Outpoll | Prompt Security's Itamar Golan on Building Generative AI Security Category

AIai safety & ethics

The emergence of generative AI security as a distinct enterprise category represents one of the most critical technological evolutions since the advent of cloud computing, a transition vividly illustrated by the trajectory of Prompt Security and its CEO, Itamar Golan. VentureBeat's recent dialogue with Golan revealed a founder whose academic grounding in transformer architectures—long before they powered today's LLMs—provided an almost prescient understanding of the novel attack surfaces these models would create.His early work building generative AI-powered security features using GPT-2 and GPT-3 was not merely an innovation exercise; it was a firsthand encounter with a paradigm shift, convincing him that LLM-driven applications were democratizing risk, making systems vulnerable to creative exploitation by non-technical users. This foundational insight led to the August 2023 founding of Prompt Security, a venture that would raise $23 million, scale to a 50-person team, and achieve a remarkable exit via SentinelOne's estimated $250 million acquisition in under two years—a timeline that underscores both the market's urgency and the strategic precision of Golan's approach.The core challenge Golan identified, and which the data now confirms, is the explosive, unmanaged proliferation of AI tools within enterprises. VentureBeat analysis indicates shadow AI now costs organizations $4.63 million per breach, 16% above average, while IBM's 2025 data shows a staggering 97% of breached entities lack basic AI access controls. The scale is breathtaking: Cyberhaven data reveals 73.8% of workplace ChatGPT accounts are unauthorized, and enterprise AI usage has grown 61-fold in just 24 months. As Golan noted, they catalog over 50 new AI apps daily, with 40% defaulting to training on user data, effectively turning corporate intellectual property into potential model feedstock.This isn't a future problem; it's a present-day crisis of governance and data exfiltration. Golan's strategic decisions were deliberately counter-intuitive, favoring long-term category creation over short-term feature competition.He refused to position Prompt Security as merely a prompt-injection defense tool, instead framing it as the essential AI security control layer for the entire enterprise—a move that created its own budget line and secured a strategic seat at the CISO table. Furthermore, he embraced enterprise complexity from the outset, building for self-hosted and hybrid deployments and covering diverse surfaces from browsers to agentic workflows, while focusing on depth with a select group of serious customers who fundamentally shaped the product.This enterprise-first, platform-oriented philosophy proved prescient. The market education journey evolved rapidly from raising awareness about AI sprawl to providing the architectural means for safe enablement.

#featured

#generative AI security

#prompt injection

#data leakage

#shadow AI

#SentinelOne acquisition

#enterprise adoption

#AI governance

#prompt security

#Itamar Golan