Startup Showcase Registry: Innovating Cloud and AI Security

The Aim AI Security Platform enables enterprises to secure every AI interaction throughout their AI adoption journey, from AI applications used directly by employees to third-party enterprise applications with embedded AI features, and custom-built AI applications.

Beyond security, Aim offers comprehensive data and analysis on AI usage within organizations, equipping business leaders and executives with crucial insights for strategic planning. This information is invaluable for security leaders, enabling them to effectively communicate with their AI committees about adoption rates and the return on investment (ROI) of AI initiatives. Moreover, it highlights the successes of security measures in safeguarding these technologies, fostering a deeper understanding of their impact and value.

We offer three main solutions, allowing customers to choose based on their AI adoption and maturity journey:

Secure AI Use - Aim's Secure AI use solution provides a single policy enforcement point for security and compliance guardrails. It monitors user prompts to preemptively identify and mitigate potential malicious use, ensuring compliance with legal and regulatory obligations. Customers can also utilize Aim's secure chat alternative, enjoying the benefits of popular public GenAI tools like ChatGPT or Google Gemini without the associated security risks.

AI-SPM - Customers can protect their AI initiatives and data supply chain integrity with full visibility and control over models connected to enterprise data. We begin by creating a comprehensive inventory of AI models and data within your environment, detailing their interrelationships. A deep scan of the AI models follows, identifying and proactively addressing security and compliance violations. We mitigate risks through a standard posture management workflow, eliminating potential attack paths targeting your AI models.

AI-Firewall - Aim's innovative engine specializes in detecting runtime attacks, offering proactive defense against various threats. Deployed inline with models, it operates between the application and the model, functioning both in-band and out-of-band. This versatile architecture allows the engine to swiftly identify anomalies and potential self-attacks, enabling timely intervention to mitigate risks. With its robust capabilities, the engine not only detects but also proactively blocks malicious activities within the application environment.

Apex Security provides comprehensive visibility, detection, and prevention for enterprises facing Generative AI threats, empowering companies to use Generative AI safely.

Apex connects to enterprise Generative AI copilots and applications seamlessly and without agents, delivering ready-to-go integrations with all leading Generative AI platforms—including ChatGPT Enterprise, Microsoft Copilot, GitHub Copilot, and self-built Generative AI applications.

Apex offers full visibility into a company's Generative AI usage, detection, and prevention processes through advanced AI algorithms developed in-house by Apex's Threat Intelligence team. This elite group—made up of special forces veterans and AI researchers—possesses deep expertise in both attacker tactics and Generative AI systems.

Apex also provides the Apex Portal for safely using Generative AI chats, enabling users to onboard all of the company's Generative AI engines and enjoy a fully productive experience.

The Apex Console enhances the investigation experience for security experts, empowering teams to minimize investigation times and stop attackers as quickly as possible.

With hundreds of ready-to-go detections, Apex's AIDR is constantly updated to identify newly emerging threats, covering every new Generative AI engine or application to stay ahead of potential attacks.

Pangea provides comprehensive, security guardrails for AI applications that developers can add to their apps with just a few lines of code. Pangea's AI security guardrails align with key principles of LLM system security:

Authorization & Access Control:

- Pangea delivers both authentication and granular authorization controls (RBAC, ABAC, ReBAC) to ensure both human users and AI agents/tools can only access permitted data and systems.
- Pangea moves authorization decisions outside the LLM and also provides tamper-proof audit logging to record all authentication, authorization, and data retrieval/access events.

Prompt Security:

- Pangea's Prompt Guard services detects and blocks adversarial attacks like prompt injection and jailbreaking by analyzing prompt intent and payload and also prevents indirect prompt injection via enterprise data sources during data ingestion

Data Protection:

- Pangea Data Guard service automatically redacts sensitive data and intellectual property from both text and PDFs to prevent unauthorized data exposure across both the data ingestion pipeline and inference pipeline of AI apps.
- Pangea also delivers content scanning and threat intelligence to detect malicious domains, URLs, and files that could compromise AI systems
- Pangea helps prevent training data poisoning through content disarmament and reconstruction for documents entering the system

Pangea's security guardrails implement defense-in-depth through multiple security layers (AuthN, AuthZ, Data Guard, Prompt Guard) and provide comprehensive and tamperproof AI audit and monitoring capabilities. Pangea is app, cloud, framework, and LLM agnostic and gives developers pre-built AI security features they can add to their apps via APIs. Once embedded, Pangea's AI security guardrails give security and risk management teams visibility and real-time control over AI application security posture via Pangea's SaaS configuration control plane.

