VentureBeat recently had a virtual chat with Itamar Golan, the CEO and co-founder of Prompt Security, to discuss the challenges that organizations face with GenAI security. Golan shared insights on shadow AI sprawl, the strategic decisions that led to Prompt Security becoming a market leader, and a real-world incident that emphasized the importance of protecting AI applications. This conversation shed light on the company’s mission to empower enterprises to adopt AI securely, ultimately leading to SentinelOne’s acquisition of Prompt Security in August 2025.
Golan’s journey to founding Prompt Security began with his academic work on transformer architectures, which laid the foundation for today’s large language models. His experience in building GenAI-powered security features using GPT-2 and GPT-3 highlighted the new attack surface created by LLM-driven applications. Prompt Security was established in August 2023, secured $23 million in funding, built a team of 50 employees, and achieved a successful exit in under two years.
The timing of the conversation was crucial, as shadow AI now costs enterprises $4.63 million per breach, with 97% of breached organizations lacking basic AI access controls. The proliferation of shadow AI apps is expected to double by mid-2026, with enterprise AI usage increasing significantly. Golan emphasized the importance of securing AI applications to protect intellectual property from being incorporated into models.
Prompt Security’s platform addressed a wide range of GenAI security challenges, including data leakage, model governance, compliance, and red teaming. The platform resonated with customers by providing solutions for shadow AI discovery and real-time data sanitization, enabling safe AI usage without compromising productivity.
The success of Prompt Security as a market leader was attributed to strategic decisions made early on. By focusing on building a new category rather than competing on features, addressing enterprise complexity, and deepening relationships with key customers, Prompt Security gained a competitive edge in the market.
As the market evolved, Prompt Security’s positioning and messaging shifted from raising awareness about AI risks to providing solutions that enable safe AI adoption. CISOs are now looking for ways to secure AI applications without impeding innovation.
One significant incident highlighted the critical need for GenAI security when a customer-facing AI support agent was exploited to access sensitive data. This incident shaped Prompt Security’s product roadmap, leading to enhancements in runtime protection, prompt injection detection, and data leakage prevention.
Following the acquisition by SentinelOne, Prompt Security’s focus is on extending AI security across the entire platform, integrating GenAI protection with endpoint, identity, and cloud security solutions. The goal is to create a future where AI itself becomes part of the defense strategy.
In conclusion, M&A activity in the GenAI security space is on the rise, with companies investing in startups that can scale their security solutions to enterprise levels. The integration of Prompt Security’s capabilities into SentinelOne’s platform will enhance MCP gateway security and provide model-agnostic coverage across various LLM providers.
Overall, the journey of Prompt Security from its inception to acquisition by SentinelOne showcases the importance of embedding security into AI adoption strategies to mitigate the risks posed by evolving AI threats.