The solution prevents employees from exposing sensitive information to tools like ChatGPT, as well as securing organizations’ AI products from new attacks like prompt injection and jailbreaks
Tel Aviv, Israel, January 24, 2024 — Prompt Security, the unified platform for enterprise generative AI security, launched from stealth today and announced $5M in seed funding. The round was led by Hetz Ventures with participation from Four Rivers and prominent angels including CISOs at Elastic, Dolby and a CISO from Cyberfuture, a global CISO investment alliance. Prompt Security is already helping dozens of high-profile companies protect their applications, employees, and customers from new generative AI-associated threats.
Recent research by Google showed that LLMs like ChatGPT can be induced to reveal large amounts of data on which they were trained. The New York Times' lawsuit against OpenAI and Microsoft — alleging that ChatGPT can output near-verbatim article excerpts in its responses to users — further highlights the potential for generative AI tools to leak training data.
“Generative AI is rapidly infiltrating enterprises and this brings a world of new high-stakes risks,” said Itamar Golan, CEO and co-founder of Prompt Security. “Employees have a strong incentive to share enterprise data with gen AI tools, which are often trained on the data and can leak it afterwards. Likewise, when organizations integrate gen AI into their products it opens them up to a host of security challenges, including models being manipulated by bad actors, and content being generated that is unsafe or infringes on copyright. Yet despite all the risks, gen AI unlocks immense value, and adopting it isn’t a matter of choice — it’s key to business survival.”
Prompt Security enables enterprises to benefit from the adoption of generative AI while protecting from the full range of risks to their applications, employees and customers. At every touchpoint of generative AI in an organization — from AI tools used by employees to AI integrations in customer-facing products — Prompt Security inspects each prompt and model response to prevent the exposure of sensitive data, block harmful content, and secure against a range of gen AI-specific attacks. The solution also provides leadership of enterprises with complete visibility and governance over the AI tools used within their organization.
“We empower CISOs to become the gen AI enablers of their organization, without sacrificing on security or data privacy,” said Golan. “Our mission is to enable enterprises to confidently adopt transformative AI technology on a massive scale by securing their generative AI footprint end-to-end.”
"We wanted to invest in the generative AI security space and were looking for the right team,” said Pavel Livshiz, General Partner at Hetz Ventures. “After getting to know Itamar and Lior, I can say without a doubt that they uniquely understand both the incredible potential of generative AI as well as the new attack surface that comes with it. Their ambitious vision for a unified security solution deeply resonates with the need of enterprise CISOs, and they’ve put together the perfect team to execute on this vision."
Prompt Security can be easily deployed in an organization in minutes, with extensions for all major browsers and multiple methods for securing applications including a developer SDK. Its capabilities include:
- Security: Prompt Security inspects semantic data, looking at every prompt and model response to protect against a range of new threats, like prompt injection, jailbreaking, data extraction, and more.
- Governance: Security and AI leaders are provided visibility into the usage of gen AI tools within their organization, and can define access policies per application and user group. Prompt Security employs an LLM-agnostic approach to detecting AI tools based on usage patterns, enabling the identification of thousands of tools.
- Data Privacy: Contextual LLM-based models are used to detect and redact sensitive data, ensuring information like PII, PHI, and intellectual property is properly safeguarded.
- Safety: Responses from gen AI tools are scrutinized to ensure they do not contain harmful or toxic content.
About Prompt Security
Founded in August 2023, Prompt Security delivers a complete solution for all generative AI security in the enterprise. Its robust platform supports millions of prompts and thousands of users per month. The founding team combines deep expertise in both cybersecurity and AI, with years of experience building and securing machine learning systems at organizations like Check Point, Orca Security, and Israel’s elite intelligence unit 8200. Prompt’s CEO Itamar Golan was on OWASP Top 10 for LLM Applications core team and Prompt’s CTO & co-founder Lior Drihem contributed to the project. The Prompt Security team of researchers has created proprietary LLMs and developed novel patent-pending techniques for detecting generative AI threats and addressing the associated risks.
Annex to the Press Release
Generative AI is the new mainstream, but its unprecedented adoption also poses brand new security challenges for the organization.
