{ "schema_version": 2, "generated": "2026-06-13T05:12:14.094Z", "count": 137, "products": [ { "slug": "1password-unified-access", "schema_version": 2, "name": "1Password Unified Access", "vendor": "1Password", "url": "https://1password.com/product/unified-access", "primary_asset": "ai-agent-identities", "description": "1Password Unified Access: Discovers AI tools, agents, and exposed credentials across endpoints, then vaults and governs the secrets that human, agent, and machine identities use.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "identify", "protect" ], "maturity": "primary", "note": "Discovers shadow AI usage, local agents, and exposed credentials such as unencrypted SSH keys and plaintext .env files across endpoints and browsers, maps AI usage to users and devices, and vaults and governs human, agent, and machine credentials under shared policy controls.", "origin": "reviewed" } ] }, { "slug": "adversa-ai", "schema_version": 2, "name": "Adversa AI", "vendor": "Adversa AI", "url": "https://adversa.ai/ai-red-teaming-agentic-ai/", "primary_asset": "ai-orchestration-tools", "description": "Adversa AI: Continuous AI red teaming platform for custom AI agents that tests for vulnerability classes across agents, models, and MCP, re-scanning on every model, prompt, or tool update.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-orchestration-tools", "functions": [ "detect" ], "maturity": "primary", "note": "Continuous red teaming engineered for proprietary AI agents, covering more than 60 vulnerability classes across the agent, model, and MCP layers, with re-scans triggered by every model, prompt, or tool update and remediation playbooks in real time.", "origin": "reviewed" }, { "asset": "ai-model", "functions": [ "detect" ], "maturity": "secondary", "note": "Autonomous red teaming campaigns cover the OWASP LLM and agentic AI Top 10 lists and run on every model update and prompt change.", "origin": "reviewed" } ] }, { "slug": "aembit", "schema_version": 2, "name": "Aembit", "vendor": "Aembit", "url": "https://aembit.io/iam-for-agentic-ai/", "primary_asset": "ai-agent-identities", "description": "Identity and access management for AI agents that issues OAuth 2.1 tokens, enforces policy on every MCP request, and brokers credentials so agents reach MCP servers and resources without secrets.", "deployment": [ "saas", "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "identify", "protect" ], "maturity": "primary", "note": "Issues OAuth 2.1 tokens to AI agents, enforces access policy on every MCP request, and brokers credentials so agents never hold them, with visibility into every access attempt.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "protect" ], "maturity": "secondary", "note": "Gates and brokers agent access to custom and third-party MCP servers and the enterprise systems behind them.", "origin": "reviewed" } ] }, { "slug": "agent-governance-toolkit", "schema_version": 2, "name": "Agent Governance Toolkit", "vendor": "Microsoft", "url": "https://github.com/microsoft/agent-governance-toolkit", "primary_asset": "ai-orchestration-tools", "description": "Agent Governance Toolkit: Open-source Microsoft project enforcing runtime policy on autonomous agent actions, with zero-trust agent identity, MCP gateway checks, and tamper-evident audit logs.", "deployment": [ "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-orchestration-tools", "functions": [ "govern", "protect", "detect", "respond" ], "maturity": "primary", "note": "The policy engine evaluates every governed agent tool call against YAML, OPA, or Cedar rules with fail-closed deny and approval workflows; the MCP Security Gateway detects tool poisoning, drift, and hidden instructions, with privilege rings, a kill switch, and Merkle audit logs.", "origin": "reviewed" }, { "asset": "ai-agent-identities", "functions": [ "identify", "protect" ], "maturity": "secondary", "note": "The AgentMesh identity layer issues agent credentials over SPIFFE, DID, and mTLS with trust scoring and delegation chains, and Shadow AI Discovery locates unregistered agents across processes, configs, and repositories.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "detect" ], "maturity": "adjacent", "note": "The PromptDefense evaluator and the agt red-team scan command audit prompt files for injection across twelve vectors as an offline check rather than an inline guardrail.", "origin": "reviewed" } ] }, { "slug": "aim-security", "schema_version": 2, "name": "Aim Security", "vendor": "Aim Security", "url": "https://www.catonetworks.com/platform/ai-security-for-applications/", "primary_asset": "runtime-ai-data", "description": "Aim Security: AI security platform that secures employee use of public AI applications, shields private AI apps and agents with an AI firewall, and covers the AI development lifecycle with AI-SPM.", "deployment": [ "saas" ], "status": "acquired", "compliance_attestations": null, "acquirer": "Cato Networks", "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "identify", "protect", "detect" ], "maturity": "primary", "note": "Discovers shadow AI usage and monitors and protects end-user interactions with public AI applications and agents, while the Aim AI Firewall secures internal AI applications and agents against runtime attacks and enforces policy on interactions between users, agents, and models.", "origin": "reviewed" }, { "asset": "ai-model", "functions": [ "identify" ], "maturity": "secondary", "note": "AI security posture management covers the AI development lifecycle, from training ML models to building custom AI agents, with continuous discovery.", "origin": "reviewed" } ] }, { "slug": "aishield", "schema_version": 2, "name": "AIShield", "vendor": "Bosch", "url": "https://www.boschaishield.com/", "primary_asset": "ai-model", "description": "AIShield: Bosch product line pairing AISpectra model vulnerability scanning and red teaming with Guardian runtime guardrails and an ML firewall for GenAI and ML apps.", "deployment": [ "saas", "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "identify", "detect", "protect" ], "maturity": "primary", "note": "AISpectra discovers models and notebooks across cloud platforms and CI/CD pipelines and runs vulnerability assessments and red teaming against ML models and LLMs; Guardian ML Firewall shields deployed models from extraction, evasion, and poisoning attempts with real-time intrusion detection.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Guardian GenAI Guardrails screen LLM inputs and outputs in real time, mitigating prompt injection, jailbreaks, and sensitive data exposure with content filtering and PII anonymization.", "origin": "reviewed" } ] }, { "slug": "akamai-firewall-for-ai", "schema_version": 2, "name": "Akamai Firewall for AI", "vendor": "Akamai", "url": "https://www.akamai.com/products/firewall-for-ai", "primary_asset": "runtime-ai-data", "description": "Akamai Firewall for AI: Inspects LLM prompts and responses at the edge or via API, blocking prompt injection, toxic output, and sensitive data exposure.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Applies guardrails to both inputs and outputs, detecting and blocking prompt injection, jailbreaks, and harmful queries in real time while filtering model responses for toxic content and sensitive data leakage.", "origin": "reviewed" }, { "asset": "ai-model", "functions": [ "protect" ], "maturity": "secondary", "note": "Detects and blocks unauthorized queries and large-scale data scraping attempts that aim to extract proprietary model knowledge, mitigating model theft and data exfiltration.", "origin": "reviewed" } ] }, { "slug": "akeyless", "schema_version": 2, "name": "Akeyless", "vendor": "Akeyless", "url": "https://www.akeyless.io", "primary_asset": "ai-agent-identities", "description": "Identity security platform for machines and AI agents that issues just-in-time, vaultless secrets and certificates so agents authenticate without hardcoded credentials and act under runtime control.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "identify", "protect" ], "maturity": "primary", "note": "Secures AI agents as non-human identities with vaultless, just-in-time secrets and certificates, removing hardcoded credentials and tracking agent access at runtime.", "origin": "reviewed" } ] }, { "slug": "alation", "schema_version": 2, "name": "Alation", "vendor": "Alation", "url": "https://www.alation.com/solutions/artificial-intelligence/", "primary_asset": "ai-model", "description": "Data intelligence platform with AI governance that inventories AI models, agents, and tools, traces their data lineage, and curates trusted, compliant data for AI development.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "identify", "govern" ], "maturity": "primary", "note": "Documents and governs AI models with model cards, end-to-end AI lineage, and centralized compliance for auditability.", "origin": "reviewed" }, { "asset": "training-data", "functions": [ "identify" ], "maturity": "secondary", "note": "Discovers, tags, and quality-flags the data feeding AI models so teams can validate it before training.", "origin": "reviewed" } ] }, { "slug": "aqua-secure-ai", "schema_version": 2, "name": "Aqua Secure AI", "vendor": "Aqua Security", "url": "https://www.aquasec.com/solutions/ai-application-security/", "primary_asset": "ai-workload-platforms", "description": "Aqua Secure AI: Lifecycle protection for AI apps in the Aqua Platform, spanning code scanning, AI service posture checks, runtime threat detection, and prompt defense for cloud native workloads.", "deployment": [ "saas", "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-workload-platforms", "functions": [ "identify", "protect", "detect" ], "maturity": "primary", "note": "Runtime detection and response for AI threats identifies unsafe AI usage, detects suspicious activity, and stops malicious activity in cloud native AI workloads without code changes; AI-SPM configuration checks assess the posture of cloud-based AI services.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "Prompt-level runtime protection detects prompt injection, jailbreaks, and risky model behavior, enforcing policy in real time and blocking post-compromise activity without additional agents, code changes, or SDKs.", "origin": "reviewed" }, { "asset": "ai-model", "functions": [ "identify" ], "maturity": "secondary", "note": "Discovers which AI models, platforms, and versions are running, where they are used, and whether usage aligns with policy, monitoring in real time at the application layer across SaaS, managed, and self-hosted AI workloads.", "origin": "reviewed" } ] }, { "slug": "arize", "schema_version": 2, "name": "Arize", "vendor": "Arize AI", "url": "https://arize.com", "primary_asset": "runtime-ai-data", "description": "AI observability and evaluation platform with run-time guardrails that screen LLM inputs and outputs, blocking jailbreaks, prompt injection, and PII while flagging hallucinated or unsafe responses.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Run-time guardrails screen LLM inputs and outputs, blocking jailbreaks, prompt injection, and PII and correcting toxic or hallucinated responses.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "detect" ], "maturity": "secondary", "note": "Evaluations score LLM and agent application outputs in production to flag hallucinations, low quality, and unsafe responses.", "origin": "reviewed" } ] }, { "slug": "arthur", "schema_version": 2, "name": "Arthur", "vendor": "Arthur AI", "url": "https://www.arthur.ai/", "primary_asset": "runtime-ai-data", "description": "AI lifecycle platform with built-in guardrails that screen AI interactions for misuse, off-brand content, and unsafe prompts and responses, plus monitoring for models and agents.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Built-in guardrails screen AI interactions to protect applications against misuse, off-brand content, and unsafe prompts and responses.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify", "detect" ], "maturity": "secondary", "note": "Monitors models and agent applications across the AI lifecycle, surfacing performance and reliability issues.", "origin": "reviewed" } ] }, { "slug": "asenion", "schema_version": 2, "name": "Asenion", "vendor": "Asenion", "url": "https://asenion.ai", "primary_asset": "ai-model", "description": "Asenion: AI trust, risk, and security management platform that continuously assesses, tests, and governs AI models and agents against the EU AI Act, ISO/IEC 42001, and NIST AI RMF.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "govern" ], "maturity": "primary", "note": "Continuously assesses and governs AI models for risk and regulatory compliance across the lifecycle, with automated controls mapped to the EU AI Act, ISO/IEC 42001, and NIST AI RMF.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "govern" ], "maturity": "secondary", "note": "Extends the same assessment and governance controls to AI systems and agents at the application and orchestration layer.", "origin": "reviewed" } ] }, { "slug": "astrix", "schema_version": 2, "name": "Astrix", "vendor": "Astrix Security", "url": "https://astrix.security", "primary_asset": "ai-agent-identities", "description": "Identity security platform that discovers, secures, and governs AI agents and non-human identities, with posture management and non-human ITDR.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-07", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "identify", "protect", "detect", "respond" ], "maturity": "primary", "note": "Agentless discovery and inventory of agents and non-human identities, posture and lifecycle management, and non-human ITDR for detection and response.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "identify", "detect" ], "maturity": "secondary", "note": "Discovers and monitors secrets and credentials inside and outside vaults that agents and non-human identities use at runtime.", "origin": "reviewed" } ] }, { "slug": "aurascape", "schema_version": 2, "name": "Aurascape", "vendor": "Aurascape", "url": "https://aurascape.ai/", "primary_asset": "runtime-ai-data", "description": "Aurascape: AI security platform that discovers AI apps and agents, inspects prompts and responses inline, and applies data protection and threat prevention policies to enterprise AI activity.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Inspects full prompts and responses inline, classifies and fingerprints sensitive data in real time, and blocks risky activity. Detects phishing, social engineering, and malicious code generation in AI responses before they reach users.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify", "protect" ], "maturity": "secondary", "note": "Discovers sanctioned and unsanctioned AI apps, copilots, and agents with risk scoring. Maps MCP servers and tool connections, tests agents for prompt injection and data leakage before production, and enforces runtime guardrails and MCP gateway controls on tool use.", "origin": "reviewed" } ] }, { "slug": "auth0-for-ai-agents", "schema_version": 2, "name": "Auth0 for AI Agents", "vendor": "Okta", "url": "https://auth0.com/ai", "primary_asset": "ai-agent-identities", "description": "Auth0 for AI Agents: Identity and access for AI agents, with dedicated agent identities, a Token Vault for third-party API tokens, async user authorization, and fine-grained authorization for RAG.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "protect" ], "maturity": "primary", "note": "Gives AI agents dedicated identities and brokered access. A Token Vault stores and refreshes third-party API tokens, asynchronous authorization gets user approval for agent actions, and fine-grained authorization (Auth0 FGA) limits what RAG retrieval can reach.", "origin": "reviewed" } ] }, { "slug": "autonomous-security", "schema_version": 2, "name": "Autonomous Security", "vendor": "Autonomous Security", "url": "https://a16y.ai/", "primary_asset": "ai-orchestration-tools", "description": "Autonomous Security: Secures AI agents at the endpoint with an MCP gateway, a vetted MCP catalog, sandboxed MCP hosting, and a centralized token vault.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-orchestration-tools", "functions": [ "govern", "identify", "protect", "detect" ], "maturity": "primary", "note": "Discovers installed agents and MCP servers across workstations, hosts MCP servers in sandboxed cloud workspaces backed by a vetted pre-scanned catalog, intercepts MCP traffic to block prompt injection and rogue MCP servers, and enforces centralized runtime policies with audit trails.", "origin": "reviewed" }, { "asset": "ai-agent-identities", "functions": [ "protect" ], "maturity": "secondary", "note": "A centralized token vault stores the credentials that agents and MCP connections use, moving secrets out of local files and environment variables on developer machines.", "origin": "reviewed" } ] }, { "slug": "aws-bedrock-guardrails", "schema_version": 2, "name": "AWS Bedrock Guardrails", "vendor": "Amazon Web Services", "url": "https://aws.amazon.com/bedrock/guardrails/", "primary_asset": "runtime-ai-data", "description": "Configurable safety layer for generative AI applications that filters harmful content, detects prompt-injection attacks, redacts PII, blocks denied topics, and flags ungrounded responses.