The company whose job is to break the world's AI models - politely, on purpose, and before anyone with worse intentions gets there first.
The pitch fits on a whiteboard: put a locked door between your company and its language models. Enkrypt AI makes the door - and then spends its days trying to kick it in.
There is a strange fact about the artificial-intelligence boom, which is that almost everyone building on top of large language models is, in a technical sense, deploying software they do not fully understand and cannot fully predict.
A bank wires up a chatbot. A hospital pilots a clinical assistant. An insurer automates a claims workflow. In each case the model works beautifully in the demo and then, at some unknowable future moment, a user types something clever and the model cheerfully explains how to do something it absolutely should not. This is not a bug you can grep for. It is a property of the thing.
Enkrypt AI's entire business is the observation that this gap - between "the model works" and "the model is safe" - is not a footnote. It is a category. Founded in 2022 by two Yale PhDs, Sahil Agarwal and Prashanth Harshangi, the Boston company sells enterprises a control layer that sits between their users and their models, watches what goes in and comes out, and enforces rules that the model itself will not enforce on its own.
The framing the founders like is a "control layer" for generative AI. The way to think about it, roughly, is that an LLM is an extremely capable employee with no security clearance, no compliance training, and a documented willingness to be talked into things. You would not let that employee answer customer emails unsupervised. Enkrypt AI is the supervision.
What makes the company genuinely interesting - as opposed to merely useful - is that it does not wait for attackers to show up. It plays the attacker itself. Its automated red-teaming engine runs thousands of adversarial prompts against a model, cataloguing every jailbreak, every prompt injection, every quiet slide into bias or toxicity or, in the more colorful test cases, instructions for things that ought to require a background check. Then it hands the enterprise a report and, crucially, a set of guardrails to close the holes.
The uncomfortable premise of AI security is that your model will do the wrong thing eventually. Enkrypt AI's premise is that you should find out on your own schedule, not an attacker's.
This is a somewhat unusual thing to sell, because you are selling the absence of a disaster that has not happened yet, which is the hardest product in the world to price. The AI-security pitch has always had this problem. It got a lot easier to make in January 2025.
That month, Enkrypt AI published a red-team analysis of DeepSeek-R1, the buzzy Chinese reasoning model, and the results were the kind of thing that makes a chief information security officer put down their coffee. The report found R1 roughly 11 times more likely than comparable models to generate harmful content, with 78% of cybersecurity tests successfully coaxing it into producing insecure or outright malicious code, and 83% of bias tests producing discriminatory output. The story was picked up by Axios, Infosecurity Magazine, TechRadar, and the Cloud Security Alliance, among others.
It was, in marketing terms, an extraordinarily effective way to explain what the company does. In research terms, it was also just the product running in public. The leaderboard, the reports, the free benchmarks - these are the same red-teaming machine the enterprise pays for, pointed at the whole industry and left switched on.
Benchmarked against OWASP Top 10 for LLMs, MITRE ATLAS, and the NIST AI Risk Management Framework. The model ranked in the bottom 20th percentile for safety. Figures as reported by Enkrypt AI.
The core team is heavy on mathematicians and physicists, which turns out to be a reasonable background for a job that is mostly about finding the one input in a billion that makes a system misbehave.
A Yale PhD who leads the company and has become one of the more quoted voices on why enterprises keep hesitating to deploy AI - and why the hesitation is, mostly, rational. His answer is to make the risk measurable rather than mysterious.
The other half of the founding pair, also a Yale PhD, steering the technical work behind Sentry - the red-teaming engine, the guardrails, and the research that keeps landing in the security press.
Both founders hold PhDs from Yale. Their company treats every model as a puzzle waiting to be solved - by them, before someone worse does.
Everything lives under one platform called Sentry. The unifying idea is simple: test the model, wrap the model, and prove to the auditors that you did both.
Automated, continuous adversarial testing that probes models and agents for prompt injection, jailbreaks, bias, and CBRN misuse - before and after deployment.
Runtime protection at scale that redacts sensitive data, blocks harmful prompts, and enforces policy on live AI systems.
Define and enforce use-case-specific policy across an organization's fleet of AI agents.
Inspects training data, fine-tunes, and embeddings for privacy and security exposure.
A single secured endpoint for connecting to Model Context Protocol servers - one door, every MCP.
Scans MCP servers for security risks and misconfigurations as the agentic ecosystem expands.
"Making the world safer by ensuring the responsible and secure use of AI technology."
Strip away the frameworks and the platform does a handful of concrete things. If you are a team about to ship an LLM feature, you can run it through automated red teaming and get back a ranked list of the ways it fails - which is a far more useful artifact than a vague sense of unease.
If your model is already live, you can put guardrails in front of it that redact personal data, catch prompt-injection attempts, and refuse to pass along the outputs you have decided are off-limits, all in real time. If you operate in finance, healthcare, insurance, or life sciences, you can map that testing to frameworks like the EU AI Act and NIST AI RMF so that "we secured it" becomes an auditable claim rather than a hope.
And if you have not chosen a model yet, you can consult the free LLM Safety Leaderboard, which ranks more than 200 models on safety and hallucination risk - the rare piece of vendor marketing that is genuinely useful to people who never become customers.
The company's tagline compresses all of this into three verbs: Ship Fast, Ship Safe, Stay Ahead. Most AI companies treat those as a tradeoff. Enkrypt AI's whole argument is that they do not have to be.
Ecosystem backing also referenced from Microsoft for Startups and NVIDIA startup programs.
Raises $2.35M led by Boldcap to build a visibility and security layer for generative AI.
Publishes red-team findings that R1 is 11x more likely than rivals to generate harmful content. The story travels widely across the security press.
Launches a purpose-built security solution for autonomous AI agents - inputs, reasoning, tool calls, and real-world actions.
Extends Sentry to secure AI coding assistants as the agentic ecosystem keeps expanding.