Claw & Talon

Lasso Security

Cybersecurity Dual-Use Technology Priority Signal Founded 2023

Last updated: May 11, 2026

Lasso Security is a Tel Aviv-based AI security startup building an enterprise platform for discovering, governing, red-teaming, and protecting generative AI applications, copilots, agents, and model workflows. Its current positioning is AI security rather than conventional external attack surface management, with emphasis on shadow AI discovery, AI-BOM inventory, AI security posture management, automated red teaming, runtime enforcement, and AI detection and response.

Visit Website

Company Overview

Lasso Security builds a security platform for the new attack surface created by enterprise use of large language models, generative AI applications, copilots, and autonomous agents. The company describes its platform as a continuous loop spanning discovery, risk assessment, automated red teaming, runtime protection, and response. Public product materials specifically reference agent and tool discovery, AI-BOM inventory, mapping of models, prompts, tools, guardrails, permissions, and data access, AI security posture management aligned to frameworks such as NIST, OWASP, and MITRE, automated adversarial testing, and inline enforcement through proxy, API, SDK, or AI gateway patterns. This places Lasso in the emerging AI security category rather than the older EASM category reflected in the prior record.

The technical problem is strategically meaningful because AI systems are not just another SaaS application. Enterprises are deploying internal assistants, model-powered customer workflows, agentic automation, and developer copilots that can ingest sensitive data, call tools, write code, query databases, and take actions across cloud and business systems. Conventional DLP, CASB, vulnerability management, and application security controls only partially cover this risk because prompts, model outputs, tool calls, system prompts, retrieval context, and agent intent can change quickly. Lasso's stated differentiation is to provide AI-native observability and controls: shadow AI discovery, data-flow monitoring, policy enforcement, behavioral and intent analysis, attack simulation, and evidence for governance teams.

The commercial market is attractive but volatile. AI adoption is moving faster than security procurement cycles, and CISOs are under pressure to allow controlled adoption rather than blocking AI tools outright. Buyers may include security teams, AI platform teams, risk and compliance owners, and business units building customer-facing AI applications. Lasso has early credibility signals: it emerged from stealth in November 2023 with a $6 million seed round led by Entree Capital with participation from Samsung Next, reports a founding team of four entrepreneurs and cyber/AI practitioners, maintains a visible product suite, and publishes current research and launch material. Its website also lists enterprise and public-sector oriented use cases, although individual customer claims should be treated cautiously unless independently validated.

Competition is intense. Direct and adjacent competitors include Protect AI, Lakera, HiddenLayer, CalypsoAI, Prompt Security, Robust Intelligence/Cisco, and broader cloud and security-platform controls from Microsoft, Google, AWS, Palo Alto Networks, Wiz, and CrowdStrike. Lasso needs to prove that its platform can deliver more than point solutions for prompt injection or AI DLP: defensible value will depend on breadth of integrations, low-latency runtime enforcement, quality of AI asset discovery, useful red-team coverage, explainable policy management, and integration with existing SOC, AppSec, GRC, and cloud-security workflows. The category may also consolidate quickly as incumbents bundle AI-security controls into existing identity, endpoint, cloud, and data-security suites.

Dual-use relevance is credible but should not be overstated as a defense contract thesis. Defense ministries, intelligence agencies, public-sector entities, defense primes, and critical infrastructure operators are all experimenting with AI assistants, code-generation workflows, analytic copilots, and agentic automation. These systems can expose classified-adjacent data, controlled unclassified information, citizen data, mission data, credentials, and operational workflows if they are not monitored and governed. Lasso's value to national-security users would be strongest in unclassified and controlled enterprise environments: discovering unsanctioned AI use, testing mission-support AI applications against prompt injection and data-exfiltration attacks, enforcing model and tool policies, and producing audit trails. Further diligence should confirm deployment architecture, data residency, compliance posture, government procurement readiness, and whether the product can operate in segmented or high-assurance environments.

Dual-Use Assessment

Military & Commercial Applications

Lasso has substantive dual-use potential because AI assistants, LLM applications, developer copilots, and autonomous agents are becoming part of public-sector and defense enterprise workflows. The strongest fit is defensive rather than operational: discovering shadow AI, mapping agent permissions and tool access, testing AI systems for prompt injection and data exfiltration, enforcing policies at runtime, and generating audit evidence for sensitive unclassified environments. The thesis remains conditional on deployment controls, data-handling assurances, and procurement readiness; there is no need to infer classified defense use or active government contracts from the public record.

Strategic Fit Assessment

Research priority signal

Priority signal means this entry may be worth researching within the Claw & Talon thesis. It does not mean investable, suitable, endorsed, available, or likely to produce returns.

Lasso is a credible internal priority signal for a dual-use/deep-tech cybersecurity database because it addresses a fast-growing security control gap created by enterprise adoption of LLMs and AI agents. The company is early-stage, backed by recognizable seed investors, and operating in a category with real commercial urgency, but the assessment should remain diligence-oriented rather than promotional: defensibility depends on integration depth, detection accuracy, runtime latency, buyer conversion, and the ability to avoid being compressed by cloud and security-platform incumbents.