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Inspects prompts and model responses to filter harmful content, prompt attacks, PII, and ungrounded output.", "origin": "reviewed" } ] }, { "slug": "azure-ai-content-safety", "schema_version": 2, "name": "Azure AI Content Safety", "vendor": "Microsoft", "url": "https://azure.microsoft.com/en-us/products/ai-services/ai-content-safety", "primary_asset": "runtime-ai-data", "description": "Microsoft content-safety service for generative AI that uses Prompt Shields to detect and block jailbreaks and indirect prompt injection, and filters prompts and responses across harm categories.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Prompt Shields detects and blocks user-prompt jailbreaks and indirect (cross-prompt) injection in prompts and grounding documents in real time, and content filters screen prompts and responses for harmful content.", "origin": "reviewed" } ] }, { "slug": "backslash-security", "schema_version": 2, "name": "Backslash Security", "vendor": "Backslash Security", "url": "https://www.backslash.security/", "primary_asset": "ai-generated-code", "description": "Backslash Security: Secures AI coding agents on developer workstations with MCP server vetting, vibe coding guardrails, and real-time monitoring of agentic activity.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-generated-code", "functions": [ "protect", "detect", "govern" ], "maturity": "primary", "note": "Centralized guardrails on developer workstations restrict unapproved models, private accounts, and unsafe configurations for AI coding agents, with real-time detection of prompt injection, data exfiltration, and anomalous agent behavior in vibe coding workflows.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify", "protect" ], "maturity": "primary", "note": "Vets, allowlists, and monitors MCP servers at the tool level, blocking unsafe or malicious components; a visibility graph inventories agents, MCPs, skills, hooks, and plugins, and the public MCP Server Security Hub maintains a risk database covering tens of thousands of MCP servers.", "origin": "reviewed" } ] }, { "slug": "bigid", "schema_version": 2, "name": "BigID", "vendor": "BigID", "url": "https://bigid.com/", "primary_asset": "training-data", "description": "Enterprise data security platform that discovers and classifies sensitive data, finds shadow AI, secures the data pipeline for AI training, and governs AI access and risk.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "training-data", "functions": [ "identify", "protect" ], "maturity": "primary", "note": "Discovers and classifies sensitive data across many sources, finds shadow AI and unauthorized data use, and cleanses and secures the data pipeline that feeds AI training.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "Governs employee AI access by labeling data, applying guardrails, intercepting risky prompts, and enforcing role-based access.", "origin": "reviewed" }, { "asset": "ai-model", "functions": [ "identify", "detect" ], "maturity": "secondary", "note": "AI security posture management assesses AI risk and flags model and agent vulnerabilities and unusual access.", "origin": "reviewed" } ] }, { "slug": "black-duck-signal", "schema_version": 2, "name": "Black Duck Signal", "vendor": "Black Duck", "url": "https://www.blackduck.com/signal-ai-appsec.html", "primary_asset": "ai-generated-code", "description": "Black Duck Signal: Agentic application security solution that detects and fixes flaws in AI-generated code via MCP integrations with coding assistants and pipelines.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-generated-code", "functions": [ "detect", "protect" ], "maturity": "primary", "note": "Agentic scans run inside AI coding workflows via MCP for assistants such as Claude Code and GitHub Copilot, detecting security defects in new code and applying verified fixes before commit; exploitability analysis filters noise.", "origin": "reviewed" } ] }, { "slug": "bonfy-acs", "schema_version": 2, "name": "Bonfy ACS", "vendor": "Bonfy.AI", "url": "https://www.bonfy.ai/product", "primary_asset": "runtime-ai-data", "description": "Bonfy ACS: Inspects content moving through email, SaaS apps, Copilot, and AI agents, blocking or redacting sensitive data, with MCP server guardrails for agents and shadow AI detection.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Applies entity-aware analysis to data entering prompts, content leaving via email or AI outputs, and data agents process. Contextual Data Enforcement intercepts AI retrieval requests and blocks, redacts, or flags sensitive content before it reaches AI clients like Claude or Copilot Studio.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "detect", "protect" ], "maturity": "secondary", "note": "Ships an MCP server, API, and agent framework support that agents call during reasoning to evaluate content against policy, enabling workflows to revise, redact, block, or route output for review before data reaches external services.", "origin": "reviewed" }, { "asset": "ai-workload-platforms", "functions": [ "identify", "detect" ], "maturity": "secondary", "note": "A browser extension performs content-aware inspection of web interactions, detects unsanctioned AI usage, maps which AI destinations are in use and what data flows to them, and can warn users or block actions based on policy.", "origin": "reviewed" } ] }, { "slug": "britive", "schema_version": 2, "name": "Britive", "vendor": "Britive", "url": "https://www.britive.com/platform/agentic-ai-identity-security", "primary_asset": "ai-agent-identities", "description": "Britive: Extends cloud PAM to AI agent identities with just-in-time ephemeral credentials, zero standing privileges, and runtime on-behalf-of policy enforcement.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Issues ephemeral JIT credentials so agents hold zero standing privileges; an MCP tool broker evaluates each tool request at runtime and on-behalf-of policies tie agent actions back to human privilege boundaries; trust scoring and SIEM telemetry surface anomalous agent behavior.", "origin": "reviewed" } ] }, { "slug": "calypsoai", "schema_version": 2, "name": "CalypsoAI", "vendor": "F5", "url": "https://www.f5.com/products/ai-guardrails", "primary_asset": "runtime-ai-data", "description": "Inference-layer AI security pairing runtime guardrails against prompt injection, jailbreaks, and data leakage with red teaming at scale.", "deployment": [ "saas", "self-hosted" ], "status": "acquired", "compliance_attestations": null, "acquirer": "F5", "last_reviewed": "2026-06-07", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Inline guardrails screen prompts and responses for prompt injection, jailbreaks, and sensitive data flows.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify", "protect" ], "maturity": "primary", "note": "Red teaming hunts vulnerabilities across AI models, applications, and agents.", "origin": "reviewed" } ] }, { "slug": "capsule-security", "schema_version": 2, "name": "Capsule Security", "vendor": "Capsule Security", "url": "https://www.capsulesecurity.io/", "primary_asset": "ai-agent-identities", "description": "Capsule Security: Runtime security layer that discovers enterprise AI agents, observes their behavior, and blocks unsafe or risky actions before execution.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "identify", "protect", "detect" ], "maturity": "primary", "note": "Agentless discovery inventories agents across home-grown systems plus SaaS and endpoint environments; Agent Identity Control tracks ownership and least privilege; Runtime Protection detects and blocks unsafe or risky agent behavior before actions execute.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "detect", "protect" ], "maturity": "primary", "note": "Watches agent reasoning and interactions at runtime to catch manipulation and stop data exfiltration; intervenes inline to correct anomalous or unsafe activity without disrupting the AI.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify", "detect" ], "maturity": "secondary", "note": "Secures agents built on platforms such as Copilot Studio and Salesforce Agentforce plus coding agents like Cursor; the Agent Security Graph maps relationships among agents, tools, and data to reveal risky paths and control gaps.", "origin": "reviewed" } ] }, { "slug": "checkmarx", "schema_version": 2, "name": "Checkmarx", "vendor": "Checkmarx", "url": "https://checkmarx.com/product/checkmarx-one-assist/", "primary_asset": "ai-generated-code", "description": "Application security platform whose Developer Assist secures AI-generated code in real time inside the IDE, detecting SAST, SCA, secret, and IaC flaws and applying validated fixes before commit.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-generated-code", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Developer Assist secures AI-generated code as it is written in the IDE, detecting SAST, SCA, secret, IaC, and container flaws and applying validated fixes before commit, alongside Copilot, Cursor, and Windsurf.", "origin": "reviewed" } ] }, { "slug": "citadel-ai", "schema_version": 2, "name": "Citadel AI", "vendor": "Citadel AI", "url": "https://citadel-ai.com", "primary_asset": "ai-model", "description": "Citadel AI: Maker of Citadel Lens, which tests AI models and datasets against industry standards and generates AI compliance reports for regulations such as the EU AI Act.", "deployment": [ "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "detect", "govern" ], "maturity": "primary", "note": "Citadel Lens runs customizable test suites that check AI models against industry standards across data slices and robustness scenarios, and generates compliance reports against AI regulations such as the EU AI Act and ISO standards.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "detect" ], "maturity": "secondary", "note": "Lens for LLMs evaluates LLM application outputs with built-in metrics for factual consistency, toxicity, and jailbreak detection. Evaluation and monitoring only, with no documented inline blocking guardrail.", "origin": "reviewed" }, { "asset": "training-data", "functions": [ "detect" ], "maturity": "secondary", "note": "Lens test suites also evaluate datasets against industry standards and generate dataset reports alongside model reports.", "origin": "reviewed" } ] }, { "slug": "cloudflare-ai-gateway", "schema_version": 2, "name": "Cloudflare AI Gateway", "vendor": "Cloudflare", "url": "https://www.cloudflare.com/products/ai-gateway/", "primary_asset": "ai-gateways-routers", "description": "Hosted gateway that proxies application traffic to LLM providers, adding guardrails to flag or block harmful prompts and responses, plus rate limiting, caching, and usage analytics.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-gateways-routers", "functions": [ "identify", "protect", "detect" ], "maturity": "primary", "note": "Proxies AI traffic with guardrails, rate limiting, and usage analytics for visibility and control.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "Guardrails inspect prompts and responses in real time and flag or block harmful content.", "origin": "reviewed" } ] }, { "slug": "clutch", "schema_version": 2, "name": "Clutch", "vendor": "Clutch Security", "url": "https://www.clutch.security", "primary_asset": "ai-agent-identities", "description": "Identity security platform for non-human identities, AI agents, and secrets: discovery, governance, posture and risk management, and threat detection and response across cloud, SaaS, and on-prem.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-07", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "identify", "protect", "detect", "respond" ], "maturity": "primary", "note": "Discovers and inventories non-human identities and AI agents, manages their lifecycle, scores posture and risk, and detects and responds to threats.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "identify", "protect" ], "maturity": "secondary", "note": "Discovers and contextualizes secrets such as API keys, tokens, and certificates across the environment.", "origin": "reviewed" } ] }, { "slug": "collibra", "schema_version": 2, "name": "Collibra", "vendor": "Collibra", "url": "https://www.collibra.com/products/ai-governance", "primary_asset": "ai-model", "description": "Data and AI governance platform that governs AI models, use cases, and agents across their lifecycle, ties them to trusted lineage-tracked data, and enforces compliance and data policies.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "identify", "govern" ], "maturity": "primary", "note": "Registers, monitors, and governs AI models across their lifecycle with documentation and lineage, integrating with ML platforms such as SageMaker, Bedrock, and MLflow.", "origin": "reviewed" }, { "asset": "training-data", "functions": [ "identify", "protect" ], "maturity": "secondary", "note": "Grounds AI in trusted, lineage-tracked data and protects sensitive data such as PII through integrated data access and privacy policies.", "origin": "reviewed" } ] }, { "slug": "confident-ai", "schema_version": 2, "name": "Confident AI", "vendor": "Confident AI", "url": "https://www.confident-ai.com", "primary_asset": "runtime-ai-data", "description": "Confident AI: AI quality and LLM evaluation platform from the creators of DeepEval, with the DeepTeam framework adding red teaming and production input and output guardrails.", "deployment": [ "saas", "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "detect", "protect" ], "maturity": "primary", "note": "DeepTeam guardrails evaluate LLM system inputs and outputs for malicious intent and unsafe behavior, with input guards blocking malicious prompts before they reach the model and output guards stopping unsafe responses before they reach users, covering prompt injection and toxicity.", "origin": "reviewed" }, { "asset": "ai-model", "functions": [ "detect" ], "maturity": "primary", "note": "DeepTeam red teaming simulates jailbreaking, prompt injection, and multi-turn exploitation attacks to uncover model vulnerabilities such as bias, PII leakage, and prompt leakage, drawing on more than 50 vulnerability types.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "detect" ], "maturity": "secondary", "note": "Red teaming extends to AI agents, RAG pipelines, and chatbots, probing agentic vulnerabilities such as goal theft, recursive hijacking, excessive agency, and tool orchestration abuse.", "origin": "reviewed" } ] }, { "slug": "contextforge-mcp-gateway", "schema_version": 2, "name": "ContextForge MCP Gateway", "vendor": "IBM", "url": "https://github.com/IBM/mcp-context-forge", "primary_asset": "ai-orchestration-tools", "description": "ContextForge MCP Gateway: Open-source IBM gateway, registry, and proxy that fronts MCP, A2A, and REST tools with centralized authentication, guardrail plugins, and governance controls.", "deployment": [ "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-orchestration-tools", "functions": [ "protect" ], "maturity": "primary", "note": "Federates MCP, A2A, and REST tool servers behind one authenticated endpoint with JWT and OAuth controls, role-based access control across global, team, and personal scopes, resource visibility flags, scoped API tokens, and rate limits. Permission checks default to deny on error.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "Plugin hooks before and after prompt, tool, and resource calls apply PII detection and masking, content moderation, deny lists, and secrets detection to data flowing through the gateway, with an optional external OPA policy integration.", "origin": "reviewed" } ] }, { "slug": "cranium", "schema_version": 2, "name": "Cranium", "vendor": "Cranium AI", "url": "https://cranium.ai/", "primary_asset": "ai-model", "description": "Cranium: Platform that discovers and inventories enterprise AI systems, generates AI bills of materials, red teams models, and maps risks to regulations such as the EU AI Act and NIST AI RMF.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "identify", "govern", "detect" ], "maturity": "primary", "note": "Sensors discover internal and third-party AI systems; the platform auto-generates AI BOMs, runs agent-based red teaming via Cranium Arena, and maps systems to the EU AI Act, NIST AI RMF, and ISO frameworks.", "origin": "reviewed" }, { "asset": "ai-workload-platforms", "functions": [ "identify", "detect" ], "maturity": "secondary", "note": "CloudSensor integrates with cloud environments to discover security alerts, monitor unauthorized changes, and assess role-based access controls; Detect AI scans internal environments for shadow AI.", "origin": "reviewed" }, { "asset": "ai-agent-identities", "functions": [ "identify" ], "maturity": "secondary", "note": "AgentSensor gives visibility into the agentic layer, automatically detecting AI agents, the tools they invoke, and other agents in the network.", "origin": "reviewed" } ] }, { "slug": "credo-ai", "schema_version": 2, "name": "Credo AI", "vendor": "Credo AI", "url": "https://www.credo.ai", "primary_asset": "ai-orchestration-tools", "description": "AI governance platform that inventories AI systems, runs risk assessments, and maps controls to policy packs for the EU AI Act, NIST AI RMF, and ISO 42001.