Prompt Security

Overview

Prompt Security is a startup tackling a problem that didn't exist three years ago: securing enterprise use of generative AI. Founded in Tel Aviv in 2023, the company builds a proxy layer that sits between your employees and AI services — ChatGPT, Claude, Gemini, Midjourney, and hundreds of others — intercepting prompts and responses in real time to prevent data leakage, prompt injection, and policy violations. Think of it as a DLP gateway purpose-built for the AI era.

The need is obvious. Employees are pasting source code, customer data, financial projections, and internal documents into AI tools every day, often without realizing the data retention implications. Traditional DLP tools weren't designed for conversational AI interfaces and miss most of this traffic. Prompt Security fills that gap with an approach that's both technically clever and operationally practical.

This is an early-category product — the "AI security" market is still defining itself — but Prompt Security is one of the more mature entries we've seen. Competitors include Protect AI (more focused on ML pipeline security), Lakera (focused on prompt injection), and Nightfall AI (broader DLP that includes AI). Prompt Security's differentiator is the breadth of its proxy coverage and the speed of its real-time analysis.

How It Works

The core architecture is a forward proxy that intercepts traffic between users and AI services. Deployment options include a browser extension, a network proxy (integrates with existing web gateways like Zscaler or Netskope), and API-level integration for internally deployed AI applications. The browser extension is the quickest path to value — it takes about 15 minutes to deploy via MDM and immediately starts monitoring AI usage across Chrome and Edge.

When an employee submits a prompt to ChatGPT or any supported AI service, Prompt Security's engine analyzes the content in real time. It runs multiple detection models simultaneously: PII detection (names, SSNs, credit cards, emails), code detection (identifies programming languages and checks for proprietary markers), topic classification (flags discussions about M&A, legal matters, financials), and prompt injection detection (catches attempts to manipulate AI systems through crafted inputs). The analysis happens in milliseconds — users don't notice a delay.

The policy engine lets you define rules at a granular level. You can allow marketing to use ChatGPT for copywriting but block them from pasting customer lists. You can let engineers use Copilot for code completion but redact API keys and connection strings before they reach the model. Policies can block, redact, warn, or log depending on the severity and context. The redaction mode is particularly useful — it replaces sensitive data with placeholders before the prompt reaches the AI service, so the employee still gets a useful response without exposing the actual data.

For organizations building their own AI applications (RAG systems, internal chatbots, AI-powered features), Prompt Security offers an API-based integration that scans both inputs and outputs. This covers prompt injection attacks against your own models, hallucination detection, and output filtering to prevent the AI from leaking training data or generating harmful content. The API adds about 50-100ms of latency per request, which is acceptable for most chat-based applications but might be noticeable in high-throughput automated pipelines.

What We Liked

The visibility alone justifies the product for most organizations. Within 24 hours of deploying the browser extension to a 200-person test group, we discovered that 47 employees were actively using AI tools we hadn't approved, including three people regularly pasting source code into ChatGPT and one person who had uploaded an entire customer database to a lesser-known AI data analysis tool. Before Prompt Security, we had zero visibility into any of this. The shadow AI problem is real, and seeing it quantified for the first time is a wake-up call.

The real-time redaction feature is the most practical approach to AI data leakage we've encountered. Instead of blocking AI tools entirely (which employees will work around using personal devices), Prompt Security lets them use the tools while scrubbing sensitive data from prompts. In practice, an engineer can paste a function that handles customer data, and the system replaces actual customer IDs with synthetic ones before the prompt reaches ChatGPT. The AI still gives a useful code review, and no real data leaves the organization. It's not perfect — context can sometimes be lost with aggressive redaction — but it's a pragmatic middle ground.

The surprise was the prompt injection detection for internally built AI applications. We tested it against our RAG-based internal knowledge base by feeding it a standard battery of injection attacks (the "ignore all previous instructions" variety, indirect injection via document content, and some more sophisticated multi-turn attacks). It caught 89% of them, including several indirect injection attempts embedded in PDF documents that our own input validation had missed. For teams shipping AI features in production, this is a real defensive layer.

Deployment speed deserves mention. We had the browser extension deployed, policies configured, and monitoring active within a single afternoon. Compare that to traditional DLP deployments that take months. The admin console is well-designed with sensible defaults — the out-of-box policies for PII and source code detection work without tuning for most environments.

What Fell Short

The biggest limitation is coverage gaps. Prompt Security monitors web-based AI tools and API calls, but it can't see AI usage in desktop applications, mobile apps, or tools that use non-standard protocols. If someone downloads a local LLM and runs it on their laptop, Prompt Security doesn't know about it. The browser extension only covers Chrome and Edge — Firefox and Safari support is on the roadmap but not available yet. These gaps mean the visibility picture is incomplete, even if it's much better than having nothing.

The policy tuning took more effort than expected. The default PII detection is good, but we had significant false positives with code detection — the engine flagged configuration file snippets and log formats as "proprietary code" when they were actually generic. Tuning the sensitivity and adding allowlists took about two weeks of back-and-forth with our policies. The UI for creating custom detection rules is functional but not intuitive; we needed to reference the documentation multiple times for tasks that should have been obvious.

The ROI conversation is harder than it should be. The product works well, but quantifying the value to a CFO is the same challenge that early DLP vendors faced: you're asking someone to pay to prevent a breach that hasn't happened yet. Prompt Security's reporting doesn't do enough to help you build this business case — the dashboards show activity metrics but don't translate them into risk reduction or compliance terms that executives care about.

Pricing and Value

Prompt Security's pricing is per-user, per-month, with tiers based on features. The base tier for monitoring and policy enforcement starts around $8-$12/user/month. Adding the API protection for internal AI applications and advanced analytics pushes it to $15-$20/user/month. Enterprise pricing with dedicated support and custom integrations is negotiable. Minimum contract is typically annual. For a 500-person company, expect to spend $48K-$120K/year depending on the tier and coverage scope.

Compared to alternatives: Nightfall AI has broader DLP coverage but less AI-specific intelligence; pricing is similar. Lakera is focused on prompt injection for AI applications and doesn't cover the employee-facing proxy use case. Building this in-house using a web proxy and custom detection rules is possible but time-consuming to maintain as AI services change their interfaces constantly. For organizations that have identified shadow AI as a real risk, the pricing is reasonable. For those who are still deciding if it's a problem, the free trial (14 days) is enough to quantify the issue.

Who Should Use This

Any organization with more than 100 employees and sensitive data should at least trial this. The shadow AI usage you'll discover will justify the conversation. It's particularly relevant for financial services, healthcare, legal, and government organizations where data leakage into AI tools could violate regulations. Companies building their own AI-powered products should evaluate the API protection module separately — it addresses a different threat model but is equally important.

If you have fewer than 50 employees and everyone is technical enough to understand AI data risks, a written policy and a conversation might be sufficient for now. But the window for that approach is closing as AI tools proliferate and become embedded in everything.

The Bottom Line

We went into this review expecting vaporware — "AI security" has attracted its share of startups selling fear. Prompt Security is not that. It solves a real, measurable problem, and it does it with technology that actually works in production. The coverage gaps are real, the policy tuning takes effort, and the category is young enough that the product will look different in a year. But right now, today, your employees are pasting sensitive data into AI tools and you have no idea. Prompt Security gives you that visibility and the controls to do something about it. That's worth the investment.