Strategic Value to U.S.-Israel Alliance

Strategically, Lasso is relevant because AI security is becoming part of the baseline control stack for governments, defense primes, regulated enterprises, and critical infrastructure operators that cannot simply ban generative AI. A platform that can discover AI assets, govern model and tool access, continuously red-team applications, enforce policies inline, and provide audit evidence maps well to national-security-adjacent enterprise security needs, especially in unclassified and controlled environments.

Key Technologies

  • AI application and agent discovery with AI-BOM inventory
  • Shadow AI usage monitoring and LLM data-flow observability
  • AI security posture management for models, prompts, tools, permissions, and guardrails
  • Automated generative AI red teaming and adversarial test libraries
  • Runtime prompt, response, and tool-call enforcement through gateway, proxy, API, or SDK deployment
  • Intent and behavioral analysis for agentic anomaly detection
  • AI detection and response workflows aligned to OWASP, MITRE, and NIST-style governance

Use Cases & Applications

  • Inventorying enterprise copilots, AI agents, LLM applications, MCP workflows, models, system prompts, and connected tools
  • Detecting shadow AI usage and risky employee interactions with unsanctioned or unmanaged AI services
  • Testing internal and customer-facing AI applications for prompt injection, data leakage, model abuse, jailbreaks, and unsafe tool use before deployment
  • Enforcing runtime policies for AI gateways, APIs, SDK-integrated applications, and agentic workflows that can access sensitive systems
  • Producing governance, audit, and compliance evidence for AI adoption programs aligned to OWASP, MITRE, NIST, and internal policy requirements
  • Protecting public-sector and defense enterprise AI workflows that handle sensitive but unclassified data, code, procurement material, or operational planning inputs
  • Monitoring AI-enabled developer workflows for unsafe code generation, secret exposure, and unauthorized data movement

Sources and verification

This profile is based on public-source research, Claw & Talon curation, and editorial judgment. Inclusion does not imply endorsement, partnership, investment, or a recommendation to transact. Readers should still confirm current status, customers, funding, and product claims before relying on this profile.

Public sources

The links below are visible public references used for source discipline around company identity, status, funding, customer, acquisition, public-company, or other material claims where available.

  • Official website Current positioning as an AI Security Platform for enterprise AI adoption.
  • AI Security Platform product page Describes discovery, AI-BOM, AI-SPM, automated red teaming, runtime enforcement, AI detection and response, and platform metrics.
  • Lasso team page States 2023 founding, four founders, AI security focus, leadership, and backing references.
  • Seed funding announcement Announces $6M seed round led by Entree Capital with Samsung Next participation and describes LLM cybersecurity focus.
  • Automated red teaming announcement Describes automated red teaming for GenAI and LLM applications.
  • Public sector use-case page Describes public-sector AI security use cases for copilots, agents, MCP workflows, policy enforcement, and audit records.
  • LinkedIn company profile Lists company size as 11-50 employees, headquarters in Tel Aviv, and founding year 2023.
  • Profile update timestamp Last updated in the Claw & Talon database on May 11, 2026.

Investor Lens

What this entry is

Private startup

Why it may matter

Lasso Security may matter as a Cybersecurity entry with not currently an investable standalone company for Israeli technology research.

How an independent investor should read this

Not currently an investable standalone company. Read this profile as a starting point for independent verification, not as a recommendation or suitability assessment.

Evidence to verify

  • Verify current status
  • Verify traction
  • Verify cap table/funding
  • Verify technical claims
  • Verify regulatory/export-control issues
  • Verify customer concentration

Main investor questions

  • Is the company currently active, independently financeable, and raising or not raising on terms you can verify?
  • What customer, revenue, product, and technical evidence supports the company story?
  • What valuation, cap table, rights, and follow-on assumptions would govern any private exposure?
  • Does the dual-use claim map to actual commercial and government/defense/resilience buyer evidence?
  • What evidence would change the thesis or show that the profile is stale?

What not to infer

  • Inclusion does not imply endorsement.
  • Inclusion does not imply allocation availability or current fundraising.
  • Scores do not indicate investment suitability or expected returns.
  • Strategic importance does not automatically imply venture return potential.
Related checklist: Cybersecurity company diligence Related sector page: Cybersecurity sector page Related Dependency Atlas theme: Sovereign cloud and software resilience

Diligence questions

  • What evidence verifies Lasso Security's current customer traction, deployment status, and revenue concentration?
  • Which technical claims are independently demonstrable today, and which remain roadmap or pilot-stage assertions?
  • Where does the product create real defense, intelligence, critical-infrastructure, or emergency-response value beyond ordinary commercial adoption?
  • How does the platform integrate into existing SOC, cloud, identity, or compliance workflows without adding operational burden?
  • What would disconfirm the priority signal: weak customer references, thin technical differentiation, poor capital efficiency, or limited allied-market access?

Related sector

See the Cybersecurity sector page for market context, related subcategories, and other Israeli companies in this part of the database.

Related companies

Wiz Cybersecurity Irregular Cybersecurity Linx Security Cybersecurity Astelia Cybersecurity Dream Security Cybersecurity

Need a diligence readout?

Use the profile and related checklists as a starting point. If the decision needs more context, request a company screen, founder-call prep, diligence memo, or sector readout.

Contact Claw & Talon Read database guide