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-07", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-orchestration-tools", "functions": [ "govern", "identify" ], "maturity": "primary", "note": "Centralized registry of AI apps and agents with governance workflows and approval gates.", "origin": "reviewed" }, { "asset": "ai-model", "functions": [ "govern", "identify" ], "maturity": "primary", "note": "Model inventory and risk assessment against policy packs and standards.", "origin": "reviewed" }, { "asset": "ai-agent-identities", "functions": [ "govern" ], "maturity": "secondary", "note": "Agent registry with agent cards covering purpose, tools, data sources, and guardrails.", "origin": "reviewed" } ] }, { "slug": "cyata", "schema_version": 2, "name": "Cyata", "vendor": "Cyata", "url": "https://cyata.ai", "primary_asset": "ai-agent-identities", "description": "Cyata: Agentic identity control plane that discovers AI agents across SaaS and cloud environments, records each agent interaction for forensics, and enforces least-privilege access policies.", "deployment": [ "saas" ], "status": "acquired", "compliance_attestations": null, "acquirer": "Check Point Software Technologies", "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "identify", "protect", "detect" ], "maturity": "primary", "note": "Maps AI agents across SaaS, cloud, and identity infrastructure, including shadow, orphaned, and overly privileged agents; logs every agent interaction for audit and forensics; assigns dynamic identities and enforces least-privilege policy on agent access.", "origin": "reviewed" } ] }, { "slug": "cycode", "schema_version": 2, "name": "Cycode", "vendor": "Cycode", "url": "https://cycode.com/adlc-security/", "primary_asset": "ai-generated-code", "description": "Cycode: Agentic development security that inventories AI models, MCP servers, and code assistants across repositories and applies IDE and CLI guardrails to AI coding agents.", "deployment": [ "saas", "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-generated-code", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "AI Guardrails use AI hooks and a Cycode MCP server in the IDE and CLI to intercept prompts, file reads, and tool calls before sensitive data reaches external AI services, and validate coding agent outputs before commit.", "origin": "reviewed" }, { "asset": "ai-model", "functions": [ "identify" ], "maturity": "primary", "note": "The AI Bill of Materials inventories machine learning models detected in repositories, whether self-hosted or referenced from model hubs, as part of a continuously updated AI and ML inventory.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify" ], "maturity": "secondary", "note": "AIBOM discovery also catalogs MCP integrations, AI code assistants, LLM gateways, and orchestration frameworks found across the software factory, mapped to repositories and Cycode Projects.", "origin": "reviewed" } ] }, { "slug": "cyera", "schema_version": 2, "name": "Cyera", "vendor": "Cyera", "url": "https://www.cyera.com/", "primary_asset": "training-data", "description": "Data security platform that discovers and classifies sensitive data across the enterprise, surfaces shadow AI, controls what data AI can reach, and prevents sensitive-data leakage to AI in real time.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "training-data", "functions": [ "identify", "protect" ], "maturity": "primary", "note": "Discovers and classifies sensitive data across cloud and SaaS, surfaces shadow AI, and controls which data AI applications and agents can reach.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "Prevents sensitive-data leakage to AI in the moment through AI-aware data-loss controls.", "origin": "reviewed" } ] }, { "slug": "datadog-llm-observability", "schema_version": 2, "name": "Datadog LLM Observability", "vendor": "Datadog", "url": "https://www.datadoghq.com/product/llm-observability/", "primary_asset": "runtime-ai-data", "description": "Observability for LLM and agent applications that traces prompts, responses, and tool calls, with evaluations that flag prompt injection, unsafe output, and exposure of sensitive data.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "detect", "protect" ], "maturity": "primary", "note": "Evaluations inspect prompts and responses to flag prompt injection, unsafe output, and PII exposure, and a Sensitive Data Scanner integration redacts sensitive data.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify", "detect" ], "maturity": "secondary", "note": "Auto-instruments frameworks such as LangChain to trace agent workflows across model calls, retrieval, and tool calls, surfacing failures and anomalies.", "origin": "reviewed" } ] }, { "slug": "deepchecks", "schema_version": 2, "name": "Deepchecks", "vendor": "Deepchecks", "url": "https://www.deepchecks.com/", "primary_asset": "runtime-ai-data", "description": "Deepchecks: AI testing, observability, and monitoring platform that evaluates prompts, models, and agents and tracks LLM app quality in production.", "deployment": [ "saas", "self-hosted" ], "status": "acquired", "compliance_attestations": null, "acquirer": "Check Point Software Technologies", "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "detect" ], "maturity": "primary", "note": "Monitors deployed LLM applications in production by sampling interactions and tracking annotation trends and property scores to detect degradation automatically. Scoring is offline evaluation with no documented inline blocking.", "origin": "reviewed" }, { "asset": "ai-model", "functions": [ "detect" ], "maturity": "secondary", "note": "The pentest environment generates curated adversarial prompts covering prompt injection, jailbreaks, PII extraction, and bias triggers, runs the LLM pipeline against them, and scores whether the attacks succeeded.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "detect" ], "maturity": "secondary", "note": "Evaluates each layer of an agentic pipeline independently, scoring individual agents, tools, and LLM calls to isolate underperforming or failing components.", "origin": "reviewed" } ] }, { "slug": "deepkeep", "schema_version": 2, "name": "DeepKeep", "vendor": "DeepKeep", "url": "https://www.deepkeep.ai/", "primary_asset": "runtime-ai-data", "description": "DeepKeep: AI security platform with a runtime AI firewall, automated red teaming, and model scanning for LLM and computer vision systems.", "deployment": [ "saas", "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "The AI Firewall inspects prompts and responses in real time and can block, redact, or alert on prompt injection, jailbreaks, data leakage, and unsafe outputs, deployed inline or out-of-band.", "origin": "reviewed" }, { "asset": "ai-model", "functions": [ "identify", "detect" ], "maturity": "primary", "note": "Model scanning combines multi-engine static analysis with dynamic testing to surface embedded malware, vulnerable dependencies, tampering, and unsafe behaviors, and builds model inventories using SBOM and MLBOM frameworks.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "detect" ], "maturity": "secondary", "note": "Automated red teaming continuously simulates prompt injection, jailbreak, and data leakage attacks against custom AI applications and agents, with findings tied to remediation guidance and firewall guardrail updates.", "origin": "reviewed" } ] }, { "slug": "descope", "schema_version": 2, "name": "Descope", "vendor": "Descope", "url": "https://www.descope.com/use-cases/ai", "primary_asset": "ai-agent-identities", "description": "Identity platform for AI agents and MCP servers that authenticates agents with scoped OAuth tokens, brokers their credentials to external tools, and governs and audits what each agent may do.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "identify", "protect" ], "maturity": "primary", "note": "Acts as an OAuth 2.1 authorization server for AI agents and MCP servers, issuing scoped tokens, brokering credentials to downstream tools, and enforcing per-tool scopes with a full audit trail of agent actions.", "origin": "reviewed" } ] }, { "slug": "dreadnode", "schema_version": 2, "name": "Dreadnode", "vendor": "Dreadnode", "url": "https://docs.dreadnode.io/ai-red-teaming/", "primary_asset": "ai-model", "description": "Dreadnode: AI red teaming tooling that probes foundation models and agentic AI systems for security and safety risks.", "deployment": [ "saas", "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "detect" ], "maturity": "primary", "note": "AI Red Teaming probes foundation models and traditional ML models with 45+ attack strategies including jailbreaks and adversarial algorithms, mapping findings to OWASP MITRE ATLAS and NIST AI RMF.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "detect" ], "maturity": "secondary", "note": "Custom Targets red teams agentic systems including agent loops RAG pipelines and AI applications not just standard model endpoints.", "origin": "reviewed" } ] }, { "slug": "dynamoguard", "schema_version": 2, "name": "DynamoGuard", "vendor": "Dynamo AI", "url": "https://www.dynamo.ai/dynamoguard", "primary_asset": "runtime-ai-data", "description": "DynamoGuard: Runtime guardrails that turn natural language policies into lightweight models to detect and block prompt injection, data leakage, and unsafe LLM output.", "deployment": [ "saas", "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect", "govern" ], "maturity": "primary", "note": "Lightweight guardrail models screen LLM inputs and outputs in real time for prompt injection, jailbreaks, PII leakage, toxicity, and hallucinations, with block or sanitize actions; compliance teams author custom policies in natural language and audit flagged LLM usage in production.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "Dynamo AgentWarden evaluates AI agents and MCP tools for risky tool combinations and enforces allow, deny, or human approval decisions per tool call at the agent-tool boundary in real time.", "origin": "reviewed" } ] }, { "slug": "einstein-trust-layer", "schema_version": 2, "name": "Einstein Trust Layer", "vendor": "Salesforce", "url": "https://developer.salesforce.com/docs/einstein/genai/guide/trust.html", "primary_asset": "runtime-ai-data", "description": "Einstein Trust Layer: Guardrails between Salesforce applications and LLMs that mask sensitive data, detect toxic output, maintain audit trails, and enforce zero data retention with LLM providers.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Masks sensitive data such as social security numbers before prompts reach LLM providers, runs toxicity detection on LLM generations, and records an audit trail of AI interactions, with zero data retention agreements covering third-party LLM partners.", "origin": "reviewed" } ] }, { "slug": "enkrypt-ai", "schema_version": 2, "name": "Enkrypt AI", "vendor": "Enkrypt AI", "url": "https://www.enkryptai.com/", "primary_asset": "runtime-ai-data", "description": "Enkrypt AI: Runtime guardrails for LLM apps and agents, automated red teaming, MCP gateway and scanner controls, and compliance evidence mapped to EU AI Act and NIST.", "deployment": [ "saas", "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Agent Guardrails enforces policy inline at the prompt, retrieval, tool, and output boundaries, with rewrite, block, or escalate decisions and injection filtering across text, image, and audio inputs.", "origin": "reviewed" }, { "asset": "ai-model", "functions": [ "detect", "govern" ], "maturity": "primary", "note": "Agent Red Teaming runs adversarial tests against models, agents, RAG systems, and tools, covering prompt injection and jailbreaks, with CI/CD regression suites and compliance mapping to NIST, OWASP, and the EU AI Act.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "MCP Gateway, an open-source control plane, sits inline between agents and MCP servers to approve, modify, or block tool calls, enforcing least privilege and producing an audit evidence trail.", "origin": "reviewed" } ] }, { "slug": "entro-security", "schema_version": 2, "name": "Entro Security", "vendor": "Entro Security", "url": "https://entro.security/", "primary_asset": "ai-agent-identities", "description": "Security platform for AI agents and non-human identities that discovers them, monitors agent behavior and intent for threats, and attributes each identity to a human owner.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "identify", "detect" ], "maturity": "primary", "note": "Discovers AI agents, non-human identities, and their secrets, continuously monitors agent behavior and intent for anomalies and threats, and attributes each identity to a human owner.", "origin": "reviewed" } ] }, { "slug": "fiddler-ai", "schema_version": 2, "name": "Fiddler AI", "vendor": "Fiddler", "url": "https://www.fiddler.ai", "primary_asset": "runtime-ai-data", "description": "Fiddler AI: Observability and guardrails platform for LLM and agent applications that scores prompts and responses and blocks harmful content, PII leaks, and hallucinations in real time.", "deployment": [ "saas", "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Fiddler Guardrails screen prompts and responses in real time, blocking harmful or jailbreaking content across eleven safety dimensions, detecting and redacting PII and PHI, and flagging hallucinated RAG responses.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "detect" ], "maturity": "secondary", "note": "Agentic observability traces multi-agent systems through OpenTelemetry and framework integrations, evaluating and monitoring agent behavior for safety and quality in development and production.", "origin": "reviewed" } ] }, { "slug": "fortiaigate", "schema_version": 2, "name": "FortiAIGate", "vendor": "Fortinet", "url": "https://www.fortinet.com/products/fortiaigate", "primary_asset": "ai-gateways-routers", "description": "FortiAIGate: Runtime AI gateway that proxies traffic between apps and LLMs, applying guardrails against prompt injection, jailbreaks, data leakage, and model abuse.", "deployment": [ "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-gateways-routers", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Deploys as a containerized proxy between the app and the model, with API gateway, DDoS protection, intelligent traffic steering, output caching, and visibility mapped to the OWASP Top 10 for LLM Applications.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Guardrails inspect input to each LLM endpoint to detect prompt injection, jailbreaking, and excessive consumption, while a context-aware DLP engine in the critical path blocks PII and sensitive data leakage in both directions.", "origin": "reviewed" }, { "asset": "ai-model", "functions": [ "protect" ], "maturity": "secondary", "note": "The inline DLP engine monitors inbound and outbound traffic to prevent model extraction, and input guardrails detect model poisoning and manipulation attempts.", "origin": "reviewed" } ] }, { "slug": "frontegg-ai", "schema_version": 2, "name": "Frontegg.ai", "vendor": "Frontegg", "url": "https://frontegg.com/product/frontegg-ai", "primary_asset": "ai-agent-identities", "description": "Frontegg.ai: Identity management for AI agent builders, with user authentication, least-privilege authorization, token rotation, and managed OAuth tokens for third-party tool access.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "protect" ], "maturity": "primary", "note": "Provides the identity layer for agent products, with multi-tenant user onboarding, least-privilege authorization, and managed third-party OAuth tokens with token rotation, so agents act with scoped refreshable credentials.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "The AgentLink companion product creates a hosted MCP server that translates SaaS APIs into MCP tools, enforces agent-specific guardrails on every action, and keeps audit trails plus analytics of agent tool usage and anomalies.", "origin": "reviewed" } ] }, { "slug": "garak", "schema_version": 2, "name": "garak", "vendor": "NVIDIA", "url": "https://github.com/NVIDIA/garak", "primary_asset": "ai-model", "description": "garak: Open-source LLM vulnerability scanner from NVIDIA that probes models for prompt injection, jailbreaks, data leakage, toxicity, and misinformation using static, dynamic, and adaptive probes.", "deployment": [ "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "detect" ], "maturity": "primary", "note": "Combines static, dynamic, and adaptive probes, including DAN-style jailbreaks, encoding-based prompt injection, adversarial suffixes, and training-data replay, with per-probe detectors and reporting harnesses.", "origin": "reviewed" } ] }, { "slug": "geordie", "schema_version": 2, "name": "Geordie", "vendor": "Geordie AI", "url": "https://www.geordie.ai/", "primary_asset": "ai-orchestration-tools", "description": "Geordie: Agent security and governance platform that discovers AI agents, maps their tools and MCP connections, audits behavior, and applies real-time controls through its Beam engine.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-orchestration-tools", "functions": [ "identify", "govern" ], "maturity": "primary", "note": "Discovers agents across cloud, code, and endpoint environments and maps each agent configuration, including tool and MCP connections, plugins, system prompts, and models, with findings mapped to OWASP, NIST, ISO 42001, and the EU AI Act.