Index — content catalog

Regenerated 2026-07-05 by scripts/wiki_lint.py --write-index. One page per line: link — one-line summary — (key facts).

Overview

  • overview — The thesis: standing up a governed enterprise AI platform isn’t one purchase — it’s a stack.

Categories (42)

  • Acceptable Use Policies — The “here’s what you can and can’t do with AI here” rulebook everyone signs. An — (practice, 2026-06-28)
  • Agent Security (runtime) — Agent runtime security protects agentic applications while they run — as the agent — (day-2, 2026-06-28)
  • Shadow-AI — The velvet-rope host for AI. This layer governs how employees and agents use AI: — (day-1, 2026-06-28)
  • AI Gateway — The traffic cop and toll booth for model calls. An AI gateway is the single exit — (day-1, 2026-06-28)
  • Model Risk & Compliance — The control tower for AI risk. An AI governance platform inventories every model, — (firm-type-specific, 2026-06-30)
  • Guardrails — Two related jobs the CSV survey bundles together: — (day-2, 2026-06-28)
  • AI Runtime Security (AI Firewall) — The metal detector for prompts and responses. An AI firewall sits in the live — (day-1, 2026-06-28)
  • Agentic SOC Analysts — The RoboCop watching the logs. AI SOC analysts (a.k.a. agentic SOC, AI SecOps) use LLM-driven agents to do the tier-1/tier-2 work a human security analyst do… — (day-2, 2026-06-30)
  • AI-SPM (AI Security Posture Management) — AI-SPM is the inventory-and-posture layer for your AI estate: it discovers every — (day-2, 2026-06-28)
  • Anti-Deepfake — Defend the human layer against AI-era social engineering. The seed doc frames — (day-2, 2026-06-28)
  • Tool) — An authorization engine is the externalized rules engine that answers one question — — (day-2, 2026-06-28)
  • Browser Security Extension — A bolt-on guard for your existing Chrome (or Edge) — browser-level DLP and monitoring that watches risky web/AI activity without swapping browsers. It inst… — (situational, 2026-06-28)
  • Comms Surveillance — The compliance detective. Communications surveillance replays the firm’s archived — (firm-type-specific, 2026-06-28)
  • Enterprise Content Sources — The systems of record an AI assistant reads from: where your knowledge actually lives — the SharePoints, Drives, and wikis the model retrieves from when answ… — (situational, 2026-06-28)
  • Data Access Governance — Data Access Governance (DAG) audits and right-sizes who can open which data, and — (day-2, 2026-06-28)
  • Data Loss Prevention (DLP) — DLP prevents exfiltration of sensitive data via content- and lineage-aware controls. — (day-1, 2026-06-30)
  • Data Classification & DSPM — Data Security Posture Management (DSPM) discovers, classifies, and assesses the — (day-1, 2026-06-28)
  • XDR — Endpoint Detection and Response (EDR), and its broader cousin Extended Detection — (day-1, 2026-06-28)
  • Enterprise AI Assistant — The actual chatbot your people use, with enterprise plumbing attached. A governed, compliant, general-purpose assistant: the same conversational AI employees… — (day-1, 2026-06-30)
  • Enterprise Browser — A work browser with guardrails baked in. Because most AI use happens in a browser tab — ChatGPT, Claude, Gemini, a hundred SaaS copilots — the browser is t… — (situational, 2026-06-28)
  • Enterprise GRC — One governed register for risk, controls, policy, and audit. Enterprise GRC — (day-1, 2026-06-28)
  • Entitlement-Aware RAG — Retrieval that remembers your permissions: a permission-aware retrieval layer so an AI assistant only surfaces documents the asking user was already allowe… — (situational, 2026-06-28)
  • Ephemeral Environments — Disposable, build-to-order workspaces that vanish when you are done — nothing sticky to — (practice, 2026-06-28)
  • HITL ApprovalsA human has to press “yes” before the AI does something consequential. HITL — (practice, 2026-06-28)
  • SSO) — This is the front door. An identity provider (IdP) gives every human — and, increasingly, every agent and workload — a single verified identity, single sign-… — (day-1, 2026-06-28)
  • ISPM) — The IdP decides who you are; identity governance (IGA) decides what you should be allowed to do, and proves it. It runs the joiner/mover/leaver lifecycle… — (day-2, 2026-06-28)
  • LLM Observability & Evaluation — The flight recorder for your AI. LLM observability traces what a model actually did — (day-1, 2026-06-28)
  • Tool Access Control — An MCP gateway is the single doorway for the tools an agent is allowed to reach. As — (day-2, 2026-06-28)
  • SASE (SSE) — Inspect and control traffic in and out of the organization, including deep packet — (day-1, 2026-06-28)
  • Agent Identity Governance — Most identities in a modern enterprise are not people — they are service accounts, API keys, OAuth tokens, CI/CD jobs, workload identities, and now AI agents… — (day-2, 2026-06-28)
  • Policy-as-Code — Your rules written as software, so the guardrails enforce themselves instead of living — (day-2, 2026-06-28)
  • Promotion Gates — Put checkpoints between “fun experiment” and “live in production,” so somebody has — (practice, 2026-06-28)
  • Risk Tiers — Rate every AI system and use case from “meh” to “oh no,” so that scrutiny matches — (practice, 2026-06-28)
  • Secrets Manager — A secrets manager is the locked drawer for passwords, API keys, database credentials, and certificates. It stores them centrally, controls who/what can read … — (day-1, 2026-06-28)
  • SOC — The security camera control room. A SIEM (security information and event management) platform collects logs and telemetry from across the estate — endpoints,… — (day-1, 2026-06-28)
  • Software Supply Chain & Coding Security — Secure and govern the software supply chain — the code you write, the dependencies — (day-2, 2026-06-28)
  • SaaS Security Posture Management — Continuously assess and harden the configuration of your SaaS estate. The seed doc — (day-2, 2026-06-28)
  • Third-Party AI Apps — The niche AI tools — legal review, coding, research, transcription, market-data copilots, deal-diligence assistants — funneled through the same controls as e… — (practice, 2026-06-28)
