Launch prototype — AI Security category. Vendor scores are based on public sources and editorial assessment. Updated April 2026.
VendorAudit
VendorAudit
Market Pulse Profiles Compare How to buy Reviews Methodology Newsletter
Subscribe
Category Data Security AI Security Cloud Security Coming Identity Coming
AI Security category · April 2026 · 16 vendors covered

The AI security category: moving faster than any analyst firm can track.

The AI cybersecurity market hit $31B in 2025. 200+ companies now operate across 10 distinct subcategories. Most buyers are evaluating vendors that didn't exist three years ago, using frameworks that didn't exist two years ago, for threats that didn't exist one year ago. We cut through it.

15
vendors profiled
6
subcategories
$31B
market size 2025
340%
YoY prompt injection increase
Browse vendors → AI threat landscape →
AI threat landscape · 2026

What you're actually defending against

The AI security problem is categorically different from traditional cybersecurity. The attack surface is semantic, not syntactic — which means your existing controls don't cover it.

🎯
Prompt injection
OWASP #1 for LLMs 2025. Malicious instructions embedded in documents, emails, and web content that AI agents process — causing data exfiltration, unauthorised actions, or account takeover. Attack attempts rose 340% YoY in Q4 2025. Indirect injection (embedded in content) now accounts for over 80% of attempts.
👁
Shadow AI
47% of GenAI users access tools via personal, unmanaged accounts in 2026, bypassing enterprise security controls entirely. Shadow AI is the most pervasive operational challenge — data leaves your environment through channels your security stack cannot see.
☠️
Model supply chain attacks
Poisoned pre-trained models, malicious Hugging Face packages, compromised fine-tuning datasets. The January 2026 DeepSeek security crisis — exposing databases and prompting government bans worldwide — demonstrated these risks at scale. Third-party model dependencies are the new open-source vulnerability surface.
🔗
Agentic AI risk
AI agents with tool access — email, file systems, APIs, code execution — create a new privileged execution surface. A single prompt injection against an agent with broad permissions can chain into data exfiltration, credential theft, or lateral movement at machine speed. Each additional tool integration multiplies attack impact.
🧬
RAG and data poisoning
PoisonedRAG (accepted USENIX Security 2025) enables attackers to inject semantically meaningful poisoned texts into RAG knowledge bases, causing AI systems to generate attacker-controlled outputs. Vector embeddings — previously assumed safe — can leak the original sensitive text through inversion attacks.
⚖️
Regulatory risk
The EU AI Act reaches full applicability in August 2026. High-risk AI systems face mandatory conformity assessment, bias audits, and incident reporting. In the US, 45 states introduced 1,561 AI bills in 2025 alone. Non-compliance is no longer a future risk — it is a current operational requirement.
The hard truth about prompt injection

The UK National Cyber Security Centre warned in December 2025 that prompt injection may never be fully mitigated the way SQL injection was. LLMs are, in the NCSC's framing, "inherently confusable deputies" — systems that can be coerced into harmful actions because there is no reliable internal separation between trusted instructions and untrusted content. No vendor in this category can claim to have solved this. What they can do is dramatically reduce attack success rates, detect and alert on injection attempts, and limit the blast radius when attacks succeed.

16 vendors · April 2026

Vendor profiles

Independent analysis of 15 vendors competing across six AI security subcategories. No vendor funds or influences coverage.

