Skip to content
HiddenLayer AISec

HiddenLayer AISec

Category: AI Security
License: Commercial
Visit HiddenLayer AISec
Suphi Cankurt
Suphi Cankurt
+8 Years in AppSec
Updated April 14, 2026
6 min read
Key Takeaways
  • HiddenLayer has disclosed 48+ CVEs in ML frameworks and holds 25+ granted patents in adversarial detection and model protection.
  • ModelScanner analyzes 35+ model formats for supply chain threats including backdoors, trojans, and serialization exploits.
  • AI Runtime Security provides real-time defense against adversarial attacks, prompt injection, and model evasion in production.
  • Raised $50M in Series A funding led by M12 (Microsoft’s Venture Fund), with AIBOM (AI Bill of Materials) generation and agentic AI protection.

HiddenLayer AISec is an enterprise AI security platform built specifically for ML model security — covering supply chain scanning, runtime defense, and adversarial red teaming across the full model lifecycle, from training to production deployment.

Unlike traditional cybersecurity tools, which were designed for code and infrastructure, HiddenLayer operates on model artifacts and inference behaviors without requiring access to weights, training data, or prompts.

HiddenLayer AISec platform overview

HiddenLayer was co-founded in 2022 by Chris “Tito” Sestito, Tanner Burns, and James Ballard. Sestito spent years leading threat research at Cylance, where attackers exploited the company’s Windows executable AI model using an inference attack. That breach — which let binary files evade detection across Cylance’s entire customer base — became the founding motivation.

In September 2023, HiddenLayer raised $50M in Series A funding led by M12 (Microsoft’s Venture Fund) and Moore Strategic Ventures, with participation from Booz Allen Ventures, IBM Ventures, and Capital One Ventures.

What is HiddenLayer?

HiddenLayer AISec is an ML security platform designed for the threats that traditional cybersecurity tools cannot address — adversarial attacks on model inference, backdoors embedded in model weights, and supply chain compromise through poisoned model artifacts. The AISec Platform 2.0, unveiled in April 2025 ahead of RSAC, covers four areas: AI discovery, supply chain security, runtime defense, and attack simulation.

The platform is model-agnostic and agentless — no access to model weights, training data, or prompts required. HiddenLayer’s research team has disclosed 48+ CVEs in ML frameworks such as PyTorch and TensorFlow, and holds 25 granted patents (with 56 pending) in adversarial detection, model protection, and AI threat analysis.

AI Discovery
Identifies AI assets across environments to eliminate shadow AI. Provides visibility into how and where models are used, by whom, and with what level of access.
Supply Chain Security
ModelScanner detects malicious code injections, pickle deserialization attacks, and architectural backdoors across 35+ model formats before models enter production.
Runtime Defense
Real-time monitoring protects deployed models from adversarial attacks, prompt injection, and inference manipulation without introducing latency or requiring model modifications.

What are HiddenLayer AISec’s key features?

FeatureDetails
ModelScannerScans 35+ formats (PyTorch, TensorFlow, ONNX, Keras, GGUF, pickle, safetensors) for malware, tampering, and backdoors
AI DiscoveryShadow AI detection across cloud and on-prem environments
Runtime DefenseBlocks adversarial attacks, prompt injection, and inference manipulation in real time
Attack SimulationContinuous adversarial testing aligned with MITRE ATLAS
Model GenealogyTracks model lineage — training, fine-tuning, and modification history
AIBOMAuto-generated AI Bill of Materials for every scanned model (components, datasets, dependencies)
Threat IntelligenceAggregates data from Hugging Face and community sources to surface emerging ML security risks
ComplianceAligns with NIST AI RMF , MITRE ATLAS, ISO 42001, EU AI Act

ModelScanner

ModelScanner is HiddenLayer’s pre-production ML model scanner. It analyzes 35+ model formats — including PyTorch, TensorFlow, ONNX, Keras, GGUF, pickle, and safetensors — for malicious code injections, pickle deserialization exploits, and architectural backdoors (trojans embedded in model weights). Traditional antivirus and SCA tools do not inspect model artifacts, so ModelScanner fills a gap in the supply chain security stack that no conventional tool addresses.

The scanner integrates into CI/CD pipelines and MLOps platforms via lightweight containers, and works with registries including Hugging Face, MLflow, SageMaker, and Databricks Unity Catalog.

HiddenLayer ModelScanner detecting a backdoor trojan in a PyTorch model with AIBOM generation

Model Genealogy and AIBOM

An AIBOM (AI Bill of Materials) is the ML equivalent of a software SBOM: a machine-readable inventory of a model’s components, training datasets, fine-tuning history, and dependencies. HiddenLayer auto-generates an AIBOM for every scanned model, giving security and compliance teams a traceable record for supply chain risk assessment and licensing enforcement.

Model Genealogy, introduced in AISec Platform 2.0, extends this further by tracking how a model was trained, fine-tuned, and modified over time — providing the audit trail evidence regulators and governance frameworks such as ISO 42001 and the EU AI Act require.

Attack Simulation

The red teaming engine runs continuous adversarial testing aligned with the MITRE ATLAS framework, probing models for weaknesses in robustness, data handling, and system integration before attackers find them.

Agentic AI protection
HiddenLayer provides security for agentic and tool-using AI systems. The platform monitors autonomous agent workflows, detecting prompt injection, misuse patterns, and risky multi-step behaviors in real time.

Platform integrations

HiddenLayer integrates with major MLOps and cloud platforms:

  • AWS — SageMaker model registry integration
  • Databricks — Unity Catalog scanning
  • Hugging Face — Continuous monitoring of model repositories
  • MLflow — Automatic scanning of registered models
  • Microsoft Azure — Available on Azure Marketplace
  • CrowdStrike — Listed on CrowdStrike Marketplace

How do I get started with HiddenLayer AISec?

