Operant AI is known as the world’s only Runtime AI Defense Platform. The company’s 3D Runtime Defense Suite discovers, detects, and defends over 80% of the OWASP Top 10 most critical attacks across APIs, K8s, and LLMs. Pulse 2.0 interviewed Operant AI CEO Vrajesh Bhavsar to learn more about the company.
Vrajesh Bhavsar’s Background
What is Vrajesh Bhavsar’s background? Bhavsar said:
“I have over 20 years of experience as an engineer building hardware and software products. Before founding Operant AI, I built a lot of the core tech that secures the iPhone at Apple, then used AI to secure Android operating systems at Qualcomm, and later founded the Machine Learning business unit at Arm, bringing ML to billions of devices and solving the problem of security at the edge at a scale that had never been done before.”
“Today we are in another paradigm shift as the Age of AI accelerates cloud transformation at a rate and complexity never seen before, but for me, this is in some ways familiar territory because securing the systems the world depends on at scale has been my M/O since the beginning of my career.”
Formation Of The Company
How did the idea for the company come together? Bhavsar shared:
“We founded Operant AI because the way that modern tech needs to be secured is fundamentally different than it was even five years ago, and securing the technology that the world depends on is more critical today than it’s ever been. Dr. Priyanka Tembey, our CTO at Operant AI and one of my co-founders, and I worked together 10 years ago using AI and ML to secure Android operating systems back when Android was a ‘wild west’ of sorts with millions of apps (including malicious ones) being launched in a very short period of time.”
“End users and enterprises were both urgently struggling with how to keep themselves safe while using a new and constantly-changing system, and as you can imagine, there are a number of parallels to the AI-driven world we’re operating in today. Today, the rapid evolution and complexity of cloud and AI systems create a huge opportunity for innovation but also open up critical new security risks. Our other co-founder and CMO, Ashley Roof, brings a GTM focus that allows us to build awareness amongst customers and enterprises about the incredible level of security that is possible and scalable for their own product and orgs, enabling us to democratize access to the best modern security technology in the world so that we can fully secure enterprises and their end-users from the many risks inherent in today’s AI and cloud application development.”
Core Products
What are the company’s core products and features? Bhavsar explained:
“Operant AI’s Runtime AI Protection Platform actively protects cloud and AI workloads across every layer of the modern application stack. This includes:
1.) 3D Runtime Defense for Cloud and AI Workloads
a.) Discovery of the entire live application footprint, including all APIs, Services, Data stores, Identities (human and non-human), and data-in-use as it flows through the live environment.
b.) Detection and prioritization of >80% of the OWASP top 10 threats for LLMs, APIs, and Kubernetes
c.) Defense at runtime via Adaptive Internal Firewalls that block attacks at both ingress and egress, preventing lateral movement, data exfiltration, data poisoning, unauthorized access, prompt injectio,n and more.
d.) Active API Threat Protection that instantly discovers the entire API ecosystem including all 3rd parties, internal APIs, and ghost and zombie APIs, detects critical open API attack vectors, and actively defends APIs with guardrails, security policies, and remediations that instantly resolve API threats and attacks at runtime, all without the costs or overhead of VPC mirroring.
e.) In-line Auto-Redaction of Sensitive Data before it leaves the application environment, detecting, flagging, blocking, and redacting SSNs, phone numbers, API keys, tokens, and many other common forms of sensitive data. Customers can choose whether they want to operate in an alerting or blocking mode, and have full human-in-the-loop control of which types of sensitive data is redacted or blocked.
2.) AI Gatekeeper
a.)Runtime Defense for AI across Public, Private, and Hybrid Clouds.
b.) Out of the box mappings to OWASP Top 10 threat vectors for AI/LLMs and AI Agents, including sensitive data leakage, API key and secrets leakage, prompt injection, and data poisoning risks, with deep insights into actual threats and the workloads/APIs that are affected.
c.) Unauthenticated and unauthorized AI agent detection and defense with blocking capabilities and least privilege runtime execution and least permissioned trust boundaries for AI agents.
d.) Detection and defense for both runtime and API access layers of agent tools built with model context protocol (MCP) and expanded coverage for identity and access controls with support for AI NHIs.