  • Tool Identity & Integration — This layer is the universal adapter that lets agents reach SaaS tools securely — — (day-2, 2026-06-28)
  • Trust Zone Segmentation — The job is to break the exfiltration chain before it can form. Simon Willison’s — (practice, 2026-06-28)
  • Vector Retrieval — The AI’s card catalog: turns documents into searchable “meaning” (embeddings) so the model finds the right snippet to ground its answer. Semantic search and … — (situational, 2026-06-28)
  • Vendor Risk + Cyber Ratings — The background check on every AI vendor before they touch your data — and the — (day-1, 2026-06-28)

Vendors (224)

  • 1Password — The password manager that grew into an enterprise “Extended Access Management” platform — vaulting human credentials, passkeys, and developer secrets, and (p… — (independent, 2026-06-28)
  • 7AI — A “dynamic agentic security” platform from the Cybereason founders that runs swarms of autonomous AI agents to investigate security alerts at enterprise scale. — (independent, 2026-06-28)
  • Adaptive Security — AI-native security awareness training and social-engineering attack simulation (phishing, vishing, smishing, and deepfake voice/video) that drills employees … — (independent, 2026-06-28)
  • Adaptive Shield — A SaaS Security Posture Management (SSPM) leader — misconfiguration, entitlement, and shadow-app visibility across 150+ SaaS apps — now CrowdStrike’s SSPM/Sa… — (acquired-closed, 2026-06-28)
  • Aembit — A non-human identity platform that issues short-lived, policy-scoped credentials — (independent, 2026-06-28)
  • AAIF) — An open-source, Rust-built proxy (“data plane”) that sits in front of LLMs, MCP tool servers, and agent-to-agent (A2A) traffic, adding auth, RBAC, rate limit… — (independent, 2026-06-28)
  • Aikido Security — A consolidated, developer-first “all-in-one” application-security platform (SCA, SAST, secrets, IaC, container, DAST, cloud) aimed at SMB/mid-market teams th… — (independent, 2026-06-28)
  • Aim Security — An enterprise AI-security pure-play (AI firewall + shadow-AI control + AI-SPM) bought by SASE vendor cato-networks in its first-ever acquisition. — (acquired-pending, 2026-06-28)
  • Amazon Q Business — AWS’s managed enterprise AI assistant: a generative-AI chat/RAG layer over your enterprise content, with retrieval that honors each user’s existing source-sy… — (public, 2026-06-28)
  • Claude Enterprise (Anthropic) — Anthropic’s enterprise tier of Claude: the Claude chat assistant (plus Projects and Claude Code) wrapped in the admin, identity, audit, retention, and compli… — (independent, 2026-06-28)
  • Apex Security — An AI-attack-surface / AI-governance startup (discover ungoverned AI, enforce policy, govern agents) bought by exposure-management vendor Tenable and folded … — (acquired-pending, 2026-06-28)
  • Apiiro — A “deep code analysis” ASPM platform that builds a Risk Graph from design through runtime, so AppSec teams can see, prioritize, and auto-fix application risk… — (independent, 2026-06-28)
  • AppOmni — A SaaS Security Posture Management (SSPM) platform that gives security teams centralized visibility and control over how their business-critical SaaS apps (M… — (independent, 2026-06-28)
  • Arcade.dev — Infrastructure that lets AI agents call real tools (Gmail, Slack, GitHub, Salesforce…) on behalf of a specific authenticated user, handling the OAuth/token… — (independent, 2026-06-28)
  • Archer — One of the original enterprise GRC platforms (the old “RSA Archer”), now a standalone integrated-risk-management vendor owned by PE firm Cinven. — (pe-owned, 2026-06-28)
  • Arize Phoenix — Open-source AI observability and evaluation library (Phoenix) from Arize AI, with a commercial enterprise platform (Arize AX) alongside. — (independent, 2026-06-28)
  • Artemis Security — An AI-native security-operations platform: AI agents that autonomously — (independent, 2026-06-30)
  • Arthur AI — An enterprise AI monitoring and governance platform that evaluates, monitors, and guardrails ML models, LLMs, and agents in production. — (independent, 2026-06-28)
  • Astrix Security — Non-human identity (NHI) security: discover, govern and protect the API keys, service accounts, OAuth tokens and AI-agent credentials that machines and agent… — (acquired-pending, 2026-06-28)
  • AuditBoard — A cloud audit-and-risk platform that grew from internal audit into a broad connected-risk (GRC + ESG) suite; now PE-owned by Hg. — (pe-owned, 2026-06-28)
  • Audition AI — A compliance-first enterprise AI platform purpose-built for hedge funds and — (independent, 2026-06-30)
  • Aurascape — An AI-native security platform that gives enterprises visibility into and control over every employee/app interaction with AI tools (sanctioned and shadow), … — (independent, 2026-06-28)
  • AuthZed (SpiceDB) — A Google-Zanzibar-style permissions database (open-source SpiceDB) that stores relationships between users, resources, and groups and answers fine-gr… — (independent, 2026-06-28)
  • AWS Secrets Manager — AWS’s official wording: it “helps you manage, retrieve, and rotate database credentials, application credentials, OAuth tokens, API keys, and other secrets t… — (public, 2026-06-28)
  • Azure AI Search — Microsoft’s managed search-and-vector-index service — the retrieval engine most Azure-based RAG apps (and Azure OpenAI “on your data”) use to find the right … — (public, 2026-06-28)
  • Azure Dev Box — Microsoft’s managed, cloud-hosted developer workstations — preconfigured Windows (or Linux) cloud PCs developers self-serve on demand and tear down, keeping … — (public, 2026-06-28)
  • Azure Key Vault — Microsoft’s official wording: “a secure secrets store, providing management for secrets, keys, and certificates, all backed by Hardware Security Modules” — t… — (public, 2026-06-28)
  • Bedrock Security — An AI-native data security posture management (DSPM) platform that discovers, classifies, and governs sensitive enterprise data in place using a “Metadata La… — (independent, 2026-06-28)
  • Behavox — Behavox is a compliance-surveillance vendor that scans a firm’s e-comms and voice traffic with its own purpose-built financial-services LLM to surface market… — (independent, 2026-06-28)