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "detect", "protect" ], "maturity": "primary", "note": "Keeps an auditable record of every prompt, plan, response, and tool invocation with behavioral baselining and anomaly detection; the Beam engine intervenes at the agent level in real time with deterministic controls.", "origin": "reviewed" }, { "asset": "ai-agent-identities", "functions": [ "identify" ], "maturity": "secondary", "note": "Maps agent permissions, user mappings, and system access, and updates the picture as connections and authorizations change.", "origin": "reviewed" } ] }, { "slug": "giskard", "schema_version": 2, "name": "Giskard", "vendor": "Giskard", "url": "https://www.giskard.ai/", "primary_asset": "ai-model", "description": "Open-source and commercial AI testing platform that red-teams LLMs and ML models with adversarial probes for prompt injection, hallucination, and sensitive-information disclosure.", "deployment": [ "saas", "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "detect" ], "maturity": "primary", "note": "Red-teams LLMs and ML models with adversarial probes, detecting prompt injection, hallucination, and sensitive-information disclosure.", "origin": "reviewed" } ] }, { "slug": "google-model-armor", "schema_version": 2, "name": "Google Model Armor", "vendor": "Google", "url": "https://cloud.google.com/security/products/model-armor", "primary_asset": "runtime-ai-data", "description": "Google Cloud runtime security for generative and agentic AI that screens prompts, responses, and agent interactions to block prompt injection, jailbreaks, malicious URLs, and sensitive-data leaks.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Screens AI prompts and responses in real time, blocking prompt injection, jailbreaks, malicious URLs, and sensitive-data leaks.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "protect" ], "maturity": "secondary", "note": "Provides in-line protection for agent interactions across agent platforms and frameworks such as Vertex and LangChain.", "origin": "reviewed" } ] }, { "slug": "gray-swan-cygnal", "schema_version": 2, "name": "Gray Swan Cygnal", "vendor": "Gray Swan AI", "url": "https://www.grayswan.ai/solutions/platform/cygnal", "primary_asset": "runtime-ai-data", "description": "Gray Swan Cygnal: Inline runtime guardrail that screens prompts, model responses, and agent tool calls, blocking prompt injection, jailbreaks, and unsafe outputs against custom policies.", "deployment": [ "saas", "self-hosted", "hybrid" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Sits inline between users and the model, classifying adversarial inputs and unsafe outputs in real time. Blocks policy violations with a refusal message, while a separate monitor endpoint returns violation scores for detection without blocking.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "Monitors agent tool calls at runtime and flags agentic risk patterns such as unauthorized tool use, scope violations, and injections delivered through tool output or retrieved content.", "origin": "reviewed" } ] }, { "slug": "guardrails-ai", "schema_version": 2, "name": "Guardrails AI", "vendor": "Guardrails AI", "url": "https://www.guardrailsai.com/", "primary_asset": "runtime-ai-data", "description": "Guardrails AI: Open-source Python framework that wraps LLM calls in input and output guards, applying validators from the Guardrails Hub to detect and mitigate risks in prompts and responses.", "deployment": [ "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Validators from the Guardrails Hub combine into input and output guards that intercept LLM inputs and outputs and act on failures, with options to block or raise exceptions. A standalone server exposes guards over a REST API.", "origin": "reviewed" } ] }, { "slug": "harmonic-security", "schema_version": 2, "name": "Harmonic Security", "vendor": "Harmonic Security", "url": "https://www.harmonic.security/", "primary_asset": "runtime-ai-data", "description": "Harmonic Security: Monitors employee and agent AI usage via a browser extension and desktop client, detecting sensitive data in prompts and coaching or blocking risky sharing in real time.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "identify", "protect", "detect" ], "maturity": "primary", "note": "Inspects employee prompts on the device via browser extension and desktop client, identifies shadow AI tools in use, and makes inline decisions in under 200 ms to warn, coach, or block sensitive data sharing.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify", "detect" ], "maturity": "secondary", "note": "Harmonic Command provides visibility into AI agents acting through MCP servers and applies inline interventions that coach the user or agent when sensitive data is about to leave the business.", "origin": "reviewed" } ] }, { "slug": "hiddenlayer", "schema_version": 2, "name": "HiddenLayer", "vendor": "HiddenLayer", "url": "https://hiddenlayer.com", "primary_asset": "ai-model", "description": "AI security platform with four modules: model supply-chain scanning, real-time runtime monitoring of prompts and responses, automated red teaming, and AI asset discovery.", "deployment": [ "saas", "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-07", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "identify", "protect" ], "maturity": "primary", "note": "Static scanning of models before deployment for malware, tampering, and backdoors, with an AI Bill of Materials per scan.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Real-time input and output monitoring that can block prompts to the model or responses to the user.", "origin": "reviewed" }, { "asset": "ai-agent-identities", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "Agentic and MCP protection within the runtime module.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify" ], "maturity": "secondary", "note": "Automated discovery and inventory of AI assets, applications, datasets, and dependencies.", "origin": "reviewed" } ] }, { "slug": "highflame", "schema_version": 2, "name": "Highflame", "vendor": "Highflame", "url": "https://highflame.com/", "primary_asset": "ai-gateways-routers", "description": "Highflame: Secures AI agents with centralized gateway policy controls, multi-turn runtime guardrails, and MCP server scanning via its Ramparts scanner.", "deployment": [ "saas", "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-gateways-routers", "functions": [ "protect", "govern" ], "maturity": "primary", "note": "Acts as a centralized control layer across LLM, MCP, A2A, and A2P interactions, enforcing Cedar-based access, safety, and compliance policies inline and generating audit-ready reports for governance.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Multi-turn guardrail models inspect prompts and responses in conversation context, detecting and blocking malicious inputs such as prompt injection across the conversation lifecycle.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify", "protect", "detect" ], "maturity": "primary", "note": "Centralizes how agents reach MCP servers and tools with policy enforcement, runtime inspection, and visibility into agent activity; the open-source Ramparts scanner finds vulnerabilities in MCP servers and agent skills.", "origin": "reviewed" } ] }, { "slug": "hirundo", "schema_version": 2, "name": "Hirundo", "vendor": "Hirundo", "url": "https://www.hirundo.io/", "primary_asset": "ai-model", "description": "Hirundo: Machine unlearning that removes memorized PII, jailbreak vulnerabilities, and biased behaviors from trained models without retraining.", "deployment": [ "saas", "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "detect", "respond", "recover" ], "maturity": "primary", "note": "Discovers model weaknesses such as jailbreak susceptibility and memorized PII in trained models, then unlearns them by modifying the responsible parameters, returning a corrected model without full retraining.", "origin": "reviewed" }, { "asset": "training-data", "functions": [ "detect", "respond" ], "maturity": "secondary", "note": "Dataset QA surfaces faulty and mislabeled training data for vision and other non-generative models, and unlearning removes the influence of that data without retraining.", "origin": "reviewed" } ] }, { "slug": "holistic-ai", "schema_version": 2, "name": "Holistic AI", "vendor": "Holistic AI", "url": "https://www.holisticai.com/ai-governance-platform", "primary_asset": "ai-model", "description": "AI governance platform that discovers AI systems including shadow AI, audits models and LLMs for bias, robustness, and data leakage, and enforces regulatory compliance across the AI lifecycle.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "identify", "detect", "govern" ], "maturity": "primary", "note": "Discovers and inventories AI systems including shadow AI, audits models and LLMs for bias, hallucination, data leakage, toxicity, and robustness, and enforces continuous compliance with audit trails.", "origin": "reviewed" } ] }, { "slug": "hush-security", "schema_version": 2, "name": "Hush Security", "vendor": "Hush Security", "url": "https://www.hush.security/platform/", "primary_asset": "ai-agent-identities", "description": "Hush Security: Discovers AI agents and MCP servers at runtime and replaces their static credentials with just-in-time identity-based access.", "deployment": [ "saas", "self-hosted", "hybrid" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "identify", "protect" ], "maturity": "primary", "note": "Continuously discovers AI agents, maps the tools and systems each agent can reach, and enforces just-in-time identity-based policy-controlled access for agents in place of static keys and embedded credentials, with runtime control of over-privileged or orphaned agents.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify" ], "maturity": "secondary", "note": "Discovers MCP servers, tool connectors, and agent-to-tool integrations across cloud, SaaS, and on-prem environments, and controls risky toolchain combinations and blind agent-to-tool access at runtime.", "origin": "reviewed" } ] }, { "slug": "ibm-guardium-ai-security", "schema_version": 2, "name": "IBM Guardium AI Security", "vendor": "IBM", "url": "https://www.ibm.com/products/guardium-ai-security", "primary_asset": "ai-model", "description": "IBM Guardium AI Security: Discovers shadow AI and agents, runs posture checks and automated pen tests on models, and screens prompts with an AI firewall.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "identify", "detect", "govern" ], "maturity": "primary", "note": "Discovers AI models and shadow AI, including agents, across cloud environments, code repositories, and embedded systems. AI SPM detects vulnerabilities and misconfigurations with automated penetration tests, and maps compliance across frameworks such as the EU AI Act and ISO 42001.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect" ], "maturity": "secondary", "note": "An AI firewall applies custom security policies that analyze input and output prompts, providing real-time protection against malicious prompts, code injection, sensitive data exposure, and data leakage.", "origin": "reviewed" } ] }, { "slug": "immuta", "schema_version": 2, "name": "Immuta", "vendor": "Immuta", "url": "https://www.immuta.com/solutions/data-security-ai/", "primary_asset": "training-data", "description": "Data security platform that discovers and classifies sensitive data, enforces attribute-based access policies and masking at the data layer for AI and RAG workloads, and monitors data usage for risk.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "training-data", "functions": [ "identify", "protect", "detect" ], "maturity": "primary", "note": "Discovers and classifies sensitive data and enforces attribute-based access controls and masking at the data layer for RAG and AI workloads, monitoring queries for unusual access.", "origin": "reviewed" }, { "asset": "ai-agent-identities", "functions": [ "protect" ], "maturity": "secondary", "note": "Vends short-lived, attribute-based database roles to AI agents so a prompt-injected agent stays bound to its permitted data, and access can be revoked instantly.", "origin": "reviewed" } ] }, { "slug": "kanopy-security", "schema_version": 2, "name": "Kanopy Security", "vendor": "Kanopy Security", "url": "https://kanopysecurity.com", "primary_asset": "ai-agent-identities", "description": "Kanopy Security: Discovers, profiles, and protects AI agents and automations that business users build on platforms such as Copilot Studio, Power Automate, Salesforce, UiPath, and Retool.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "identify", "detect", "protect" ], "maturity": "primary", "note": "Builds an inventory of agents, copilots, flows, and models with ownership and permission context, profiles each agent to learn its normal behavior, flags off-script activity, and blocks risky agent instructions before they execute.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "Adaptive guardrails monitor agent actions at runtime, detect prompt injection and manipulation attempts, and stop sensitive data from leaving approved paths in real time, with coverage for Microsoft Copilot Studio environments.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify", "govern" ], "maturity": "secondary", "note": "Surfaces shadow copilots, unmanaged integrations, and ungoverned agent experiments inside agent-building platforms such as Copilot Studio, and applies governance policies and audit trails across the agent lifecycle.", "origin": "reviewed" } ] }, { "slug": "knostic-kirin", "schema_version": 2, "name": "Knostic Kirin", "vendor": "Knostic", "url": "https://www.getkirin.com", "primary_asset": "ai-orchestration-tools", "description": "Security for AI coding assistants such as Cursor, Copilot, and Claude Code that inspects MCP connections in real time, monitors IDE extensions and plugins, and blocks risky components.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-11", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-orchestration-tools", "functions": [ "identify", "protect", "detect" ], "maturity": "primary", "note": "Inspects MCP connections in real time and monitors IDE extensions and plugins, blocking untrusted or risky components.", "origin": "reviewed" }, { "asset": "ai-generated-code", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "In-IDE guardrails and real-time dependency scanning flag vulnerable or malicious libraries in AI-assisted coding.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect" ], "maturity": "secondary", "note": "Redacts and guards sensitive data inside the IDE against prompt injection and oversharing.", "origin": "reviewed" } ] }, { "slug": "koi", "schema_version": 2, "name": "Koi", "vendor": "Koi", "url": "https://www.koi.ai/", "primary_asset": "ai-orchestration-tools", "description": "Koi: Endpoint security for software supply chains that inventories, risk-scores, and gates installs of MCP servers, AI models, AI agents, extensions, and packages by policy.", "deployment": [ "saas" ], "status": "acquired", "compliance_attestations": null, "acquirer": "Palo Alto Networks", "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-orchestration-tools", "functions": [ "govern", "identify", "protect", "detect" ], "maturity": "primary", "note": "Discovers and inventories MCP servers, AI agents, and extensions across endpoints, risk-scores them with the Wings engine, gates risky installs by policy, and detects malicious activity after install.", "origin": "reviewed" }, { "asset": "ai-model", "functions": [ "govern", "protect" ], "maturity": "secondary", "note": "The Wings engine and Supply Chain Gateway vet AI models from registries such as Hugging Face, scanning actual code and blocking risky model installs before they reach endpoints.", "origin": "reviewed" } ] }, { "slug": "kong", "schema_version": 2, "name": "Kong", "vendor": "Kong Inc.", "url": "https://konghq.com/products/kong-ai-gateway", "primary_asset": "ai-gateways-routers", "description": "AI gateway that proxies traffic to many LLM providers and governs it with prompt guards, PII sanitization, and content-safety policies that screen requests and responses.", "deployment": [ "saas", "self-hosted", "hybrid" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-gateways-routers", "functions": [ "identify", "protect", "detect" ], "maturity": "primary", "note": "Proxies traffic to many LLM providers and enforces allow and deny lists, prompt guards, and content-safety policies, with visibility over AI usage.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "Plugins inspect prompts and responses, redacting PII and filtering unsafe or off-topic content before it reaches a model or user.", "origin": "reviewed" } ] }, { "slug": "lakera", "schema_version": 2, "name": "Lakera", "vendor": "Lakera", "url": "https://www.lakera.ai", "primary_asset": "runtime-ai-data", "description": "Runtime guardrails plus adversarial testing for LLM and agent apps, screening prompts, responses, and tool calls for prompt injection, jailbreaks, and data leakage.", "deployment": [ "saas", "self-hosted" ], "status": "acquired", "compliance_attestations": [ "SOC 2", "GDPR" ], "acquirer": "Check Point Software Technologies", "last_reviewed": "2026-06-08", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed", "compliance_attestations": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Inline screening of prompts, responses, and agent tool calls.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "protect", "detect" ], "maturity": "primary", "note": null, "origin": "reviewed" } ] }, { "slug": "lasso-security", "schema_version": 2, "name": "Lasso Security", "vendor": "Lasso Security", "url": "https://www.lasso.security/", "primary_asset": "runtime-ai-data", "description": "Platform that discovers and inventories AI agents and applications, red-teams them, and enforces policy inline at the proxy, API, or gateway to protect AI interactions at runtime.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Enforces policy inline at the proxy, API, or AI gateway, protecting AI interactions at runtime.