AI Security Startups Map

// Including acquired ones, excluding stealth
228vendors

Loading vendors...

Acquisition Wave

Every acquired vendor on the map, plotted on a timeline and connected to the acquirer. The consolidators stand out fast: PAN, Check Point, and Cyera each picked up three companies inside an 18-month window.

Category Cross-Plot

Pick two categories. See who covers just one, who covers both, and where the platforms are converging. The center column is where the multi-category plays live.

Where They Run

Sensor topology — where each vendor's enforcement actually lives. Browser, Endpoint, Network, and Sandbox are physical-layer plays. Everything else governs at the application or API layer. A vendor can appear in multiple lanes.

Platform Ranking

Top 20 vendors by category coverage. The bar length is the number of categories the vendor claims. This is a coverage metric, not a quality metric — broad isn't always better, but it shows who's positioning as a platform.

Capital Flow

Disclosed venture funding across the landscape, split by category or by country. Category totals split each vendor's raise evenly across the categories it claims, so a multi-category platform spreads its capital across lanes.

Growth Curve

New vendors founded each year, with the cumulative count layered on top. The category went from a trickle to a flood: the 2023–2025 window is where most of today's landscape was born.

Global Map

Where the vendors are headquartered. Bubble size scales with the number of companies or disclosed funding in each country — toggle between the two. The center of gravity is unmistakable: the US and Israel dominate, with a long tail across Europe and APAC.

The landscape by the numbers

Live figures computed from the dataset behind this map. Funding reflects disclosed rounds compiled from public announcements.

What are you trying to secure?

Describe your AI security need in plain language and I'll point you to the vendors that cover it. Not sure where to start? Pick a prompt below.

The AI security landscape at a glance

As of , the AI Security Startups Map tracks 294 companies building security for agentic AI across 14 categories and 24 countries. Together they have raised roughly $7.5B in disclosed funding.

294AI security vendors tracked
14functional categories
24countries represented
$7.5Bin disclosed funding
60%founded in 2023–2025
27acquired companies
75%of companies are US or Israel based
95%of funding raised by US & Israel companies

The largest category is Observability & Governance (184 vendors). The landscape is concentrated in USA (163, 55%), Israel (57, 19%), UK (17, 6%) — the USA and Israel alone account for 75% of the companies and roughly 95% of all disclosed funding. 177 of 294 vendors (60%) were founded between 2023 and 2025 — 2024 was the busiest year with 61 new companies — and 27 have already been acquired, led by Check Point (3), PAN (3), Cyera (3).

“Securing agentic AI is fundamentally different from securing traditional software. Agents act autonomously, call tools, and reason over untrusted input — which means prompt injection, identity, and runtime behavior have to be governed in real time, not just at the perimeter.”

— Prompt Security, curators of the AI Security Startups Map

What counts as AI security

AI security — specifically agentic AI security — is the practice of protecting autonomous AI agents, large language model (LLM) applications, and the infrastructure they depend on. Unlike traditional application security, which guards code and networks, AI security has to govern systems that reason over untrusted input, call external tools, and take actions on a user's behalf. That shifts the threat model: the attack surface is the model's behavior itself, not just its hosting environment.

The vendors in this map address that surface across 14 categories of control:

  • Runtime & Guardrails — inline inspection at inference time that blocks prompt injection, jailbreaks, data exfiltration, and unauthorized tool calls before they reach the model.
  • Agentic Identity — verifiable, scoped, revocable identities for agents and non-human workloads, brokering least-privilege access to tools, APIs, and data.
  • MCP & LLM Gateways — a protocol-layer control plane in front of models and Model Context Protocol servers that enforces per-request auth, scope, and tool-call inspection.
  • AI Red Teaming — automated and human-in-the-loop adversarial testing that probes agents, models, and infrastructure for unsafe outputs and bypasses before attackers do.
  • Observability & Governance — continuous discovery, behavioral profiling, audit trails, and policy enforcement to keep the agent fleet visible and accountable.
  • AI-SPM — posture management for agents, models, datasets, and pipelines across cloud and SaaS; maps dependencies and surfaces misconfigurations before runtime exploitation.
  • Agentic Data Governance — governs what data agents can read, write, and surface; detects oversharing and enforces need-to-know access at inference time.
  • Model Security — supply-chain scanning of model files for backdoors, malware, and poisoning, plus runtime protection against adversarial inputs and integrity drift.
  • Agentic Network Security — network-layer visibility for AI traffic that bypasses firewalls and SASE; decodes prompt/response flows and blocks shadow AI usage.
  • Agentic Endpoint Security — EDR for AI agents on developer and employee endpoints; sensors intercept agent actions before execution and surface shadow agents fleet-wide.
  • Agentic Code Security — shift-left security for AI-generated code and coding agents (Cursor, Claude Code, Copilot) before insecure code ships to production.
  • Agentic Browser Security — browser-layer DLP and per-action policy for GenAI usage inside the browser, where most employee AI activity lives.
  • Agentic SSPM — secures AI agents and copilots inside SaaS apps and citizen-developer platforms; governs OAuth-connected AI and contains SaaS-to-SaaS propagation.
  • Sandboxing & Secure Envs — isolated container, microVM, and syscall-level environments that contain blast radius when AI-generated code or agent actions go off-script.

