Cybersecurity · sub-niche
LLM firewall tooling.
WAF for AI agents — prompt injection blocking, output sanitization, policy enforcement at the API boundary.
One-quarter buildHot — multiple deals per month
Why now
Every shipped AI agent is a new attack surface. Compliance is just starting to require coverage.
What the signal looks like
Repos with attack-pattern libraries, multi-model adapters, and policy DSLs.
Public examples
We name publicprojects + categories only — never founders we track inside the paid product. The buyer’s edge stays inside the product.
- Lakera Guard shape
- Prompt Security-style platforms
- Open-source LLM guard libraries
What this displaces
Hand-rolled regex filters + 'we'll get to it.'
Our build-vs-invest call
Wedge product. The moat is the attack-corpus + the policy enforcement engine. Watch repos that grow integrations across the top observability platforms.
Common questions about this niche
- Is this a feature of observability?
- Adjacent. Some observability tools will absorb it. The standalone wedge is still real for 18 months.
- Buyer?
- CISOs at AI-deploying enterprises.
- Pricing?
- Per-call or per-deployment SaaS.
More inside Cybersecurity
- Supply chain attack detectors — Catch malicious npm / PyPI packages before they land in production.
- Secret rotation automation — Secrets that rotate themselves — across HashiCorp Vault, AWS Secrets Manager, GitHub, and your CI.
- OSS vulnerability graphs — The dependency graph for open source vulnerabilities, indexed for AI agents and humans.
- Cloud config drift detection — Continuous detection of AWS / GCP / Azure config drift, plus AI-suggested remediation.