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify" ], "maturity": "secondary", "note": "Discovers and inventories AI agents and applications in an AI bill of materials, mapping their models, prompts, tools, and guardrails.", "origin": "reviewed" } ] }, { "slug": "latticeflow-ai", "schema_version": 2, "name": "LatticeFlow AI", "vendor": "LatticeFlow AI", "url": "https://latticeflow.ai/platform", "primary_asset": "ai-model", "description": "LatticeFlow AI: AI governance platform that discovers AI systems, runs technical evaluations and automated red-team security scans, and maps evidence to 20+ compliance frameworks.", "deployment": [ "saas", "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "govern", "identify", "detect" ], "maturity": "primary", "note": "Discovers AI assets, runs 100+ evaluations mapped to 20+ frameworks such as the EU AI Act and NIST, scans for vulnerabilities via automated red-teaming aligned with OWASP and MITRE, and continuously monitors risk for audit-ready governance evidence.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "govern" ], "maturity": "secondary", "note": "Discovers, evaluates, and governs risk for autonomous agentic AI systems alongside foundation models and custom generative AI applications.", "origin": "reviewed" } ] }, { "slug": "layerx", "schema_version": 2, "name": "LayerX", "vendor": "LayerX Security", "url": "https://layerxsecurity.com/", "primary_asset": "runtime-ai-data", "description": "LayerX: Browser-extension control of employee AI use that discovers shadow AI tools, applies DLP to prompts and file transfers, and enforces identity-based access policies.", "deployment": [ "saas" ], "status": "acquired", "compliance_attestations": null, "acquirer": "Akamai", "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "GenAI DLP monitors prompts and responses with conversational context and restricts text input, copy and paste, and file uploads of sensitive data before it reaches AI tools and AI-enabled SaaS applications.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify", "protect" ], "maturity": "secondary", "note": "Shadow AI discovery detects every AI app in use whether sanctioned, unsanctioned, or embedded in SaaS platforms, maps the accounts behind each tool, and lets security teams enforce responsible AI usage policies across channels.", "origin": "reviewed" } ] }, { "slug": "legit-security", "schema_version": 2, "name": "Legit Security", "vendor": "Legit Security", "url": "https://www.legitsecurity.com/ai-discovery", "primary_asset": "ai-model", "description": "Legit Security: AI discovery capability that inventories AI models, MCP servers, and coding assistants across development, plus VibeGuard guardrails for AI-generated code in the IDE.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "identify" ], "maturity": "primary", "note": "The AI Security Command Center keeps a real-time inventory of AI models active across development, adds reputational data for each model, and flags low-reputation or unapproved models even when developers attempt to bypass security controls.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify" ], "maturity": "secondary", "note": "Inventories MCP servers and AI coding assistants alongside models, surfacing shadow MCP servers that create unmonitored pathways for data exposure and unauthorized AI agent actions, with associated risks tracked per component.", "origin": "reviewed" }, { "asset": "ai-generated-code", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "VibeGuard integrates with AI IDEs and code assistants such as Cursor and GitHub Copilot, analyzes AI-generated code in real time before commit, restricts which files assistants can access, and blocks untrusted models and secrets exposure to AI systems.", "origin": "reviewed" } ] }, { "slug": "litellm", "schema_version": 2, "name": "LiteLLM", "vendor": "BerriAI", "url": "https://www.litellm.ai/", "primary_asset": "ai-gateways-routers", "description": "LiteLLM: Open-source AI gateway and proxy for 100+ LLM providers, adding virtual-key RBAC, budgets, rate limits, guardrails (PII masking, prompt-injection), and enterprise SSO and audit logs.", "deployment": [ "self-hosted", "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-gateways-routers", "functions": [ "identify", "protect" ], "maturity": "primary", "note": "Routes 100+ LLM providers behind virtual keys with per-team and per-key budgets, rate limits, and RBAC. The enterprise tier adds SSO, audit logs, secret management, and key rotation.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "Configurable guardrails screen prompts and responses for PII (Presidio masking and blocking) and prompt injection, with pre-call and post-call moderation hooks.", "origin": "reviewed" } ] }, { "slug": "llamafirewall", "schema_version": 2, "name": "LlamaFirewall", "vendor": "Meta", "url": "https://meta-llama.github.io/PurpleLlama/LlamaFirewall/", "primary_asset": "runtime-ai-data", "description": "LlamaFirewall: Open-source guardrail framework from Meta that scans LLM apps and agents with PromptGuard 2, AlignmentCheck, and CodeShield scanners.", "deployment": [ "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "PromptGuard 2 classifies user inputs and untrusted content for direct prompt injection and jailbreaks while AlignmentCheck audits agent chain-of-thought reasoning in real time for goal hijacking and indirect injection; the framework detects and mitigates these risks inline.", "origin": "reviewed" }, { "asset": "ai-generated-code", "functions": [ "detect" ], "maturity": "secondary", "note": "CodeShield applies Semgrep and regex-based static analysis to LLM-generated code in real time, flagging insecure code across eight programming languages.", "origin": "reviewed" } ] }, { "slug": "lunar-mcpx", "schema_version": 2, "name": "Lunar MCPX", "vendor": "Lunar.dev", "url": "https://www.lunar.dev/product/mcp", "primary_asset": "ai-orchestration-tools", "description": "Lunar MCPX: Self-hosted MCP gateway that aggregates MCP servers behind one endpoint and applies per-agent access control, OAuth and API key authentication, and tool hardening.", "deployment": [ "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-orchestration-tools", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "MCP gateway routes agent tool calls to MCP servers through one endpoint with per-agent access control, tool groups, hardened tool variants, and OAuth and API key auth; audit logs record tool usage and configuration changes.", "origin": "reviewed" }, { "asset": "ai-agent-identities", "functions": [ "identify", "protect" ], "maturity": "secondary", "note": "Agent inventory gives a centralized view of every agent connecting through the gateway; the enterprise edition adds centralized user, authentication, and access management over MCP servers and tools.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect" ], "maturity": "secondary", "note": "The enterprise edition inspects MCP requests and responses inline to redact sensitive data before it leaves the deployment environment.", "origin": "reviewed" } ] }, { "slug": "mend-ai", "schema_version": 2, "name": "Mend AI", "vendor": "Mend.io", "url": "https://www.mend.io/mend-ai/", "primary_asset": "ai-model", "description": "Mend AI: Discovers and inventories AI components in applications, assesses their risks, enforces AI policies, and red teams AI behavior for issues like prompt injection.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "identify", "detect", "govern" ], "maturity": "primary", "note": "Builds a continuously updated inventory of AI models and frameworks, including shadow AI, ties risks to models, runs automated red teaming tests for prompt injection, context leakage, and data exfiltration, and enforces AI governance policies via a policy engine.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify" ], "maturity": "secondary", "note": "AI-BOM discovery extends beyond models to MCPs and RAG pipelines, inventorying orchestration components alongside frameworks in SPDX and CycloneDX machine-readable formats.", "origin": "reviewed" } ] }, { "slug": "microsoft-agent-365", "schema_version": 2, "name": "Microsoft Agent 365", "vendor": "Microsoft", "url": "https://www.microsoft.com/en-us/microsoft-agent-365", "primary_asset": "ai-agent-identities", "description": "Microsoft Agent 365: Control plane that inventories AI agents in a registry, assigns them Entra identities with conditional access, and adds Defender posture and threat detection.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "identify", "govern", "protect" ], "maturity": "primary", "note": "Visibility into all agent identities, including shadow agents; Entra Agent ID extends conditional access and identity protection from users to agents; governance ensures agents have responsible sponsors and that access does not persist longer than needed.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "detect", "protect" ], "maturity": "secondary", "note": "Microsoft Defender provides agent security posture management to find misconfigurations, detects suspicious agent activity, blocks malicious tool invocations in real time, and collects agent observability logs for threat hunting.", "origin": "reviewed" } ] }, { "slug": "microsoft-purview", "schema_version": 2, "name": "Microsoft Purview", "vendor": "Microsoft", "url": "https://www.microsoft.com/en-us/security/business/microsoft-purview", "primary_asset": "runtime-ai-data", "description": "Data security posture management for AI in Microsoft Purview that discovers sensitive data in AI prompts and responses, enforces data-loss policies on generative AI use, and flags risky AI activity.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "identify", "protect", "detect" ], "maturity": "primary", "note": "Discovers sensitive data in AI prompts and responses, applies data-loss-prevention policies that warn or block sensitive content sent to generative AI apps, and detects risky AI interactions.", "origin": "reviewed" }, { "asset": "training-data", "functions": [ "identify", "protect" ], "maturity": "secondary", "note": "Data risk assessments find and help remediate oversharing of the sensitive organizational content that generative AI apps can surface.", "origin": "reviewed" } ] }, { "slug": "miggo", "schema_version": 2, "name": "Miggo", "vendor": "Miggo Security", "url": "https://www.miggo.io", "primary_asset": "ai-orchestration-tools", "description": "Miggo: Runtime AI defense that maps agents, models, tools, and MCP integrations into an AI-BOM, detects prompt injection and agent hijacking, and enforces guardrails on AI behavior.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-orchestration-tools", "functions": [ "identify", "protect", "detect" ], "maturity": "primary", "note": "Builds a runtime AI-BOM that maps active agents, models, tools, frameworks, and MCP integrations from real execution, exposes shadow AI drift, and enforces guardrails on model usage, tool access, and data permissions while detecting anomalous agent behavior and unauthorized tool chaining.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "detect", "respond" ], "maturity": "primary", "note": "AIDR monitors prompts and model interactions at runtime, detecting manipulation such as prompt injection, model misuse, and unauthorized data access, then contains incidents with a forensic chain from user input to agent decision to system action.", "origin": "reviewed" }, { "asset": "ai-model", "functions": [ "detect" ], "maturity": "secondary", "note": "Detects model supply chain compromise, including malicious model files and hidden payloads that execute when external models load into production workflows, plus unapproved model usage and unsafe execution patterns.", "origin": "reviewed" } ] }, { "slug": "mindgard", "schema_version": 2, "name": "Mindgard", "vendor": "Mindgard", "url": "https://mindgard.ai/ai-security-platform", "primary_asset": "ai-model", "description": "Automated AI red-teaming platform that maps the AI attack surface and continuously tests models and agents for prompt injection, jailbreak, and model-manipulation flaws.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "identify", "detect" ], "maturity": "primary", "note": "Maps the AI attack surface including shadow AI, then runs continuous automated red teaming that chains attack techniques across multi-step interactions to find prompt injection, jailbreak, and model-manipulation flaws.", "origin": "reviewed" } ] }, { "slug": "mintmcp", "schema_version": 2, "name": "MintMCP", "vendor": "MintMCP", "url": "https://www.mintmcp.com/", "primary_asset": "ai-orchestration-tools", "description": "MintMCP: Managed MCP gateway that authenticates AI clients to MCP servers, enforces access policies, and logs every tool call for audit.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-orchestration-tools", "functions": [ "protect", "govern", "detect" ], "maturity": "primary", "note": "Enterprise MCP gateway between AI clients and MCP servers that handles authentication, enforces access policies, and logs every tool call; admins curate a catalog of approved servers with preconfigured credentials, role-based tool sets, and centralized credential management.", "origin": "reviewed" }, { "asset": "ai-agent-identities", "functions": [ "govern", "protect" ], "maturity": "secondary", "note": "Applies enterprise SSO and RBAC controls to MCP access with fine-grained permissions and instant revocation; API keys stay within the gateway so AI clients never hold them.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "detect" ], "maturity": "secondary", "note": "Exports activity logs covering tool invocations, prompt submissions, and gateway requests to SIEM or observability platforms in real time over the OpenTelemetry Logs protocol.", "origin": "reviewed" } ] }, { "slug": "mistral-moderation", "schema_version": 2, "name": "Mistral Moderation", "vendor": "Mistral AI", "url": "https://docs.mistral.ai/capabilities/guardrailing/", "primary_asset": "runtime-ai-data", "description": "Mistral Moderation: Classifier service that scores prompts and responses across policy categories and applies blocking guardrails in Mistral API requests.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "The moderation service classifies raw text and conversational content across policy categories including jailbreaking, while custom guardrails declared in chat completions and conversations requests enforce per-category thresholds and block violating content with a 403 response.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "Agent-level guardrails attach moderation rules to an agent at creation time, and all conversations using that agent automatically inherit the configured thresholds and blocking action.", "origin": "reviewed" } ] }, { "slug": "natoma", "schema_version": 2, "name": "Natoma", "vendor": "Natoma", "url": "https://natoma.ai/platform", "primary_asset": "ai-agent-identities", "description": "Governed MCP gateway that treats AI agents as non-human identities, enforcing identity-aware authorization and per-tool policy over agent access to tools, with shadow-AI discovery and audit.", "deployment": [ "saas", "self-hosted" ], "status": "acquired", "compliance_attestations": null, "acquirer": "Snowflake", "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "protect" ], "maturity": "primary", "note": "Authenticates AI agents and enforces identity-aware, attribute-based authorization with delegated permissions and Cedar policy, plus a full audit trail of every tool call.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify" ], "maturity": "secondary", "note": "Provides a hosted gateway for MCP servers and tools, discovers shadow AI and unmanaged MCP connections, and controls which tools each agent may call.", "origin": "reviewed" } ] }, { "slug": "nemo-guardrails", "schema_version": 2, "name": "NeMo Guardrails", "vendor": "NVIDIA", "url": "https://github.com/NVIDIA-NeMo/Guardrails", "primary_asset": "runtime-ai-data", "description": "NeMo Guardrails: Open-source NVIDIA toolkit that adds programmable input, dialog, retrieval, execution, and output rails to LLM applications, with built-in jailbreak and content safety checks.", "deployment": [ "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Input, retrieval, and output rails can reject or mask user prompts, retrieved chunks, and model responses. The built-in guardrail library adds self-check moderation, hallucination detection, jailbreak and injection detection, and NVIDIA content and topic safety models.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "protect" ], "maturity": "secondary", "note": "Execution rails screen the input and output of the custom actions and tools that an LLM calls, and the guardrail catalog includes agentic security checks.", "origin": "reviewed" } ] }, { "slug": "netskope", "schema_version": 2, "name": "Netskope", "vendor": "Netskope", "url": "https://www.netskope.com/products/securing-generative-ai", "primary_asset": "runtime-ai-data", "description": "Cloud security platform that discovers generative-AI use including shadow AI and inspects prompts and responses inline, applying DLP and guardrails to block data leakage and AI threats.