Command Zero is the autonomous & AI-assisted investigations platform, built to transform security operations in complex enterprise environments. It accelerates tier-2+ analysis with a consistent, repeatable and auditable process.

Command Zero thoughtfully combines traditional techniques and Large Language Models (LLMs) to deliver the best security investigation experience possible. The platform comes with embedded technical and investigation expertise in the form of questions. The AI implementation delivers AI-assisted investigations and autonomous investigation flows. LLMs are used for the selection of relevant questions and pre-built investigation flows (facets) within investigations, natural language-based investigation guidance, interpretation of data, summarization, reporting and delivering verdicts.

The platform:

Enables all tier-2+ analysts to perform at the highest level
- Removes the need for technology specific expertise for analysts,
- Uplevels all security analysts to perform at the highest level by sharing institutional knowledge,
- Automates reporting, timeline generation, evidence gathering and other repetitive tasks to speed up investigations,

Ensures consistent, repeatable, auditable investigation processes
- Enables collaborative investigation processes where multiple analysts can build on each other's work.
- Investigation steps can be reviewed for coaching, learning and auditing purposes.
- Investigation steps can be converted into facets (automated workflows) that can be applied to future cases.

Builds persistent context, based on past investigations
- This context can be referenced in new investigations, serving as organizational memory.
- Investigators can review past investigations for a lead and better understand the context of threats/actors/assets.

Our cutting-edge AI Red Teaming platform stands at the forefront of enterprise security, elevating defenses by proactively uncovering and mitigating vulnerabilities in AI systems before adversaries exploit them. Driven by customer-focused threat modeling, we tailor assessments to each organization's specific risk profile, ensuring maximum relevance and impact. At its core is our unmatched, research-driven database—the world's largest repository of AI attacks and risk scenarios—continuously enriched by our dedicated lab. This same lab has rapidly discovered zero-day exploits in leading AI providers mere hours after their public releases, proving our unparalleled expertise and responsiveness.

Beyond technical prowess, our platform offers a holistic approach to testing models, applications, and AI agents across multiple modalities and languages, ensuring comprehensive coverage of potential threats. By simulating real-world adversarial techniques against every stage of the AI lifecycle—from data ingestion and training to deployment and monitoring—we deliver deep insights into system resilience. Our streamlined dashboards align technical details with broader strategic objectives, enabling swift, data-backed decisions for remediation and continuous improvement.

Designed for agility, transparency, and proactive defense, our solution empowers enterprises to innovate with confidence. In a rapidly evolving threat landscape, we remain the best of the best, offering robust, forward-looking protection that keeps your AI investments secure without compromising performance or trust.

TrojAI is an AI security platform that protects AI applications and models. As enterprises build AI applications using a variety of AI/ML models, AI attack surfaces expand, leading to a proliferation of threats on AI systems. These risks, such as prompt injections, jailbreaks, data leakages, IP loss, and toxic and harmful content, can compromise the security and behavior of AI applications. TrojAI helps alleviate these risks by securing AI applications and models both at build time and run time.

TrojAI does this through two core offerings: TrojAI Detect and TrojAI Defend. TrojAI Detect automatically redteams AI models, safeguarding model behavior and delivering remediation guidance prior to deployment. TrojAI Defend is an AI application firewall that monitors and protects enterprises from real-time threats like prompt injection, jailbreaks, model DoS, data leakages, and toxic and harmful content.The integrated TrojAI platform uses the insights and context learned through automated AI redteaming at build time to deliver best-in-class accuracy and effective controls in securing AI model behavior at run time.

While TrojAI helps enterprises secure their AI, it also leverages cutting edge AI/ML in its offerings. TrojAI Detect uses AI/ML to help attack model behavior and evaluate LLM responses, assessing the integrity of the AI application at build time. TrojAI Defend leverages an in-house fine-tuned LLM (TrojGuard) that moderates AI workloads and surfaces AI risks like prompt injection, privacy concerns, and toxic and harmful content. This LLM-based detection technique provides defense in depth protection alongside other modalities of detection, such as pattern matching and AI/ML classifiers.

