AI Security Landscape

Compare the top AI guardrails, agent firewalls, and observability platforms. Find the right alternative for your specific use case.

99 Solutions Listed
Updated for 2026
New Research

Navigating the Security Landscape of Agentic AI

Confused by the market noise? Read our comprehensive CISO guide on the emerging threats, architectural shifts, and security solutions for autonomous agents.

Read the Whitepaper
Lakera (Check Point)
Score: 8.8/10

Lakera (Check Point)

Runtime Guardrails & AI Firewall

A focused runtime security layer protecting against prompt injection, PII leakage, and hallucinations via API. Acquired by Check Point in late 2025 (~$300M reported); Lakera Guard and Lakera Red remain live products and anchor Check Point's Center of Excellence for AI Security.

Usage-based / Quote
Runtime LLM Guardrails
Key Features
  • Prompt injection defense
  • Hallucination detection
  • PII redaction
Comparisons
P
Score: 8.6/10

Promptfoo

AI Red Teaming & Testing

Developer-friendly CLI tool for testing, evaluating, and red teaming LLM applications.

Open Source / Cloud
Red Teaming
Key Features
  • Eval Matrix
  • Red Teaming
  • Regression Testing
Comparisons
Meta (Llama Guard)
Score: 8.6/10

Meta (Llama Guard)

Runtime Guardrails & AI Firewall

A set of LLM safeguards designed to detect violating content across multiple use cases. Model-based guardrail.

Open Source
Content Safety
Key Features
  • Input/Output filtering
  • Safety classification
  • Customizable taxonomy
Comparisons
Lasso Security
Score: 8.5/10

Lasso Security

Agent & MCP Security

A GenAI-first platform focused on protecting LLM interactions, offering a secured gateway, browser integrations, and specialized protection for AI agents via MCP.

Custom Quote
LLM Interaction & Agent Security
Key Features
  • MCP Secure Gateway
  • Red teaming tools
  • Toxic content monitoring
Comparisons
B
Score: 8.5/10

Braintrust

Observability & Evaluation

Platform for evaluating, logging, and refining AI products with enterprise-grade security and scale.

Usage Based
Evals & Logging
Key Features
  • Evaluations
  • Prompt Management
  • Datasets
Comparisons
Protect AI (Palo Alto Networks)
Score: 8.4/10

Protect AI (Palo Alto Networks)

AI-SPM & Governance

Unified platform for MLSecOps, focusing on model scanning, supply chain security (AIBOM), and runtime protection (Guardian). Acquired by Palo Alto Networks in July 2025 and natively integrated into Prisma AIRS (3.0 launched March 2026 for agentic AI security).

Custom / Tiered
MLSecOps & Supply Chain
Key Features
  • AI-SPM
  • AIBOM generation
  • Model vulnerability scanning
Comparisons
Securiti
Score: 8.4/10

Securiti

Data Security & Privacy

Centralized platform enabling safe use of data and AI with strong governance and privacy controls.

Enterprise
Data Privacy & Governance
Key Features
  • Data Mapping
  • AI Governance
  • Privacy Automation
Comparisons
L
Score: 8.4/10

Langfuse

Observability & Evaluation

Open-source observability and analytics for LLM applications, focusing on traces and evaluations.

Open Source / Cloud
Tracing & Eval
Key Features
  • Tracing
  • Evaluations
  • Prompt Management
Comparisons
garak (NVIDIA)
Score: 8.4/10

garak (NVIDIA)

AI Red Teaming & Testing

Generative AI Red-teaming & Assessment Kit, now maintained by NVIDIA. Scans LLMs for hallucinations, data leakage, and prompt injection with a comprehensive probe library.

Open Source
Automated Red Teaming
Key Features
  • Hallucination probes
  • Injection probes
  • Jailbreak testing
Comparisons
Wiz (AI-SPM)
Score: 8.4/10

Wiz (AI-SPM)

AI-SPM & Governance

Wiz AI-SPM extends its agentless CNAPP to discover every AI asset via an AI-BOM, covering Bedrock, Azure OpenAI, Vertex AI, and self-hosted models. In 2025–26 it added runtime monitoring for rogue agents, prompt injection, and behavioral drift, with attack-path analysis connecting AI misconfigurations to sensitive training data via DSPM.

Enterprise quote (Wiz platform)
AI Security Posture Management
Key Features
  • AI-BOM discovery without agents
  • Misconfiguration rules for OpenAI/Bedrock/Vertex
  • DSPM for AI training data
Comparisons
Prompt Security (SentinelOne)
Score: 8.3/10

Prompt Security (SentinelOne)

Runtime Guardrails & AI Firewall

Secures the entire lifecycle of Generative AI, protecting employees from risky AI use and developers from insecure model integrations. Acquired by SentinelOne in September 2025 (~$250M reported) and integrated into the Singularity platform for prompt injection, data leakage, and shadow AI protection.

Subscription / Quote
Enterprise GenAI Governance
Key Features
  • Insecure output detection
  • IP exfiltration protection
  • AI Red Teaming
Comparisons
Zscaler (GenAI Security)
Score: 8.3/10

Zscaler (GenAI Security)

Data Security & Privacy

Leverages Zscaler's Zero Trust Exchange to provide visibility into Shadow AI, enforce data loss prevention (DLP) policies, and control access.

SaaS Subscription
Data Loss Prevention (DLP)
Key Features
  • Shadow AI discovery
  • Contextual AI policies
  • Smart prompt blocking
Comparisons
Cisco AI Defense (Robust Intelligence)
Score: 8.3/10

Cisco AI Defense (Robust Intelligence)

Runtime Guardrails & AI Firewall

Robust Intelligence pioneered the AI firewall and automated model assessment. Acquired by Cisco in 2024, its technology now ships as Cisco AI Defense — runtime protection, model validation, and AI visibility integrated with the Cisco security stack.

