Lasso Security
Secure AI Adoption at Enterprise Scale
Last verified April 27, 2026About Lasso Security
Lasso Security provides an AI Security Platform that delivers visibility, control, and protection across AI models, agents, and applications for enterprises. The platform inventories AI assets including agents, models, prompts, tools, and guardrails via discovery and AI-BOM features. It offers AI Security Posture Management for misconfigurations, supply chain risks, and alignment with NIST and OWASP frameworks. Automated red teaming uses a library of over 3,000 attacks covering OWASP Top 10 and agentic threats like context poisoning. Runtime enforcement provides zero-latency decisions with remediation guidance, while AI Detection & Response leverages MITRE and OWASP for threat detection with 98.6% accuracy and sub-50ms latency, including intent analysis for anomalies. Lasso targets enterprises adopting GenAI, particularly regulated sectors, enabling secure innovation through real-time risk reduction, governance, and compliance support. The platform maps to frameworks like NIST AI RMF, EU AI Act, and ISO/IEC 42001 via runtime policies and audit trails, integrating with tools like Cloudflare and Palo Alto Networks.
Frameworks supported
Regulations and voluntary standards Lasso Security documents support for on their own materials. Chip shading reflects the strength of the claim, not an independent audit.
Regulation · EU · in force
Voluntary standard · US · voluntary
Voluntary standard · Global · voluntary
Attestations held
Third-party security attestations and certifications Lasso Security documents on their own materials. These are point-in-time auditor opinions, not regulatory compliance. Always request the current report or certificate directly from the vendor before relying on it.
Attestation · United States (AICPA)
Capabilities
Features Lasso Security markets publicly. Inclusion means the capability is documented — not that it's best-in-class.
AI Model Inventory
Centralized registry of all AI/ML models in use across the organization, with ownership, lifecycle stage, and risk classification.
Risk Assessment Workflow
Guided workflows for completing AI impact assessments, risk scoring, and approval routing.
LLM Red Teaming
Automated adversarial testing of LLMs for jailbreaks, prompt injection, and unsafe outputs.
Model Monitoring
Production monitoring for performance, drift, data quality, and fairness regressions.
Prompt Injection Defense
Detection and mitigation of malicious prompts intended to bypass system instructions or exfiltrate data.
Runtime Enforcement
Inline policy enforcement on AI inputs and outputs at request time.
Audit Evidence Collection
Automated collection, hashing, and retention of evidence (model cards, test results, approvals) for audit.
Policy Management
Authoring, versioning, and distribution of AI usage policies mapped to regulations.
AI Bill of Materials
Structured inventory of components, datasets, and models that make up an AI system.
AI Supply Chain Risk
Assessment of risks from third-party models, datasets, and AI service providers.
Integrations
Documented by Lasso Security in public product materials.
- Cloudflare
- Palo Alto Networks
- AWS GovCloud
Pricing
Enterprise pricing only. Not publicly listed.
Pros and cons
Pros
- Aligns with NIST AI RMF, OWASP Top 10, and MITRE via automated runtime policies and audit trails.
- Integrates with Cloudflare and Palo Alto Networks for network-level GenAI security without agents.
- Provides automated red teaming with 3,000+ attacks and 98.6% threat detection accuracy.
- Supports public sector via Lasso Federal on AWS GovCloud with FedRAMP alignment.
Cons
- No public pricing or free tier available.
- Focuses primarily on enterprise and regulated industries, less emphasis on SMBs.
- Employee count suggests early-stage scaling relative to largest competitors.
- No specific integrations with ML platforms like AWS SageMaker or Azure ML mentioned on homepage.
Frequently asked
What frameworks does Lasso map to?+
Lasso maps controls to NIST AI RMF, EU AI Act, ISO/IEC 42001, OWASP Top 10 for LLMs, MITRE ATLAS, SOC 2, and GDPR via runtime enforcement and exportable evidence.
How does Lasso discover AI assets?+
Discovery & AI-BOM inventories agents, models, prompts, tools, guardrails, and tracks changes continuously.
What threats does Lasso detect?+
Detects prompt injection, data poisoning, tool manipulation, model theft, and behavioral anomalies with sub-50ms latency and 98.6% accuracy using intent analysis.
Is Lasso suitable for public sector?+
Yes, Lasso Federal LLC offers solutions on AWS GovCloud for federal agencies, supporting FedRAMP, DoD SRG, ITAR, and CJIS compliance.
Does Lasso require agents?+
No agents needed for network integrations like Cloudflare; provides zero-latency enforcement.
Sources
Keep reading
See an error or outdated detail?
Profiles carry a last-verified date. If something is out of date or wrong, send a correction and we will review it.
Work at Lasso Security?
Claim this listing to propose edits to the tagline, description, pricing notes, and headquarters details. Every change is still reviewed by our editorial team.