Designed for speed and accuracy, Sweet ensures security teams focus only on the risks that matter—without the noise. By providing deep runtime insights in real time, Sweet eliminates the need for periodic scans and fragmented logs, streamlining response workflows so teams can detect incidents and remediate threats before they escalate. With built-in vulnerability management and detection and response, Sweet empowers organizations to stay ahead of adversaries by identifying risks at runtime and acting decisively. Founded in 2022 by the former CISO of the IDF and cybersecurity experts with over 20 years of experience, Sweet Security is built on a deep understanding of modern cloud threats. Backed by top-tier investors like Glilot and Evolution with over $33 million in funding, Sweet is redefining cloud security by delivering real-time protection across the entire cloud stack. For more information, visit sweet.security.

Controllo.ai is one the first AI Powered Cyber GRC Compliance Automation Platform that covers several modules (Solutions) such as Cybersecurity, Cloud Security, Privacy, AI Security and many other Frameworks.

Skyhawk merges AI-based Offensive Cloud Security with an AI Model Risk management Framework for CDR to enable a proactive and interactive approach to cloud security for the very first time. It consolidates Breach and Attack Simulation (BAS), Cloud Threat Detection and Response (CDR), Cloud Security Posture Management (CSPM), and Automated Response into one platform.

The Purple Team is an AI-based Red Team that “attacks” the AI-based Blue Team in a Simulation/Digital Twin environment (no production impact). Where the red team passes the blue team indicates a weakness in cloud security. The weaknesses are prioritized based on the asset's business value, so security teams know exactly where to focus, reducing MTTR. The purple team verifies that specific events and behaviors will trigger an alert, so the purple team then creates an automated response, verified in the Digital Twin, to stop the threat, further reducing MTTR.

Skyhawk's AI model Risk Framework continuously evaluates the environment to find threats using three layers of AI models, customized for each customer's cloud, updated daily to ensure alignment with changing cloud architectures. The models sort through logs, telemetry, events, and correlate them into an attack sequence. Once the risk of the attack sequence reaches a specific threshold, it becomes an alert. This saves tremendous time. The SOC knows where they need to focus based on the alerts. Interactive CDR delivers real-time threat verification. An alert is sent to the asset owner while the questionable activity is in progress. The owner confirms the activities, and the SOC can take immediate action.

CISO Quote: “Skyhawk upskills the team and dramatically reduces the time we spend assessing threats so we can focus on solving and stopping threats. This is a critical time - especially when you are in the middle of an attack. The entire team gets hours back in their day while dramatically increasing their productivity by focusing on what matters.”

Enkrypt AI protects enterprises against generative AI risks with its comprehensive security platform that detects threats, removes vulnerabilities, and monitors performance for continuous insights. The unique approach ensures your AI applications are safe, secure, and trustworthy.
Our platform provides AI security controls on all 4 areas of interest for CSA:

1. Automated, AI Offensive Security: Enkrypt AI uses its automated Red Teaming capability to inject the LLM with a variety of real-time, iterative prompts that become increasingly sharper based on the LLM threat and use case. This dynamic risk assessment approach detects significantly more vulnerabilities than static testing alone. Our red teaming technology is also used to develop the LLM Safety and Security Dashboard

2. AI Risk Model Framework: Based on LLM lab research, Enkrypt AI has created the industry's first LLM Security and Safety Leaderboard. Users can easily look up their favorite LLM and see its overall risk score, as well as breakdowns by bias, toxicity, jailbreaking, and malware. It's free of charge to anyone who wants to select the safest and optimal LLM for their AI applications. The Leaderboard helps enterprises accelerate AI adoption in a secure manner while retaining competitive advantage, adhering to compliance standards.

3. Securing LLM Back-end Systems: Enkrypt AI secures both RAG models and models undergoing fine-tuning to ensure they are optimized for accuracy and safety. Our research shows that fine-tuned models lose alignment and are more vulnerable to jailbreaks than their base counterparts. For such issues, Enkrypt AI provides safety alignment solutions and enhances safe usage of the fine-tuned model.

The platform also performs data security audits to ensure the data that powers Gen AI applications is free from threats. For example, Enkrypt AI can detect and remove an indirect injection attack hidden within the data that could cause an AI chatbot to launch a phishing attack.

4. AI Governance Readiness: Enkrypt AI enables enterprises to effortlessly attain compliance with any regulation or internal policy. Users simply upload their regulation document of choice into Enkrypt AI and the platform automatically provides AI governance readiness on that regulation. Dashboard reports provide enterprise visibility on all AI performance, risk, and compliance. You'll also see cost savings from every threat detected and removed.

At Repello AI, we don't wait for trouble — we hunt it down. Our mission is simple: secure your AI systems by proactively identifying and neutralizing safety and security threats before production, using an attacker's perspective.