Enterprise (Cisco)
AI Firewall & Assessment
Key Features
  • AI Firewall
  • Continuous Validation
  • Model Assessment
Comparisons
Private AI
Score: 8.3/10

Private AI

Data Security & Privacy

Specializes in PII identification and redaction for text, audio, and images, often used as a pre-processing layer for LLMs.

License / API
Data Privacy / PII
Key Features
  • PII Redaction
  • Synthetic Data Generation
  • Audio Redaction
Comparisons
P
Score: 8.3/10

Patronus AI

AI Red Teaming & Testing

Automated evaluation and security testing platform for Large Language Models to catch hallucinations and safety issues.

Enterprise
Red Teaming & Evals
Key Features
  • Lynx (Hallucination)
  • Security Testing
  • Benchmarking
Comparisons
Giskard (Open Source)
Score: 8.3/10

Giskard (Open Source)

AI Red Teaming & Testing

Open-source testing framework dedicated to ML models and LLMs, covering bias, performance, and security flaws.

Open Source / Enterprise
AI Testing & Quality
Key Features
  • Vulnerability scanning
  • Hallucination detection
  • Bias testing
Comparisons
Azure AI Content Safety (Prompt Shields)
Score: 8.3/10

Azure AI Content Safety (Prompt Shields)

Runtime Guardrails & AI Firewall

Microsoft's cloud service for detecting harmful content, with Prompt Shields as its real-time API for blocking jailbreaks and indirect prompt injection from documents. By 2026 it also spans groundedness detection, protected-material detection, and a task-adherence API for agent tool misuse, feeding runtime signals into Microsoft Defender for AI.

Usage-based (cloud), free tier
Content Moderation & Prompt Attacks
Key Features
  • Prompt Shields (jailbreak + indirect injection)
  • Harm category text/image analysis
  • Groundedness detection
Comparisons
Palo Alto Networks (Prisma AIRS)
Score: 8.2/10

Palo Alto Networks (Prisma AIRS)

AI-SPM & Governance

Integrated AI security platform providing visibility across the AI lifecycle, from development to production, ensuring compliant and secure model usage.

Tiered Enterprise
AI-SPM & Runtime Security
Key Features
  • AI-SPM
  • Model risk assessment
  • Adversarial attack detection
Comparisons
Akto
Score: 8.2/10

Akto

Agent & MCP Security

Designed to protect AI agents and Model Context Protocol (MCP) workflows through automated discovery, red teaming, and guardrails.

Free Tier / Enterprise
Agentic AI Security
Key Features
  • Agent discovery
  • Tool call sanitization
  • Line-jumping detection
Comparisons
Snowflake (TruEra)
Score: 8.2/10

Snowflake (TruEra)

Observability & Evaluation

Acquired by Snowflake, TruEra provides deep diagnostics, testing, and monitoring for ML and LLM applications to ensure quality and reliability.

Enterprise (Snowflake)
Evaluation & Observability
Key Features
  • RAG Evaluation
  • Hallucination testing
  • Experiment tracking
Comparisons
A
Score: 8.2/10

Arize AI

Observability & Evaluation

Machine learning observability platform to monitor, troubleshoot, and explain model performance.

Enterprise
Observability
Key Features
  • Drift Detection
  • Performance Monitoring
  • Root Cause Analysis
Comparisons
LLM Guard (Protect AI)
Score: 8.2/10

LLM Guard (Protect AI)

Runtime Guardrails & AI Firewall

Comprehensive open-source toolkit to fortify LLM security, offering sanitization, detection, and prevention of attacks. Originally by Laiyer.ai, now maintained under Protect AI.

Open Source
Sanitization & Detection
Key Features
  • Anonymization
  • Prompt Injection Detection
  • Toxicity Analysis
Comparisons
Google Cloud Model Armor
Score: 8.2/10

Google Cloud Model Armor

Runtime Guardrails & AI Firewall

Google Cloud's GA service for screening LLM prompts and responses for prompt injection, jailbreaks, harmful content, malicious URLs, and sensitive data leakage. Model-agnostic (works with Gemini, OpenAI, Anthropic, Llama over REST) and integrated with Apigee, Vertex AI, Agent Gateway, and Security Command Center, with org-wide floor settings for baseline enforcement.

Usage-based (cloud), free tier
LLM Prompt/Response Screening
Key Features
  • Prompt injection / jailbreak detection
  • Sensitive data protection (DLP)
  • Malicious URL detection
Comparisons
Amazon Bedrock Guardrails
Score: 8.2/10

Amazon Bedrock Guardrails

Runtime Guardrails & AI Firewall

AWS lets teams attach six configurable safeguard policies — content filters, denied topics, word filters, PII redaction, contextual grounding, and Automated Reasoning checks — to model calls. Automated Reasoning uses formal logic to validate outputs against policies, and the standalone ApplyGuardrail API extends coverage to third-party and self-hosted models; cross-account safeguards went GA in 2026.

Usage-based (per 1,000 text units)
Configurable LLM Safeguards
Key Features
  • Content filters (text, image, code)
  • Denied topics
  • PII redaction
Comparisons
Snyk (Invariant Labs)
Score: 8.2/10

Snyk (Invariant Labs)

Agent & MCP Security

Snyk acquired Zurich-based Invariant Labs in June 2025, folding the research team that coined 'tool poisoning' and 'MCP rug pulls' into Snyk Labs. Invariant's mcp-scan lineage lives on in the open-source Snyk Agent Scan, detecting 15+ risks across MCP servers and agent skills, and feeds Evo by Snyk, its agentic security orchestration platform launched October 2025.