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "identify", "protect", "detect" ], "maturity": "primary", "note": "Discovers generative-AI and shadow-AI use and inspects prompts and responses inline with DLP and guardrails to block sensitive-data leakage.", "origin": "reviewed" }, { "asset": "ai-model", "functions": [ "identify", "detect" ], "maturity": "secondary", "note": "Assesses the risk of generative-AI apps and MCP servers and runs automated red-team testing of private LLMs to find vulnerabilities.", "origin": "reviewed" } ] }, { "slug": "neuraltrust", "schema_version": 2, "name": "NeuralTrust", "vendor": "NeuralTrust", "url": "https://neuraltrust.ai/", "primary_asset": "ai-gateways-routers", "description": "NeuralTrust: AI gateway and runtime firewall that screens LLM and agent traffic for injection attacks and data leaks, plus automated red teaming.", "deployment": [ "saas", "self-hosted", "hybrid" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-gateways-routers", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "TrustGate is a distributed AI gateway that fronts model providers with routing, rate limiting, threat detection, and plugin-based security controls; core gateway functionality is available under an open-source license.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Prompt Guard and the Generative Application Firewall detect and block prompt injection, jailbreaks, and multimodal attacks in real time; sensitive data masking blocks or redacts PII and credentials in prompts and responses.", "origin": "reviewed" }, { "asset": "ai-model", "functions": [ "detect" ], "maturity": "primary", "note": "Automated red teaming runs a continuously updated adversarial attack catalog informed by OWASP and MITRE ATLAS research, with domain-specific test generation and scheduled reruns when the model or knowledge base changes.", "origin": "reviewed" } ] }, { "slug": "noma-security", "schema_version": 2, "name": "Noma Security", "vendor": "Noma Security", "url": "https://noma.security", "primary_asset": "ai-agent-identities", "description": "An enterprise platform that discovers, governs, and protects AI and AI agents across the enterprise, spanning homegrown AI, SaaS agents, and coding assistants.", "deployment": [ "saas", "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-07", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "identify", "protect", "detect" ], "maturity": "primary", "note": "Discovery, posture, and runtime protection for autonomous agents and MCP servers.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify", "detect" ], "maturity": "primary", "note": null, "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "detect" ], "maturity": "secondary", "note": null, "origin": "reviewed" } ] }, { "slug": "oasis", "schema_version": 2, "name": "Oasis", "vendor": "Oasis Security", "url": "https://www.oasis.security", "primary_asset": "ai-agent-identities", "description": "Non-human identity management platform that discovers, governs, and enforces least-privilege access for service accounts, secrets, and AI agents across hybrid cloud.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-07", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "identify", "protect", "detect" ], "maturity": "primary", "note": "Discovers AI agent and non-human identities, ties them to owners, and enforces least-privilege, policy-driven lifecycle controls.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "detect" ], "maturity": "secondary", "note": "Threat and anomaly detection over agent and identity activity, with continuous audit and policy enforcement.", "origin": "reviewed" } ] }, { "slug": "onyx", "schema_version": 2, "name": "Onyx", "vendor": "Onyx Security", "url": "https://onyx.security/", "primary_asset": "ai-orchestration-tools", "description": "Onyx: Control plane that discovers sanctioned and shadow AI agents, monitors prompts and agent actions in real time, and enforces security and governance policies across enterprise AI use.", "deployment": [ "saas", "self-hosted", "hybrid" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-orchestration-tools", "functions": [ "govern", "identify", "detect", "respond" ], "maturity": "primary", "note": "Discovers sanctioned and shadow AI agents across the enterprise, monitors agent activity in real time with anomaly detection and session replay, applies natural language policy controls aligned to frameworks such as the EU AI Act, and remediates issues through the Guardian Agent supervisory AI.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Provides visibility into every AI prompt and response across the stack and protects prompts, responses, and agent actions in real time against prompt injection, jailbreaks, data exfiltration, and adversarial manipulation.", "origin": "reviewed" }, { "asset": "ai-model", "functions": [ "identify" ], "maturity": "secondary", "note": "Detects shadow AI usage and unapproved model deployments, identifies supply chain risks in agents, MCP servers, models, and AI assets, and spots vulnerabilities in agents and models with automated red teaming.", "origin": "reviewed" } ] }, { "slug": "openai-guardrails", "schema_version": 2, "name": "OpenAI Guardrails", "vendor": "OpenAI", "url": "https://guardrails.openai.com/", "primary_asset": "runtime-ai-data", "description": "OpenAI Guardrails: Safety framework that validates LLM app inputs and outputs with configurable checks, plus open-weight gpt-oss-safeguard policy classifiers.", "deployment": [ "saas", "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Built-in checks screen prompts and model outputs inline through drop-in OpenAI client wrappers, covering moderation, jailbreak detection, PII detection, URL filtering, hallucination detection, off-topic prompts, and custom LLM-based checks configured via a no-code wizard.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "GuardrailAgent applies configured checks to OpenAI Agents SDK agents and raises input and output tripwire exceptions that halt the run when a check fires.", "origin": "reviewed" } ] }, { "slug": "operant-ai-gatekeeper", "schema_version": 2, "name": "Operant AI Gatekeeper", "vendor": "Operant AI", "url": "https://www.operant.ai/platform/ai-gatekeeper", "primary_asset": "runtime-ai-data", "description": "Operant AI Gatekeeper: Runtime defense that secures live AI apps and agentic workflows, addressing data leakage and rogue agents with in-line redaction and MCP threat blocking.", "deployment": [ "self-hosted", "hybrid" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Detects and blocks prompt injections and unauthenticated or unauthorized AI behavior in real time across live AI applications and agents, with in-line enforcement and auto-redaction rather than offline scoring.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Covers Model Context Protocol tooling with detection and access control, defending agent tools built on MCP frameworks across both the runtime and API access layers.", "origin": "reviewed" }, { "asset": "ai-agent-identities", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "Applies trust scoring and fine-grained, identity-aware enforcement to AI non-human identities so only verified entities operate within agentic systems.", "origin": "reviewed" } ] }, { "slug": "orca", "schema_version": 2, "name": "Orca", "vendor": "Orca Security", "url": "https://orca.security/platform/ai-security-posture-management/", "primary_asset": "ai-model", "description": "Agentless AI security posture management in the Orca cloud platform that discovers AI models including shadow AI, inventories them, and flags misconfigurations and exposed data.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "identify", "detect" ], "maturity": "primary", "note": "Agentlessly discovers and inventories managed and shadow AI models in an AI and ML bill of materials, and flags model misconfigurations and exposed AI service keys.", "origin": "reviewed" }, { "asset": "training-data", "functions": [ "identify", "detect" ], "maturity": "secondary", "note": "Detects sensitive data in AI models and training data and surfaces data-poisoning risk from editable or replaceable training data.", "origin": "reviewed" } ] }, { "slug": "oso", "schema_version": 2, "name": "Oso", "vendor": "Oso", "url": "https://www.osohq.com/", "primary_asset": "ai-agent-identities", "description": "Oso: Discovers shadow AI agents across endpoints and browsers, monitors agent sessions through an edge proxy, and alerts on unsanctioned usage and sensitive data.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "identify", "detect" ], "maturity": "primary", "note": "Inventories AI agents across endpoints, browsers, and network traffic via EDR scans, a browser extension, and an edge proxy; admins mark agents allowed or disallowed and Oso alerts when unsanctioned agents are detected.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "detect" ], "maturity": "primary", "note": "Captures prompts, completions, and tool calls for monitored agent sessions and scans them with built-in and custom patterns for secrets and PII such as API keys and credentials.", "origin": "reviewed" } ] }, { "slug": "palo-alto-ai-spm", "schema_version": 2, "name": "Palo Alto AI-SPM", "vendor": "Palo Alto Networks", "url": "https://www.paloaltonetworks.com/prisma/cloud/ai-spm", "primary_asset": "ai-model", "description": "AI security posture management in Prisma Cloud that discovers and inventories AI models and applications, classifies sensitive training and inference data, and flags data exposure and model risk.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "identify", "detect" ], "maturity": "primary", "note": "Discovers and inventories deployed AI models and their cloud resources, surfaces shadow and unauthorized models, and flags misconfigured or overprivileged models and supply-chain vulnerabilities.", "origin": "reviewed" }, { "asset": "training-data", "functions": [ "identify", "detect" ], "maturity": "secondary", "note": "Classifies where sensitive data lives in training and reference data and monitors data flows for exposure and poisoning risk.", "origin": "reviewed" } ] }, { "slug": "pangea", "schema_version": 2, "name": "Pangea", "vendor": "Pangea", "url": "https://pangea.cloud", "primary_asset": "runtime-ai-data", "description": "AI security guardrails that inspect prompts, responses, and agent activity to block prompt injection, redact sensitive data, and stop malicious content across LLM and agent traffic.", "deployment": [ "saas" ], "status": "acquired", "compliance_attestations": null, "acquirer": "CrowdStrike", "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Inspects prompts and responses to detect prompt injection, redact sensitive data, and block malicious content.", "origin": "reviewed" }, { "asset": "ai-agent-identities", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "Guards agent activity with pre-plan, pre-tool, and post-tool checks and runtime monitoring.", "origin": "reviewed" } ] }, { "slug": "patronus-ai", "schema_version": 2, "name": "Patronus AI", "vendor": "Patronus AI", "url": "https://www.patronus.ai/", "primary_asset": "runtime-ai-data", "description": "Patronus AI: LLM evaluation and guardrails platform whose point-in-time evaluators detect prompt injection, toxicity, PII, and harmful or hallucinated content in LLM inputs and outputs.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "detect" ], "maturity": "primary", "note": "Point-in-time guardrail evaluators flag prompt injection, toxicity, PII, and harmful or hallucinated content in LLM inputs and outputs, leaving the blocking decision to the application.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "detect" ], "maturity": "secondary", "note": "The same evaluators check the inputs and outputs of individual components in an agentic LLM pipeline.", "origin": "reviewed" } ] }, { "slug": "permiso-ai-security", "schema_version": 2, "name": "Permiso AI Security", "vendor": "Permiso Security", "url": "https://permiso.io/ai-security", "primary_asset": "ai-agent-identities", "description": "Permiso AI Security: Capability of the Permiso identity platform that discovers AI agents, attributes runs and tool calls to identities, and detects anomalous agent behavior in real time.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "identify", "detect", "respond" ], "maturity": "primary", "note": "Discovers AI agents in cloud workloads and code repositories, attributes every run, event, and tool call to a human, non-human, or AI identity through the Universal Identity Graph, detects anomalous agent behavior, and enforces containment including kill switches.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify", "detect" ], "maturity": "secondary", "note": "Monitors MCP invocations and tool calls tied to agent identities; the SandyClaw sandbox analyzes agent skills before they run in the environment, recording actions, tool calls, and downstream requests.", "origin": "reviewed" } ] }, { "slug": "pillar", "schema_version": 2, "name": "Pillar", "vendor": "Pillar Security", "url": "https://www.pillar.security/platform", "primary_asset": "runtime-ai-data", "description": "AI security platform for the agentic workforce that inventories agents, models, and MCP servers, red-teams them, and runs adaptive runtime guardrails to block prompt attacks and data egress.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Adaptive runtime guardrails inspect AI inputs and outputs, detect malicious intent, and use taint analysis to block PII and secret egress in real time.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify", "detect" ], "maturity": "secondary", "note": "Discovers and inventories agents, models, MCP servers, and tools including shadow AI, maps the permissions and connections of each agent, and red-teams them for exploitable flaws.", "origin": "reviewed" } ] }, { "slug": "portkey", "schema_version": 2, "name": "Portkey", "vendor": "Portkey", "url": "https://portkey.ai", "primary_asset": "ai-gateways-routers", "description": "AI gateway and control plane that routes requests across many LLM providers and runs guardrails on inputs and outputs to catch prompt injection, PII leaks, and unsafe content.", "deployment": [ "saas", "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-gateways-routers", "functions": [ "identify", "protect", "detect" ], "maturity": "primary", "note": "Routes traffic to many LLM providers with input and output guardrails and request-level observability.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "Guardrails check prompts and responses for prompt injection, PII, and unsafe content.", "origin": "reviewed" } ] }, { "slug": "prisma-airs", "schema_version": 2, "name": "Prisma AIRS", "vendor": "Palo Alto Networks", "url": "https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security", "primary_asset": "runtime-ai-data", "description": "Palo Alto Networks’ AI security platform; its AI Runtime Security inspects prompts and responses inline to block prompt injection, data leakage, and unsafe model output.", "deployment": [ "saas", "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-07", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Inline inspection of prompts and responses for injection, leakage, and unsafe output.", "origin": "reviewed" }, { "asset": "ai-gateways-routers", "functions": [ "protect" ], "maturity": "primary", "note": "API and network intercept for AI traffic.", "origin": "reviewed" }, { "asset": "ai-model", "functions": [ "identify" ], "maturity": "secondary", "note": "Model scanning via integrated Protect AI technology.", "origin": "reviewed" } ] }, { "slug": "prompt-security", "schema_version": 2, "name": "Prompt Security", "vendor": "Prompt Security", "url": "https://prompt.security", "primary_asset": "runtime-ai-data", "description": "Runtime GenAI security that screens employee AI use, homegrown LLM apps, and agents for prompt injection, data leakage, and shadow AI, with inline blocking and redaction.", "deployment": [ "saas", "self-hosted" ], "status": "acquired", "compliance_attestations": null, "acquirer": "SentinelOne", "last_reviewed": "2026-06-07", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Inline screening of prompts and responses for prompt injection, jailbreaks, and data leakage, with blocking and redaction.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Protection for homegrown LLM applications via API, SDKs, and a centralized gateway.", "origin": "reviewed" }, { "asset": "ai-agent-identities", "functions": [ "protect" ], "maturity": "secondary", "note": "Agent runtime controls and MCP gateway security over what agents can do.", "origin": "reviewed" } ] }, { "slug": "promptfoo", "schema_version": 2, "name": "Promptfoo", "vendor": "Promptfoo", "url": "https://www.promptfoo.dev/", "primary_asset": "ai-model", "description": "Promptfoo: Open-source CLI and library for evaluating and red-teaming LLM applications, generating application-specific attacks such as prompt injections, jailbreaks, and data and PII leaks.", "deployment": [ "self-hosted" ], "status": "acquired", "compliance_attestations": null, "acquirer": "OpenAI", "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "detect" ], "maturity": "primary", "note": "Automated red teaming simulates real users and generates application-specific attacks, including direct and indirect prompt injections, jailbreaks tailored to deployed guardrails, data and PII leaks, and toxic content generation.