Generative artificial intelligence security startup  Prompt Security Inc. today announced new authorization features that are designed to transform how organizations manage and secure access to generative AI applications and organization data.

The company’s new identity and context-based Authorization system address the challenge of protecting sensitive corporate data while at the same time allowing for productive AI use across the enterprise, with granular control over specific features and content within AI applications.

The new features seek to address the issue where, as organizations embrace AI, they also face unprecedented challenges in controlling access to sensitive information, as large language models can arbitrarily disclose it, whether prompted to do so or not. Prompt Security argues that the days when traditional permission-based systems were enough have passed, as these systems are inadequate as generative AI tools can potentially expose confidential data through natural language interfaces.

“Organizations have spent years building robust, permission-based access systems and here comes AI and introduces a brand new challenge,” said Prompt Security co-founder and Chief Executive Itamar Golan. “Employees can now simply ask AI to reveal sensitive information, like salary details or performance reviews, and LLMs may inadvertently comply. Our new Authorization features close this critical gap, ensuring AI applications respect existing security boundaries.”

The multilayered Authorization system delivers enterprise-grade access control by preventing sensitive data exfiltration in real time, inspecting prompts and model responses and enforcing granular policies. The system ensures robust security without requiring complex integrations or intrusive architectures.

Key features include contextual runtime authorization that evaluates both user identity and request context, as well as granular, department-specific policies that align access permissions with job functions and data privacy requirements. The system also integrates with leading identity providers such as Okta Inc. and Microsoft Entra, enabling seamless enforcement of security protocols.

Additionally, using real-time monitoring and enforcement, organizations can apply flexible redaction options, from full content blocking to selective data masking, while maintaining comprehensive audit logging for compliance. The approach allows enterprises to manage tens of thousands of user groups more efficiently while ensuring security, transparency and ease of configuration at large scale, the company says.

Prompt Security is a venture capital-backed startup that has raised $23 million over two rounds: $5 million in January 2024 and $18 million in November. Investors in the company include Jump Capital, Hetz Ventures Ltd., Ridge Ventures, Okta and F5 Inc.

Image: Prompt Security