Free OSS scanner; enterprise via Snyk platform / Evo
Agentic AI & MCP Security
Key Features
  • MCP server scanning (injection, poisoning, shadowing)
  • Agent skill scanning for malware and secrets
  • Auto-discovery of agent configs (Claude, Cursor, Windsurf)
Comparisons
Check Point (GenAI Protect)
Score: 8.1/10

Check Point (GenAI Protect)

Shadow AI & Workforce Security

A suite including GenAI Protect, Application Protection, and Risk Scanner providing visibility and control over enterprise AI usage across browsers and apps.

Enterprise Quote
Workforce AI Security & Guardrails
Key Features
  • Shadow AI discovery
  • Prompt injection detection
  • PII masking
Comparisons
Credal.ai
Score: 8.1/10

Credal.ai

Data Security & Privacy

An AI security layer that manages access controls, data masking, and audit logs for enterprise data connecting to LLMs.

Usage / Seat
Data Security & Access Control
Key Features
  • PII Redaction
  • Access Control Proxy
  • Audit Logging
Comparisons
Fiddler AI
Score: 8.1/10

Fiddler AI

Observability & Evaluation

A unified platform for monitoring, explaining, and securing ML models and LLMs, featuring a dedicated 'Trust Service' for guardrails.

Subscription / Usage
Observability & Guardrails
Key Features
  • Hallucination detection
  • Bias monitoring
  • Adversarial defense
Comparisons
CalypsoAI (F5)
Score: 8.1/10

CalypsoAI (F5)

Runtime Guardrails & AI Firewall

Security and orchestration platform allowing enterprises to safely use public and private LLMs with rigorous policy enforcement. Acquired by F5 in September 2025 ($180M); its inference-layer guardrails are integrated into F5's Application Delivery and Security Platform.

Enterprise Subscription
Enterprise GenAI Governance
Key Features
  • Policy Management
  • User Monitoring
  • Model Orchestration
Comparisons
Apiiro
Score: 8.1/10

Apiiro

AI-SPM & Governance

Force-multiplies AppSec teams to design and deliver secure software, now with Agentic AI focus.

Enterprise
AppSec & ASPM
Key Features
  • Risk Prioritization
  • Code Scanning
  • Design Risk Analysis
Comparisons
P
Score: 8.1/10

Permit.io

Agent Identity & Access

Policy-as-code platform that now includes specialized authorization for AI agents and tool calls.

Freemium / Enterprise
Policy-as-Code
Key Features
  • RBAC/ABAC
  • Audit Logs
  • Agent Authorization
Comparisons
N
Score: 8.1/10

Nightfall AI

Data Security & Privacy

Cloud-native DLP platform that detects and redacts sensitive data in GenAI prompts and SaaS applications.

Enterprise
DLP
Key Features
  • PII Detection
  • Redaction
  • SaaS Integrations
Comparisons
LangKit
Score: 8.1/10

LangKit

Observability & Evaluation

Open-source text metrics toolkit for monitoring language models, detecting quality and security issues.

Open Source
Observability & Monitoring
Key Features
  • Text quality checks
  • Sentiment analysis
  • Regex patterns
Comparisons
Rebuff
Score: 8.1/10

Rebuff

Runtime Guardrails & AI Firewall

Multi-layered defense against prompt injection attacks using heuristics, vector DBs, and LLM analysis.

Open Source
Prompt Injection Defense
Key Features
  • Heuristics
  • Vector detection
  • Canary tokens
Comparisons
Netskope One AI Security
Score: 8.1/10

Netskope One AI Security

Shadow AI & Workforce Security

Netskope One AI Security governs enterprise GenAI use through its SSE/SASE platform: shadow AI app discovery with risk ratings, inline DLP on prompts and uploads, and user coaching. SkopeAI powers ML-based DLP with trainable classifiers, and its 2026 Cloud and Threat Report documents GenAI data policy violations doubling year-over-year.

Subscription per user (Netskope One tiers)
Shadow AI Governance & DLP
Key Features
  • Shadow AI discovery with risk scoring
  • Real-time GenAI DLP on prompts and uploads
  • User coaching and granular AI policies
Comparisons
Pangea (CrowdStrike)
Score: 8.1/10

Pangea (CrowdStrike)

Runtime Guardrails & AI Firewall

API-based security services for AI applications, led by AI Guard (prompt injection and data-leak filtering) and AI Detection & Response for visibility into enterprise AI usage. CrowdStrike agreed to acquire Pangea for $260M in September 2025; by 2026 its technology anchors CrowdStrike's Falcon AIDR while the developer APIs continue to operate.

Usage-based API (free tier); CrowdStrike Falcon modules
AI Detection & Response
Key Features
  • AI Guard for injection and malicious content filtering
  • AI Detection & Response (AIDR)
  • Redact APIs for PII/secrets in prompts
Comparisons
Meta LlamaFirewall
Score: 8.1/10

Meta LlamaFirewall

Runtime Guardrails & AI Firewall

Meta's open-source (MIT) guardrail framework within the Purple Llama project, orchestrating layered scanners across chat and multi-step agent workflows: PromptGuard 2 (lightweight injection classifier), AlignmentCheck (chain-of-thought auditing for goal hijacking), CodeShield (static analysis of generated code), and custom regex scanners.

Free / Open Source
Agent Guardrail Framework
Key Features
  • PromptGuard 2 injection detection
  • AlignmentCheck goal-hijack auditing
  • CodeShield insecure-code scanning
Comparisons
Aim Security
Score: 8/10

Aim Security

Shadow AI & Workforce Security

Unified platform for discovering shadow AI, assessing model risks (AI-SPM), and enforcing runtime protection.

