The explosive growth of generative AI has created a new frontier in cybersecurity, forcing organizations to confront a threat landscape they barely understand. Itamar Golan, co-founder and CEO of Prompt Security – recently acquired by SentinelOne for an estimated $250 million – argues that this challenge demands a dedicated security category, not just incremental features bolted onto existing tools.
Golan’s journey began with early research into transformer architectures, the foundation of modern large language models (LLMs). He quickly realized that LLM-driven applications opened a completely new attack surface. Founded in August 2023, Prompt Security scaled rapidly, raising $23 million and assembling a 50-person team before its acquisition in under two years. This speed was driven by a simple yet critical insight: the cost of AI breaches is already outpacing traditional cyberattacks. VentureBeat data shows shadow AI breaches cost enterprises $4.63 million on average, 16% above the norm, while 97% of breached companies lack basic AI access controls. Unauthorized ChatGPT usage is rampant, with 73.8% of workplace accounts operating outside of IT visibility.
From Academic Research to Market Need
Golan’s initial experience building security features using early GPT models (GPT-2 and GPT-3) revealed a fundamental flaw in the existing approach: most enterprises were unprepared for the speed and scope of AI adoption. Rather than waiting for organizations to understand the risks, Prompt Security set out to define the problem and the solution.
“From an early age, I was drawn to mathematics, data, and the emerging world of artificial intelligence,” Golan explains. “That curiosity shaped my academic path, culminating in a study on transformer architectures, well before they became foundational to today’s large language models.” This deep technical understanding allowed him to recognize the shift in the threat landscape before most organizations even realized it was happening.
Shadow AI: The Silent Epidemic
The core of Prompt Security’s success lies in addressing the proliferation of “shadow AI” – unauthorized AI tools used by employees without IT oversight. VentureBeat estimates that shadow AI apps could double by mid-2026, growing at a rate of 5% per month. Golan’s team discovered that employees were using an average of 50 new AI apps per day, many of which default to training on user data, creating an intellectual property risk.
This is more than just a technical issue; it’s a strategic one. Companies are losing control of their data, exposing themselves to compliance violations and potential legal liabilities. The key insight? Blocking AI tools entirely isn’t viable. Employees will find ways around restrictions, and outright bans stifle innovation. The solution is to enable safe AI usage.
Building a Category, Not a Feature
Golan made a deliberate decision to build a distinct AI security category rather than competing on features. This meant positioning Prompt Security not as a niche solution for prompt injection or data leakage, but as the core governance layer for all AI interactions. This strategic framing allowed the company to secure enterprise budgets, engage CISOs at a strategic level, and build long-term defensibility.
“I wasn’t trying to win a feature race; I was building a new category,” Golan emphasizes.
This approach led Prompt Security to focus on three key areas:
- Enterprise Complexity: Supporting self-hosted, hybrid, and integrated deployments across browsers, IDEs, and internal tools.
- Depth Over Logos: Prioritizing deep integrations with a smaller number of strategic customers over chasing vanity metrics.
- Runtime Protection: Securing AI applications at runtime, including customer-facing agents, to prevent data leakage and unauthorized access.
The Critical Incident That Changed Everything
The turning point for Prompt Security came with a real-world incident involving a regulated company that launched a customer-facing AI support agent. Despite robust security measures, users were able to prompt-inject the agent into revealing sensitive customer data through natural language manipulation. This demonstrated that even well-defended systems are vulnerable, and that AI itself creates new attack vectors.
“It was both fascinating and terrifying,” Golan recalls. “Realizing how creativity alone could become an exploit vector.” The incident reinforced the need for runtime protection, cross-tenant data leakage prevention, and a broader focus on securing AI applications, not just internal usage.
The Future of AI Security: Embedded Defense
Now operating within SentinelOne, Prompt Security is focused on extending AI security across the entire platform, integrating runtime protection, visibility, and policy enforcement into existing cybersecurity workflows. The goal is to make AI itself a part of the defense fabric, not just something to protect.
The acquisition wave continues, with Palo Alto Networks paying $700 million for Protect AI, Tenable acquiring Apex for $100 million, and Cisco buying Robust Intelligence for $500 million. The message is clear: the companies that survive the next wave of AI-enabled attacks will be those that embedded security into their AI adoption strategy from the beginning.
