VentureBeat just lately sat down (just about) with Itamar Golan, co-founder and CEO of Immediate Safety, to speak by means of the GenAI safety challenges organizations of all sizes face.
We talked about shadow AI sprawl, the strategic selections that led Golan to pursue constructing a market-leading platform versus competing on options, and a real-world incident that crystallized why defending AI functions isn't elective anymore. Golan offered an unvarnished view of the corporate's mission to empower enterprises to undertake AI securely, and the way that imaginative and prescient led to SentinelOne's estimated $250 million acquisition in August 2025.
Golan's path to founding Immediate Safety started with tutorial work on transformer architectures, nicely earlier than they turned foundational to at this time's massive language fashions. His expertise constructing one of many earliest GenAI-powered safety features utilizing GPT-2 and GPT-3 satisfied him that LLM-driven functions have been creating a completely new assault floor. He based Immediate Safety in August 2023, raised $23 million throughout two rounds, constructed a 50-person group, and achieved a profitable exit in below two years.
The timing of our dialog couldn’t be higher. VentureBeat evaluation reveals shadow AI now prices enterprises $4.63 million per breach, 16% above common, but 97% of breached organizations lack primary AI entry controls, in response to IBM's 2025 information. VentureBeat estimates that shadow AI apps may double by mid-2026 primarily based on present 5% month-to-month progress charges. Cyberhaven information reveals 73.8% of ChatGPT office accounts are unauthorized, and enterprise AI utilization has grown 61x in simply 24 months. As Golan advised VentureBeat in earlier protection, "We see 50 new AI apps a day, and we've already cataloged over 12,000. Round 40% of those default to coaching on any information you feed them, that means your mental property can grow to be a part of their fashions."
The next has been edited for readability and size.
VentureBeat: What made you acknowledge that GenAI safety wanted a devoted firm when most enterprises have been nonetheless determining how you can deploy their first LLMs? Was there a particular second, buyer dialog, or assault sample you noticed that satisfied you this was a fundable, venture-scale alternative?
Itamar Golan: From an early age, I used to be drawn to arithmetic, information, and the rising world of synthetic intelligence. That curiosity formed my tutorial path, culminating in a examine on transformer architectures, nicely earlier than they turned foundational to at this time's massive language fashions. My ardour for AI additionally guided my early profession as an information scientist, the place my work more and more intersected with cybersecurity.
The whole lot accelerated with the discharge of the primary OpenAI API. Round that point, as a part of my earlier job, I teamed up with Lior Drihem, who would later grow to be my co-founder and Immediate Safety's CTO. Collectively, we constructed one of many earliest safety features powered by generative AI, utilizing GPT-2 and GPT-3 to generate contextual, actionable remediation steps for safety alerts. This diminished the time safety groups wanted to grasp and resolve points.
That have made it clear that functions powered by GPT-like fashions have been opening a completely new and weak assault floor. Recognizing this shift, we based Immediate Safety in August 2023 to handle these rising dangers. Our aim was to empower organizations to experience this wave of innovation and unleash the potential of AI with out it changing into a safety and governance nightmare.
Immediate Safety turned identified for immediate injection protection, however you have been fixing a broader set of GenAI safety challenges. Stroll me by means of the total scope of what the platform addressed: information leakage, mannequin governance, compliance, crimson teaming, no matter else. What capabilities ended up resonating most with prospects that will have shocked you?
From the start, we designed Immediate Safety to cowl a broad vary of use circumstances. Focusing solely on worker monitoring or prompt-injection safety for inside AI functions was by no means sufficient. To actually give safety groups the arrogance to undertake AI safely, we wanted to guard each touchpoint throughout the group, and do all of it at runtime.
For a lot of prospects, the true turning level was discovering simply what number of AI instruments their staff have been already utilizing. Early on, corporations typically discovered not simply ChatGPT however dozens of unmanaged AI providers in lively use fully outdoors IT's visibility. That made shadow AI discovery a important a part of our answer.
Equally essential was real-time sensitive-data sanitization. As an alternative of blocking AI instruments outright, we enabled staff to make use of them safely by mechanically eradicating delicate info from prompts earlier than it ever reached an exterior mannequin. It struck the stability organizations wanted: sturdy safety with out sacrificing productiveness. Workers may maintain working with AI, whereas safety groups knew that no delicate information was leaking out.
What shocked many purchasers was how enabling protected utilization — slightly than limiting it — drove quicker adoption and belief. As soon as they noticed AI as a managed, safe channel as an alternative of a forbidden one, utilization exploded responsibly.
You constructed Immediate Safety right into a market chief. What have been the 2 to 3 strategic selections that truly accelerated your progress? Was it specializing in a particular vertical?
Wanting again, the true acceleration didn't come from luck or timing: It got here from a number of deliberate decisions I made early. These decisions have been uncomfortable, costly, and slowed us down within the quick time period, however they created large leverage over time.
First, I selected to construct a class, not a function. From day one, I refused to place Immediate Safety as "simply" safety in opposition to immediate injection or information leakage, as a result of I noticed that as a lifeless finish.
As an alternative, I framed Immediate because the AI safety management layer for the enterprise, the platform that governs how people, brokers, and functions work together with LLMs. That call was elementary, permitting us to create a funds as an alternative of combating for it, sit on the CISO desk as a strategic layer slightly than a instrument, and construct platform-level pricing and long-term relevance as an alternative of a slim level answer. I wasn't making an attempt to win a function race; I used to be constructing a brand new class.