We've built an evolving AI-specific threat intelligence repository that guards against risks like system prompt leaks and poisoned knowledge bases, as per OWASP Top 10 for LLMs. Our approach adapts to emerging threats, shifting left to catch weaknesses early and protect right through deployment.

Why does this matter? AI is central to your business. One flaw can lead to significant financial and reputational damage. With Repello AI, you stay ahead of threats, ensuring your AI systems are robust and reliable.

Culminate makes customer's SOC the best SOC by offering AI SOC analysts that fully automate tier-1 investigations with breakthrough quality, speed and coverage.

Acting as an intelligent virtual team member, Culminate connects via API to systems like SIEM, EDR, Cloud, Email, and more. Triggered by alerts from your existing systems, it autonomously performs tier-1 investigations around the clock, taking no more that 10 minutes per investigation as opposed to multiple hours per human-only investigation. It dynamically generates investigation plans that mimic human expertise and adapts to your environment. The result - detailed, auditable reports that include an investigation timeline, all key evidence compiled, and a clear decision recommendation for every alert.

The end result is that with AI SOC Analyst, companies are finally catching up to the alert overflow that has plagued their SOCs for the last decade:
100% of alerts are investigated without human input and investigations are 3x more accurate than human-only analysis, so no critical alerts are missed. Tier-1 investigations are delivered in less 10 minutes, so real threats are stopped before they can cause damage. And, customers gain 24/7 SOC capabilities at a fraction of the cost of hiring additional analysts and gain a natural language interface that breaks down security data silos and eliminates the need for complex tool syntax, both of which maximize the ROI on their existing security tools. This is how Culminate leverages the power of AI to revolutionize security operations and ensure security team's stays ahead of the curve.

Culminate has saved customers hundreds of thousands of hours per year by filtering out false positives while detecting real threats. Our customers are able to 10X their alert investigation throughput while reducing investigation time by 75%. Our solution has been battle-tested, earning us #1 human performance in the DEFCON SOC competition. Our human + AI SOC analyst team is 12X more efficient than the 80% majority.

Culminate is part of the top 20 AWS GenAI Accelerator startup. It is also a winner of the 2024 RSA Launchpad competition.

The Truyo AI Governance Platform offers a comprehensive solution for organizations aiming to adopt artificial intelligence responsibly and compliantly. It provides end-to-end visibility into AI usage and associated risks, facilitating safe AI integration without hindering innovation.

Key Features:

- AI Inventory Management: Truyo automates the detection of AI applications within your organization by scanning websites, source code, and content. This process compiles a detailed inventory of AI use cases, enabling thorough analysis of their purposes and impacts.
- Risk Assessment and Mitigation: The platform offers specialized assessments to evaluate AI-related risks, including potential biases and compliance issues. It also assesses vendor AI practices to ensure alignment with your organization's standards. Identified risks are documented in a centralized register, providing a clear overview for effective mitigation.
- Policy Development and Transparency: With insights from the risk register, organizations can establish policies and guidelines that promote secure AI adoption. Truyo also assists in creating public-facing notices, enhancing transparency and building consumer trust.
- Continuous Monitoring and Automation: The platform features interactive dashboards that offer real-time visibility into AI governance activities, categorized by risk levels. Automated workflows streamline compliance processes, ensuring sustained adherence to evolving AI regulations.
- Model Validation and Data Protection: Truyo includes tools for validating AI models to detect and rectify biases or discriminatory patterns. It employs data scrambling and de-identification techniques, allowing for the training and testing of models without compromising personal information.

By integrating these features, the Truyo AI Governance Platform empowers organizations to manage AI deployments effectively, ensuring they are ethical, transparent, and compliant with current and forthcoming regulations.

Alert AI is interoperable, end-to-end security platform for Generative AI applications and workflows in Insurance, Banking & Financial services, Retail, Healthcare, Pharma, Energy, Manufacturing, Government.

With over 100's of integrations, 1000's of detections, easy to deploy and manage services Alert AI seamlessly integrates to provide 360 degrees GenAI Visibility, LLM and Model Vulnerability management, Adversarial threat detection , Privacy, Integrity, Risks in AI Business applications, workflows, environments.

Enhance, Optimize, Manage security of Generative AI applications with Alert AI domain-specific security guardrails.

Ghost Security is re-defining application security for the cloud and AI age by helping teams identify their applications risk and posture while automating security testing, compliance and remediation all from on modern platform.

