TrojAI

🔥 𝗛𝗼𝘁 𝗧𝗮𝗸𝗲 𝗧𝘂𝗲𝘀𝗱𝗮𝘆𝘀 🔥 Agentic AI: The Future of Automation… or a Security Nightmare? Agentic AI is here, and if you’re not paying attention, you’re already behind. Unlike traditional AI, which plays within the lines, agentic AI doesn’t just follow rules—it makes its own. These AI-driven agents perceive, reason, act, and adapt with minimal human oversight. Sounds powerful? It is. Sounds dangerous? Also yes. 💀 𝗪𝗵𝘆 𝘀𝗵𝗼𝘂𝗹𝗱 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗽𝗿𝗼𝘀 𝗰𝗮𝗿𝗲? Because these autonomous systems are a hacker’s dream and a CISO’s worst nightmare. We’re talking goal manipulation, memory poisoning, and cascading hallucinations—attacks that can rewrite objectives, taint decision-making, or create a runaway feedback loop of bad intel. 🔐 So, what’s the game plan? We need an AI security-first approach—before these agents go rogue. That means: ☑️ 𝗭𝗲𝗿𝗼-𝘁𝗿𝘂𝘀𝘁 𝗳𝗼𝗿 𝗔𝗜: Treat agentic AI like an untrusted entity (because it is). ☑️ 𝗠𝗲𝗺𝗼𝗿𝘆 𝗵𝘆𝗴𝗶𝗲𝗻𝗲: Guard against data poisoning and unauthorized access. ☑️ 𝗠𝘂𝗹𝘁𝗶-𝗹𝗮𝘆𝗲𝗿𝗲𝗱 𝗺𝗼𝗻𝗶𝘁𝗼𝗿𝗶𝗻𝗴: Don’t just log outputs—watch how agents reason and adapt. Agentic AI is the future, but without guardrails, it’s a loaded weapon with a mind of its own. The security industry needs to move fast—or risk playing catch-up when things go sideways. Are we ready for agentic AI security threats? Let’s talk TrojAI. 🔽 #Cybersecurity #AgenticAI #AIThreats

Introducing over 30 new vendors to the Latio List! The goal of the Latio Tech list is to be a living, accurate, curated place to find security tools in a clear, engineering focused way. Today we launched a massive update with over 30 new vendors, 3 new categories, and numerous performance improvements. Here they all are below, probably pouring over into the comments! You can view the list here: https://list.latio.tech/ High level changes: 1. Added new categories: Asset Management, Data Security, SaaS Security 2. Renamed Remediation Platforms to Vulnerability Management (CTEM) 3. Added new "hands-on" tag to indicate which tools we've been hands on with, and made this a requirement for Latio's Choice. 4. Massive Javascript optimizations improving site speed Vendors added: 1. Added Exaforce to boundary breakers - AI + data lake for SOC to level up across the board 2. Added Cytix to boundary breakers - monitors places where change happens for on demand pentesting of new endpoints 3. Added TrojAI to LLMs - runtime testing and protection for LLMs with on-prem hosting 4. Added Marqus AI to LLMs - runtime security for LLMs 5. Added BlueFlag Security to ASPM and cloud identity - identity based ASPM and detection, JIT for git 6. Added Rainforest Technologies to ASPM - code security with brand protection, hosted via on-prem vm 7. Added Fluid Attacks to ASPM - ASPM scanning + services 8. Added ZeroPath to Code-fixers - AI SAST = the next generation, no cap 9. Added Appdome to Mobile - the most robust mobile app runtime protection 10. Added Formal to the new data category - awesome runtime data aliasing 11. Added Teleskope to the new data category - data access control for data stores and SaaS 12. Added Cyera to Data - classical DSPM 13. Added Jamf to new MDM category - the apple MDM king 14. Added Kandji to the new MDM category - the strong jamf alternative 15. Added Evren to the new MDM category - a smart developer MDM alternative to virtual machines 16. Added JupiterOne to the new Asset Management category - great all in one queryable and customizable asset management 17. Added Axonius to the new Asset Management category - Great asset and vulnerability management capabilities 18. Added Cortex by Palo Alto Networks to CDR - now it works with cloud 19. Added Mondoo to Vuln Mgmt - ambitious all in one vulnerability scanning and management 20. Added Conviso Application Security to Vuln Mgmt - vulnerability management + services

