VentureBeat not too long ago sat down (just about) with Itamar Golan, co-founder and CEO of Prompt Security, to chat via the GenAI safety challenges organizations of all sizes face.
We talked about shadow AI sprawl, the strategic choices that led Golan to pursue constructing a market-leading platform versus competing on options, and a real-world incident that crystallized why defending AI functions is not non-compulsory anymore. Golan offered an unvarnished view of the firm’s mission to empower enterprises to undertake AI securely, and the way that imaginative and prescient led to SentinelOne’s estimated $250 million acquisition in August 2025.
Golan’s path to founding Immediate Safety started with educational work on transformer architectures, nicely before they turned foundational to as we speak’s massive language fashions. His expertise constructing one in all the earliest GenAI-powered safety features utilizing GPT-2 and GPT-3 satisfied him that LLM-driven functions had been creating a completely new assault floor. He based Immediate Safety in August 2023, raised $23 million throughout two rounds, constructed a 50-person workforce, and achieved a profitable exit in underneath two years.
The timing of our dialog couldn’t be higher. VentureBeat evaluation exhibits shadow AI now prices enterprises $4.63 million per breach, 16% above common, but 97% of breached organizations lack primary AI entry controls, in accordance to IBM’s 2025 data. VentureBeat estimates that shadow AI apps may double by mid-2026 primarily based on present 5% month-to-month progress charges. Cyberhaven knowledge reveals 73.8% of ChatGPT office accounts are unauthorized, and enterprise AI utilization has grown 61x in simply 24 months. As Golan advised VentureBeat in earlier protection, “We see 50 new AI apps a day, and we have already cataloged over 12,000. Round 40% of those default to coaching on any knowledge you feed them, that means your mental property can change into a part of their fashions.”
The next has been edited for readability and size.
VentureBeat: What made you acknowledge that GenAI safety wanted a devoted firm when most enterprises had been nonetheless determining how to deploy their first LLMs? Was there a particular second, buyer dialog, or assault sample you noticed that satisfied you this was a fundable, venture-scale alternative?
Itamar Golan: From an early age, I used to be drawn to arithmetic, knowledge, and the rising world of synthetic intelligence. That curiosity formed my educational path, culminating in a examine on transformer architectures, nicely before they turned foundational to as we speak’s massive language fashions. My ardour for AI additionally guided my early profession as an information scientist, the place my work more and more intersected with cybersecurity.
The whole lot accelerated with the launch of the first OpenAI API. Round that point, as a part of my earlier job, I teamed up with Lior Drihem, who would later change into my co-founder and Immediate Safety’s CTO. Collectively, we constructed one in all the earliest safety features powered by generative AI, utilizing GPT-2 and GPT-3 to generate contextual, actionable remediation steps for safety alerts. This decreased the time safety groups wanted to perceive and resolve points.
That have made it clear that functions powered by GPT-like fashions had been opening a completely new and weak assault floor. Recognizing this shift, we based Immediate Safety in August 2023 to deal with these rising dangers. Our purpose was to empower organizations to journey this wave of innovation and unleash the potential of AI with out it changing into a safety and governance nightmare.
Immediate Safety turned recognized for immediate injection protection, however you had been fixing a broader set of GenAI safety challenges. Stroll me via the full scope of what the platform addressed: knowledge leakage, mannequin governance, compliance, crimson teaming, no matter else. What capabilities ended up resonating most with clients which will have stunned you?
From the starting, we designed Immediate Safety to cowl a broad vary of use circumstances. Focusing solely on worker monitoring or prompt-injection safety for inner AI functions was by no means sufficient. To actually give safety groups the confidence to undertake AI safely, we would have liked to shield each touchpoint throughout the group, and do all of it at runtime.
For a lot of clients, the actual turning level was discovering simply what number of AI instruments their workers had been already utilizing. Early on, corporations usually discovered not simply ChatGPT however dozens of unmanaged AI companies in lively use utterly exterior IT’s visibility. That made shadow AI discovery a vital a part of our resolution.
Equally vital was real-time sensitive-data sanitization. As a substitute of blocking AI instruments outright, we enabled workers to use them safely by routinely eradicating delicate information from prompts before it ever reached an external mannequin. It struck the stability organizations wanted: sturdy safety with out sacrificing productiveness. Workers may maintain working with AI, whereas safety groups knew that no delicate knowledge was leaking out.
What stunned many purchasers was how enabling secure utilization — fairly than limiting it — drove quicker adoption and belief. As soon as they noticed AI as a managed, safe channel as an alternative of a forbidden one, utilization exploded responsibly.
You constructed Immediate Safety right into a market chief. What had been the two to three strategic choices that truly accelerated your progress? Was it focusing on a particular vertical?
Trying again, the actual acceleration did not come from luck or timing: It got here from a couple of deliberate selections I made early. These selections had been uncomfortable, costly, and slowed us down in the brief time period, however they created large leverage over time.
First, I selected to construct a class, not a function. From day one, I refused to place Immediate Safety as “simply” safety in opposition to immediate injection or knowledge leakage, as a result of I noticed that as a useless finish.
As a substitute, I framed Immediate as the AI safety management layer for the enterprise, the platform that governs how people, brokers, and functions work together with LLMs. That call was elementary, permitting us to create a price range as an alternative of preventing for it, sit at the CISO desk as a strategic layer fairly than a device, and construct platform-level pricing and long-term relevance as an alternative of a slim level resolution. I wasn’t attempting to win a function race; I used to be constructing a brand new class.