  • BigID — A data-intelligence platform that uses ML to find and classify sensitive data at scale, then layers DSPM, DLP, data access governance, privacy, and AI govern… — (independent, 2026-06-28)
  • Bitsight — The other major outside-in security-ratings provider, scoring organizations and their third parties on externally observable cyber posture; Moody’s is its la… — (independent, 2026-06-28)
  • Black Kite — A third-party cyber-risk-intelligence / ratings vendor that scores suppliers across technical, financial (dollar-risk), and compliance dimensions. — (independent, 2026-06-28)
  • Braintrust — Eval-first observability platform for production AI: log traces, score outputs, turn failures into test cases, and gate releases on evals. — (independent, 2026-06-28)
  • CalypsoAI — An AI runtime-security / “guardrails” pure-play (real-time threat defense + automated red teaming for model traffic), now the AI-security core of f5’s platform. — (acquired-closed, 2026-06-28)
  • Cato Networks — A cloud-native SASE platform (network + security in one cloud service) that bought AI-security pure-play aim-security in 2025 to fold an AI firewall, shadow-… — (independent, 2026-06-28)
  • Cerbos — Open-source, stateless authorization layer (a Policy Decision Point) that answers “can this principal do this action on this resource?” so you stop hard-codi… — (independent, 2026-06-28)
  • Chrome Enterprise Premium (Google) — Google’s paid security upgrade to managed Chrome: it turns the browser everyone already uses into an enforcement point with DLP, advanced threat protection, … — (public, 2026-06-28)
  • Cisco AI Defense — Cisco’s “security for AI” product: it validates and red-teams models before deployment and enforces runtime guardrails (prompt-injection, jailbreak, data-lea… — (acquired-closed, 2026-06-28)
  • Cisco — The networking and enterprise-security incumbent that, via splunk (SIEM), cisco-ai-defense (the former robust-intelligence), galileo (AI observability/eval) … — (public, 2026-06-28)
  • Cloudflare Workers — Cloudflare’s serverless edge-compute platform that runs code in lightweight V8 isolates, used to execute small, sandboxed, ephemeral workloads (including AI/… — (public, 2026-06-28)
  • Cloudflare — Cloudflare runs an edge-hosted AI Gateway that you put in front of your — (public, 2026-06-28)
  • Clutch Security — A non-human identity security platform that discovers, secures, and applies Zero Trust lifecycle controls to every API key, secret, service account, token, a… — (independent, 2026-06-28)
  • Collibra — An enterprise data intelligence platform: a data catalog plus governance, lineage, and quality, now extended with an AI Governance module to inventory and go… — (independent, 2026-06-28)
  • Comet (Opik) — Established MLOps vendor (Comet) whose open-source Opik product brings LLM tracing, evaluation, and monitoring. — (independent, 2026-06-28)
  • Composio — Developer infrastructure that lets an AI agent securely call external SaaS tools — (independent, 2026-06-28)
  • Concentric AI — DSPM built on deep-learning “Semantic Intelligence” that autonomously classifies data and fixes oversharing/permissions without writing rules or regexes. — (independent, 2026-06-28)
  • ConductorOne — Modern, automation-first identity governance: access reviews, just-in-time access requests, and identity security posture for the cloud/agentic era. — (independent, 2026-06-28)
  • Confluence (Atlassian) — Atlassian’s enterprise wiki/knowledge base — where engineering and operational teams document runbooks, decisions, and processes, making it a high-value (and… — (public, 2026-06-28)
  • CyberArk Conjur — An open-source-rooted secrets management engine for DevOps and cloud-native workloads, owned by cyberark (and therefore now by palo-alto-networks), that inje… — (acquired-closed, 2026-06-28)
  • Cranium — An enterprise AI security + governance platform that inventories your AI/ML systems, assesses their risk and compliance posture, and documents trust for inte… — (independent, 2026-06-28)
  • Credo AI — An enterprise AI governance (GRC) platform that inventories AI systems, runs risk assessments, and maps them to regulatory frameworks (EU AI Act, NIST AI RMF… — (independent, 2026-06-28)
  • CrowdStrike Falcon LogScale — The high-speed, index-free log store (formerly Humio) that powers CrowdStrike’s Next-Gen SIEM, letting Falcon customers consolidate EDR/XDR telemetry and bro… — (public, 2026-06-28)
  • CrowdStrike — The dominant cloud-native endpoint protection (EDR/XDR) vendor, whose Falcon platform has expanded into SIEM, cloud, identity, an agentic SOC analyst (Charlo… — (public, 2026-06-28)
  • CyberArk — The market-leading privileged access management vendor — vaults, rotates, and brokers access to the most powerful human, machine, and (increasingly) AI-agent… — (acquired-closed, 2026-06-28)
  • Cyberhaven — An endpoint-based, AI-powered data-loss-prevention / “data detection and response” (DDR) platform that tracks the lineage of data — where it came from, how… — (independent, 2026-06-28)
  • Cyera — The fast-growing, AI-native DSPM leader: agentless discovery of sensitive data across cloud and SaaS, converged with DLP and identity into one data-security … — (independent, 2026-06-28)
  • Datadog LLM Observability — The LLM/agent observability module inside Datadog’s broader monitoring platform — buy it where you already run APM and logs. — (public, 2026-06-28)
  • Descope — Developer-first authentication/CIAM with visual auth flows that now doubles — (independent, 2026-06-28)
  • Docker MCP Gateway — An open-source (MIT) Docker CLI plugin that runs MCP servers as isolated containers from a signed catalog and puts them behind one central gateway, adding se… — (independent, 2026-06-28)
  • DoControl — An automated SaaS data-security / data-access-controls platform that finds over-shared and exposed data across SaaS apps and remediates it with no-code workf… — (independent, 2026-06-28)
  • Doppel — AI-driven digital risk protection / “social engineering defense”: continuously scans the open web, social media, app stores, paid ads, domains, and the dark … — (independent, 2026-06-28)