Palo Alto Prisma AIRS
Platform
The most comprehensive AI security platform after acquiring Protect AI (completed July 2025). Q2 FY2026: Prisma AIRS surpassed 100 customers with a nine-figure pipeline materialising. Bookings doubled from Q1 to Q2. Covers AI-SPM, MLSecOps, runtime guardrails, and model supply chain security.
Capability
82
Health
90
Best forExisting Palo Alto / Prisma Cloud customers; enterprises wanting consolidated AI security.
Divisional · PANW · 30%+ op margin · $6.33B NGS ARRRead profile →
Microsoft AI Security
Platform
Microsoft's layered AI security stack: Purview AI Hub (data governance), Defender for AI (threat detection), Agent 365 (agent governance in E7), and Azure AI Content Safety (runtime filtering). Strongest in M365/Azure environments.
Capability
76
Health
96
Best forM365 E5/E7 enterprises; Azure-native AI deployments; Copilot governance programmes.
Divisional · NASDAQ: MSFT · E7 GA May 2026Read profile →
Cisco AI Defense
Platform
Cisco's AI security platform incorporating the Robust Intelligence acquisition ($400M, 2024). Covers AI application security, model validation, and runtime protection. FedRAMP pathway available. Strong enterprise sales motion through existing Cisco relationships.
Capability
75
Health
88
Best forCisco-heavy enterprises; regulated industries needing FedRAMP AI security; US Federal.
Divisional · NASDAQ: CSCOProfile coming →
Lakera
Runtime guardrails
Best-in-class prompt injection detection and LLM guardrails. Co-author of OWASP Top 10 for LLMs 2025. Two-product approach: Lakera Red (pre-deployment automated red teaming) and Lakera Guard (real-time runtime protection). Does not cover model scanning or supply chain security.
Capability
78
Health
68
Best forEnterprises deploying LLM applications needing real-time prompt injection defence and pre-deployment testing.
Private · Series B · ~$30MProfile coming →
Wiz AI-SPM
AI-SPM
CNAPP-integrated AI-SPM from Wiz (Google-acquired $32B Q1 2026). Discovers AI models, training data exposure, and shadow AI within cloud infrastructure. Strongest when combined with Wiz CNAPP for correlated cloud + AI risk context. Weaker outside GCP/AWS/Azure infrastructure scope.
Capability
72
Health
88
Best forExisting Wiz CNAPP customers; cloud-native enterprises needing AI risk in infrastructure context.
Divisional · Google · $32B acquisitionRead profile →
Cyera AI-SPM
AI-SPM
AI data security from Cyera's DSPM platform. Discovers AI training data exposure, shadow AI deployments, and GenAI data risk. Data-centric approach — strongest for understanding what sensitive data your AI models are seeing. See Cyera's Cyberstarts conflict disclosure.
Capability
74
Health
72
Best forEnterprises with sensitive data exposure concerns in AI; existing Cyera DSPM customers extending to AI security.
Private · Series F · $9bn valuation · Cyberstarts ⚠Read profile →
Varonis Atlas AI
AI-SPM
Atlas AI platform launched Mar 2026 · AllTrue.ai integrated · RSAC 2026 keynote
The most differentiated AI security entrant in early 2026. Varonis launched Atlas AI in March 2026 (integrating AllTrue.ai, acquired Feb 2026 for ~$150M). CEO Yaki Faitelson keynoted RSAC 2026 — "Robots vs. Robots." Platform covers AI agent discovery, shadow AI visibility, behavioural guardrails, and lifecycle governance, all tied to Varonis's data access graph. Combined with Varonis's data-centric platform — identity, permissions, classification, behavioural analytics — this creates a uniquely complete picture: not just what AI agents are, but what data they can touch.
Capability
76
Health
78
Best forEnterprises wanting AI security grounded in data access and identity — not just prompt-level guardrails. Existing Varonis customers. Organisations deploying Copilot or autonomous agents with access to sensitive data.
Why this matters Most AI security tools focus on prompt-level protection. Varonis + AllTrue covers what most vendors miss: once an AI agent is compromised or misbehaves, what enterprise data can it actually reach? The combination of AllTrue's agent observability with Varonis's data graph answers that question in production environments that other platforms cannot.
Public · NASDAQ: VRNS · Atlas AI launched Mar 2026 · RSAC keynote · ⚠ Public-source dataProfile coming →
Securiti AI Governance
AI governance
Broadest AI governance and compliance framework in the category. EU AI Act compliance workflows, AI model data exposure, AI system risk classification. Now part of Veeam — Agent Commander launched Feb 2026 integrates backup resilience with AI governance.