New Research Alert: Very Excited to share one of the most comprehensive reports on securing enterprise AI. Security leaders are facing a wave of AI developments—from DeepSeek to Manus AI—that raise concerns about data leaks, model integrity, and more. This research covers: ▪️ The state of AI adoption and its security risks ▪️ Why traditional cybersecurity controls (e.g., firewalls) fall short ▪️ A framework for understanding AI security solutions ▪️ Insights from security leaders on what works Our recommendations, based on extensive discussions with security leaders and practitioners: 1️⃣ Start with data security controls – AI security is a data security problem first. 2️⃣ Prioritize runtime security – eBPF-based solutions offer the strongest observability. 3️⃣ Implement Governance controls - Always scan and maintain a full inventory of all AI (especially shadow AI). We anticipate more Chinese AI developments that will increase US open-source adoption, driving the need for securing AI. 4️⃣ Shortlist vendors carefully – The market is fragmented, but key players stand out. Today's Market Landscape & Solutions: There are over 50+ vendors vying for CISOs’ attention - a nightmare for CISOs, but most fall into two broad categories. We specifically highlight 9 leading vendors with extensive customers, traction and promising use cases (this categorization is not exhaustive): 1. Securing AI Product Lifecycle (and our opinion) ◼️ Palo Alto Networks – strong AISPM built on the Strata Firewall ◼️ Protect AI - strong open-source work and threat research ◼️ HiddenLayer – strong scanning and D&R capabilities ◼️ Noma Security - strong partnerships with large ML providers and coverage ◼️ Pillar Security – strong lifecycle capabilities and adaptive guardrails ◼️ TrojAI – strong pen-testing for homegrown AI applications *Observation : Protect AI and HiddenLayer currently lead in customer traction based on our research. 2. Securing Employee AI Usage (and our opinion) ◼️ Prompt Security – strong on GitHub Copilot and securing employee AI ◼️ WitnessAI AI – strong policy enforcement and SASE integration ◼️ Zenity – strong in M365 and agentic app security We go much DEEPER on strengths and trade-offs of all these leading vendors within the report. If you're evaluating AI security vendors for a POC, these are some of the names that should come first. We also highlight all the 50+ vendors in the report. We believe this is one of the most detailed analyses on this topic. If you're a security leader, this is for you. Full report: https://lnkd.in/eAyBHtvp * Massive thank you to Allie Howe for collaborating on this research and my amazing team for their hard work. Please read, and let us know your thoughts. Special thanks to the CISOs and practitioners who shared their thoughts / contributed to this research.

🎤 PANELIST ANNOUNCEMENT! We're pleased to announce that Dr. James Stewart, Ph.D., CTO of TrojAI will be one of the panelists for 'The Power of Early-Stage Support: Fueling Bold Ideas & Future Success'. James will be sharing his experience as a serial entrepreneur on how early investment, mentorship, and strategic connections fueled his companies startup growth and innovation. 📅 Don’t miss out! Register now to hear how early-stage support is a game-changer for innovation at Breakthru: https://lnkd.in/emeqUxUn #NBIF #Breakthru #Cleantech #Innovation #AI #Startups

🔥 𝗛𝗼𝘁 𝗧𝗮𝗸𝗲 𝗧𝘂𝗲𝘀𝗱𝗮𝘆𝘀 🔥 AI Accuracy Metrics: The Art of Smoke & Mirrors Vendors love to throw around big numbers. “97% accuracy!” they’ll say, expecting you to nod along and sign the contract. But here’s the dirty little secret: that number is often meaningless. Why? Because accuracy can be gamed. Evaluate a model on the same benchmark data it was trained on? Boom—sky-high accuracy. Test it in a setting where it never sees edge cases? Flawless performance. And the worst offender? The “flag everything” approach—just classify everything as malicious, and suddenly, you “catch” every bad thing. Of course, the false positives make the system unusable, but hey, the metric looks great on a slide deck. Real AI security requires a breakdown of accuracy into recall (how much of the actual bad stuff we catch) and precision (how much of what we flagged is actually bad). If a vendor claims 97% recall AND precision, be skeptical—especially if they don’t give details about the use case. In fields like adversarial prompt detection, that’s far beyond state-of-the-art. Security isn’t about buying the best marketing—it’s about working with a team that understands what’s actually possible. Pick a partner who is transparent about trade-offs, understands the limitations, and is willing to collaborate on addressing your real-world requirements. Because in security, false confidence is even more dangerous than false negatives. Follow us over at TrojAI for more hot takes! #CyberSecurity #AI #MachineLearning #SecurityMetrics #CISO