Prompt‑Injection Scanner Surge

Prompt injection scanners are becoming a distinct security market as companies add filters that inspect text, files and web content before large language models read them. (owasp.org) Prompt injection is the trick behind the market: attackers hide instructions in plain text, documents or webpages so a model treats hostile content like a trusted command. The Open Worldwide Application Security Project lists prompt injection as LLM01 in its 2025 Top 10 for large language model applications. (owasp.org) The scanners aim to catch those hidden instructions before a chatbot, coding assistant or AI agent acts on them. Open Worldwide Application Security Project guidance says the problem exists because models process instructions and data together, without a hard boundary between the two. (owasp.org) Venture money has followed. Protect AI said in August 2024 that its Series B raised $60 million and brought total funding to $108.5 million, while Lakera said in July 2024 that it raised $20 million after launching in October 2023 with an earlier $10 million round. (securityweek.com, techcrunch.com, techcrunch.com) Promptfoo joined that list in July 2025 with an $18.4 million Series A that brought its total to $23.4 million, and OpenAI said on March 9, 2026 that it would acquire the company for its Frontier enterprise agent platform. (securityweek.com, techcrunch.com) The buying pressure comes from a change in how companies use AI. When models only answered questions, a bad reply was the main risk; when agents can browse, click, retrieve data and trigger tools, a poisoned prompt can turn into an action. (techcrunch.com, techcrunch.com) Security vendors are also warning that the scanners themselves are not a complete fix. OpenAI said in December 2025 that prompt injection in AI browsers is unlikely to be fully solved, and Open Worldwide Application Security Project guidance recommends layered controls such as input filtering, output monitoring, least-privilege tool access and human approval for sensitive actions. (techcrunch.com, owasp.org) That leaves security teams with a new procurement question: whether to buy a standalone scanner, use controls built into a model platform, or combine both. Palo Alto Networks’ move to buy Protect AI and OpenAI’s move to buy Promptfoo show larger platforms are already pulling these tools into broader security stacks. (securityweek.com, techcrunch.com) The surge says less about a solved problem than about a widening one. As more companies hand models real permissions, the market for software that reads inputs like a suspicious email filter is growing alongside them. (owasp.org, techcrunch.com)