Contract-based
Enterprise GenAI Enablement
Key Features
  • AI-Firewall
  • AI-SPM
  • Sensitive data masking
Comparisons
Tenable (Apex Security)
Score: 8/10

Tenable (Apex Security)

AI-SPM & Governance

Now part of Tenable, Apex Security provides visibility and risk assessment for AI models, focusing on the 'AI Exposure Graph'.

Enterprise
AI-SPM & Exposure Mgmt
Key Features
  • AI Inventory
  • Vulnerability Assessment
  • Policy Enforcement
Comparisons
WhyLabs
Score: 8/10

WhyLabs

Observability & Evaluation

Observability and security platform for AI, offering 'LangKit' for telemetry and an AI Control Center for enforcing policy guardrails.

Free Tier / Enterprise
Observability & Control
Key Features
  • Data drift detection
  • Hallucination metrics
  • Policy guardrails
Comparisons
Aporia (Coralogix)
Score: 8/10

Aporia (Coralogix)

Runtime Guardrails & AI Firewall

Observability and guardrails platform that ensures AI reliability by detecting hallucinations and enforcing policies in real-time. Acquired by Coralogix in late 2024 and offered as Coralogix AI observability.

Usage / Tiered
Guardrails & Observability
Key Features
  • Hallucination Mitigation
  • Prompt Injection Defense
  • Response Validation
Comparisons
SPLX.ai
Score: 8/10

SPLX.ai

Runtime Guardrails & AI Firewall

End-to-end platform for automated security testing, runtime protection, and governance controls (Probe & Guard).

Quote
Full Lifecycle AI Security
Key Features
  • Prompt Injection Protection
  • PII Redaction
  • Model Scanning
Comparisons
Aqua Security
Score: 8/10

Aqua Security

AI-SPM & Governance

Facilitates secure application development and runtime protection, extending CNAPP to AI workloads.

Enterprise Platform
Cloud Native & Container Security
Key Features
  • AI-SPM
  • Container Scanning
  • Runtime Protection
Comparisons
G
Score: 8/10

Galileo

Observability & Evaluation

Platform for evaluating, monitoring, and debugging LLM systems throughout the lifecycle.

Enterprise
Observability
Key Features
  • Evaluation
  • Monitoring
  • Debugging
Comparisons
H
Score: 8/10

Harmonic Security

Shadow AI & Workforce Security

AI-native data protection platform that provides visibility and control over sensitive data in GenAI prompts and RAG contexts.

Enterprise
Data Loss Prevention
Key Features
  • DLP
  • Shadow AI Visibility
  • Contextual Education
Comparisons
ModelScan
Score: 8/10

ModelScan

Model & Supply Chain Security

Scans models (h5, pickle, saved_model) to determine if they contain unsafe code or malware.

Open Source
Supply Chain Security
Key Features
  • Serialization scanning
  • Malware detection
  • Supported formats: PyTorch, Keras
Comparisons
Cloudflare Firewall for AI
Score: 8/10

Cloudflare Firewall for AI

Runtime Guardrails & AI Firewall

Extends Cloudflare's WAF to inspect LLM prompts inline at the edge, discovering LLM endpoints and flagging prompt injection, PII in prompts, and unsafe topics that can drive WAF rules. Pairs with AI Gateway Guardrails, which run moderation models on Workers AI to flag or block prompts and responses across providers; the WAF detections are an Enterprise add-on as of 2026.

Enterprise add-on (WAF); AI Gateway usage-based
Edge AI Traffic Security
Key Features
  • Prompt injection detection
  • PII detection in prompts
  • Topic moderation (custom topics)
Comparisons
Okta (AI Agent Identity)
Score: 8/10

Okta (AI Agent Identity)

Agent Identity & Access

Okta secures AI agents as first-class identities: Auth for GenAI (via Auth0) provides Token Vault, async human-in-the-loop authorization, and fine-grained RAG access, while Okta for AI Agents manages agent lifecycle. Its Cross App Access (XAA) protocol extends OAuth/OIDC so identity providers govern agent-to-app connections, with 25+ adopters including Anthropic, Atlassian, and Slack.

Subscription (per-user/MAU)
AI Agent Identity Security
Key Features
  • Auth for GenAI (Token Vault, human-in-loop approvals)
  • Cross App Access (XAA) protocol
  • Agent lifecycle management
Comparisons
Runlayer
Score: 8/10

Runlayer

Agent & MCP Security

Enterprise AI control platform combining an MCP gateway, threat detection on every request, shadow-AI discovery, and identity-aware permissions via Okta/Entra. Launched from stealth in November 2025; by mid-2026 customers include Gusto, Instacart, dbt Labs, and PagerDuty. Holds AARM Extended conformance — the highest tier in the CSA registry.

Enterprise SaaS (quote)
MCP Gateway & Governance
Key Features
  • MCP gateway with 18,000+ server registry
  • Real-time threat detection on every tool request
  • Shadow AI and agent discovery
Comparisons
Oligo Security
Score: 8/10

Oligo Security

Agent & MCP Security

Tel Aviv-based runtime security company using eBPF sensors to watch applications, libraries, and AI workloads as they execute, proving exploitability and detecting attacks in real time. Its platform spans application detection and response, runtime vulnerability management, and Runtime AI Security for LLMs and agents. Customers include Databricks, Salesforce, and Instacart.

