Cybersecurity and quantum technology solutions company SandboxAQ today announced the launch of a new artificial intelligence security posture management platform designed to combat the rapid rise of shadow AI across enterprises.

The new AQtive Guard AI-SPM offering gives full visibility into where AI is being used in an organization’s tech stack and evaluates AI assets for exploitable weaknesses, insecure dependencies and exposure risks such as prompt injection, data leakage and unauthorized access.

Recent SandboxAQ research revealed what the company calls a widening blind spot in enterprise security: Though 79% of organizations are running AI in production, 72% have never completed a full AI security assessment and only 6% have implemented a comprehensive AI-native security strategy. More than half of those surveyed said they are highly concerned about exposed credentials and secrets in AI systems, but only 39% have dedicated tools to manage them.

SandBoxAQ argues that the research highlights an industry need for in-depth visibility into AI usage and purpose-built AI security controls and this is where AQtive Guard AI-SPM steps in.

The offering allows organizations to discover, analyze and secure their entire AI ecosystem, from the models themselves to the applications and data with which they interact. The new service also sees SandBoxAQ extending its cryptographic scanning technology to AI systems, using the same deep-inspection approach to discover and analyze hidden AI assets.

Key features of the new offering include the ability to discover AI assets, including identifying all AI assets across the organization, including models, agents and Model Context Protocol servers.

Users can also use AQtive Guard AI-SPM to assess AI asset risks, such as evaluating AI assets for exploitable weaknesses, insecure dependencies and exposure risks such as prompt injections and data leakage. In addition, they can enforce AI policies and compliance with support for applying governance frameworks and access custom controls, so they can ensure AI systems match internal standards and regulatory requirements. And they can monitor, detect and respond to threats, with AI pipelines continually observed to detect anomalies or attacks and manage incidents.

“AI is transforming a lot of industries and simultaneously expanding the attack surface faster than traditional security tools can keep up,” said Chief Executive Jack Hidary. “We’re seeing attackers weaponize AI tools to exfiltrate sensitive data, manipulate internal systems and automate large-scale intrusions.”

The challenge, he said: “If organizations don’t have clear visibility into how AI and agents are being used across their environment, they’re operating blindly. Security teams need to act now before an unmanaged AI system becomes the source of their next breach.”

SandboxAQ, which was spun off as an independent company from Alphabet Inc. in March 2022, is venture-backed and has raised $950 million, including a round of $300 million on a $5.6 billion valuation in December 2024. Investors in the company include Alphabet, BNP Paribas SA, T. Rowe Price Group Inc., Breyer Capital, Nvidia Corp., Horizon Kinetics, Eric Schmidt, TimeVentures, S32, Fred Alger Management and Paladin Capital Group.

Image: SiliconANGLE/Ideogram