Our platform is a combination of "ASPM", Application Security and Posture Management and next generation "DAST" Dynamic Application Security Testing, in one efficient and modern platform focused on protecting enterprise applications in the cloud.

Swift Security is led by Neil King and Naveen Bachkethi, is rapidly advancing in the Gen AI security space.

Product is already ready and running POC in close to 8 companies including one company having more than 10B valuation in health care insurance sector.

Neil, the former Founder and CEO of Sift Security (Netskope's first acquisition), and Naveen, the Founder and former CEO of CBNITS(400+ engineers/10+ Million revenue services company), bring deep expertise from their leadership roles at McAfee, VMWare, Verisign and Netskope.

Currently bootstrapped with a talented team of ~20 engineers, many from leading cybersecurity companies like Palo Alto Networks, McAfee, and Netskope, Swift Security offers comprehensive solutions that provide complete visibility into sensitive data access and protect against threats in Generative AI environments.

ComplianceCow is the next generation Agentic Security GRC Middleware providing better, contextual data for your Generative AI Security Controls to your existing GRC systems at DevOps speed. Our Workflow Studio enables enterprises to meet users where they are: on Slack, Teams or Webex. Leading Software Technology companies use ComplianceCow to run audits 50x more frequently, with 1/10th of the effort, realizing 75% cost reduction on evidence collection, controls testing, gap analysis and remediation. ComplianceCow makes Continuous Monitoring and Management of Enterprise Generative AI security controls super easy.

Straiker provides unmatched real-time protection for AI applications and agents with an AI-native security solution. The advanced AI engine employs a medley of finely-tuned models to deliver precise, lightning fast security. The proprietary models are trained with intelligence from its AI Security Research Team (STAR) and reasoning across every layer of AI apps and agents to ensure complete protection. Founded by a team of AI and cybersecurity veterans, Straiker is backed by Lightspeed and Bain Capital Ventures and guided by advisors with deep expertise in AI, cybersecurity, and company building. For more information, visit www.straiker.ai.

Healthcare and life sciences organizations face significant barriers to adopting AI due to the sensitive nature of their data. Private AI unlocks the power of AI by transforming unstructured, sensitive data into usable, de-identified datasets — without compromising privacy or compliance. Our linguistics-first approach allows you to safely train models, run advanced analytics, and drive AI innovation in patient care and research.

Singulr AI gives you the power to take charge of your organization's AI landscape by rapidly vetting AI services, tools, and agents for specific users or teams—so no AI operates without your knowledge or consent. Singulr AI allows our to achieve total visibility across every AI interaction, ensuring security, compliance, and transparency at all times. Our platform embeds governance and security from day one into AI development and innovation as well as the adoption of AI services, tools and agents from sources external to your organization to eliminate bottlenecks, streamline approvals, and accelerate AI initiatives from request to production. Stay ahead of evolving AI features and functions, and gain exclusive intelligence on usage and services through Singulr's TrustFeed capabilities. Arm your workforce with the proven tools and best practices needed to manage risk, threats, and exposure. As the most expansive AI security and governance platform on the market, we'll help you build and enforce the policies that keep your business one step ahead.

Precize is a Security Orchestration Agent that enhances security tools by unifying data, enriching insights, and enabling workflows to prioritize vulnerabilities, uncover critical risks, and safeguard AI systems.

The Grip SaaS Security Control Plane (SSCP) platform provides robust protections against shadow AI SaaS applications and leverages automation to help security teams address this critical security challenge. As AI tools increasingly make their way into organizations through SaaS applications that employees sign up for independently, today's security controls cannot keep pace with AI adoption. The unchecked growth of AI SaaS apps creates AI risk creep that companies are not managing today. Grip's solution discovers, prioritizes, and mitigates AI risks by leveraging identity as the central control point, providing the most complete view of AI SaaS use in a company.

The unique approach of leveraging identity as a control point enables comprehensive discovery, monitoring, and control of federated and unfederated AI SaaS applications. By integrating seamlessly with enterprise email systems, Grip uncovers all SaaS usage within an organization, including unauthorized and abandoned AI tools, and provides real-time insights into potential vulnerabilities. The platform dynamically assesses risk, applying business contextual intelligence and SaaS insights, such as the number of users, the rate of adoption, and the data that is typically used in the AI application.

Grip's identity-centric approach empowers security teams to detect, control, and manage identity risks from shadow AI and other shadow SaaS services, delivering unparalleled visibility and control over SaaS usage across the organization.