3.) Woodpecker – Open-Source Automated Red Teaming Engine
a.) Provides flexible and extensible red teaming frameworks for K8s, APIs, and AI models/agents.
b.) Automated LLM red teaming covers prompt injection, jailbreaks, model theft, sensitive data leakage, and more.
b.) Covers across threat vectors for OWASP top 10 for K8s, API, and AI, MITRE ATLAS, and NIST.
c.) Integrates seamlessly into existing security workflows and CI/CD pipelines, allowing continuous testing at the pace of AI development.
Significant Milestones
What have been some of the company’s most significant milestones? Bhavsar cited:
— Operant AI’s founding team came together in 2021.
— We emerged from stealth and announced a $3M seed funding round in April 2023 at RSA led by Felicis. We previously raised a $500,000 pre-seed round, bringing the total raised to $3.5 million.
— In September 2024, we announced our $10 million Series A funding, led by SineWave Ventures and Felicis, with participation from Alumni Ventures, Massive, Calm Ventures, and Gaingels, alongside industry-expert angels.
— In September 2024, Patricia Muoio, partner at SineWave Ventures and former NSA/DoD leader, and Nancy Wang, Venture Partner at Felicis and former General Manager / Director of Data Protection at AWS, joined our Board of Directors.
Differentiation From The Competition
What differentiates the company from its competition? Bhavsar affirmed:
“The vast majority of security vendors only do visibility/observability rather than actively blocking attacks, and most require significant implementation overhead and maintenance/resource costs in order to achieve basic functionality. By contrast, Operant AI is the only Runtime AI Protection Platform that brings live defensive capabilities into the full application environment, actively shielding every layer of live applications from infra to APIs, all without any application code changes.”
“Operant’s unique multidimensional approach protects where other Cloud, API, and AI security vendors drop off – actively securing cloud and AI workloads in their native environments beyond the firewalls, where most data breaches actually occur. Operant’s Adaptive Internal Firewalls block >80% of the most critical and common runtime attacks ranging from data exfiltration to unauthorized access to AI supply chain attacks. Within minutes of Operant’s single-step deployment, security and AI engineering teams gain an entirely new level of real-time visibility and active cloud-native protection for their entire cloud application stacks, bringing frictionless security to dev, sec, and ops so that teams can deploy products and AI faster without security holding them back.”
Future Company Goals
What are some of the company’s future goals? Bhavsar emphasized:
“Operant AI is the most comprehensive technology on the market for fully securing AI Applications in their native environments, from APIs to data-stores. Operant is enabling security and AI development teams everywhere to develop secure, safe and innovative AI faster, with secure-by-default protections and guardrails that make security a business driver rather than a roadblock. As members of CosAI, OWASP, and CNCF, we actively participate in the most active communities who are working together to secure the modern world, and we aim to be the go-to solution for securing any AI application stack.”
Total Addressable Market
What total addressable market (TAM) size is the company pursuing? Bhavsar assessed that it is $1 trillion.
Favorite Memory
What has been your favorite memory working for the company so far? Bhavsar reflected:
“Announcing our In-Line Auto-Redaction capability the week before KubeCon this last November allowed us to have some really amazing conversations as we were showing off the simple power of the product. Seeing the relief and delight of customers telling you that you are directly solving a problem that matters deeply to them and their success reiterates the value that we’re creating and motivates us to run even faster to make sure as many teams as possible have access to our tech.”
Challenges Faced
What challenges have Bhavsar and the team faced in building the company? Bhavsar concluded:
“Marketing noise is always a challenge in cybersecurity, as new or large vendors ‘borrow’ one’s messaging to claim parity on a product or feature that isn’t there. We work hard to prove value in customer conversations as quickly as possible so that they can directly compare the reality of how well our tech works to solve their problems versus competitors who make a lot of claims without the actual product or capabilities to back them up. With security leaders being increasingly technical, they can see the strengths and merit we bring to the table, and how we can help uplift their security programs.”