Enterprise subscription (quote)
eBPF Runtime Security
Key Features
  • Application detection and response (ADR)
  • Runtime SCA/SBOM with executed-function proof
  • Runtime AI security for LLMs and agents
Comparisons
Virtue AI
Score: 8/10

Virtue AI

Runtime Guardrails & AI Firewall

Founded in 2024 by professors Bo Li, Dawn Song, Sanmi Koyejo, and Carlos Guestrin, Virtue AI offers VirtueRed (continuous algorithmic red teaming, 600+ attack vectors) and VirtueGuard (real-time multimodal guardrails), plus AgentSuite for agentic systems including MCP Guard. Raised $30M in combined seed and Series A in April 2025.

Enterprise subscription
AI Red Teaming & Guardrails
Key Features
  • VirtueRed: continuous red teaming (320+ risk categories)
  • VirtueGuard: multimodal guardrail models
  • AgentSuite with MCP Guard
Comparisons
IBM Granite Guardian
Score: 8/10

IBM Granite Guardian

Runtime Guardrails & AI Firewall

IBM's family of Apache 2.0 guardrail models that judge prompts and responses of any LLM for jailbreaks, harmful content, social bias, RAG groundedness failures, and agentic risks like function-calling hallucination. The 4.x generation shipped in 2026 aligned to IBM's AI Risk Atlas; the models rank near the top of the GuardBench leaderboard and power guardrails inside watsonx.governance.

Free / Open Source (hosted via watsonx)
Open Guardrail Models
Key Features
  • Jailbreak / harm detection
  • RAG groundedness checking
  • Agentic risk detection (tool calls)
Comparisons
mcp-scan (Snyk Agent Scan)
Score: 8/10

mcp-scan (Snyk Agent Scan)

Agent & MCP Security

Created by ETH Zurich spin-off Invariant Labs and maintained by Snyk since its June 2025 acquisition, mcp-scan auto-discovers agent configurations (Claude, Cursor, Windsurf, Gemini CLI) and scans MCP servers, skills, and harnesses for 15+ risk categories including prompt injection, tool poisoning, tool shadowing, and toxic flows. Rebranded Snyk Agent Scan; v0.5.12 released June 2026.

Free / Open Source (Snyk API token required)
MCP Security Scanning
Key Features
  • Auto-discovery of MCP configs across agent hosts
  • 15+ risk detections (poisoning, shadowing, toxic flows)
  • Agent skill and harness scanning
Comparisons
Mindgard
Score: 7.9/10

Mindgard

AI Red Teaming & Testing

Offensive-security platform automating adversarial testing for LLMs and custom agents to identify vulnerabilities before deployment.

Quote-based
AI Red Teaming
Key Features
  • Automated jailbreak testing
  • Model inversion simulation
  • Data poisoning assessment
Comparisons
Cranium
Score: 7.9/10

Cranium

AI-SPM & Governance

Spun out of KPMG, Cranium focuses on AI Security Posture Management (AI-SPM) and generating AI Bill of Materials (AI BOM) for compliance.

Enterprise Subscription
Governance & Compliance
Key Features
  • AI BOM
  • Compliance mapping
  • Vendor risk assessment
Comparisons
HiddenLayer
Score: 7.9/10

HiddenLayer

AI-SPM & Governance

A comprehensive platform for MLSecOps, offering model scanning (SAIF) and runtime detection (MDR) for adversarial attacks.

Enterprise Quote
MLSecOps & Model Security
Key Features
  • Model Scanning
  • Adversarial Attack Detection
  • Runtime Security
Comparisons
Zenity
Score: 7.9/10

Zenity

Agent & MCP Security

Specializes in securing low-code/no-code platforms and AI agents. It focuses on 'Application Lifecycle Management' for agents, preventing data leakage and broken access control in Copilots.

Enterprise Quote
Copilot & Low-Code Security
Key Features
  • Bypass prevention
  • Data leakage control
  • Copilot inventory
Comparisons
Arthur
Score: 7.9/10

Arthur

Observability & Evaluation

AI monitoring and observability platform for ML, NLP, and LLM systems. Its Shield product adds a runtime firewall that detects and blocks toxic, hallucinatory, or PII-leaking content.

Subscription
Observability & Runtime Firewall
Key Features
  • Performance Monitoring
  • Shield LLM Firewall
  • Bias Detection
Comparisons
Vigil
Score: 7.9/10

Vigil

Runtime Guardrails & AI Firewall

Detects prompt injections and other LLM attacks. Can be used as a library or proxy.

Open Source
Prompt Injection Defense
Key Features
  • Vector DB based detection
  • Heuristics
  • Canary tokens
Comparisons
Stacklok ToolHive
Score: 7.9/10

Stacklok ToolHive

Agent & MCP Security

Apache-2.0 platform from Stacklok (co-maintained with Red Hat) that runs MCP servers in isolated containers with fine-grained permissions, network controls, and encrypted secrets, managed via a desktop UI, CLI, or Kubernetes operator. By mid-2026 it is production-ready with a curated registry and a Virtual MCP gateway; Stacklok Enterprise layers on SSO and central management.

Open Source (Apache 2.0); paid enterprise tier
MCP Server Management
Key Features
  • Isolated container runtime for MCP servers
  • Encrypted secrets and network access controls
  • Kubernetes operator with OIDC and OpenTelemetry
Comparisons
DeepKeep
Score: 7.8/10

DeepKeep

Runtime Guardrails & AI Firewall

End-to-end AI security platform offering AI Firewall, Usage Control, Agentic AI Security, and Automated Red Teaming for LLMs and Computer Vision.

Enterprise Quote
Full Stack AI Security
Key Features
  • AI Firewall
  • Model Scanning
  • Adversarial Robustness
Comparisons
Acuvity
Score: 7.8/10

Acuvity

Shadow AI & Workforce Security

Enables enterprises to increase productivity via GenAI with a native platform for visibility and control.

