The AI Security Imperative: How Prompt Security Pioneered a New Defense Layer and Was Acquired by SentinelOne
The rapid proliferation of generative AI is creating a parallel explosion in cybersecurity risk. A recent analysis reveals that enterprises now face an average breach cost of $4.63 million due to shadow AI – a figure 16% higher than other breaches. Alarmingly, 97% of organizations compromised lack fundamental AI access controls. These statistics underscore a critical truth: securing artificial intelligence isn’t a future concern; it’s a present-day necessity. This is the challenge Itamar Golan, co-founder and CEO of Prompt Security, recognized early on, leading to the company’s successful acquisition by SentinelOne in August 2025 for an estimated $250 million.
From Transformer Architectures to a Category-Defining Startup
Golan’s journey began not in cybersecurity, but in the theoretical world of mathematics and artificial intelligence. His academic focus on transformer architectures – the foundation of today’s large language models – provided a unique vantage point as the technology began to mature. This early exposure, coupled with hands-on experience building security features powered by GPT-2 and GPT-3, revealed a fundamental shift in the threat landscape. “We quickly realized that these models weren’t just tools; they were creating entirely new attack surfaces,” Golan explained.
Founded in August 2023, Prompt Security rapidly secured $23 million in funding and assembled a team of 50 experts. The company’s success wasn’t accidental. Golan deliberately focused on building a new category – AI security – rather than competing on individual features. This strategic decision allowed Prompt Security to position itself as a critical control layer for enterprises navigating the complexities of generative AI.
The Shadow AI Epidemic and the Need for Visibility
A key driver of Prompt Security’s growth was addressing the pervasive issue of shadow AI. Data from Cyberhaven shows that 73.8% of ChatGPT workplace accounts are unauthorized, and overall enterprise AI usage has surged 61x in just two years. Golan notes, “We’re seeing 50 new AI apps emerge daily, and we’ve already cataloged over 12,000. A staggering 40% of these applications default to training on any data you provide, potentially exposing sensitive intellectual property.”
Prompt Security’s platform addressed this challenge by providing comprehensive visibility into AI usage across the enterprise. Beyond discovery, the platform offered real-time sensitive data sanitization, enabling employees to leverage AI tools securely without risking data leaks. This approach – enabling safe usage rather than outright restriction – proved surprisingly effective in fostering adoption and building trust.
Strategic Decisions for Accelerated Growth
Golan attributes Prompt Security’s rapid ascent to three key strategic choices. First, the commitment to building a category, not just a feature, allowed the company to command a premium and engage with CISOs at a strategic level. Second, embracing enterprise complexity early on – supporting diverse deployment models and covering a wide range of enterprise surfaces – established credibility and differentiated Prompt Security from competitors. Finally, prioritizing deep engagement with a select group of customers fostered a product roadmap aligned with real-world enterprise needs.
What surprised Golan and his team was the resonance of enabling secure AI usage. Rather than simply blocking access, Prompt Security empowered organizations to harness the benefits of AI while mitigating the risks. This approach resonated with customers seeking a pragmatic solution to a complex problem.
A Real-World Wake-Up Call: The Customer-Facing AI Agent
A pivotal moment for Prompt Security came with a large, regulated client that launched a customer-facing AI support agent. Despite implementing standard security measures – WAFs, CSPMs, and secure SDLCs – the agent proved vulnerable to prompt injection attacks. A user, without any specialized technical skills, was able to manipulate the AI into revealing sensitive customer data. “It was terrifying to realize that creativity alone could become an exploit vector,” Golan recalls. This incident underscored the unique challenges posed by generative AI and solidified Prompt Security’s focus on runtime protection for AI applications.
Have you considered the potential vulnerabilities of your own customer-facing AI applications? What measures are you taking to protect sensitive data from prompt injection attacks?
The Future of AI Security with SentinelOne
Now integrated with SentinelOne’s Singularity Platform, Prompt Security’s capabilities are being extended across the entire security ecosystem. The focus is on delivering runtime GenAI protection, visibility, and policy enforcement for endpoints, identities, and cloud workloads. Golan envisions a future where AI itself becomes an integral part of the defense fabric, proactively securing systems rather than simply being secured.
The acquisition of Prompt Security is part of a broader trend of consolidation in the GenAI security space. Recent deals include Palo Alto Networks’ $700 million acquisition of Protect AI, Tenable’s $100 million acquisition of Apex Security, and Cisco’s reported $500 million purchase of Robust Intelligence. As Golan emphasizes, the companies that will thrive in the age of AI-enabled attacks are those that prioritize security from the outset.
Frequently Asked Questions About GenAI Security
What is shadow AI and why is it a security risk?
Shadow AI refers to the use of AI tools and applications within an organization without the knowledge or approval of the IT or security teams. This poses a significant risk because these tools often lack proper security controls, potentially leading to data leaks, compliance violations, and other security incidents.
How can enterprises prevent data leakage through GenAI applications?
Enterprises can prevent data leakage by implementing real-time sensitive data sanitization, which automatically removes confidential information from prompts before they reach external AI models. Robust access controls and monitoring are also crucial.
What is prompt injection and how does it exploit AI systems?
Prompt injection is a technique where malicious actors craft specific inputs (prompts) to manipulate an AI model’s behavior, causing it to reveal sensitive information, perform unintended actions, or bypass security measures. It exploits the AI’s reliance on natural language processing.
Why is runtime protection important for GenAI security?
Runtime protection is critical because it monitors AI applications in real-time, detecting and blocking malicious activity as it occurs. This is essential for addressing emerging threats and vulnerabilities that traditional security measures may miss.
How does SentinelOne’s acquisition of Prompt Security benefit customers?
The acquisition of Prompt Security expands SentinelOne’s Singularity Platform with comprehensive GenAI security capabilities, providing customers with enhanced visibility, protection, and governance across their entire AI landscape.
What steps should organizations take to get executive buy-in for GenAI security investments?
Frame GenAI security as an extension of existing data protection mandates, emphasizing its role in safeguarding critical assets like corporate data, intellectual property, and user trust. Demonstrate the potential financial and reputational risks of inaction.
Share this article with your network to raise awareness about the critical importance of AI security. Join the conversation in the comments below – what are your biggest concerns regarding generative AI and cybersecurity?
Disclaimer: This article provides general information about AI security and should not be considered professional advice. Consult with a qualified cybersecurity expert for tailored guidance.
Discover more from Archyworldys
Subscribe to get the latest posts sent to your email.
