Founders in Focus: Itamar Golan of Prompt Security
Each month, we’ll highlight one of the founders of Okta Ventures’ portfolio companies. You’ll get to know more about them and learn how they work with Okta. This month, we’re speaking with Itamar Golan of Prompt Security.
What is Prompt Security and what is your mission?
Prompt Security is a platform that helps enterprises adopt generative AI (GenAI) safely and securely. Our mission is to protect enterprises from GenAI threats while offering clear visibility into and governance over GenAI tools. We aim to empower companies worldwide to use GenAI in ways that drive innovation, enhance productivity, and accelerate growth, all without increasing risk or compromising data privacy. By achieving and maintaining robust security and compliance, organizations can unlock GenAI's incredible potential.
What were you doing prior to Prompt Security that led you to this moment?
Before founding Prompt Security, I spent a decade working in data science, cybersecurity, and the intersection of these two fields. I led initiatives for companies like Check Point and Orca Security, where I developed advanced AI models and technologies to enhance organizational security.
Through this work, and as AI adoption became mainstream, I recognized a critical shift: Rather than building AI for security, there was a growing need to build security specifically for AI. This put secure GenAI adoption at the front of my mind and was the spark that led me to co-found Prompt Security.
What is Prompt Security’s solution? What challenge does it solve?
Our solution solves challenges on multiple fronts.
We protect enterprises from the risks of GenAI use by employees. This employee governance empowers enterprises and their employees to enjoy all the benefits of GenAI, whether that means using ChatGPT to revise emails, Jasper for content marketing, or GitHub Copilot for code completion.
We deploy a lightweight browser plugin or agent on the employees’ endpoints that detects shadow AI and provides an enterprise’s security administrator with a full, detailed inventory of AI use. The administrator has full visibility (person X went to Gemini with prompt Y at day and time Z).
They can also set granular policy controls regarding which employee-application interactions are legitimate and which data may be shared with tools. And in case of a violation, how we respond (logging, modifying, blocking, etc.) depends on the company’s preferences. Overall, employee governance allows companies to unleash productivity while staying in control.
Our second model is geared towards homegrown GenAI applications. Imagine that one of your R&D or product teams is building a customer-facing chatbot, which accepts natural language in English or French to accelerate the customer experience vis-à-vis your product. To make this chatbot viable, a lot of technologies are embedded at the backend. This represents a new architecture — a new way to build applications.
But just as it opens doors to new possibilities, it also opens doors to new vulnerabilities, some of which you’ll find in the OWASP Top 10 for Large Language Model applications, which we played a key role in compiling. These include prompt injections, jailbreaks, adversarial attacks, insecure plug-in design, denial of service, and more.
And in the face of these risks, Prompt Security acts as a sort of firewall for GenAI. We inspect all of this semantic traffic, looking for sensitive data, security exploits, and unsafe content, and whenever we see potentially sensitive or malicious attempts, we can block or prevent them in real time.
So whether it's your employee going through the browser to Gemini or to Notion AI, your developer using AI-powered code assistants like GitHub Copilot, or your R&D team building an internal homegrown GenAI app, Prompt Security inspects all of it and enforces your policy to make sure that everything is safe and OK — no prompt injections are being performed, no sensitive data is being leaked, and no harmful or off-brand content is being created.
Why did Prompt Security want to work with Okta?
First of all, Okta is an excellent company. I have used it for a long time and greatly admire its execution and its market fit.
In the context of Prompt Security, Okta integration adds significant value to our solution. Before deploying our solution for a given enterprise, we integrate with the buyer's Okta. This enables us to require employees to provide adequate authentication before accessing specific GenAI applications. By identifying an employee’s identity and user group, we can enforce the appropriate GenAI application policies relevant to them.
This capability allows our solution to adapt to each user group. For instance, if the CEO interacts with and discusses certain topics on ChatGPT, our response may differ significantly from how we would act if the user were someone from the R&D or marketing team.
How is Prompt Security working with Okta? What support do you look for in a corporate partner?
Our integration is a natural fit, which is why we plan to expand it to deliver new capabilities, such as authorization for GenAI applications. If before I spoke about policies for different employees interacting with GenAI applications, imagine also enforcing tailored policies for each homegrown app that interacts with third-party apps. You would want to ensure a role-based authorization mechanism here as well. We call it a GenAI authorization mechanism, and there’s a lot of potential for collaboration with Okta to make it happen.
In addition, because so many of our respective offerings complement each other, we envision building processes for co-selling and co-marketing. A lot of people that use Prompt would benefit from Okta, and vice versa. Unleashing GenAI safely and enforcing authorization policies go hand in hand. These processes don’t happen overnight, of course, but we certainly see it on the horizon. With success in product and technology integration, collaboration on go-to-market, marketing and sales fronts becomes all the more feasible.
What trends do you expect to see in the AI Security industry?
GenAI is in its early infancy. Right now, people are interacting directly with ChatGPT and building very simple applications on top. As I see it, in the near future, GenAI will be integrated practically everywhere and people will build much more sophisticated GenAI applications. Chat interface and natural language will become the new UX, which means there will arise a major need to secure prompts.
As GenAI adoption increases, and as integration between GenAI apps and internal data strengthens, the challenges within the purview of GenAI Security become all the more salient. From prompt injections, sensitive data leaks, and content moderation to more sophisticated user-dependent issues like authorization, there will be a lot more security for Prompt Security and Okta to deliver together.
Interested in joining Okta Ventures? Check out our FAQ here and feel free to reach out to our team or submit your business for review.