Quote
Workforce GenAI Visibility
Key Features
  • Shadow AI Detection
  • Data Privacy
  • Usage Analytics
Comparisons
PromptArmor
Score: 7.8/10

PromptArmor

Runtime Guardrails & AI Firewall

Protects enterprises from novel threats like indirect prompt injection and data exfiltration.

Quote
Indirect Injection Defense
Key Features
  • Injection Detection
  • PII Detection
  • Exfiltration Blocking
Comparisons
NeuralTrust
Score: 7.8/10

NeuralTrust

Agent & MCP Security

Platform offering an open-source AI gateway and automated red teaming for protection.

Quote
Gateway & Red Teaming
Key Features
  • AI Gateway
  • Red Teaming
  • Reliability Checks
Comparisons
KELA (AiFort)
Score: 7.8/10

KELA (AiFort)

AI Red Teaming & Testing

Automated adversary emulation platform protecting commercial and custom GenAI models, powered by dark web intel.

Subscription
Threat Intel & Red Teaming
Key Features
  • Adversary Emulation
  • Jailbreak Library
  • Threat Intelligence
Comparisons
W
Score: 7.8/10

WitnessAI

Shadow AI & Workforce Security

Platform for enforcing governance, compliance, and security policies across enterprise AI usage.

Enterprise
Governance & Firewall
Key Features
  • Policy Engine
  • Audit Logging
  • Access Control
Comparisons
Operant AI
Score: 7.8/10

Operant AI

Runtime Guardrails & AI Firewall

Provides '3D Runtime Defense' for modern stacks, protecting AI models and APIs in real-time without requiring code instrumentation.

Enterprise Quote
Runtime Protection
Key Features
  • Runtime shielding
  • Live interaction mapping
  • Blocking active attacks
Comparisons
OpenGuardrails
Score: 7.8/10

OpenGuardrails

Runtime Guardrails & AI Firewall

An open-source guard agent for AI agent runtime security, spanning personal to enterprise use. Promotes the AI-RSMS standard.

Open Source
Agent Runtime Security
Key Features
  • Guard Agent Pattern
  • Runtime Security
  • Tool Protection
Comparisons
Knostic
Score: 7.8/10

Knostic

Data Security & Privacy

Enforces need-to-know access controls on enterprise AI assistants and copilots to stop LLM oversharing and data leakage. By 2026 it has expanded into securing AI agents and coding assistants — including MCP servers, skills, and IDE extensions — via Kirin and Shadow AI Spotlight. Founded by Sounil Yu and Gadi Evron.

Enterprise subscription
AI Access Control
Key Features
  • Need-to-know enforcement for copilots (M365 Copilot)
  • Kirin: security for coding assistants and MCP servers
  • Shadow AI Spotlight
Comparisons
Vijil
Score: 7.8/10

Vijil

AI Red Teaming & Testing

AI agent trust platform spanning evaluation (Diamond), runtime defense (Dome), hardened components (Depot), and continuous improvement via reinforcement learning (Darwin), producing agent trust scores mapped to NIST AI RMF and the EU AI Act. Raised a $17M round in November 2025 and was named a Gartner Cool Vendor in agentic AI trust and security.

Enterprise subscription
AI Agent Trust Evaluation
Key Features
  • Diamond: automated evaluation and red teaming
  • Dome: multi-layer runtime guardrails (~17ms)
  • Darwin: continuous RL-based hardening
Comparisons
Haize Labs
Score: 7.8/10

Haize Labs

AI Red Teaming & Testing

Automates red teaming ('haizing') of LLMs and AI applications, using search and fuzzing algorithms to surface inputs that trigger unsafe behavior, paired with calibrated Judges for evaluation and monitoring. Works with AI labs including Anthropic and AI21; closed a $12.5M seed announced December 2025.

Enterprise contracts
Automated LLM Red Teaming
Key Features
  • Haizing: automated red-teaming and jailbreak discovery
  • Judges: calibrated LLM-as-judge evaluation
  • Monitor: production behavior observation
Comparisons
Docker MCP Gateway & Catalog
Score: 7.8/10

Docker MCP Gateway & Catalog

Agent & MCP Security

Docker's MCP Catalog distributes 300+ verified MCP servers as signed container images with SBOMs, while the MCP Toolkit and open-source MCP Gateway run them in resource-limited, isolated containers behind a single endpoint with logging, interceptors, and secrets blocking. In May 2026 Docker extended this into Docker AI Governance for centralized agent and tool policy.

Free with Docker Desktop; gateway open source; enterprise via Docker Business
MCP Distribution & Isolation
Key Features
  • MCP Catalog: 300+ verified, signed server images
  • MCP Gateway: unified endpoint with isolation and tracing
  • Interceptors incl. secrets blocking and OAuth handling
Comparisons
Adversa AI
Score: 7.7/10

Adversa AI

AI Red Teaming & Testing

Focuses on rigorous red teaming, offering a platform to simulate attacks on AI models to uncover vulnerabilities.

Quote
Red Teaming / Penetration Testing
Key Features
  • Automated Red Teaming
  • Model Hardening
  • Risk Assessment
Comparisons
Citadel AI
Score: 7.7/10

Citadel AI

AI Red Teaming & Testing

Offers 'Citadel Lens' for automated red teaming and evaluation of LLM applications, focusing on reliability and fairness.

Subscription
Model Evaluation & Reliability
Key Features
  • Citadel Lens
  • Automated Red Teaming
  • Bias Testing
Comparisons
Pillar Security
Score: 7.7/10

Pillar Security

Runtime Guardrails & AI Firewall

Unified AI security layer providing visibility and guardrails across the organization.