  • Doppler — A developer-first, cloud-based “SecretOps” platform that centralizes app config and secrets in one place and syncs them everywhere your code runs — a cloud-a… — (independent, 2026-06-28)
  • Dropzone AI — An autonomous AI SOC analyst that investigates every security alert end-to-end, 24/7, with human-level reasoning and no playbooks to write. — (independent, 2026-06-28)
  • Elastic (ELK) — Elastic Security is a SIEM/XDR built on the Elasticsearch (ELK) stack, popular because teams can self-host the data plane and avoid per-GB SaaS SIEM pricing,… — (public, 2026-06-28)
  • Endor Labs — Reachability-based software composition analysis (SCA) that tells you whether a vulnerable open-source dependency is actually callable in your code, now ex… — (independent, 2026-06-28)
  • Enkrypt AI — A full-lifecycle LLM/agent security startup that pairs automated red-teaming (find the holes) with runtime guardrails (an AI firewall that blocks them), wrap… — (independent, 2026-06-28)
  • Entro Security — An agentless SaaS platform that discovers, governs, and manages the full lifecycle of non-human identities and secrets (API keys, tokens, service accounts) a… — (independent, 2026-06-28)
  • F5 — The incumbent application-delivery / load-balancer vendor now bolting AI runtime security and “AI guardrails” onto its traffic platform, anchored by its 2025… — (public, 2026-06-28)
  • Fairly AI — A small Canadian AI governance/compliance (GRC) platform that assesses, tests, and provides runtime “assurance” for AI models and agents against regulatory f… — (independent, 2026-06-28)
  • Fiddler AI — An enterprise AI observability platform that monitors, evaluates, explains, and guards ML models, LLM apps, and agents in production. — (independent, 2026-06-28)
  • Forcepoint — Forcepoint is the veteran DLP / data-security vendor (ex-Websense, — (acquired-closed, 2026-06-28)
  • ForgeRock — An enterprise identity & access management platform (workforce + customer IAM, governance, orchestration); acquired by Thoma Bravo and folded into ping-ident… — (acquired-closed, 2026-06-28)
  • Galileo — An AI/agent evaluation and observability platform that measures LLM/agent output quality, catches failures (hallucination, bias, unsafe output) before th… — (acquired-closed, 2026-06-28)
  • GCP Secret Manager — Google Cloud’s managed service for storing API keys, passwords, certificates, and other sensitive data as versioned secrets, with IAM-based access control — … — (public, 2026-06-28)
  • Agentspace (Google) — Google’s enterprise AI front door: a governed chat + enterprise-search + agent platform that grounds Gemini models on your company’s data (Workspace, Drive, … — (public, 2026-06-28)
  • GetReal Security — An enterprise deepfake-defense and digital-forensics platform — co-founded by deepfake-detection authority Hany Farid — that detects, analyzes, and helps res… — (independent, 2026-06-28)
  • Giskard — A French open-source LLM/ML testing and red-teaming platform that scans AI models and agents for quality, security, and vulnerability issues. — (independent, 2026-06-28)
  • GitHub Advanced Security — Platform-native application/code security built into GitHub: SAST (CodeQL), secret scanning, and dependency review/Dependabot, now sold as two purchasable pr… — (acquired-closed, 2026-06-28)
  • GitHub Codespaces — Cloud-hosted, on-demand development environments spun up from a Git repo, so code (including AI-generated or AI-agent-run code) executes in a disposable cont… — (acquired-closed, 2026-06-28)
  • GitLab (Ultimate) — The DevSecOps platform whose top tier, GitLab Ultimate, bundles platform-native application security — SAST, DAST, dependency scanning, secret detection,… — (public, 2026-06-28)
  • Glean — Permission-aware enterprise search and a “Work AI” assistant/agent platform that connects to all your SaaS apps and answers questions over company data — whi… — (independent, 2026-06-28)
  • Google Drive — Google Workspace’s file storage (Docs, Sheets, Slides, Shared Drives) — the primary unstructured-content corpus for Workspace-centric shops, and a core RAG/G… — (public, 2026-06-28)
  • Google SecOps (Chronicle) — Google’s cloud-native SIEM/SOAR platform, built for petabyte-scale log retention, enriched with Mandiant threat intelligence and Gemini-powered investigation… — (public, 2026-06-28)
  • GovernGPT — AI that drafts answers to investor DDQs and RFPs for fund managers, — (independent, 2026-06-28)
  • Grip Security — An identity-first SaaS Security Posture Management (SSPM) platform that finds all the SaaS and AI apps employees sign up for and helps you govern access and … — (independent, 2026-06-28)
  • Guardrails AI — An open-source “guardrails” library that validates and corrects LLM — (independent, 2026-06-28)
  • Haize Labs — Automated red-teaming that algorithmically discovers how an LLM fails — (independent, 2026-06-28)
  • Harmonic Security — A data-protection/“shadow AI” governance platform that watches how employees (and increasingly agents) use generative-AI tools and stops sensitive data from … — (independent, 2026-06-28)
  • HashiCorp Sentinel — HashiCorp’s embedded policy-as-code framework that enforces fine-grained, logic-based guardrails inside Terraform, Vault, Nomad, and Consul Enterprise/HCP — … — (acquired-closed, 2026-06-28)
  • HashiCorp Vault — The de facto open-source-rooted secrets manager: central vault for API keys, DB creds, certificates and encryption keys, with dynamic short-lived secrets — n… — (acquired-closed, 2026-06-28)
  • Helicone — Open-source, proxy-based LLM observability and AI gateway — one line of code to monitor LLM usage; acquired by Mintlify and now in maintenance mode. — (acquired-pending, 2026-06-28)
  • HiddenLayer — AI/ML model-security pioneer offering model scanning, supply-chain checks, runtime detection & response, and adversarial red teaming for ML models and GenAI … — (independent, 2026-06-28)
  • Holistic AI — An AI governance, risk and compliance (AI GRC) platform that inventories an — (independent, 2026-06-28)
  • Hydden — A seed-stage “identity system of record” that builds a single data layer across your IAM, IGA, PAM, and ITDR tools so security teams get one complete view of… — (independent, 2026-06-28)