How to use this map

The map is built for security architects, AI platform teams, investors, and researchers comparing the agentic-AI security market. A few practical entry points:

  • Scoping a build-vs-buy decision? Filter by category to see who already ships the control you're considering, then compare deployment models (proxy, SDK, API, browser, agent) under each vendor's record.
  • Mapping coverage against a framework? Each category is aligned to the OWASP Top 10 for LLM Applications, the NIST AI RMF, and MITRE ATLAS, so you can trace a vendor back to the risk it addresses.
  • Tracking the market? Use the funding, founding-year, and acquisition fields to see where capital and consolidation are concentrated.
  • Feeding an AI agent? The full dataset is open and machine-readable via llms.txt, a JSON API, and an MCP server.

Frequently asked questions

How many AI security startups are there?

The AI Security Startups Map tracks 294 companies building security for agentic AI, organized across 14 functional categories and spanning 24 countries. The directory includes acquired companies whose products still ship and excludes stealth-mode startups.

What are the main categories of AI security vendors?

Vendors are grouped into 14 categories. The largest is Observability & Governance with 184 vendors, followed by Runtime & Guardrails (154) and MCP & LLM Gateways (65). Other categories include AI red teaming, MCP & LLM gateways, agentic identity, model security, and AI-SPM.

Where are AI security companies based?

The 294 vendors are headquartered across 24 countries. The top three by company count are USA (163), Israel (57), UK (17). The United States and Israel together account for the majority of the landscape.

How much funding have AI security startups raised?

Across the 214 vendors with publicly disclosed funding, the landscape has raised roughly $7.5B in total. Funding figures reflect disclosed rounds compiled from public announcements.

When were most AI security startups founded?

Founding activity is heavily concentrated in recent years: 177 of the 294 vendors (60%) were founded between 2023 and 2025, with 2024 the single busiest year at 61 new companies. The category went from a trickle before 2021 to a flood after the generative-AI inflection.

Which companies are acquiring AI security startups?

27 vendors on the map have been acquired. The most active consolidators are Check Point (3), PAN (3), Cyera (3), each having picked up multiple companies as larger security platforms move to cover agentic AI.

What is agentic AI security?

Agentic AI security is the practice of securing autonomous AI agents, LLM applications, and the infrastructure around them — including runtime guardrails against prompt injection, identity and access control for non-human agents, MCP/LLM gateways, AI red teaming, and observability and governance over agent behavior.

How can I access this data programmatically?

The full dataset is open and machine-readable. It is available as JSON at /api/vendors and /api/categories, as plain text for LLMs at /llms.txt and /llms-full.txt, and as a Model Context Protocol (MCP) server at /mcp for live querying by AI agents.

Authoritative sources & frameworks

This landscape is mapped against widely used industry frameworks for AI and LLM security:

About the curator

This map is curated and maintained by Prompt Security, an enterprise platform for securing generative and agentic AI. Prompt Security builds runtime guardrails, prompt-injection defense, AI red teaming, and governance across the AI stack, and works daily with security teams running AI agents in production — the same domain this directory catalogs. Read the full methodology, scope, and inclusion criteria.

Questions, corrections, or a startup to add? Contact Prompt Security, or connect on LinkedIn and X.

Published · Last updated .