SandboxAQ has announced an AI-SPM offering that offers full visibility into where AI is being used in organisations’ tech stacks and evaluates AI assets for exploitable weaknesses, insecure dependencies, and exposure risks such as prompt injection, data leakage and unauthorised access. The offering is purpose-built to help organisations address the rapidly growing threat of “shadow AI” before it leads to material breaches.
Recent SandboxAQ research reveals a widening blind spot in enterprise security: while 79% of organisations are running AI in production, 72% have never completed a full AI security assessment and only 6% have implemented a comprehensive AI-native security strategy. More than half of those surveyed said they are highly concerned about exposed credentials and secrets in AI systems, but only 39% have dedicated tools to manage them. These gaps are especially troubling as recent reports show state-sponsored hackers hijacking commercial AI models to largely automate large-scale cyber-espionage campaigns against major corporations and governments. This research highlights an industry need for in-depth visibility into AI usage and purpose-built AI security controls.
“AI is transforming a lot of industries and simultaneously expanding the attack surface faster than traditional security tools can keep up,” said Jack Hidary, CEO at SandboxAQ. “We’re seeing attackers weaponise AI tools to exfiltrate sensitive data, manipulate internal systems, and automate large-scale intrusions. If organisations don’t have clear visibility into how AI and agents are being used across their environment, they’re operating blindly. Security teams need to act now before an unmanaged AI system becomes the source of their next breach.”
AQtive Guard’s AI-SPM offering enables organisations to discover, analyse and secure their entire AI ecosystem – from the models themselves to the applications and data with which they interact. Unlike traditional security posture management tools, which aren’t built for AI systems or AI-enabled security threats, SandboxAQ extends its cryptographic scanning technology to AI systems, using the same deep-inspection approach to discover and analyse hidden AI assets. This provides security teams with a comprehensive, code-to-cloud view of AI risks.
Key features of AQtive Guard’s AI-SPM offering include:
- Discover AI assets (cloud → code): Automatically identify all AI assets across the organisation, including models, agents and MCP servers.
- Assess AI asset risks: Evaluate AI assets for exploitable weaknesses, insecure dependencies, and exposure risks such as prompt injections and data leakage.
- Enforce AI policies and compliance: Apply governance frameworks and access custom controls to ensure AI systems align with internal standards and regulatory requirements.
- Monitor, detect and respond to threats: Continuously observe AI pipelines to detect anomalies or attacks and manage incidents.
AQtive Guard’s AI-SPM offering is now available to a limited set of customers ahead of broad availability in 2026. Contact us to request early access.
Discussion about this post