  • IBM ContextForge MCP Gateway — IBM’s open-source (Apache-2.0) MCP gateway, registry, and proxy that sits in front of many MCP / A2A / REST / gRPC backends and exposes them as one governed,… — (public, 2026-06-28)
  • IBM watsonx.governance — IBM’s enterprise AI governance toolkit: a single service that inventories AI/ML and generative models, generates audit-ready “fact sheets,” monitors them for… — (acquired-closed, 2026-06-28)
  • Immuta — A data-access-control platform that enforces fine-grained, attribute-based access policies (masking, row/column filtering) natively inside Snowflake, Databri… — (independent, 2026-06-28)
  • Infisical — The open-source, self-hostable secrets manager — an end-to-end-encrypted alternative to Doppler and cloud-only stores that also reaches into certificates and… — (independent, 2026-06-28)
  • Island — A purpose-built, Chromium-based “enterprise browser” that bakes security, DLP, and access controls directly into the browser itself, so the place where work … — (independent, 2026-06-28)
  • Jazz Security — An AI-native DLP platform that uses an autonomous “Agentic Investigator” to read intent and context, so data-loss alerts come with answers instead of rule-ba… — (independent, 2026-06-28)
  • JFrog — The “system of record” for software binaries: a universal artifact repository (Artifactory) plus dependency/security scanning (Xray) that has extended into s… — (public, 2026-06-28)
  • Knostic — A “need-to-know” access-control and oversharing-detection layer that sits above document ACLs to stop enterprise AI assistants (Microsoft 365 Copilot, Glea… — (independent, 2026-06-28)
  • Kong — Kong is a mature, open-source-rooted API-management vendor whose AI Gateway turns its battle-tested Kong Gateway proxy into a single governed exit door f… — (independent, 2026-06-28)
  • Kyverno — A Kubernetes-native, open-source policy engine that enforces policy-as-code as YAML — validating, mutating, and generating cluster resources so non-compliant… — (independent, 2026-06-28)
  • Lakera — An AI-native runtime-security pure-play (real-time prompt-injection / GenAI defense, of “Gandalf” fame) being acquired by Check Point to anchor its AI-securi… — (acquired-pending, 2026-06-28)
  • Lanai — An endpoint-based “AI observability” platform that discovers and governs all the AI tools employees actually use (including shadow AI), running prompt/respon… — (independent, 2026-06-28)
  • Langfuse — Open-source LLM engineering platform for tracing, evaluating, and managing prompts of AI apps; now owned by ClickHouse. — (acquired-pending, 2026-06-28)
  • LangSmith (LangChain) — LangChain’s commercial observability-and-evaluation platform for building, tracing, and improving LLM agents. — (independent, 2026-06-28)
  • Lasso Security — An Israeli end-to-end GenAI security platform that watches every LLM and — (independent, 2026-06-28)
  • LayerX — A browser extension that turns Chrome/Edge/Safari/Firefox into an enterprise-controlled endpoint, so security teams can see and govern what employees paste i… — (acquired-pending, 2026-06-28)
  • Legit Security — An AI-native ASPM platform that maps your whole SDLC — code, pipelines, secrets, dependencies — to give AppSec teams unified, prioritized visibility and reme… — (independent, 2026-06-28)
  • Linx Security — An AI-native identity governance (IGA) platform that continuously maps, monitors, and governs every identity in the enterprise — human, non-human, and AI age… — (independent, 2026-06-28)
  • LiteLLM — The popular self-hostable, open-source AI gateway: one OpenAI-compatible endpoint in front of every model provider, so you control spend, keys, and routing f… — (independent, 2026-06-28)
  • LogicGate — A no-code, configurable GRC platform (“Risk Cloud”) pitched as the lighter, faster-to-stand-up alternative to legacy suites like archer. — (independent, 2026-06-28)
  • Lumos — Automation-first identity governance and SaaS-access management, pitched as an “Autonomous Identity Platform” for cloud-forward companies. — (independent, 2026-06-28)
  • Material Security — “Zero Trust” security for your email and cloud workspace: it sits on top of Microsoft 365 / Google Workspace via API to catch malicious email, lock down sens… — (independent, 2026-06-28)
  • Maxim AI — A lifecycle platform to experiment with prompts, evaluate (machine + — (independent, 2026-06-28)
  • Menlo Security — A cloud security company best known for remote browser isolation (running web content in the cloud, away from the endpoint) that now packages those contr… — (independent, 2026-06-28)
  • Microsoft 365 Copilot — The generative-AI assistant embedded across Word, Excel, PowerPoint, Outlook, Teams and the M365 apps, grounded in your tenant’s own content via Microsoft Gr… — (public, 2026-06-28)
  • Microsoft Defender XDR — Microsoft’s extended detection and response (XDR) suite that unifies endpoint EDR (Defender for Endpoint) with identity, email, and SaaS signals, with Securi… — (public, 2026-06-28)
  • Microsoft Edge for Business — Microsoft’s enterprise-managed Edge: the browser you already get with Windows/M365, turned into a data-protection and Zero Trust enforcement point via native… — (public, 2026-06-28)
  • Microsoft Entra ID — Microsoft’s cloud identity provider (the former Azure Active Directory): the SSO/MFA/Conditional-Access front door for everyone already living in Microsoft 3… — (public, 2026-06-28)
  • Microsoft Graph — The unified API and semantic index over your Microsoft 365 data (SharePoint, OneDrive, Exchange, Teams) that makes Microsoft 365 Copilot permission-aware: Co… — (public, 2026-06-28)
  • Microsoft Purview — Microsoft’s bundled data-security/compliance suite (classification, DLP, sensitivity labels, insider risk, DSPM) that governs sensitive data across Microsoft… — (public, 2026-06-28)
  • Microsoft Sentinel — Microsoft’s cloud-native SIEM/SOAR that ingests security logs across cloud and on-prem, runs detections, and increasingly drives AI-assisted investigation th… — (public, 2026-06-28)