Quote
Enterprise Guardrails
Key Features
  • Data Leakage Protection
  • Jailbreak Prevention
  • Usage Monitoring
Comparisons
Straiker AI
Score: 7.7/10

Straiker AI

Agent & MCP Security

Delivers 'Ascend AI' for pentesting and 'Defend AI' for visibility and guardrails.

Quote
Agentic Security
Key Features
  • Automated Red Teaming
  • Runtime Guardrails
  • Agent Discovery
Comparisons
Archestra
Score: 7.7/10

Archestra

Agent & MCP Security

An open-source platform specifically designed to manage and secure Model Context Protocol (MCP) servers, providing a control plane for agent-tool interactions.

Open Source / Enterprise
MCP Governance
Key Features
  • MCP Server Registry
  • Access Control Policies
  • Traffic Monitoring
Comparisons
Aurascape
Score: 7.7/10

Aurascape

Shadow AI & Workforce Security

Extends security architectures to detect, analyze, and control AI use (Shadow AI and Embedded Agents) to prevent data loss and threat insertion.

Quote
Shadow AI & Control
Key Features
  • Shadow AI Discovery
  • Intent Decoding
  • Sensitive Data Tagging
Comparisons
Fickling
Score: 7.7/10

Fickling

Model & Supply Chain Security

Decompiles and analyzes Python pickle files to detect malicious code injection in ML models.

Open Source
Malware Detection
Key Features
  • Decompilation
  • Static Analysis
  • Injection Detection
Comparisons
MintMCP
Score: 7.7/10

MintMCP

Agent & MCP Security

Enterprise MCP gateway and agent-governance platform adding OAuth/SSO, least-privilege agent identities, audit trails, and secret/PII scanning in front of MCP servers used by Claude, Cursor, and custom agents. Founded by ex-Google Brain engineers, backed by Coatue and Andrej Karpathy; customers include Coursera and Harvey AI. AARM Core conformant.

SaaS subscription (enterprise plans)
MCP Gateway Governance
Key Features
  • Hosted gateway with 100+ managed MCP servers
  • OAuth/SSO and RBAC for any MCP server
  • Agent Monitor with real-time guardrails
Comparisons
Formal
Score: 7.7/10

Formal

Agent Identity & Access

A protocol-aware reverse proxy that parses 15+ wire protocols — Postgres, MongoDB, Snowflake, SSH, Kubernetes, S3, and MCP — and enforces least-privilege policies inline at query level. In 2026 it positions as AI-native PAM, proxying agent access to data stores with PII masking and tool-call blocking. Backed by Thrive Capital and Y Combinator; AARM Core conformant.

Enterprise (quote)
Protocol-Aware Access Control
Key Features
  • Inline policy across 15+ protocols including MCP
  • PII/PHI masking before data reaches LLMs
  • Session recording and auditing
Comparisons
General Analysis
Score: 7.7/10

General Analysis

AI Red Teaming & Testing

San Francisco startup providing automated AI red teaming with post-trained attacker models, AI detection and response, runtime guardrails, and AI asset management across agents, copilots, and MCPs. Known for headline exploits like the Cursor/Supabase MCP data-leak disclosure; founded 2025 by researchers from Cohere, NVIDIA, and DeepMind; $10M seed led by Altos Ventures (April 2026).

Enterprise (demo-led)
AI Red Teaming & Monitoring
Key Features
  • Automated red teaming with adaptive attacker models
  • AI detection and response across agents and MCPs
  • Runtime guardrails from red-team findings
Comparisons
Adaptive Security
Score: 7.7/10

Adaptive Security

Shadow AI & Workforce Security

Trains workforces against AI-powered social engineering using hyperrealistic deepfake voice, video, email, and SMS attack simulations built from OSINT, plus adaptive training and risk scoring. OpenAI's first cybersecurity investment; closed an $81M Series B led by Bain Capital Ventures in December 2025.

Per-employee enterprise subscription
AI Social Engineering Defense
Key Features
  • Deepfake phishing simulations (email, voice, SMS, video)
  • OSINT-personalized spear phishing tests
  • 1000+ adaptive training modules
Comparisons
Noma Security
Score: 7.6/10

Noma Security

Agent & MCP Security

Focuses on the entire AI lifecycle, securing the data science supply chain, runtime pipelines, and autonomous agents.

Quote
Supply Chain & Agent Security
Key Features
  • Pipeline integrity
  • Agent monitoring
  • Supply chain scanning
Comparisons
Enkrypt AI
Score: 7.6/10

Enkrypt AI

Runtime Guardrails & AI Firewall

Provides a control layer to govern, secure, and monitor the use of LLMs within the enterprise, ensuring data privacy and compliance.

Quote
Governance & Guardrails
Key Features
  • Prompt Guardrails
  • PII Redaction
  • Audit Logging
Comparisons
TrojAI
Score: 7.6/10

TrojAI

AI Red Teaming & Testing

Protects the behavior of AI/ML and GenAI models at build time (testing) and run time (firewall).

Quote
Model Reliability & Security
Key Features
  • Adversarial Training
  • Model Hardening
  • Runtime Firewall
Comparisons
Capsule Security
Score: 7.6/10

Capsule Security

Agent & MCP Security

Delivers comprehensive AI agent security, discovering agents and enforcing runtime guardrails.

Quote
Agentic Security
Key Features
  • Runtime Guardrails
  • Access Path Analysis
  • Misbehavior Detection
Comparisons
Geordie AI
Score: 7.6/10

Geordie AI

Agent & MCP Security

A platform that monitors agent behavior in real-time to catch blind spots and steer agents toward safer actions using 'contextual agentic security'.

