Itdaily - Ghent-based startup Enoki secures AI agents with hacker agent

Ghent-based startup Enoki secures AI agents with hacker agent

Ghent-based startup Enoki secures AI agents with hacker agent

Enoki launches a platform designed to secure AI applications and AI agents and prevent unwanted behavior. To achieve this, the Ghent-based startup doesn’t just look at the code, but also subjects the behavior of LLMs to targeted attacks.

Ghent-based startup Enoki is launching a security platform aimed at securing AI agents within enterprises. The focus is not on the implementation of AI via code, but on the risks associated with these non-deterministic systems—an issue also addressed by other companies like Veeam with their solutions for detecting and recovering from AI risks. After all, an AI agent based on an LLM can exhibit unexpected behavior, and Enoki aims to prevent that.

“With a single cleverly phrased instruction, an AI agent can leak data, misuse tools, or perform actions that were never programmed,” explains Sander Noels, postdoctoral researcher in AI and data analysis at UGent and co-founder of Enoki. Enoki is led by Audrey Stampaert, former co-founder of HR scale-up Mbrella, and Joachim Roelants, previously active at Fortino Capital, is also a co-founder.

Testing via prompts

Enoki’s platform focuses on the behavior of a language model within an AI application. The core of the platform is an autonomous AI hacker agent that tests every AI application. Enoki subjects applications to hundreds of automatically generated attacks, featuring scenarios such as prompt injection and attempted data theft. In doing so, the company aims to uncover vulnerabilities that are not necessarily in the source code, but in the way a model responds to instructions.

According to Enoki, this is particularly relevant for AI agents linked to databases, code, or external services. Such systems can do more than just generate answers. When an agent performs actions on behalf of a user, an error or attack can cause direct damage.

Three modules

The platform consists of three modules. Pre-deployment testing is designed to test AI apps before they go live. Runtime protection monitors applications in production and scans input and output for vulnerabilities. Additionally, Compliance & inventory maps out all AI solutions within an organization and links risks to regulations such as the EU AI Act, NIST AI RMF, and ISO 42001.

Enoki targets European B2B SaaS companies and large enterprises that build their own LLM-based AI agents. These include customer service bots, financial assistants, HR tools, and code assistants. The startup is currently bringing its first design partners on board and preparing for a funding round.

The company is responding to a current need: AI is being launched and implemented faster than the security (and awareness) surrounding it is growing. This doesn’t mean the startup is the only one to have identified the problem of securing AI agents. Established security specialists are also trying to play a role. For instance, Palo Alto Networks acquired Portkey yesterday to expand its AI security portfolio.