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "detect" ], "maturity": "secondary", "note": "Red teaming targets agents and RAG applications and surfaces insecure tool use and business rule violations. Declarative evaluations benchmark prompts, models, and applications during development.", "origin": "reviewed" } ] }, { "slug": "proofpoint-unified-ai-security", "schema_version": 2, "name": "Proofpoint Unified AI Security", "vendor": "Proofpoint", "url": "https://www.proofpoint.com/us/platform/ai-security", "primary_asset": "runtime-ai-data", "description": "Proofpoint Unified AI Security: Runtime visibility and policy enforcement for employee GenAI use, autonomous agents, and MCP servers, built on the acquired Acuvity technology.", "deployment": [ "hybrid" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "identify", "protect", "detect" ], "maturity": "primary", "note": "AI Access Security discovers AI tools in use across the enterprise, inspects employee AI interactions at runtime, enforces context-aware policies on prompts and outputs, and records audit evidence of AI usage.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify", "protect", "detect" ], "maturity": "primary", "note": "Agentic AI Security applies intent-based detection and behavioral anomaly detection to agent workflows; AI MCP Security discovers shadow MCP servers and enforces authentication and content inspection at the MCP boundary, backed by a registry of approved servers.", "origin": "reviewed" } ] }, { "slug": "protect-ai", "schema_version": 2, "name": "Protect AI", "vendor": "Protect AI", "url": "https://protectai.com", "primary_asset": "ai-model", "description": "A unified platform that secures the AI lifecycle: model scanning (Guardian), automated red teaming (Recon), and runtime protection (Layer).", "deployment": [ "saas", "self-hosted" ], "status": "acquired", "compliance_attestations": null, "acquirer": "Palo Alto Networks", "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "identify", "protect" ], "maturity": "primary", "note": "Guardian scans models from registries and hubs for unsafe code and threats.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify", "detect" ], "maturity": "primary", "note": "Recon runs automated red teaming against AI applications and agents.", "origin": "reviewed" }, { "asset": "training-data", "functions": [ "detect" ], "maturity": "secondary", "note": null, "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "detect" ], "maturity": "secondary", "note": "Layer adds runtime protection for LLM applications.", "origin": "reviewed" } ] }, { "slug": "protecto", "schema_version": 2, "name": "Protecto", "vendor": "Protecto", "url": "https://www.protecto.ai/", "primary_asset": "runtime-ai-data", "description": "Context security for agentic AI that sits between enterprise data and AI systems, applying role-based access and dynamic masking so agents see only the data each user is permitted at inference.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Sits between enterprise data and LLMs, agents, and MCP pipelines, applying dynamic masking at inference and keeping a full audit trail of who accessed what.", "origin": "reviewed" }, { "asset": "ai-agent-identities", "functions": [ "protect" ], "maturity": "secondary", "note": "Role-based access for AI agents, so each agent exposes only the data the requesting user is permitted to see.", "origin": "reviewed" } ] }, { "slug": "pyrit", "schema_version": 2, "name": "PyRIT", "vendor": "Microsoft", "url": "https://github.com/microsoft/PyRIT", "primary_asset": "ai-model", "description": "PyRIT: Open-source Microsoft framework for automated and human-led AI red teaming, assessing the security and safety of generative AI systems with attack strategies, scenarios, and scoring.", "deployment": [ "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "detect" ], "maturity": "primary", "note": "Runs single-turn and multi-turn attack strategies such as Crescendo, TAP, and Skeleton Key against generative AI targets, with standardized scenarios covering content harms and data leakage and flexible scoring of responses.", "origin": "reviewed" } ] }, { "slug": "qualys-totalai", "schema_version": 2, "name": "Qualys TotalAI", "vendor": "Qualys", "url": "https://www.qualys.com/apps/totalai/", "primary_asset": "ai-workload-platforms", "description": "Qualys TotalAI: Discovers and inventories AI and LLM workloads, then scans models for jailbreak, prompt injection, and other OWASP LLM Top 10 risks.", "deployment": [ "saas", "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-workload-platforms", "functions": [ "identify", "detect" ], "maturity": "primary", "note": "Discovers and inventories AI workloads, including software packages and GPU hardware, across production and development environments, and applies AI-specific vulnerability detections prioritized with TruRisk to harden the underlying infrastructure.", "origin": "reviewed" }, { "asset": "ai-model", "functions": [ "detect" ], "maturity": "primary", "note": "Scans onboarded LLM models for jailbreak susceptibility, prompt injection, bias, unsafe output, and other risks mapped to the OWASP LLM Top 10, with reporting aligned to MITRE ATLAS.", "origin": "reviewed" } ] }, { "slug": "realm-prism", "schema_version": 2, "name": "Realm Prism", "vendor": "Realm Labs", "url": "https://www.realmlabs.ai/platform-overview", "primary_asset": "ai-model", "description": "Realm Prism: Runtime observability that inspects model internals during inference to detect hallucinations, prompt injection, and policy drift in production AI calls.", "deployment": [ "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "detect" ], "maturity": "primary", "note": "Deep Neural Inspection maps model internals and reads activity during inference, catching drift, manipulation, and silent failures while they are still inside the inference loop rather than judging output strings after the fact.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "detect" ], "maturity": "primary", "note": "Prism observes every production model call and flags failures that emerge from model reasoning, including hallucination, deception, policy drift, jailbreak success, and prompt injection attempts that input and output filters miss.", "origin": "reviewed" } ] }, { "slug": "reco", "schema_version": 2, "name": "Reco", "vendor": "Reco", "url": "https://www.reco.ai/", "primary_asset": "ai-agent-identities", "description": "Reco: SaaS security platform that discovers shadow AI tools and AI agents, monitors agent permissions and behavior, and governs generative AI usage across enterprise apps.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-workload-platforms", "functions": [ "identify" ], "maturity": "primary", "note": "Discovers shadow AI tools and embedded AI features across SaaS apps and supports security teams in assessing generative AI usage across the enterprise.", "origin": "reviewed" }, { "asset": "ai-agent-identities", "functions": [ "identify", "detect" ], "maturity": "primary", "note": "Maps every AI agent to an owner and a risk score, flags overpermissioned and orphaned agent identities, supports least privilege across the agent fleet, and surfaces policy violations.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "identify", "detect" ], "maturity": "secondary", "note": "Tracks information movement from SaaS apps to unauthorized AI systems and monitors what employees share with AI platforms, classifying exposure risk by data sensitivity.", "origin": "reviewed" } ] }, { "slug": "repello-ai", "schema_version": 2, "name": "Repello AI", "vendor": "Repello AI", "url": "https://repello.ai/", "primary_asset": "ai-model", "description": "Enterprise AI security and red-teaming platform that discovers AI assets, runs adversarial attack simulations against models and apps, and adds runtime protection and MCP visibility.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "identify", "detect" ], "maturity": "primary", "note": "Discovers AI assets and runs ARTEMIS adversarial attack simulations against models and applications across RAG and agent workflows.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "ARGUS adds AI runtime security, and an MCP gateway provides visibility into MCP traffic.", "origin": "reviewed" } ] }, { "slug": "robust-intelligence", "schema_version": 2, "name": "Robust Intelligence", "vendor": "Cisco", "url": "https://www.cisco.com/site/us/en/products/security/ai-defense/index.html", "primary_asset": "ai-model", "description": "Algorithmic red teaming and runtime guardrails for AI models and apps: tests models against attacks and screens prompts, responses, and agent workflows. Now part of Cisco AI Defense.", "deployment": [ "saas", "self-hosted" ], "status": "acquired", "compliance_attestations": null, "acquirer": "Cisco", "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "identify", "protect" ], "maturity": "primary", "note": "Algorithmic red teaming validates models against attack techniques, with runtime guardrails enforcing protection.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "AI runtime guardrails screen prompts, responses, and agent workflows.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify", "detect" ], "maturity": "adjacent", "note": "Supply chain scanning of model files, repositories, and MCP servers and tools.", "origin": "reviewed" } ] }, { "slug": "rubrik-agent-cloud", "schema_version": 2, "name": "Rubrik Agent Cloud", "vendor": "Rubrik", "url": "https://www.rubrik.com/products/rubrik-agent-cloud", "primary_asset": "runtime-ai-data", "description": "Rubrik Agent Cloud: Monitors enterprise AI agents, applies SAGE semantic guardrails in real time, and rewinds destructive agent actions.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "identify", "recover" ], "maturity": "primary", "note": "Agent Monitor discovers deployed agents and tracks how they interact with data, identities, and applications. Agent Rewind undoes unwanted or destructive agent actions.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "detect", "protect" ], "maturity": "primary", "note": "The SAGE engine, unveiled at RSAC 2026, uses a custom small language model to interpret natural language policies, semantically evaluate agent interactions in real time, detect policy violations, and enforce safe boundaries on agent behavior.", "origin": "reviewed" }, { "asset": "ai-generated-code", "functions": [ "recover" ], "maturity": "secondary", "note": "Agent Cloud for Claude, generally available as of June 2026, rolls back unintended Claude agent actions and recovers affected code along with the agent configuration, including for Claude Code.", "origin": "reviewed" } ] }, { "slug": "runlayer", "schema_version": 2, "name": "Runlayer", "vendor": "Runlayer", "url": "https://www.runlayer.com/", "primary_asset": "ai-orchestration-tools", "description": "Runlayer: MCP security gateway that vets servers and skills, screens each tool call for threats, and ties agent access to enterprise SSO with audit logs.", "deployment": [ "saas", "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-orchestration-tools", "functions": [ "protect", "detect", "govern" ], "maturity": "primary", "note": "Gateway and private registry for MCP servers, skills, and agents. Scans each server release for vulnerabilities and permission drift before approval, screens calls in real time for tool poisoning, rug pulls, and command injection, and keeps complete audit trails.", "origin": "reviewed" }, { "asset": "ai-agent-identities", "functions": [ "govern", "protect" ], "maturity": "secondary", "note": "Replaces personal API keys with SSO, SCIM, and group sync through Okta or Entra, applying conditional access, revocation, and fine-grained permissions to user, team, and agent connections to MCP servers.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "detect", "protect" ], "maturity": "secondary", "note": "Multi-tier detectors inspect tool-call traffic in real time and flag policy, compliance, and data-leak risks before requests reach downstream tools.", "origin": "reviewed" } ] }, { "slug": "securiti", "schema_version": 2, "name": "Securiti", "vendor": "Securiti", "url": "https://securiti.ai/", "primary_asset": "training-data", "description": "Data and AI security command center that discovers and classifies sensitive data across the enterprise and runs context-aware LLM firewalls over AI prompts, retrieval, and responses.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "training-data", "functions": [ "identify", "protect" ], "maturity": "primary", "note": "Discovers and classifies sensitive data across cloud and SaaS, including shadow assets, and governs how that data is used in AI.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "Context-aware LLM firewalls inspect prompts, retrieval, and responses to protect AI interactions.", "origin": "reviewed" } ] }, { "slug": "semgrep", "schema_version": 2, "name": "Semgrep", "vendor": "Semgrep", "url": "https://semgrep.dev/products/semgrep-code/", "primary_asset": "ai-generated-code", "description": "Static analysis platform that scans code regardless of who or what wrote it, with a Guardian mode and Multimodal AI that find and help fix vulnerabilities in AI-generated code as it lands.", "deployment": [ "saas", "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-generated-code", "functions": [ "detect", "protect" ], "maturity": "primary", "note": "Scans AI-generated code as it is written and combines static analysis with AI reasoning (Multimodal) to find vulnerabilities and suggest fixes in pull requests, with Cursor and Claude Code plugins.", "origin": "reviewed" } ] }, { "slug": "sentra", "schema_version": 2, "name": "Sentra", "vendor": "Sentra", "url": "https://www.sentra.io/", "primary_asset": "training-data", "description": "Sentra: Agentless DSPM that discovers, classifies, and governs sensitive data across the estate, including the training sets, RAG stores, and Copilot and Bedrock data that AI applications touch.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "training-data", "functions": [ "identify", "detect" ], "maturity": "primary", "note": "Discovers and classifies sensitive data across cloud and on-prem at petabyte scale without copying it out of the environment, controls access to it, and adds data detection and response across the datasets AI and Copilot or Bedrock can reach.", "origin": "reviewed" } ] }, { "slug": "snyk", "schema_version": 2, "name": "Snyk", "vendor": "Snyk", "url": "https://snyk.io", "primary_asset": "ai-generated-code", "description": "Developer-security platform, now positioned as an AI security fabric, that secures AI-generated code and the AI agents and tools used to build and run AI-native applications.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": [ "SOC 2 Type II", "ISO 27001", "ISO 27017" ], "last_reviewed": "2026-06-08", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed", "compliance_attestations": "reviewed" }, "matrix_coverage": [ { "asset": "ai-generated-code", "functions": [ "identify", "protect" ], "maturity": "primary", "note": "Snyk Studio guides AI coding assistants and Snyk Code scans to find and fix issues in AI-generated code at inception.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify" ], "maturity": "secondary", "note": "Scans MCP servers for vulnerabilities such as tool poisoning, using technology from the Invariant Labs acquisition.", "origin": "reviewed" }, { "asset": "ai-agent-identities", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "Runtime guardrails enforce policy on AI agent behavior, restricting data flow and tool access and flagging anomalous decisions.", "origin": "reviewed" } ] }, { "slug": "spectra-assure", "schema_version": 2, "name": "Spectra Assure", "vendor": "ReversingLabs", "url": "https://www.reversinglabs.com/products/spectra-assure", "primary_asset": "ai-model", "description": "Spectra Assure: Scans AI and ML model files for malicious code as part of software supply chain analysis and lists detected models in an ML-BOM.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "detect", "identify" ], "maturity": "primary", "note": "Identifies AI and ML model files in analyzed software by format signature, scans them with malware analysis to assess whether models are safe to use, and lists discovered models as components in an ML-BOM within the SAFE report.", "origin": "reviewed" } ] }, { "slug": "straiker", "schema_version": 2, "name": "Straiker", "vendor": "Straiker", "url": "https://www.straiker.ai", "primary_asset": "runtime-ai-data", "description": "AI-native security for agentic apps and AI agents, pairing offensive red-team testing with runtime guardrails that detect and block prompt injection, data exfiltration, and agent manipulation.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-07", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-orchestration-tools", "functions": [ "identify", "protect", "detect" ], "maturity": "primary", "note": "Discover AI inventories agents and tools; Defend AI screens agentic app traffic inline.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Defend AI guardrails inspect prompts, responses, and tool calls and block threats at runtime.", "origin": "reviewed" }, { "asset": "ai-agent-identities", "functions": [ "identify", "detect" ], "maturity": "secondary", "note": "Ascend AI tests for identity exploitation; Discover AI maps agent connections and posture.", "origin": "reviewed" } ] }, { "slug": "stytch-connected-apps", "schema_version": 2, "name": "Stytch Connected Apps", "vendor": "Stytch", "url": "https://stytch.com/connected-apps", "primary_asset": "ai-agent-identities", "description": "Stytch Connected Apps: Authorization for AI agent and MCP workflows that connects agents to applications with consent management, scoped permissions, and admin allowlists.