Quote
Contextual Guardrails
Key Features
  • Intent analysis
  • Risk-aware steering
  • Tool poisoning detection
Comparisons
Highflame
Score: 7.6/10

Highflame

Agent Identity & Access

Agent security and AI governance platform (formerly Javelin) that issues verified agent identities, authorizes every action inline, and maps decisions to EU AI Act, NIST AI RMF, OWASP, and MITRE ATLAS. Its DeepContext multi-turn guardrail model and 150+ runtime detectors target agentic attack patterns; ZeroID identity core is open source (SPIFFE/OIDC). AARM Core conformant.

Enterprise (quote)
Agent Identity & Authorization
Key Features
  • Verified agent identities with human attribution
  • Sub-1ms inline policy authorization
  • DeepContext multi-turn stateful guardrails
Comparisons
Levo.ai
Score: 7.6/10

Levo.ai

Agent & MCP Security

Runtime security platform using eBPF sensors to discover and protect APIs, AI agents, LLMs, MCP servers, and vector stores without code changes or SDKs. Its 2026 platform pairs an established API security suite with AI red-teaming, an AI gateway/firewall, and MCP discovery and testing.

SaaS subscription (free trial)
API & AI Runtime Security
Key Features
  • eBPF runtime discovery of APIs, agents, and MCP servers
  • AI red-teaming for prompt injection and tool abuse
  • AI gateway and firewall
Comparisons
Preamble
Score: 7.5/10

Preamble

Runtime Guardrails & AI Firewall

Provides runtime guardrails for RAG, LLMs, and AI agents, enforcing safety and privacy policies.

Subscription
Policy & Safety Guardrails
Key Features
  • Policy Guardrails
  • Prompt Injection Defense
  • Bias Detection
Comparisons
Infotect Security
Score: 7.5/10

Infotect Security

Runtime Guardrails & AI Firewall

Scans outbound response traffic in real time for undesirable content and confidential data at layer 4.

Commercial
Network Layer AI Security
Key Features
  • Outbound Scanning
  • Confidential Data Block
  • Content Filtering
Comparisons
S
Score: 7.5/10

Sgnl

Agent Identity & Access

Modern PAM solution that provides just-in-time access management for AI agents and humans.

Enterprise
Access Management
Key Features
  • Just-in-Time Access
  • Continuous Evaluation
Comparisons
NVIDIA (NeMo Guardrails)
Score: 7.5/10

NVIDIA (NeMo Guardrails)

Runtime Guardrails & AI Firewall

A toolkit for adding programmable guardrails to LLM-based conversational systems.

Open Source
Conversational Guardrails
Key Features
  • Topical guardrails
  • Safety guardrails
  • Security guardrails
Comparisons
Repello AI
Score: 7.5/10

Repello AI

AI Red Teaming & Testing

Combines ARTEMIS, an automated red-teaming engine testing AI systems against 15M+ attack patterns in 100+ languages, with ARGUS runtime guardrails that block malicious inputs in under 100ms, plus AI asset inventory and an MCP gateway. Guardrail policies are auto-calibrated from red-team findings.

Enterprise (free red-team scan available)
AI Red Teaming & Guardrails
Key Features
  • ARTEMIS automated red teaming (OWASP/NIST/MITRE mapped)
  • ARGUS runtime guardrails (<100ms)
  • AI asset inventory and AI-BOM
Comparisons
Unbound Security
Score: 7.5/10

Unbound Security

Shadow AI & Workforce Security

YC-backed platform that discovers, risk-scores, and governs AI coding agents and tools — Claude Code, Cursor, Copilot, MCP servers — at the endpoint, enforcing allow/deny policies on agent actions with audit logging. Its AI gateway adds real-time data-leak protection; customers include Siemens, WeWork, and Flipkart.

Freemium + paid tiers
Enterprise AI Usage Governance
Key Features
  • Discovery of 20+ AI coding agents and MCP servers
  • Granular allow/deny policies with approvals
  • AI gateway with real-time leak prevention
Comparisons
CodeIntegrity
Score: 7.4/10

CodeIntegrity

Agent & MCP Security

Builds a runtime control layer between AI agents and enterprise systems, constraining which systems and data an agent may touch under strict, predictable rules — deterministic enforcement rather than probabilistic guardrail models. The team gained attention for offensive research including compromising Notion's agent in under four hours; ~$5M seed led by Syn Ventures (2026).

Enterprise (quote)
Agentic Runtime Control
Key Features
  • Runtime control layer between agents and systems
  • Strict allow/deny limits on data and systems
  • Runtime governance for production agents
Comparisons
G
Score: 7.2/10

Guardrails AI

Runtime Guardrails & AI Firewall

A Python library for validating structures and data from Large Language Models. Excellent for ensuring JSON output.

Open Source
Output Validation
Key Features
  • Output Validation
  • Structural Guarantees
  • Correction
Comparisons
K
Score: 7/10

Keycard

Agent Identity & Access

Deterministic identity and access stack for AI agents, enabling per-task permission boxes.

Enterprise
Agentic IAM
Key Features
  • Agent Identity
  • Task-Based Access Control
  • Permissioning
Comparisons

Navigating the AI Security Landscape

Why are there so many categories?

The AI security market is fragmenting. Input/Output Guardrails (like Lakera) focus on sanitizing prompts.Agentic IAM (like Keycard) focuses on identity.Agent Runtime Security (like GuardionAI) unifies these by protecting the entire execution lifecycle of autonomous agents.

How to choose?

If you have a simple chatbot, look for Guardrails. If you are deploying autonomous agents that use tools (APIs, DBs), you need Runtime Security with strong tool authorization. For enterprise visibility without blocking, look at Observability platforms.