  • MIND — An AI-native, “autonomous” data-loss-prevention (DLP) and data-detection-and-response (DDR) platform that discovers, classifies, and blocks sensitive-data le… — (independent, 2026-06-28)
  • Mindgard — Offensive AI security: continuously red-teams your LLMs and AI — (independent, 2026-06-28)
  • MintMCP — A managed enterprise gateway that sits between AI clients (Claude, Cursor, custom agents) and MCP servers, hosting the servers, handling SSO/credentials, enf… — (independent, 2026-06-28)
  • ModelOp — An enterprise AI/ML governance and ModelOps platform that acts as a centralized “system of record” for every model, enforcing inventory, validation, approval… — (independent, 2026-06-28)
  • Monitaur — A SaaS “ML Assurance” / model-governance platform purpose-built for highly regulated financial services (above all insurance), giving risk and compliance tea… — (independent, 2026-06-28)
  • Natoma — An enterprise Model Context Protocol (MCP) governance gateway that gives AI agents identity-scoped, audited, policy-controlled access to enterprise tools and… — (acquired-closed, 2026-06-28)
  • NeMo Guardrails (NVIDIA) — An open-source Python toolkit from NVIDIA that wraps an LLM with — (public, 2026-06-28)
  • Netskope — Netskope is the SSE/SASE vendor whose roots are in inline CASB and — (public, 2026-06-28)
  • Netwrix — A data-and-identity security vendor (rooted in Active Directory auditing) that does data access governance, change/access auditing, and identity/privileged-a… — (pe-owned, 2026-06-28)
  • NICE Actimize — The incumbent enterprise compliance suite for financial-crime and conduct risk: its SURVEIL-X platform does holistic trade + communications surveillance for … — (public, 2026-06-28)
  • Nightfall AI — A cloud-native DLP platform that uses machine-learning detectors (not regex/agents) to — (independent, 2026-06-28)
  • Noma Security — An end-to-end AI and agent security platform that discovers your AI/agent estate, scores its posture, red-teams it, and protects it at runtime. — (independent, 2026-06-28)
  • Normalyze — A DSPM startup that discovers and classifies sensitive data across cloud/SaaS/on-prem and puts a dollar value on the risk; acquired by Proofpoint to add data… — (acquired-closed, 2026-06-28)
  • Nudge Security — Agentless SaaS and shadow-AI discovery + posture platform that scans corporate mailboxes (Google Workspace / Microsoft 365) to inventory every app, account, … — (independent, 2026-06-28)
  • Oasis Security — A platform that finds, governs, and cleans up all your non-human identities — (independent, 2026-06-28)
  • Obot — An open-source MCP gateway and platform that puts a governed control plane between AI agents (Claude, Cursor, ChatGPT, internal bots) and the MCP servers the… — (independent, 2026-06-28)
  • Obsidian Security — A SaaS security platform that pairs posture management (SSPM) with identity threat detection and response — i.e. it both hardens SaaS configurations and watc… — (independent, 2026-06-28)
  • Okta — The leading independent (vendor-neutral) identity provider: SSO, MFA, and lifecycle for the workforce, plus Auth0 for customer/developer identity. — (public, 2026-06-28)
  • OneTrust — The large incumbent privacy/GRC platform that bolted on an AI Governance module, so the team that already owns your privacy and third-party-risk program can … — (independent, 2026-06-28)
  • Onspring — A no-code GRC / business-process-automation SaaS built by ex-RSA Archer people, pitched as a flexible, easier-to-configure alternative to legacy GRC. — (independent, 2026-06-28)
  • Open Policy Agent (OPA) — The de-facto open-source, general-purpose policy engine: ship your access rules (written in Rego) to a decision point that any app, service, or agent can… — (independent, 2026-06-28)
  • ChatGPT Enterprise (OpenAI) — The enterprise tier of ChatGPT: the frontier-model chat assistant most employees already want, wrapped with admin controls, a no-training-on-your-data defaul… — (independent, 2026-06-28)
  • OpenRouter — A hosted “unified interface for LLMs”: one API and one billing relationship that routes your requests across 400+ models from 70+ providers, with automatic f… — (independent, 2026-06-28)
  • OpenSearch — An open-source search, analytics, and observability engine (the AWS-led fork of Elasticsearch) with a vector-search engine built in — usable as the retrieval… — (independent, 2026-06-28)
  • Operant AI — A Kubernetes-native runtime defense platform that discovers, detects, and blocks threats against live AI apps, agents, and APIs in real time. — (independent, 2026-06-28)
  • Oso — Authorization-as-a-service built on Polar, a declarative policy language — now repositioning hard as an AI-agent security & control platform (“Oso fo… — (independent, 2026-06-28)
  • Palo Alto Networks — The incumbent network/SOC security platform (Strata SASE, Cortex XDR/XSIAM, Prisma Cloud) that has bought its way into a full AI-security stack: Prisma AIRS … — (public, 2026-06-28)
  • Pangea — A developer-first “AI guardrail” platform — prompt-injection blocking, AI DLP, and policy guardrails delivered as APIs/SDK — now the prompt-layer core of cro… — (acquired-closed, 2026-06-28)
  • Patronus AI — A model-agnostic evaluation/judge platform that scores and flags LLM — (independent, 2026-06-28)
  • Permit.io — Developer-first authorization-as-a-service: a hosted policy decision point plus SDKs and a no-code policy editor, so engineers add fine-grained access contro… — (independent, 2026-06-28)
  • Perplexity Enterprise — An enterprise “answer engine”: a web-search-grounded AI assistant with citations, plus enterprise add-ons (Spaces, internal file/app connectors, SSO/SCIM, ad… — (independent, 2026-06-28)
  • Pillar Security — An Israeli startup selling an end-to-end platform that discovers an — (independent, 2026-06-28)
  • Pindrop — A long-established voice-security company that authenticates callers and detects fraud, spoofing, and AI voice-clone / audio deepfakes in contact centers and… — (independent, 2026-06-28)
  • Pinecone — A fully-managed, serverless vector database — the original commercial “just give me a vector index” service for RAG and AI long-term memory. — (independent, 2026-06-28)
