Businesses are moving faster than ever to use genetic AI and bring it to their employees and users alike. However, speed and security don’t always go hand in hand, so it’s only now that many businesses are realizing the potential security concerns associated with the use of genetic AI. Israel-based Prompt Security wants to help organizations ensure their employees aren’t leaking data to GenAI tools — including those not officially approved by company IT teams (think “shadow AI”) — while helping them ensure their own customer experience GenAI-enabled application.
The company is coming out of stealth today to announce a $5 million round led by Hetz Ventures, with participation from Four Rivers and a number of angel investors in the space, including CISOs at Airbnb, Elastic and Dolby.
Prompt Security was founded by Itamar Golan (CEO) and Lior Drihem (CTO), both of whom previously worked at Check Point and Orca Security. “I always knew I wanted to start my own company. My two biggest passions were artificial intelligence and security, but five years ago I knew the market wasn’t mature enough. So I was waiting for the right moment,” Golan told me.
Then, about 18 months ago, his team at Orca began looking at implementing an AI-based recovery feature, which he ended up building with Drihem. This inspired the team to start this new company. “We saw the different backdoors we were leaving in development and we looked at each other and said: there’s a new attack surface because of these new architectures and new frameworks — things like direct injection are suddenly impossible — and then we realized that a new market is going to to thrive.”
Image Credits: Immediate security
The Golan is also part of it OWASP Top 10 Initiative to enhance the security of LLM applications.
Part of the problem for CISOs today is that they don’t have a good understanding of what tools even their users are accessing within their networks, Golan explained. This also leaves the door open for employees to, for example, share personally identifiable information with these services. This kind of data leak is problematic in itself, but it could also open the company up to regulatory issues. On the user side, Prompt Security’s product to ensure this doesn’t happen is a browser extension and IDE plugin. The company’s tools automatically detect patterns related to the use of GenAI and then layer an enforcement policy on top of it. All this, the company says, introduces only minimal latency to the user experience.
Meanwhile, on the application side, GenAI chat apps open up a new attack surface through timely injections and jailbreaks, which can go so far as to allow an attacker to run unauthorized code inside a company’s network.
Golan emphasized that the company is trying to build an entire platform here covering various aspects of an organization’s GenAI usage. “We are trying to create a single solution for GenAI security. We cover both employee usage — the enterprise side of InfoSec — and the application security side.”
Just a few months ago, Golan told me, many CISOs were still either unaware of or unconcerned about GenAI security issues, but that’s rapidly changing now that they’re seeing an increase in shadow AI use.
Over time, the company plans to launch more services that help its customers increase their GenAI security posture. Currently, Prompt Security’s focus is primarily on securing applications in production, but the team plans to increasingly focus on helping developers secure their applications during the development and testing phases. “I think right now we need to be very focused on the current needs around Gen AI: real-time data visibility and privacy,” Golan said when I asked him about the company’s expansion plans. “Later, we’ll expand with more money and more customer feedback — and I’d say this market is so crazy, what I’m telling you now probably wouldn’t be relevant next year.”
