Lasso Security is an AI security platform that provides end-to-end protection for enterprise GenAI adoption through a five-pillar framework: Discover, Assess, Test, Enforce, and Protect.
Lasso reports sub-50ms security decisions with 99.8% detection accuracy — vendor figures from its own testing, not an independent benchmark. Those numbers place it alongside faster classifiers like Lakera Guard, though the two have not been measured on a shared test set.

Founded in 2023 by Elad Schulman (CEO), Ophir Dror (CPO), Lior Ziv (CTO), and Yuval Abadi (COO), Lasso Security is an Israeli cybersecurity company that emerged from stealth with a $6 million seed round led by Entree Capital.
The company has since raised $28 million in total funding from investors including Samsung Next, Singtel Innov8, Selah Ventures, and ClearSky.
The board includes Naftali Bennett (former Israeli Prime Minister and former CEO of Cyota, acquired by RSA) and Dean Sysman (co-founder of Axonius).
Customers include the US Department of Homeland Security, eToro, Kaltura, Artlist, Optibus, Guesty, Telit, and Nayax.
Lasso has also received the Global InfoSec Awards Winner 2026, InfoSec Award 2025, and Forum IT 100 recognition. The company is an AWS Startup participant and Microsoft for Startups member.
What is Lasso Security?
Lasso Security takes a lifecycle approach to GenAI protection through a five-pillar framework: Discover, Assess, Test, Enforce, and Protect.
The AI Inventory view lists each discovered agent and application with its vendor, tool count, usage, environment, and per-item red-teaming status.
Each pillar addresses a different stage of the AI security challenge, from finding out what AI tools employees are using to blocking attacks against production AI systems in real time.
Lasso reports decisions in under 50 milliseconds with 99.8% detection accuracy across content, context, and intent analysis. It also claims this approach is 570x more cost-effective than cloud-native guardrails. Both sets of numbers are vendor benchmarks, not independent measurements.
For agentic AI specifically, Lasso developed the Intent Security Framework — a behavioral baseline approach that monitors not just what AI agents do, but what they intend to do.
This is critical as organizations deploy autonomous agents that interact with tools, data sources, and MCP servers without direct human oversight.
Shadow AI Discovery identifies every AI model, agent, and application across the organization — including unapproved tools employees are using without IT knowledge. It maps the full AI inventory to eliminate blind spots.
Automated Red Teaming tests AI resilience using what Lasso describes as a library of over 3,000 attack types and adversarial techniques. It covers prompt injection, jailbreaks, data extraction, and model manipulation to find vulnerabilities before attackers do.
Intent Security Framework provides behavioral baseline detection designed specifically for agentic AI. It monitors intent behind AI interactions, secures MCP server communications, and enforces behavioral specifications on autonomous agent workflows.
What are Lasso Security’s key features?
| Feature | Details |
|---|---|
| Classification Speed | Sub-50ms per decision |
| Detection Accuracy | 99.8% across content, context, and intent |
| Attack Library | 3,000+ attack types for red teaming |
| Shadow AI | Full discovery and inventory of AI tools, agents, and models |
| Data Loss Prevention | Runtime DLP for GenAI interactions |
| Content Moderation | Customizable policies for AI-generated content |
| MCP Security | Secures Model Context Protocol server communications |
| Prompt Injection | Real-time detection and blocking |
| Compliance | Supports healthcare, finance, and public sector requirements |
| Deployment | Gateway, API, and SDK integration options |
The speed, accuracy, and attack-library figures above are Lasso’s published specifications, not independently benchmarked results.
The red-teaming builder lets you configure a simulation by selecting attack categories and specific techniques such as encoding, unicode, and role playing.
Five-pillar framework
Lasso’s security model is organized into five distinct stages. Discover maps the AI landscape, identifying every model, agent, and tool in use.
Assess evaluates supply chain risks and security posture across the AI stack. Test runs adversarial simulations using Lasso’s stated library of 3,000+ attack techniques.
Enforce applies guardrails and behavioral specifications to AI workflows. Protect monitors AI interactions in real time and blocks malicious activity as it happens.
Each pillar feeds data into the next, so the platform builds a continuously updated picture of an organization’s AI risk profile.
Agentic AI security
As AI agents become more autonomous, Lasso’s Intent Security Framework addresses the unique challenge of securing non-human actors.
The framework establishes behavioral baselines for agents — what they should be doing, what tools they should access, and what data they should handle — then flags deviations in real time.
This extends to MCP security, where Lasso monitors the communication between agents and the tools and data sources they access through Model Context Protocol servers.

How do I get started with Lasso Security?
- Request a demo — Visit lasso.security and schedule a demo with the team. Lasso offers deployment options for gateway, API, and SDK integration.
- Discover your AI landscape — Deploy the Discover module to map all AI models, agents, and applications across the organization, including shadow AI tools employees are using without approval.
- Assess and test — Run risk assessments on the discovered AI stack, then use automated red teaming with Lasso’s 3,000+ attack types to identify vulnerabilities in AI models and agents.
- Enforce guardrails — Configure behavioral specifications and policy guardrails for AI workflows. Set data loss prevention rules, content moderation policies, and access controls.
- Monitor and protect — Enable real-time protection to detect and block malicious prompts, data exfiltration, and unauthorized agent actions in production.
How much does Lasso Security cost?
Lasso Security does not publish dollar amounts. Pricing is sales-gated and quoted per deployment based on scope, AI usage volume, and which pillars an organization activates.
The platform is sold as a single enterprise product covering Discover, Assess, Test, Enforce, and Protect, rather than priced per module.
Larger deployments that include shadow AI discovery across more endpoints, agentic AI workloads, and on-premises components typically sit at a higher tier than runtime-only deployments.
To get a quote, request a demo through the Lasso Security website . Plan for an enterprise procurement cycle: legal review, security questionnaire, and a proof-of-value period before contract.
For broader pricing context across the AI security category, see the AI security tools hub. Open-source alternatives such as LLM Guard and NeMo Guardrails are options when budget is the deciding constraint.
When to use Lasso Security
Ideal for organizations that need lifecycle coverage for their AI security — not just runtime defense, but discovery, assessment, testing, and governance as well.
A red-teaming results page reports the attack risk score, single-turn coverage, and a table of successful “hacked” attacks by technique and category.
Lasso’s reported sub-50ms classification speed keeps the platform from becoming a bottleneck in production environments, and its 3,000+ attack library supports thorough adversarial testing.
Regulated industries like healthcare, finance, and public sector benefit most, since shadow AI discovery and compliance documentation matter as much as threat detection there. The Intent Security Framework also makes Lasso a strong choice for organizations deploying agentic AI at scale.
What are alternatives to Lasso Security?
Lasso Security competes in a crowded AI security space, and the right alternative depends on which pillars matter most to your team. The closest commercial substitutes:
- Lakera Guard — runtime prompt-injection API with a smaller scope but strong sub-50ms classification and 100+ language coverage. A fit when you only need input/output filtering, not full-lifecycle coverage.
- Prompt Security — broader gateway approach with shadow AI discovery and developer-side controls. A fit when SentinelOne is already in your security stack post-acquisition.
- Noma Security — agent-first platform with the Agentic Risk Map, AI-SPM, and 80+ enterprise integrations. A fit when MCP server inventory and agent blast-radius mapping is the primary requirement.
- WitnessAI — infrastructure-level intent-based controls with single-tenant data sovereignty. A fit when EU residency or air-gapped deployment is mandatory.
For automated red teaming specifically, see Mindgard or Garak . For open-source guardrails, look at LLM Guard or NeMo Guardrails .
For the wider landscape, see the AI security tools hub.