  • Ping Identity — Enterprise identity provider (workforce + customer IAM), now Thoma Bravo-owned and merged with ForgeRock; favored by large/regulated shops needing flexible, … — (pe-owned, 2026-06-28)
  • PomeriumCategories — mcp-gateway, authorization-engine — (independent, 2026-06-28)
  • Portal26 — A GenAI governance and security SaaS that gives enterprises visibility into who is using which AI tools, enforces policy, and keeps a tamper-evident forensic… — (independent, 2026-06-28)
  • Portkey — A high-performance AI gateway and control plane that sits between enterprise apps and model APIs — routing, rate-limiting, caching, governing, and observing … — (acquired-closed, 2026-06-28)
  • Talon) — A managed, Chromium-based enterprise browser (the former Talon) that delivers security controls — DLP, isolation, last-mile inspection — at the browser layer… — (acquired-closed, 2026-06-28)
  • Prisma AIRS (Palo Alto) — Palo Alto Networks’ AI security platform (Prisma AI Runtime Security) that inspects AI traffic for prompt injection, data leakage and malicious responses, sc… — (acquired-closed, 2026-06-28)
  • ProcessUnity — A third-party-risk-management (TPRM) and GRC platform that, after merging with CyberGRX, pairs assessment workflow with a large pre-completed vendor-risk dat… — (pe-owned, 2026-06-28)
  • Prompt Security — A GenAI security platform that gives enterprises visibility and control over employee and developer AI use — shadow-AI discovery, prompt-injection defense, a… — (acquired-closed, 2026-06-28)
  • Promptfoo — Popular open-source tool for testing, evaluating, and red-teaming LLM apps; acquired by OpenAI in March 2026 and folded into OpenAI Frontier (stays open sour… — (acquired-closed, 2026-06-28)
  • Prophet Security — An agentic “AI SOC analyst” that autonomously triages and investigates security alerts and writes up findings in plain language, so human analysts stop drown… — (independent, 2026-06-28)
  • Quilr — An early-stage agentic-AI security startup that discovers shadow AI, applies adaptive guardrails to prompts and data, and provides posture management over AI… — (independent, 2026-06-28)
  • Radiant Security — An AI SOC platform/“co-pilot” that automatically triages and investigates every alert across all data sources — no playbooks or preset rules — and drives con… — (independent, 2026-06-28)
  • Reality Defender — A multimodal deepfake-detection platform (audio, video, image, text) delivered as a web app and API, aimed at banks, governments, and media firms that need t… — (independent, 2026-06-28)
  • Reco — An agentless, AI-native SaaS security posture management (SSPM) platform that connects to your SaaS apps and IdP via API/OAuth, builds an identity graph, and… — (independent, 2026-06-28)
  • Red Access — Secures web/SaaS/GenAI sessions inside the browsers people already use, without deploying a dedicated browser, endpoint agent, or rerouting traffic through a… — (independent, 2026-06-28)
  • Relativity Trace — A proactive e-comms surveillance product from the e-discovery vendor Relativity, leaning on the same review/search/ML stack lawyers use for litigation to cat… — (acquired-closed, 2026-06-28)
  • Robust IntelligenceIn one line — AI security/validation pioneer out of Harvard ML research (founded 2019, San Francisco; founders Yaron Singer, Kojin Oshiba, Eric Balkanski… — (acquired-closed, 2026-06-28)
  • Rubrik — A public data-security company best known for backup and ransomware/cyber recovery, now offering DSPM (built on acquired Laminar) to find and govern exposed … — (public, 2026-06-28)
  • SailPoint — The category-defining identity governance (IGA) vendor: who has access to what, access certifications, and joiner/mover/leaver lifecycle at enterprise scale. — (public, 2026-06-28)
  • Saviynt — Cloud-native converged identity security platform: IGA plus privileged access and app/data access governance in one SaaS, the main challenger to SailPoint. — (independent, 2026-06-28)
  • Securiti — A broad “Data Command Center” — DSPM, privacy, data governance, data access, and AI trust on one knowledge-graph platform — now owned by backup/data-resilien… — (acquired-closed, 2026-06-28)
  • SecurityScorecard — An outside-in security-ratings service that scores companies (and their vendors) A–F on externally observable cyber posture, used to triage third-party risk. — (independent, 2026-06-28)
  • Semgrep — Fast, customizable static analysis (SAST) with a popular open-source engine, extended into a commercial platform covering dependencies (SCA) and secrets — kn… — (independent, 2026-06-28)
  • SentinelOne — The main publicly traded EDR/XDR challenger to crowdstrike and microsoft-defender, whose Singularity platform now extends into GenAI security after acquiring… — (public, 2026-06-28)
  • Sentra — Agentless, cloud-native DSPM that discovers and classifies sensitive data across the cloud and adds controls to keep PII out of AI training sets and gen-AI p… — (independent, 2026-06-28)
  • Seraphic Security — Adds enterprise security and governance inside the browsers employees already use, rather than making them switch to a dedicated secure browser. — (acquired-pending, 2026-06-28)
  • ServiceNow GRC — The GRC / Integrated-Risk-Management module set bolted onto the Now Platform, so risk, compliance, audit and vendor-risk workflows live next to the ITSM/CMDB… — (public, 2026-06-28)
  • OneDrive (Microsoft) — Microsoft 365’s document and collaboration repositories — for most enterprises the single biggest pile of unstructured content, and therefore the primary cor… — (public, 2026-06-28)
  • Shield — An end-to-end communications-surveillance platform that captures, — (independent, 2026-06-28)
  • Silverfort — A unified, largely agentless/proxyless identity-security platform that extends MFA, conditional access, and threat detection to systems that normally can’t g… — (independent, 2026-06-28)
  • Simbian — A suite of autonomous security AI agents — a SOC agent, a GRC agent and a hosting platform — built to not just find security issues but act on them. — (independent, 2026-06-28)
