What is an LLM vulnerability scanner?

An LLM vulnerability scanner sends batteries of adversarial probes — jailbreaks, prompt injections, PII extraction attempts, harmful-content requests — at a target LLM and grades the responses. The output is a vulnerability + optimization report with per-probe evidence, severity, and a prioritized fix list.

Which LLMs can I scan with FilterPrompt?

OpenAI, Anthropic, Google Gemini, Azure OpenAI, plus any OpenAI-compatible endpoint — Ollama, Groq, Mistral, Together AI, OpenRouter, Perplexity, Hugging Face, vLLM, or your own custom endpoint. Bring your own keys per tenant.

What kinds of vulnerabilities does FilterPrompt test for?

Jailbreaks (DAN, role hijack, translation smuggling), direct and indirect prompt injection, system-prompt extraction, harmful-content compliance, PII / secret leakage, bias & fairness, RAG poisoning, agent/tool abuse, output quality, and robustness — categories map to the OWASP LLM Top 10.

How are probes graded?

Each probe declares an evaluator: regex match, refusal-check, contains-check, or an AI judge (Gemini 3 Flash). Pass/fail comes with severity, category, the exact prompt sent, the model's full response, and the evaluator's reason — fully auditable.

How much does a scan cost?

1 credit per probe executed. New accounts get 1 welcome credit on signup. Pay-as-you-go credit packs after that — credits never expire. Connecting LLMs and creating tenants is free.

AI Security Company Buyer's Guide — How to Pick

Buyer's Guide · 2024-02-10 · 14 min read · FilterPrompt Security Team

How to evaluate an AI security company and AI cybersecurity companies. Coverage, pricing, and selection framework for AI security software in 2026.

Picking an AI security company is now a recurring procurement decision for any organisation that ships AI features. The market has fragmented into three categories — AI for security operations, security for AI applications, and AI governance and compliance — and most ai cybersecurity companies sit in only one of them. This buyer's guide covers how to evaluate ai security software, what coverage to require, and how to budget across the three categories.

The three categories of AI security companies

1. AI for security operations

Vendors using AI to make existing SOC, EDR, and SIEM tooling better — CrowdStrike Charlotte AI, SentinelOne Purple AI, Microsoft Security Copilot, Google SecOps with Gemini, Splunk AI Assistant. Coverage: alert triage, investigation, threat intel summarisation, detection authoring.

2. Security for AI applications

Vendors specifically protecting LLM-powered applications, agents, and ML pipelines — FilterPrompt, Lakera, Robust Intelligence, Protect AI (now Palo Alto Networks), HiddenLayer, CalypsoAI. Coverage: prompt injection defence, jailbreak detection, model vulnerability scanning, AI red teaming, runtime guardrails.

3. AI governance and compliance

Vendors handling AI inventory, model risk management, and regulatory documentation for the EU AI Act, NIST AI RMF, ISO/IEC 42001 — Credo AI, Holistic AI, Fairly AI, Modulos. Coverage: AI registry, model risk scoring, bias and fairness assessment, regulatory artefact generation.

Critical: a single AI security company rarely covers more than one category well. Most mature programs end up with at least two.

What to look for in an AI security company

Coverage of your specific AI architecture (provider, custom models, agents, RAG pipelines)
OWASP LLM Top 10 mapping with documented scanner coverage
Independent benchmark results (LlamaGuard evals, HarmBench, AdvBench)
Integration with your CI/CD and observability stack
Documentation depth — explainability is a procurement requirement under EU AI Act
Pricing model that scales with your usage, not your engineering team size
Regulatory artefact output — audit-ready reports, not just dashboards

Coverage requirements by AI architecture

Different AI deployments have different attack surfaces. Coverage requirements should match the architecture — buying an ai security system designed for LLM API consumers will not protect a custom-trained model from data extraction attacks, and vice versa.

Hosted LLM consumer (OpenAI, Anthropic, Azure OpenAI) — focus on prompt injection defence, output filtering, PII redaction, audit logging
RAG pipeline — focus on indirect prompt injection through retrieved documents, source attribution, content provenance
AI agent with tools — focus on tool-call validation, excessive agency limits, sandboxing, action approval workflows
Custom-trained or fine-tuned model — focus on training data extraction, model inversion, membership inference, watermarking
Open-source model self-hosted — focus on supply-chain provenance (signed weights), deployment hardening, runtime isolation

Pricing models in the AI and security market

Three pricing models dominate. Per-request pricing (FilterPrompt, Lakera): scales with traffic, predictable for steady-state apps, expensive for traffic spikes. Per-model pricing (Robust Intelligence, Protect AI): scales with how many models you protect, predictable but breaks for high-model-count environments. Platform pricing (CalypsoAI, HiddenLayer): flat-fee tiers, predictable but rigid. Match the model to your usage shape — most LLM-application teams find per-request more economical than platform fees in the first year.

Selection framework

Inventory your AI deployments — most organisations are surprised by what surfaces
Map each deployment to one of the architecture categories above
Score 3–5 candidate vendors per category against your top-5 use cases
Run a paid POC with adversarial test data on production-like traffic
Validate regulatory output — generate a sample EU AI Act / NIST AI RMF report
Negotiate pricing with a 12-month commit and renewal escalator capped at 7%

Common procurement mistakes

Buying an AI cybersecurity company in category 1 (SOC AI) and assuming it covers category 2 (AI application security). It does not.
Picking the cheapest tool without checking OWASP LLM Top 10 coverage — most cheap tools cover 4–6 of the 10 risks
Skipping the POC. Vendor demos always look good; production traffic surfaces the gaps
Ignoring runtime latency. A 200ms guardrail on a 400ms LLM doubles user-perceived latency
Treating ai security software as a substitute for adversarial testing. Runtime defence and pre-deploy assurance are complements

FAQ: AI security company questions

Do I need an AI security company if I use OpenAI?

Yes. OpenAI's safety guardrails protect their service, not your application. Prompt injection that hijacks your system prompt, indirect injection through retrieved documents, output handling that leaks PII, and DLP for data flowing into the API are all your responsibility, not OpenAI's. The same applies for Anthropic, Google, Azure OpenAI, and any other hosted provider.

What is the difference between an AI security system and an AI firewall?

An AI firewall is the runtime component (request/response filtering, rate-limiting, prompt validation). An AI security system typically encompasses the firewall plus pre-deploy scanning, governance dashboards, and audit reporting. Most teams need both layers; some vendors bundle them, some specialise.

How is ai security software evaluated independently?

Public benchmarks: HarmBench, AdvBench, JailbreakBench, OWASP LLM Top 10 reference probes. Vendor-published numbers vary in honesty — require third-party benchmark results during procurement.

Conclusion: a maturity model for AI and security

AI and security maturity progresses through four stages: ad-hoc (no inventory, no controls), reactive (controls added after incidents), structured (inventory, baseline scanning, runtime guardrails, governance reporting), and optimised (continuous adversarial testing, model-risk-management board reporting, AI red team in-house). Most organisations shipping AI features are between stages 1 and 2 in 2026; the gap to stage 3 is closable in 90 days with the right ai security company partner.