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "protect" ], "maturity": "primary", "note": "Authorizes AI agent and MCP workflows against an existing auth stack, presenting permissions in scoped groupings for user consent, limiting grants to permissions the user already holds, and restricting which apps and agents members may connect through allowlists.", "origin": "reviewed" } ] }, { "slug": "sweet-ai-security-platform", "schema_version": 2, "name": "Sweet AI Security Platform", "vendor": "Sweet Security", "url": "https://www.sweet.security/ai-security-platform-aisp", "primary_asset": "runtime-ai-data", "description": "Sweet AI Security Platform: Runtime detection and response for AI systems that inventories models and agents, blocks prompt injection through an AI gateway, and enforces least privilege for agents.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "detect", "protect" ], "maturity": "primary", "note": "AIDR routes AI agent traffic through the Sweet AI Gateway to analyze prompts and block malicious operations such as prompt injection, applying guardrail policies and behavioral baselines that flag deviations in agent activity.", "origin": "reviewed" }, { "asset": "ai-agent-identities", "functions": [ "identify", "protect" ], "maturity": "primary", "note": "Discovers every AI agent in the environment, including shadow and unmanaged ones, and manages agent permissions with least privilege, blast radius analysis, auditing, and operation-level policy enforcement linked to an MCP gateway.", "origin": "reviewed" }, { "asset": "ai-model", "functions": [ "identify" ], "maturity": "secondary", "note": "Builds an AI BOM that tracks public and fine-tuned models with origin and version details, while AI-SPM posture checks monitor AI components for misconfigurations, exposed endpoints, and vulnerabilities.", "origin": "reviewed" } ] }, { "slug": "tailscale-aperture", "schema_version": 2, "name": "Tailscale Aperture", "vendor": "Tailscale", "url": "https://tailscale.com/use-cases/securing-ai", "primary_asset": "ai-gateways-routers", "description": "Tailscale Aperture: AI gateway that authenticates users and agents with Tailscale identity, keeps provider API keys centralized, and tracks LLM usage and spend.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-gateways-routers", "functions": [ "protect" ], "maturity": "primary", "note": "Centralized AI gateway that secures, monitors, and routes LLM requests to providers such as OpenAI, Anthropic, and Google. Tailscale identity authenticates users in place of distributed API keys, with controls over reachable models and per-user spending limits.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "detect" ], "maturity": "secondary", "note": "Dashboards and session logs provide visibility into LLM requests and token usage across the organization, with usage data export, including S3 log export, for monitoring and review.", "origin": "reviewed" }, { "asset": "ai-agent-identities", "functions": [ "protect" ], "maturity": "secondary", "note": "Identifies connecting users and coding agents such as Claude Code, Codex, and Gemini CLI through Tailscale identities, tying LLM usage to the identity that generated each request rather than shared API keys.", "origin": "reviewed" } ] }, { "slug": "teleport-beams", "schema_version": 2, "name": "Teleport Beams", "vendor": "Teleport", "url": "https://www.beams.run/", "primary_asset": "ai-workload-platforms", "description": "Teleport Beams: Runs AI agents in isolated Firecracker micro-VMs with built-in identity, per-beam access policy, and audited access to infrastructure and inference services.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-workload-platforms", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Runs each agent in an isolated Firecracker micro-VM with an ephemeral filesystem wiped at session end and policy-controlled egress to allowlisted domains; every access event is recorded immutably for audit visibility into what agents reach.", "origin": "reviewed" }, { "asset": "ai-agent-identities", "functions": [ "protect" ], "maturity": "primary", "note": "Issues a short-lived identity certificate to each beam, scoped to the services it may reach, so agents authenticate to infrastructure and inference endpoints without static secrets; access policy is enforced per beam at the proxy.", "origin": "reviewed" } ] }, { "slug": "tenable-ai-exposure", "schema_version": 2, "name": "Tenable AI Exposure", "vendor": "Tenable", "url": "https://www.tenable.com/products/ai-exposure", "primary_asset": "ai-workload-platforms", "description": "Tenable AI Exposure: Discovers how employees and agents use AI platforms, surfaces shadow AI and misconfigurations, detects attacks such as prompt injection, and enforces AI acceptable use policies.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-workload-platforms", "functions": [ "identify", "govern" ], "maturity": "primary", "note": "Discovers how employees and agents interact with AI platforms such as ChatGPT Enterprise and Microsoft Copilot, finds unsafe platform settings and third-party integrations, and enforces AI acceptable use policies.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "detect", "identify" ], "maturity": "primary", "note": "The Explorer page inspects messages in user AI sessions to identify potential data exfiltration or sharing of sensitive information with AI models; the Issues page surfaces detected policy breaches and security gaps.", "origin": "reviewed" }, { "asset": "ai-agent-identities", "functions": [ "identify" ], "maturity": "secondary", "note": "The Inventory page tracks users, deployed AI agents, and AI memories; AI agent assets carry risk scores in Tenable Exposure Management.", "origin": "reviewed" } ] }, { "slug": "token-security", "schema_version": 2, "name": "Token Security", "vendor": "Token Security", "url": "https://www.token.security/", "primary_asset": "ai-agent-identities", "description": "Security platform for AI agents and non-human identities that discovers and inventories them, maps their access and risk, and enforces intent-based least-privilege.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "identify", "protect" ], "maturity": "primary", "note": "Discovers and inventories AI agents and non-human identities, maps their access and risk, and enforces intent-based least-privilege so each agent has only the permissions its purpose needs.", "origin": "reviewed" } ] }, { "slug": "traceforce", "schema_version": 2, "name": "TraceForce", "vendor": "TraceForce", "url": "https://traceforce.ai/", "primary_asset": "ai-orchestration-tools", "description": "TraceForce: Endpoint AI security posture management that discovers the AI tools, agents, MCP servers, and skills running on devices, scores context-aware risk, and automates remediation.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": [ "ISO 27001", "SOC 2 Type 1" ], "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed", "compliance_attestations": "reviewed" }, "matrix_coverage": [ { "asset": "ai-orchestration-tools", "functions": [ "identify", "detect" ], "maturity": "primary", "note": "Endpoint agents discover the AI tools, MCP servers, and skills running locally on each device and flag risk from how AI is actually used, with automated remediation into the existing security stack.", "origin": "reviewed" }, { "asset": "ai-agent-identities", "functions": [ "identify" ], "maturity": "secondary", "note": "Inventories the AI agents operating on managed devices as part of endpoint AI discovery.", "origin": "reviewed" } ] }, { "slug": "trojai", "schema_version": 2, "name": "TrojAI", "vendor": "TrojAI", "url": "https://troj.ai/", "primary_asset": "runtime-ai-data", "description": "TrojAI: Tools that red team AI models at build time and apply a runtime firewall against prompt injection, data leakage, and rogue MCP servers.", "deployment": [ "self-hosted" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "detect" ], "maturity": "primary", "note": "TrojAI Detect runs automated red teaming with more than 150 built-in security and safety tests, finding model weaknesses such as prompt injection, data leakage, and PII exposure before deployment.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "TrojAI Defend is a runtime AI firewall that monitors, alerts, blocks, redacts, and logs, filtering inputs and outputs to AI applications to stop prompt injection, sensitive information disclosure, and other adversarial attacks.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "TrojAI Defend for MCP applies MCP-specific policies that inspect, audit, and enforce security on MCP traffic in real time, blocking unregistered or rogue servers in agentic workflows.", "origin": "reviewed" } ] }, { "slug": "trust3-ai", "schema_version": 2, "name": "Trust3 AI", "vendor": "Trust3 AI", "url": "https://trust3.ai/", "primary_asset": "training-data", "description": "Trust3 AI: Unified data and AI access governance platform that secures data across cloud and on-premises environments and governs autonomous AI agents.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "training-data", "functions": [ "identify", "protect" ], "maturity": "primary", "note": "Scans and classifies fine-tuning and RAG data and filters vector-database and RAG queries so each user inherits the access controls of the source systems.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "Applies real-time controls to generative AI prompts and responses with end-to-end observability and audit.", "origin": "reviewed" } ] }, { "slug": "unity-ai-gateway", "schema_version": 2, "name": "Unity AI Gateway", "vendor": "Databricks", "url": "https://www.databricks.com/product/artificial-intelligence/ai-gateway", "primary_asset": "ai-gateways-routers", "description": "Unity AI Gateway: Governance layer for model serving on Databricks with guardrails that filter PII and unsafe content, plus permissions, rate limits, request logging, and usage tracking.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-gateways-routers", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "Manages and monitors access to model serving endpoints with permissions, rate limits, usage tracking through system tables, fallbacks, and traffic splitting across model backends.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "AI Guardrails enforce safety filtering against harmful content and block or mask PII detected in endpoint requests and responses, with inference tables logging payloads for audit.", "origin": "reviewed" } ] }, { "slug": "unity-catalog", "schema_version": 2, "name": "Unity Catalog", "vendor": "Databricks", "url": "https://www.databricks.com/product/unity-catalog", "primary_asset": "ai-model", "description": "Unified governance layer for Databricks data and AI that manages models, agent tools, and MCP connections as access-controlled objects, with fine-grained policies, column-level lineage, and audit.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-model", "functions": [ "identify", "protect", "govern" ], "maturity": "primary", "note": "Manages registered ML models, agent-tool functions, and MCP connections as securable objects with grant and revoke privileges, lineage, and audit.", "origin": "reviewed" }, { "asset": "training-data", "functions": [ "identify", "protect" ], "maturity": "secondary", "note": "Applies fine-grained, attribute-based access policies with row and column filters and PII autoclassification to the data that feeds models, with end-to-end lineage.", "origin": "reviewed" } ] }, { "slug": "vorlon", "schema_version": 2, "name": "Vorlon", "vendor": "Vorlon", "url": "https://vorlon.io/", "primary_asset": "ai-agent-identities", "description": "Vorlon: AI Agent Flight Recorder and Action Center capture a cross-application forensic audit trail of agent actions, surface behavioral anomaly findings, and route coordinated response.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "detect", "respond" ], "maturity": "primary", "note": "The Flight Recorder stitches each agent action across connected apps into a queryable forensic record; the Action Center flags behavioral anomalies against agent usage patterns, routes findings to owners, and tracks remediation through SIEM, SOAR, and ITSM workflows.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "detect" ], "maturity": "secondary", "note": "Monitors data-in-motion between AI agents, SaaS apps, and integrations, detecting anomalous access to sensitive data using data-layer context.", "origin": "reviewed" } ] }, { "slug": "witnessai", "schema_version": 2, "name": "WitnessAI", "vendor": "WitnessAI", "url": "https://witness.ai/", "primary_asset": "runtime-ai-data", "description": "Network-level AI security and governance platform that discovers AI apps, agents, and MCP servers, enforces use policies, and runs an AI firewall that blocks prompt injection and jailbreaks.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "protect", "detect" ], "maturity": "primary", "note": "The Witness Protect AI firewall inspects prompts and responses bidirectionally, blocking prompt injection and jailbreaks and filtering outputs before users or agents act on them.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "identify", "detect" ], "maturity": "secondary", "note": "Discovers AI apps, agents, and MCP servers across the network without endpoint agents, and logs all AI activity for governance.", "origin": "reviewed" } ] }, { "slug": "wiz-ai-spm", "schema_version": 2, "name": "Wiz AI-SPM", "vendor": "Wiz", "url": "https://www.wiz.io/solutions/ai-spm", "primary_asset": "ai-workload-platforms", "description": "Agentless AI security posture management that discovers AI pipelines, models, and data across clouds, then surfaces misconfigurations and attack paths to AI services.", "deployment": [ "saas" ], "status": "acquired", "compliance_attestations": [ "SOC 2 Type II", "SOC 3", "ISO 27001", "ISO 27017", "ISO 27018", "ISO 27701", "PCI DSS v4.0.1", "HIPAA" ], "acquirer": "Google (Alphabet)", "last_reviewed": "2026-06-08", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed", "compliance_attestations": "reviewed" }, "matrix_coverage": [ { "asset": "ai-workload-platforms", "functions": [ "identify" ], "maturity": "primary", "note": "Agentless discovery and posture for AI services and pipelines.", "origin": "reviewed" }, { "asset": "ai-model", "functions": [ "identify" ], "maturity": "secondary", "note": null, "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "identify" ], "maturity": "secondary", "note": null, "origin": "reviewed" } ] }, { "slug": "workos-authkit", "schema_version": 2, "name": "WorkOS AuthKit", "vendor": "WorkOS", "url": "https://workos.com/mcp", "primary_asset": "ai-agent-identities", "description": "WorkOS AuthKit: OAuth 2.1 authorization server for MCP applications that handles agent authorization flows and token validation, enabling fine-grained authorization for agentic workflows.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "protect" ], "maturity": "primary", "note": "Acts as the OAuth 2.1 authorization server for MCP applications, handling the authorization flows while the MCP server validates the issued tokens, with fine-grained authorization for agentic applications and workflows.", "origin": "reviewed" } ] }, { "slug": "zenity", "schema_version": 2, "name": "Zenity", "vendor": "Zenity", "url": "https://zenity.io/platform", "primary_asset": "ai-agent-identities", "description": "Zenity: Secures enterprise AI agents with discovery, posture management, and runtime detection and response across agent platforms.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-10", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "ai-agent-identities", "functions": [ "identify" ], "maturity": "primary", "note": "AISPM discovers agents across environments, evaluates configuration and permission risk, and enforces guardrails before agents run, with an inventory of ownership, permissions, and integrations.", "origin": "reviewed" }, { "asset": "runtime-ai-data", "functions": [ "detect", "protect" ], "maturity": "primary", "note": "AIDR monitors step-level agent execution at runtime, detects direct and indirect prompt injection, and blocks sensitive data leakage through agent conversations, tool calls, and memory.", "origin": "reviewed" }, { "asset": "ai-orchestration-tools", "functions": [ "protect", "detect" ], "maturity": "secondary", "note": "MCP security provides visibility into MCP connections, blocks unauthorized agent actions, and enforces security policies over MCP-enabled agents.", "origin": "reviewed" } ] }, { "slug": "zscaler", "schema_version": 2, "name": "Zscaler", "vendor": "Zscaler", "url": "https://www.zscaler.com/products-and-solutions/ai-access-security", "primary_asset": "runtime-ai-data", "description": "Zero-trust platform that uncovers shadow AI, classifies and moderates AI prompts and responses inline, and enforces DLP to block sensitive data from leaving for generative-AI apps and tools.", "deployment": [ "saas" ], "status": "active", "compliance_attestations": null, "last_reviewed": "2026-06-09", "origin": { "description": "reviewed", "deployment": "reviewed", "status": "reviewed" }, "matrix_coverage": [ { "asset": "runtime-ai-data", "functions": [ "identify", "protect", "detect" ], "maturity": "primary", "note": "Uncovers shadow AI, classifies and moderates prompt and response content inline, and enforces inline DLP to block sensitive data from leaving for AI apps.", "origin": "reviewed" }, { "asset": "ai-model", "functions": [ "detect" ], "maturity": "secondary", "note": "Combines automated red teaming and dynamic risk assessment to identify vulnerabilities in AI applications.", "origin": "reviewed" } ] } ] }