Second, I selected enterprise complexity earlier than it was snug. Whereas most startups keep away from complexity till they're compelled into it, I did the other: I constructed for enterprise deployment fashions early, together with self-hosted and hybrid; coated actual enterprise surfaces like browsers, IDEs, inside instruments, MCPs, and agentic workflows; and accepted longer cycles and extra advanced engineering in alternate for credibility. It wasn't the simplest route, but it surely gave us one thing rivals couldn't faux: enterprise readiness earlier than the market even knew it will want it.
Third, I selected depth over logos. Slightly than chasing quantity or vainness metrics, I went deep with a smaller variety of very severe prospects, embedding ourselves into how they rolled out AI internally, how they thought of danger, coverage, and governance, and the way they deliberate long-term AI adoption. These prospects didn't simply purchase the product: they formed it. That created a product that mirrored enterprise actuality, produced proof factors that moved boardrooms and never simply safety groups, and constructed a degree of defensibility that got here from entrenchment slightly than advertising and marketing.
You have been educating the market on threats most CISOs hadn't even thought-about but. How did your positioning and messaging evolve from yr one to the acquisition?
Within the early days, we have been educating a market that was nonetheless making an attempt to grasp whether or not AI adoption prolonged past a number of staff utilizing ChatGPT for productiveness. Our positioning centered closely on consciousness, exhibiting CISOs that AI utilization was already sprawling throughout their organizations and that this created actual, fast dangers they hadn't accounted for.
I wasn't making an attempt to win a function race; I used to be constructing a brand new class.
Because the market matured, our messaging shifted from "that is occurring" to "right here's the way you keep forward." CISOs now absolutely acknowledge the dimensions of AI sprawl and know that straightforward URL filtering or primary controls gained't suffice. As an alternative of debating the issue, they're on the lookout for a approach to allow protected AI use with out the operational burden of monitoring each new instrument, web site, copilot, or AI agent staff uncover.
By the point of the acquisition, our positioning centered on being the protected enabler: an answer that delivers visibility, safety, and governance on the velocity of AI innovation.
Our analysis reveals that enterprises are struggling to get approvals from senior administration to deploy GenAI safety instruments. How are safety departments persuading their C-level executives to maneuver ahead?
Probably the most profitable CISOs are framing GenAI safety as a pure extension of present information safety mandates, not an experimental funds line. They place it as defending the identical property, company information, IP, and person belief, in a brand new, quickly rising channel.
What's essentially the most severe GenAI safety incident or near-miss you encountered whereas constructing Immediate Safety that actually drove house how important these protections are? How did that incident form your product roadmap or go-to-market strategy?
The second that crystallized every thing for me occurred with a big, extremely regulated firm that launched a customer-facing GenAI assist agent. This wasn't a sloppy experiment. They’d every thing the safety textbooks suggest: WAF, CSPM, shift-left, common crimson teaming, a safe SDLC, the works. On paper, they have been doing every thing proper.
What they didn't absolutely account for was that the AI agent itself had grow to be a brand new, uncovered assault floor. Inside weeks of launch, a non-technical person found that by fastidiously crafting the precise dialog stream (not code, not exploits, simply pure language) they may prompt-inject the agent into revealing info from different prospects' assist tickets and inside case summaries. It wasn't a nation-state attacker. It wasn't somebody with superior abilities. It was primarily a curious person with time and creativity. And but, by means of that single conversational interface, they managed to entry a number of the most delicate buyer information the corporate holds.
It was each fascinating and terrifying: realizing how creativity alone may grow to be an exploit vector.
That was the second I actually understood what GenAI adjustments in regards to the menace mannequin. AI doesn't simply introduce new dangers, it democratizes them. It makes programs hackable by individuals who by no means had the ability set earlier than, compresses the time it takes to find exploits, and massively expands the injury radius as soon as one thing breaks. That incident validated our unique strategy, and it pushed us to double down on defending AI functions, not simply inside use. We accelerated work round:
• Runtime safety for customer-facing AI apps
• Immediate injection and context manipulation detection
• Cross-tenant information leakage prevention on the mannequin interplay layer
It additionally reshaped our go-to-market. As an alternative of solely speaking about inside AI governance, we started exhibiting safety leaders how GenAI turns their customer-facing surfaces into high-risk, high-exposure property in a single day.
What's your function and focus now that you just're a part of SentinelOne? How has working inside a bigger platform firm modified what you're in a position to construct in comparison with working an impartial startup? What bought simpler, and what bought more durable?
The main target now could be on extending AI safety throughout the whole platform, bringing runtime GenAI safety, visibility, and coverage enforcement into the identical ecosystem that already secures endpoints, identities, and cloud workloads. The mission hasn't modified; the attain has.
In the end, we're constructing towards a future the place AI itself turns into a part of the protection cloth: not simply one thing to safe, however one thing that secures you.
The larger image
M&A exercise continues to speed up for GenAI startups which have confirmed they will scale to enterprise-level safety with out sacrificing accuracy or velocity. Palo Alto Networks paid $700 million for Defend AI. Tenable acquired Apex for $100 million. Cisco purchased Strong Intelligence for a reported $500 million. As Golan famous, the businesses that survive the subsequent wave of AI-enabled assaults will probably be those who embedded safety into their AI adoption technique from the start.
Put up-acquisition, Immediate Safety's capabilities will prolong throughout SentinelOne's Singularity Platform, together with MCP gateway safety between AI functions and greater than 13,000 identified MCP servers. Immediate Safety can also be delivering model-agnostic protection throughout all main LLM suppliers, together with OpenAI, Anthropic, and Google, in addition to self-hosted or on-prem fashions as a part of the corporate's integration into the Singularity Platform.
