SandboxAQ announced an AI-SPM offering that provides visibility into where AI is being used in organizations’ tech stacks and evaluates AI assets for exploitable weaknesses, insecure dependencies, and exposure risks such as prompt injection, data leakage, and unauthorized access. The offering is purpose-built to help organizations address the growing threat of “shadow AI” before it leads to material breaches.
Recent SandboxAQ research reveals a widening blind spot in enterprise security: while 79% of organizations are running AI in production, 72% have never completed a full AI security assessment and only 6% have implemented a comprehensive AI-native security strategy.
More than half of those surveyed said they are highly concerned about exposed credentials and secrets in AI systems, but only 39% have dedicated tools to manage them. These gaps are especially troubling as recent reports show state-sponsored hackers hijacking commercial AI models to largely automate large-scale cyber-espionage campaigns against major corporations and governments. This research highlights an industry need for in-depth visibility into AI usage and purpose-built AI security controls.
“AI is transforming a lot of industries and simultaneously expanding the attack surface faster than traditional security tools can keep up,” said Jack Hidary, CEO at SandboxAQ. “We’re seeing attackers weaponize AI tools to exfiltrate sensitive data, manipulate internal systems, and automate large-scale intrusions. If organizations don’t have clear visibility into how AI and agents are being used across their environment, they’re operating blindly. Security teams need to act now before an unmanaged AI system becomes the source of their next breach.”
AQtive Guard’s AI-SPM offering enables organizations to discover, analyze and secure their entire AI ecosystem – from the models themselves to the applications and data with which they interact. SandboxAQ extends its cryptographic scanning technology to AI systems, using the same deep-inspection approach to discover and analyze hidden AI assets. This provides security teams with a comprehensive, code-to-cloud view of AI risks.
Key features of AQtive Guard’s AI-SPM offering include:
- Discover AI assets (cloud → code): Automatically identify all AI assets across the organization, including models, agents and MCP servers.
- Assess AI asset risks: Evaluate AI assets for exploitable weaknesses, insecure dependencies, and exposure risks such as prompt injections and data leakage.
- Enforce AI policies and compliance: Apply governance frameworks and access custom controls to ensure AI systems align with internal standards and regulatory requirements.
- Monitor, detect and respond to threats: Continuously observe AI pipelines to detect anomalies or attacks and manage incidents.