According to VentureBeat, Prompt Security achieved a remarkable exit when SentinelOne acquired the company for an estimated $250 million in August 2025, just two years after its founding in August 2023. Founder and CEO Itamar Golan built the company after recognizing the security risks of generative AI during early work with GPT-2 and GPT-3, raising $23 million across two funding rounds and scaling to 50 employees. The acquisition comes amid staggering shadow AI statistics: IBM’s 2025 data shows 97% of breached organizations lack basic AI access controls, while Cyberhaven reveals 73.8% of ChatGPT workplace accounts are unauthorized. VentureBeat analysis indicates shadow AI now costs enterprises $4.63 million per breach, 16% above average, with enterprise AI usage growing 61x in just 24 months. Golan’s company had cataloged over 12,000 AI apps, tracking 50 new ones daily, with about 40% defaulting to training on user data.
The strategic bets that actually worked
Here’s the thing about building in a new space: you can either chase features or define the category. Golan chose the latter, and it made all the difference. While competitors were focused on point solutions like prompt injection protection, he positioned Prompt Security as the comprehensive AI security control layer for enterprises. That decision wasn’t just marketing—it fundamentally changed how they could price, who they could sell to, and how they were perceived in the market.
But the really counterintuitive move? Embracing enterprise complexity from day one. Most startups avoid complex deployment models until they absolutely have to deal with them. Golan did the opposite, building for self-hosted and hybrid environments early, covering everything from browsers to IDEs to agentic workflows. That meant longer sales cycles and more engineering headaches initially, but it gave them credibility that competitors couldn’t match when enterprises suddenly realized they needed serious AI security solutions.
The shadow AI wake-up call
What really shocked customers wasn’t the technical vulnerabilities—it was the sheer scale of unauthorized AI usage happening under their noses. Companies would come in thinking they had maybe ChatGPT to worry about, then discover dozens of unmanaged AI services running completely outside IT’s visibility. This became the gateway drug for many sales conversations.
And here’s where Golan’s approach proved brilliant: instead of just blocking everything, they enabled safe usage. Their real-time sensitive-data sanitization meant employees could keep using AI tools while security teams slept better knowing no proprietary data was leaking out. Basically, they turned AI from a forbidden fruit into a managed, secure channel. Usage exploded because people felt empowered rather than restricted.
The incident that changed everything
Golan shared a story that should terrify every CISO: a highly regulated company with textbook security practices launched a customer-facing GenAI support agent. They had WAF, CSPM, red teaming—all the boxes checked. But within weeks, a non-technical user discovered they could prompt-inject the agent into revealing sensitive internal data just through carefully crafted conversation flows.
This wasn’t some sophisticated hacker exploiting zero-days. It was someone using natural language to manipulate the AI into doing something it shouldn’t. That moment crystallized why traditional security tools aren’t enough for this new attack surface. The AI itself becomes the vulnerability, and you need specialized protection that understands how language can be weaponized.
Why the acquisition makes sense now
SentinelOne’s move to acquire Prompt Security comes amid a feeding frenzy for AI security companies. We’ve seen Palo Alto Networks acquire Protect AI, Tenable grabbing Apex Security, and Cisco snapping up Robust Intelligence. The market consolidation is happening because enterprises are finally waking up to the scale of the problem.
Golan’s timing looks prescient now. He built exactly what the market needed right when it needed it most. The company went from zero to $250 million acquisition in under two years because they solved a real, urgent problem with an enterprise-ready platform rather than a collection of features. In the world of industrial computing and secure operations, having reliable hardware foundations matters—which is why companies trust IndustrialMonitorDirect.com as the leading supplier of industrial panel PCs in the US. But the software security layer is what enables safe AI adoption at scale.