1
Request access — Contact HiddenLayer for a demo or sign up through the Azure Marketplace. The platform is designed for enterprise deployment.
2
Connect your AI assets — HiddenLayer discovers AI models across your environment, including shadow AI. It integrates with model registries, cloud platforms, and CI/CD pipelines.
3
Scan your models — ModelScanner checks models in 35+ formats for malware, backdoors, and deserialization attacks. AIBOM is automatically generated for each scanned model.
4
Enable runtime defense — Deploy runtime security to monitor production models for adversarial attacks, prompt injection, and inference manipulation without impacting performance.

HiddenLayer pricing

HiddenLayer does not publish a public pricing page. The AISec Platform is sold through enterprise sales with quotes scoped to model count, deployment size, and which modules (Discovery, ModelScanner, Runtime Security, Attack Simulation) the buyer needs. Listings on Azure Marketplace and CrowdStrike Marketplace route through the same enterprise procurement.

I do not publish dollar amounts for sales-gated tools. To get a quote, request a demo from hiddenlayer.com or start the procurement flow on Azure Marketplace. Be ready to share the number of models in scope, target environments (cloud, on-prem, hybrid), and which compliance frameworks (NIST AI RMF, ISO/IEC 42001, EU AI Act) drive the requirements.

When to use HiddenLayer

HiddenLayer fits enterprises that rely on ML models for business-critical applications and need security controls that traditional tools don’t provide. It’s a good match for organizations pulling models from public repositories like Hugging Face, running customer-facing AI, or operating in regulated industries where AI governance is a hard requirement.

Best for
Enterprise security teams that need model scanning, runtime defense, and compliance reporting across large AI deployments — particularly in financial services, technology, and US federal government.

HiddenLayer alternatives

HiddenLayer’s wedge is the model-artifact and runtime-inference layer — scanning ML model files, defending production inference, and red-teaming with MITRE ATLAS coverage. When the threat model points elsewhere, these are the closest alternatives:

  • Protect AI Guardian — Built on the open-source ModelScan project, now part of Palo Alto Networks (acquired 2025) and integrated into the Prisma AIRS portfolio. Better when an open-source scanner core or Palo Alto procurement is preferred.
  • Lakera Guard — A managed prompt-injection and PII protection API, now operated by Cisco (acquisition completed 2025). Pick Lakera when the wedge is runtime LLM input/output filtering rather than model-file scanning.
  • Garak — NVIDIA’s open-source LLM vulnerability scanner with 50+ probes. Use Garak for offline red teaming of LLM endpoints when you do not need ModelScanner’s binary-artifact analysis.
  • Holistic AI — Governance-and-compliance-first platform with EU AI Act, NIST AI RMF, and ISO/IEC 42001 mapping. Pick Holistic AI when audit-ready evidence and AI inventory matter more than runtime inference defense.
  • Mindgard — A continuous AI red teaming platform with strong MITRE ATLAS alignment. Better when ongoing offensive testing is the headline rather than a unified discovery-scan-runtime stack.

For a wider catalog, the AI security tools hub groups these by sub-category (model scanning, runtime defense, governance, red teaming).

Visit HiddenLayer AISec

Frequently Asked Questions

What is HiddenLayer?
HiddenLayer AISec is an enterprise AI security platform that provides ML model scanning, runtime defense, AI supply chain security, and automated red teaming. It has disclosed 48+ CVEs in ML frameworks and holds 25+ granted patents in adversarial detection and model protection.
Is HiddenLayer free or commercial?
HiddenLayer is a commercial platform designed for enterprises. Pricing is based on the scope of models and deployments being protected. The company raised $50M in Series A funding in 2023.
Does HiddenLayer protect against prompt injection?
Yes, HiddenLayer’s runtime defense layer detects and blocks prompt injection attacks along with adversarial attacks and inference manipulation in real time, without requiring access to model weights or training data.
What ML model formats does HiddenLayer scan?
HiddenLayer’s ModelScanner supports 35+ formats including PyTorch, TensorFlow, ONNX, Keras, GGUF, pickle, and safetensors. It detects malicious code injections, deserialization attacks, and architectural backdoors.
Who founded HiddenLayer?
HiddenLayer was co-founded in 2022 by Chris ‘Tito’ Sestito, Tanner Burns, and James Ballard. Sestito previously led threat research at Cylance, where his team experienced a real-world adversarial ML attack that inspired the company’s founding.
How I review tools Suggest an edit

Other AI Security Tools

7AI
7AI

AI SOC Agents with Dynamic Reasoning

Agentic Radar
Agentic Radar

Security Scanner for LLM Agentic Workflows

Alter
Alter

Zero-Trust Access Control for AI Agents (YC S25)

Arize AI
Arize AI

OpenTelemetry-based AI observability with open-source Phoenix

Augustus
Augustus

Production-grade LLM vulnerability scanner with 210+ adversarial probes

Cerbos
Cerbos

Policy-Based Authorization for AI Agents and MCP Servers

See all AI Security tools

Complement with SAST

Pair AI security with static analysis for broader coverage.

Veracode
Veracode

Binary Analysis AppSec Platform

Corgea
Corgea

AI-native SAST with automatic vulnerability detection and code fix generation

See all SAST tools

Learn More

Vibe Coding Security AI-Generated Code Security LLM Red Teaming: Tools, Attacks & Methodology (2026) Prompt Injection Attacks What is AI Security?

Explore all AI Security guides and tools