CalypsoAI is an AI security platform that secures enterprise AI at the inference layer, providing real-time threat prevention, customizable security scanners, and policy-based access controls for organizations deploying LLMs and generative AI.
Founded in 2018 by Neil Serebryany after his work on the front lines of national security innovation at the Department of Defense, CalypsoAI was built to address the risks he saw firsthand with machine learning models in critical environments.
Serebryany was named to the Forbes 30 Under 30 list for Enterprise Technology.
The company raised over $40 million in funding and established partnerships with the U.S. Department of Defense, Department of Homeland Security, Palantir (through the FedStart program), and the National Air and Space Intelligence Center (NASIC). CalypsoAI was an RSA Conference 2025 Innovation Sandbox finalist.
In October 2025, F5 Networks acquired CalypsoAI to integrate its inference-layer AI security into F5’s broader application security portfolio.
What is CalypsoAI?
CalypsoAI operates as a trust layer between users and AI models. Every interaction passes through the platform’s scanners and policy engine before reaching the underlying LLM.
This inference-layer approach means CalypsoAI can enforce granular controls over who uses which models, what data passes through, and what content gets generated β all in real time.
The platform is model-agnostic, working with any custom or third-party LLM. Administrators configure policies at the team and individual user level, defining which models are accessible, what rate limits apply, and which security scanners to run on each interaction.
Every prompt, response, user, timestamp, and scanner result is recorded for full auditability.
Granular controls for managing who can access which AI models and how. Set team-level and user-level policies, model-specific rate limits, content restrictions, and data handling rules.
Adapts easily when internal policies or the threat environment changes.
CalypsoAI after the F5 acquisition
F5 Networks announced its acquisition of CalypsoAI in October 2025 to fold inference-layer AI security into F5’s existing application and API security portfolio. The standalone CalypsoAI brand is being absorbed into F5’s product suite rather than spun out, which is the dominant 2026 user concern when researching the name.
The calypsoai.com domain still resolves and serves the existing product information at the time of writing, but new customer engagements increasingly route through F5 sales channels and reference the combined F5 + CalypsoAI value proposition. F5 has positioned CalypsoAI’s inference scanners and policy engine alongside its BIG-IP, NGINX, and Distributed Cloud Services β the AI traffic that lands on F5-managed endpoints can now be inspected by CalypsoAI’s scanners as part of a single deployment.
Existing CalypsoAI customers should expect continuity on contracts, with renewals and feature requests handled through F5 account teams. Prospective buyers evaluating the platform in 2026 are effectively evaluating F5’s AI security stack β the discrete CalypsoAI product page remains useful as historical context, but procurement and roadmap conversations now happen at F5.
Key Features
| Feature | Details |
|---|---|
| Security Approach | Inference-layer interception and scanning |
| Default Scanners | Prompt injection, PII detection, toxic content, policy violations |
| Custom Scanners | Build organization-specific threat detection rules |
| PII Detection | NER and classification models; 90%+ accuracy |
| Access Controls | Team-level and user-level policies, model-specific rate limits |
| Model Support | Model-agnostic β custom and third-party LLMs |
| Audit Trail | Full logging of prompts, responses, users, timestamps, scanner results |
| Deployment | SaaS and on-premises |
| Compliance | Government-grade; Palantir FedStart program participant |
| Red Teaming | Autonomous agent-driven red teaming |
How the inference layer works
CalypsoAI sits between your applications and wherever your LLMs are hosted β whether public API endpoints or self-hosted models within your own infrastructure.
Every interaction flows through the platform’s scanner pipeline before reaching the model. Scanners run in sequence, each checking for specific threat categories.
If any scanner flags an issue, the platform can block the request, redact sensitive content, or alert the administrator depending on the configured policy.
The April 2025 release delivered a 5x improvement in scanner latency through re-engineered PII and prompt injection detection packages. These scanners combine Named Entity Recognition (NER) with classification models to maintain at least 90% accuracy while significantly reducing processing time.
Customizable scanners
One of CalypsoAI’s differentiating features is the ability to build custom security scanners. Organizations can define specific vulnerability categories, threat patterns, and content policies that match their regulatory requirements or internal standards.
This goes beyond configuring rules within an existing scanner β teams can build entirely new detection capabilities tailored to their AI use cases.
Observability and governance
The platform records every detail of each interaction: the prompt, the response, the user identity, the timestamp, and all scanner results. This full audit trail feeds into observability dashboards that give administrators real-time visibility into AI usage patterns, security events, and policy compliance across the organization.
Compliance and framework alignment
CalypsoAI’s scanner library aligns with OWASP Top 10 for LLM Applications categories β particularly LLM01 (Prompt Injection), LLM02 (Sensitive Information Disclosure), and LLM07 (System Prompt Leakage) β through the default prompt injection, PII, and toxic content detectors.
The audit trail and policy engine support the NIST AI RMF Govern and Manage functions, giving compliance teams structured evidence for risk reviews. Government deployments lean on the Palantir FedStart program for FedRAMP-adjacent accreditation, which is why CalypsoAI shows up in Department of Defense, DHS, and NASIC environments where commercial AI security tools rarely qualify.
Getting Started
When to use CalypsoAI
CalypsoAI is designed for enterprises and government organizations that need granular control over how AI is used across their workforce. The inference-layer approach combined with policy-based access controls makes it particularly strong for organizations managing multiple LLMs with different risk profiles, compliance requirements, or user groups.
The platform’s roots in national security give it credibility in defense and government contexts, and the Palantir FedStart participation accelerates deployment in regulated government environments. For commercial enterprises, the customizable scanner framework addresses industry-specific compliance needs that generic scanners may not cover.
For a broader overview of AI security risks, see the AI security guide . For API-focused prompt injection detection with the lowest latency, consider Lakera Guard .
For employee GenAI monitoring and shadow AI detection, see Prompt Security . For AI red teaming and penetration testing, look at Mindgard or Garak . For open-source guardrails, explore NeMo Guardrails or LLM Guard .
CalypsoAI alternatives
Buyers re-evaluating CalypsoAI after the F5 acquisition typically compare it against four overlapping options.
Lakera Guard is the API-firewall sibling and is a stronger fit when sub-50ms latency on a single inference path matters more than enterprise-wide policy controls. Cisco acquired Lakera in May 2025, so it is now the inference firewall layer inside Cisco’s AI Defense portfolio.
Prompt Security is the closest counterpart for employee GenAI monitoring and shadow AI discovery. SentinelOne acquired Prompt Security in May 2025 and folded it into the Singularity Platform, which is the better choice when SOC and EDR integration is on the requirements list.
WitnessAI and Lasso Security are the closest peers on intent-based detection β they classify prompts by user intent rather than surface patterns, which suits enterprises where the threat model is data exfiltration via legitimate-looking queries rather than overt jailbreaks.
Cisco AI Defense (the Cisco DefenseClaw lineage) is the governance superset for organizations already running Cisco network security. It bundles model validation, runtime guardrails, and access controls into a single fabric, overlapping with what F5 + CalypsoAI now offer on the F5 side.
For a broader landscape view, see the AI security tools category.