Second, I selected enterprise complexity before it was comfy. Whereas most startups keep away from complexity till they’re pressured into it, I did the reverse: I constructed for enterprise deployment fashions early, together with self-hosted and hybrid; coated actual enterprise surfaces like browsers, IDEs, inner instruments, MCPs, and agentic workflows; and accepted longer cycles and extra complicated engineering in alternate for credibility. It wasn’t the best route, nevertheless it gave us one thing opponents could not faux: enterprise readiness before the market even knew it could want it.
Third, I selected depth over logos. Reasonably than chasing quantity or vainness metrics, I went deep with a smaller variety of very critical clients, embedding ourselves into how they rolled out AI internally, how they considered threat, coverage, and governance, and the way they deliberate long-term AI adoption. These clients did not simply purchase the product: they formed it. That created a product that mirrored enterprise actuality, produced proof factors that moved boardrooms and not simply safety groups, and constructed a degree of defensibility that got here from entrenchment fairly than advertising.
You had been educating the market on threats most CISOs hadn’t even thought-about but. How did your positioning and messaging evolve from 12 months one to the acquisition?
In the early days, we had been educating a market that was nonetheless attempting to perceive whether or not AI adoption prolonged past a couple of workers utilizing ChatGPT for productiveness. Our positioning targeted closely on consciousness, displaying CISOs that AI utilization was already sprawling throughout their organizations and that this created actual, fast dangers they hadn’t accounted for.
I wasn’t attempting to win a function race; I used to be constructing a brand new class.
As the market matured, our messaging shifted from “this is occurring” to “this is the way you keep forward.” CISOs now absolutely acknowledge the scale of AI sprawl and know that easy URL filtering or primary controls will not suffice. As a substitute of debating the downside, they’re in search of a manner to allow secure AI use with out the operational burden of monitoring each new device, web site, copilot, or AI agent workers uncover.
By the time of the acquisition, our positioning centered on being the secure enabler: an answer that delivers visibility, safety, and governance at the pace of AI innovation.
Our analysis exhibits that enterprises are struggling to get approvals from senior administration to deploy GenAI safety instruments. How are safety departments persuading their C-level executives to transfer ahead?
Probably the most profitable CISOs are framing GenAI safety as a pure extension of current knowledge safety mandates, not an experimental price range line. They place it as defending the similar belongings, company knowledge, IP, and consumer belief, in a brand new, quickly rising channel.
What’s the most critical GenAI safety incident or near-miss you encountered whereas constructing Immediate Safety that basically drove dwelling how vital these protections are? How did that incident form your product roadmap or go-to-market method?
The second that crystallized every little thing for me occurred with a big, extremely regulated firm that launched a customer-facing GenAI help agent. This wasn’t a sloppy experiment. They’d every little thing the safety textbooks suggest: WAF, CSPM, shift-left, common crimson teaming, a safe SDLC, the works. On paper, they had been doing every little thing proper.
What they did not absolutely account for was that the AI agent itself had change into a brand new, uncovered assault floor. Inside weeks of launch, a non-technical consumer found that by rigorously crafting the proper dialog movement (not code, not exploits, simply pure language) they may prompt-inject the agent into revealing information from different clients’ help tickets and inner case summaries. It wasn’t a nation-state attacker. It wasn’t somebody with superior abilities. It was basically a curious consumer with time and creativity. And but, via that single conversational interface, they managed to entry a few of the most delicate buyer knowledge the firm holds.
It was each fascinating and terrifying: realizing how creativity alone may change into an exploit vector.
That was the second I really understood what GenAI modifications about the menace mannequin. AI would not simply introduce new dangers, it democratizes them. It makes methods hackable by individuals who by no means had the talent set before, compresses the time it takes to uncover exploits, and massively expands the injury radius as soon as one thing breaks. That incident validated our authentic method, and it pushed us to double down on defending AI functions, not simply inner use. We accelerated work round:
• Runtime safety for customer-facing AI apps
• Immediate injection and context manipulation detection
• Cross-tenant knowledge leakage prevention at the mannequin interplay layer
It additionally reshaped our go-to-market. As a substitute of solely speaking about inner AI governance, we started displaying safety leaders how GenAI turns their customer-facing surfaces into high-risk, high-exposure belongings in a single day.
What’s your function and focus now that you simply’re a part of SentinelOne? How has working inside a bigger platform firm modified what you are ready to construct in contrast to operating an unbiased startup? What obtained simpler, and what obtained more durable?
The main focus now is on extending AI safety throughout the complete platform, bringing runtime GenAI safety, visibility, and coverage enforcement into the similar ecosystem that already secures endpoints, identities, and cloud workloads. The mission hasn’t modified; the attain has.
Finally, we’re constructing towards a future the place AI itself turns into a part of the protection cloth: not simply one thing to safe, however one thing that secures you.
The larger image
M&A exercise continues to speed up for GenAI startups which have confirmed they will scale to enterprise-level safety with out sacrificing accuracy or pace. Palo Alto Networks paid $700 million for Protect AI. Tenable acquired Apex for $100 million. Cisco purchased Strong Intelligence for a reported $500 million. As Golan famous, the corporations that survive the subsequent wave of AI-enabled assaults might be people who embedded safety into their AI adoption technique from the starting.
Submit-acquisition, Immediate Safety’s capabilities will lengthen throughout SentinelOne’s Singularity Platform, together with MCP gateway security between AI functions and greater than 13,000 recognized MCP servers. Immediate Safety is additionally delivering model-agnostic protection throughout all main LLM suppliers, together with OpenAI, Anthropic, and Google, in addition to self-hosted or on-prem fashions as a part of the firm’s integration into the Singularity Platform.
Disclaimer: This article is sourced from external platforms. OverBeta has not independently verified the information. Readers are advised to verify details before relying on them.