Capability
75
Health
82
Best forEU AI Act compliance; multi-jurisdiction regulated enterprises; CISOs and Chief Privacy Officers sharing a platform.
Acquired · Veeam · $1.725B Dec 2025Read profile →
HiddenLayer
MLSecOps
Specialist in ML model security — adversarial attack detection, model theft prevention, and data poisoning defence at runtime. Deepest MLOps integration. Purpose-built for teams running proprietary ML models. Limited LLM guardrails and no open-source community programme.
Capability
74
Health
65
Best forEnterprises with proprietary ML models in production needing real-time adversarial attack defence.
Private · ~$56M raisedProfile coming →
Prompt Security
Runtime guardrails
2025 Gartner Cool Vendor in AI Security. Acquired by SentinelOne in 2025. Runtime protection for LLM applications with embedding-level prompt injection detection and RAG pipeline security. Integration into the SentinelOne Singularity platform underway.
Capability
72
Health
62
Best forSentinelOne customers; enterprises securing GenAI applications at runtime with embedding-level injection detection.
Acquired · SentinelOne · 2025Profile coming →
Aim Security
AI-SPM
AI-SPM platform acquired by Cato Networks in 2025. Provides visibility and risk management for shadow AI, sanctioned SaaS AI applications, and enterprise AI deployments. Strong for discovering and managing unsanctioned AI use across the organisation.
Capability
70
Health
60
Best forEnterprises with shadow AI exposure; organisations needing AI app inventory and risk scoring before formal governance.
Acquired · Cato Networks · 2025Profile coming →
Noma Security
AI-SPM
Pure-play AI-SPM covering AI asset discovery, risk assessment, and compliance automation across the full AI development lifecycle. Native integrations with MLflow, Weights & Biases, Hugging Face, and major cloud AI services. Fastest-growing pure-play in the AI-SPM segment.
Capability
68
Health
58
Best forML engineering teams building AI applications; enterprises needing full AI development lifecycle security.
Private · Series A · ~$32MProfile coming →
CalypsoAI
AI governance
Focused on AI governance, policy enforcement, and compliance. FedRAMP pathway and air-gapped deployments available. Founded 2018 — oldest company in the AI security category. ~$68M including US government contracts. Does not offer adversarial testing, red teaming, or model scanning.
Capability
65
Health
60
Best forUS government and regulated industries; enterprises needing AI policy enforcement, auditability, and FedRAMP compliance.
Private · ~$68M inc. govt contractsProfile coming →
Mindgard
Red teaming
AI-specific penetration testing platform (DAST-AI) from Lancaster University spinout. Gartner-recognised emerging innovation in AI Security Testing. Reduces AI red teaming from months to minutes. Purpose-built for finding AI-specific vulnerabilities that traditional AppSec tools miss.
Capability
67
Health
55
Best forSecurity teams needing automated AI-specific vulnerability testing; organisations with AI red teaming mandates.
Private · University spinout · UKProfile coming →
Adversa AI
Red teaming
The most focused adversarial robustness specialist in the category. Pure red teaming and adversarial ML testing — no guardrails, no supply chain security, no AI firewall. Small team (~$5M seed), narrow but deep expertise. Research-oriented; not an enterprise platform.
Capability
60
Health
48
Best forResearch-oriented security teams; organisations needing adversarial ML robustness validation for specific high-risk models.
Private · ~$5M seedProfile coming →
ZenData
AI governance
Early-stage AI data governance and EU AI Act compliance platform. Automated AI system inventory, risk scoring, and regulatory mapping. Small team, limited enterprise scale. Interesting for compliance teams building EU AI Act programmes who cannot yet justify enterprise-tier platforms.
Capability
58
Health
52
Best forCompliance-first teams needing EU AI Act automation; early-stage AI governance programmes not yet ready for enterprise platforms.
Private · Seed stageProfile coming →
Full profiles coming Q2 2026

Individual vendor profiles for Cisco AI Defense, Lakera, HiddenLayer, Prompt Security, Aim Security, Noma Security, CalypsoAI, Mindgard, Adversa AI, and ZenData are being researched and will be published over the next eight weeks. Methodology follows the same standards as the Data Security category — see methodology page.