As GenAI spreads virally within organizations, both security leaders but also those tasked with leading AI-related innovation in the organization should be aware of various GenAI-associated risks. The main ones, from our perspective, are:
- Shadow AI & Data Leakage: Adoption, usage, and integration of various GenAI tools without any visibility to security teams, opening the door for data exfiltration and exposing critical company assets and IP. Once sensitive data from the organization is being streamed to these GenAI tools, there's a significant probability that this data will be used for future training of the LLMs and potentially be generated by these tools on external endpoints.
- Jailbreaks/Prompt Injection: Organizations that have customer-facing applications with GenAI capabilities embedded in them is another significant risk and attack vector: A malicious actor could craft a prompt, not necessarily too sophisticated, and expose data or respond in inappropriate ways, leading to reputational damage. But it can go as far as causing denial of service attacks, RCE or SQL injections, with the associated legal and financial implications.
For the consolidated list of AppSec and IT-related threats, visit: https://www.prompt.security/#llm-vulns
OWASP Top 10 for LLMs and Prompt team’s contribution to it.
The OWASP Top 10 for LLMs is a list of the most critical vulnerabilities found in applications utilizing LLMs. It was created to provide developers, data scientists, and security experts with practical, actionable, and concise security guidance to navigate the complex and evolving terrain of LLM security.
The creation of the OWASP Top 10 for LLMs list was a major undertaking, built on the collective expertise of an international team of experts and contributors, among them, Prompt’s CEO Itamar Golan who was on the core team and Prompt’s CTO & co-founder Lior Drihem, that contributed to the project.
What makes Prompt Security unique
While there’s been a lot of buzz around AI, Generative AI, cybersecurity and what the future holds, there still hasn’t been a one-stop solution for protecting the organization from all GenAI-related threats.
Prompt is the only one-stop security platform designated to protect against all GenAI concerns. With easy onboarding, security leaders can enable GenAI throughout the entire organization within a few hours: from employees using Shadow AI on their browsers, to developers building with Copilot, up to product managers building customer-facing GenAI features. Organizations will have visibility, governance, and real-time protection on all aspects. The solution can also be deployed on-premises, offering the best detection rate and with negligible impact on latency.
Prompt is committed to empowering organizations to unleash the innovation that GenAI tools facilitate.
A little bit more about our founders…
Itamar Golan, CEO and co-founder of Prompt Security. Over 15 years of experience in the AI field. He's spent the majority of his career in the exciting world of cybersecurity, having worked in organizations like the IDF, Check Point, and Orca Security. Since 2017, he's been delving into the fascinating world of Deep Neural Networks and Large Language Models (LLMs) for cybersecurity. Notably, he's contributed as a core member to the OWASP Top 10 for LLM Apps and he’s a renowned voice in the space of AI, Generative AI and their intersection with cybersecurity. Follow Itamar on LinkedIn for regular updates and POCs on the newest GenAI tools and LLM models.
Lior Drihem, CTO and co-founder of Prompt Security. Lior has been crafting innovative security solutions for over 25 years. Lior's journey has taken him through esteemed organizations like the IDF, Check Point, and Orca Security. With a portfolio boasting more than 25 patents, he's known for taking ideas from the drawing board to millions of users, including WAFs, DLP systems, and Browser Extensions. Currently, he's leading the technological vision and implementation to develop the complete security platform for GenAI.
Additional Supporting Quotes
Dr. Danny Portman from Zeta Global: “Prompt Security has been an invaluable partner in ensuring the security and integrity of our multi-agent Generative AI application, ZOE. I anticipate that the criticality of protecting our AI from prompt injections and other adversarial attacks will rise significantly over the next year, as those techniques become more wide-spread and publicly available. Prompt Security’s industry-leading expertise in detecting and preventing prompt injections, as well as other flavors of Large Language Model attacks, has given us peace of mind, ensuring that our AI application can consistently deliver trustworthy results, fully protected from malicious abuse. Their dedication to cybersecurity and the innovative field of LLM security measures is truly commendable.”
Mandy Andress, CISO of Elastic, “In today's landscape, every CISO must navigate the tricky balance between embracing GenAI technology and maintaining security and compliance. Prompt serves as the solution for those who aim to facilitate business growth without compromising data privacy and security.”