  • Snyk — Developer-first security platform that scans your own code, your open-source dependencies, containers, and IaC for vulnerabilities, integrated into the IDE a… — (independent, 2026-06-28)
  • Socket — Supply-chain security that catches malicious open-source packages — backdoors, typosquats, install-script abuse, obfuscated code — before they land in your… — (independent, 2026-06-28)
  • Sonatype — Software-supply-chain pioneer: the steward of Maven Central, maker of Nexus Repository, and a leader in open-source SCA plus a “repository firewall” that blo… — (acquired-pending, 2026-06-28)
  • Splunk — The market-leading machine-data platform for searching, monitoring and analyzing logs — the SIEM/SOAR and observability backbone many SOCs run on, now Cisco’… — (acquired-closed, 2026-06-28)
  • SplxAI — Automated, continuous AI red-teaming (“Probe”) plus runtime guardrails and prompt-hardening for conversational and agentic AI apps — now owned by Zscaler. — (acquired-closed, 2026-06-28)
  • StackOne — Unified-API / agent-tooling infrastructure: one interface that turns hundreds of — (independent, 2026-06-28)
  • SteelEye — A London-based regtech that bundles trade surveillance, communications surveillance, recordkeeping/archiving and regulatory reporting onto a single cloud pla… — (independent, 2026-06-28)
  • Straiker — An AI-native security platform that red-teams, protects at runtime, and discovers enterprise AI apps and autonomous agents across every layer of the AI stack. — (independent, 2026-06-28)
  • Styra — The company that created Open Policy Agent and sold enterprise management on top of it (Styra DAS / Enterprise OPA) — until Apple hired away its core team in… — (acquired-pending, 2026-06-28)
  • Stytch — An API-first authentication and fraud platform for developers that now also does AI-agent identity: letting your app issue scoped, revocable OAuth tokens to … — (acquired-closed, 2026-06-28)
  • Sumo Logic — A cloud-native SaaS log analytics and SIEM platform for security + ops telemetry; taken private by Francisco Partners in 2023. — (pe-owned, 2026-06-28)
  • Symmetry Systems — A DSPM platform that maps sensitive data to who can reach it — humans, service accounts, AI agents, third parties — and can automatically remediate over-pe… — (acquired-closed, 2026-06-28)
  • Terraform Cloud (HCP Terraform) — HashiCorp’s managed service for running Terraform infrastructure-as-code with remote state, collaboration, and policy enforcement — the control plane through… — (acquired-closed, 2026-06-28)
  • Theta Lake — A compliance-surveillance and archiving platform purpose-built for — (independent, 2026-06-28)
  • Token Security — Identity-first security for non-human and AI-agent identities: find every machine — (independent, 2026-06-28)
  • Torq — A security hyperautomation platform (modern SOAR) that has grown into an “AI SOC” with agentic alert triage and a self-service agent builder. — (independent, 2026-06-28)
  • TrojAI — AI-security platform pairing build-time red teaming (TrojAI Detect) with runtime threat protection (TrojAI Defend); acquired by network-security vendor A10 N… — (acquired-closed, 2026-06-28)
  • TrueFoundry — A Kubernetes-native enterprise AI platform whose centerpiece is an — (independent, 2026-06-28)
  • TruLens — An open-source Python library for evaluating and tracing LLM, RAG, and agent applications, now stewarded by Snowflake. — (acquired-pending, 2026-06-28)
  • UpGuard — A cyber-risk-ratings and third-party-risk platform that pairs external security scoring with attack-surface management and data-leak detection. — (independent, 2026-06-28)
  • Valence Security — A SaaS (and increasingly AI) security platform that discovers SaaS/AI app usage, finds and prioritizes posture risk, and emphasizes collaborative, business-u… — (independent, 2026-06-28)
  • Vanta — Automated security-and-compliance certification (SOC 2, ISO 27001, etc.) that has added an AI-governance module (ISO 42001, EU AI Act, NIST AI RMF mapping); … — (independent, 2026-06-28)
  • Varonis — The original data-access-governance vendor: a Data Security Platform that maps who can access which sensitive files/data, flags over-permissioned and stale a… — (public, 2026-06-28)
  • Veza — Identity-security “Access Graph” that maps and controls who (or what) can do what across apps, data, cloud, and AI agents — now part of ServiceNow. — (acquired-closed, 2026-06-28)
  • Wald.ai — A context-aware “AI DLP” layer that redacts sensitive data out of prompts before they reach ChatGPT / Claude / Gemini, then re-populates the original data in… — (independent, 2026-06-28)
  • Weaviate — An open-source, AI-native vector database (plus managed cloud) — the self-hostable alternative to Pinecone for RAG retrieval, so embeddings can stay in your … — (independent, 2026-06-28)
  • Weights & Biases (Weave) — The ML developer platform for experiment tracking and model management, whose Weave product does LLM/agent observability and evaluation; acquired by GPU-… — (acquired-closed, 2026-06-28)
  • WhyLabs — A data-and-ML monitoring / AI observability platform (now acquired by Apple and discontinued as a standalone product). — (acquired-closed, 2026-06-28)
  • Wing Security — An SSPM + SaaS identity-threat-detection platform that inventories SaaS and AI apps, fixes risky configuration and OAuth grants, and watches for account take… — (independent, 2026-06-28)
  • WitnessAI — Inline “AI enablement” platform that gives security teams visibility, identity-aware access governance, and runtime guardrails over how employees and agents … — (independent, 2026-06-28)
  • Wiz — The agentless cloud security platform (CNAPP) that maps risk across your cloud estate; now a Google company, with a DSPM and AI-SPM module relevant to AI dat… — (acquired-closed, 2026-06-28)
  • WorkOS — A developer platform of drop-in APIs for enterprise auth features (SSO, SCIM, — (independent, 2026-06-28)
  • Zenity — An end-to-end security and governance platform for AI agents, enterprise copilots, and low-code/no-code apps — giving security teams visibility into and cont… — (independent, 2026-06-28)
  • Zscaler — Zscaler is the large public SSE/SASE vendor whose cloud proxy already — (public, 2026-06-28)

Comparisons (6)