of the top 25 U.S. accounting firms now use its platform across tax, audit, and advisory

Product milestone:

Basis demonstrated the first AI agent to autonomously complete an end-to-end 1065 partnership tax return, a genuinely complex multi-entity document

Talent vacuum:

CPA candidates have dropped 27% over the past decade, and 300,000 accountants have left the profession since 2019

Adoption signal:

CFOs report 45% AI adoption in structured, rules-based finance functions but still require human oversight where judgment is involved

Investor roster:

Notable individual backers include Adam D'Angelo, Nat Friedman, Jeff Dean, and Claire Hughes Johnson