Akto is an Agentic AI Security vendor based in San Francisco, USA. Its flagship product is Akto Agentic AI Security Platform. Against the OWASP LLM Top 10 (2025) we score it Covered on 3 of 10 risks, Partial on 4, with 6 MITRE ATLAS techniques mapped as of . It's independent.
- 3/10
- Risks covered
- 4
- Partial
- 6
- ATLAS techniques
- $4.5M
- Funding
- Active
- Status
At a glance
- Category
- Agentic AI Security
- Headquarters
- San Francisco, USA
- Founded
- 2022
- Employees
- 11-50
- Flagship product
- Akto Agentic AI Security Platform
- Deployment
- SaaS and self-hosted (plug-n-play), runtime monitoring
- Best for
- Teams that already need API security and want unified discovery plus testing of AI agents, MCP servers and LLM endpoints
- Funding to date
- $4.5M
- Last round
- Seed · 2022-11
- Status
- Active
Facts as of .
What does Akto do?
Came from API security and followed the APIs into AI: discovers agents and MCP traffic, red-teams them, and adds runtime guardrails. It ships as SaaS and self-hosted (plug-n-play), runtime monitoring, and it's built for teams that already need API security and want unified discovery plus testing of AI agents, MCP servers and LLM endpoints. It's a weaker fit for buyers seeking a pure managed LLM-firewall/guardrail-only product without the API-testing surface.
Which OWASP LLM Top 10 risks does Akto cover?
Akto's strongest verdict is LLM01Prompt Injection. The two tables below come from our editorial read of Akto's public documentation as of (it's what the docs support, not a hands-on lab test), and this row also sits in the full matrix across all 21 vendors.
| OWASP LLM Risk | What it is | Akto coverage | How it's addressed | Source |
|---|---|---|---|---|
| LLM01 Prompt Injection | User or hidden input overrides the model's rules or intended behavior. | Covered | 1,000+ probes test prompt injection and jailbreak on agents/LLMs. | https://www.akto.io/agentic-security |
| LLM02 Sensitive Information Disclosure | The model leaks secrets, personal data, or proprietary content in its output. | Covered | Detects PII/sensitive-data exposure and exfiltration via agents/MCPs. | https://www.akto.io/agentic-security |
| LLM03 Supply Chain | Compromised models, datasets, plugins, or dependencies add risk before runtime. | Partial | Lists supply-chain vulnerabilities among covered attack surface. | https://www.akto.io/agentic-security |
| LLM04 Data and Model Poisoning | Tampered training or fine-tuning data corrupts how the model behaves. | Partial | References model poisoning risk in testing scope. | https://www.akto.io/agentic-security |
| LLM05 Improper Output Handling | Downstream systems trust model output without checking it, enabling injection or code execution. | Not covered | No output-handling/sanitization capability documented across agentic-security, api-security, or MCP-security pages. | https://www.akto.io/agentic-security |
| LLM06 Excessive Agency | An agent holds more permissions, tools, or autonomy than the task needs. | Covered | AI agent skill governance, MCP proxy and policy automation constrain agent actions. | https://www.akto.io/agentic-security |
| LLM07 System Prompt Leakage | The system prompt or the secrets inside it get exposed to users. | Not covered | No system-prompt-leakage-specific testing or control documented. | https://www.akto.io/agentic-security |
| LLM08 Vector and Embedding Weaknesses | Flaws in RAG stores let attackers poison, extract, or infer data. | Not covered | No vector/embedding security capability documented. | https://www.akto.io/mcp-security |
| LLM09 Misinformation | The model produces false or fabricated content that users act on. | Partial | Lists hallucination risk among covered attack surface. | https://www.akto.io/agentic-security |
| LLM10 Unbounded Consumption | Uncontrolled requests drive cost, denial of service, or model extraction. | Partial | API-security heritage includes rate-limit/DoS testing; not GenAI-specific in docs. | https://www.akto.io/api-security |
| ATLAS Technique (ID) | Tactic | Akto coverage | Notes | Source |
|---|---|---|---|---|
| LLM Prompt Injection (AML.T0051) | Initial Access / Execution | Covered | Probes for prompt injection across agents. | https://www.akto.io/agentic-security |
| LLM Jailbreak (AML.T0054) | Defense Evasion | Covered | Jailbreak attack simulation. | https://www.akto.io/agentic-security |
| LLM Data Leakage (AML.T0057) | Exfiltration | Covered | Detects data exfiltration via agents/MCPs. | https://www.akto.io/agentic-security |
| LLM Plugin Compromise (AML.T0053) | Execution | Partial | MCP proxy and tool/skill governance address tool abuse. | https://www.akto.io/agentic-security |
| ML Supply Chain Compromise (AML.T0010) | Initial Access | Partial | Supply-chain vulnerabilities in testing scope. | https://www.akto.io/agentic-security |
| Craft Adversarial Data (AML.T0043) | ML Attack Staging | Partial | Automated red-team/attack simulation. | https://www.akto.io/agentic-security |
Is Akto independent, and how is it funded?
Akto is an independent company as of . It has raised $4.5M to date, most recently a Seed dated 2022-11. Lead investors: Accel.
Akto alternatives
The closest alternatives we track in Agentic AI Security are Straiker, Vijil. On the open-source side, Agentic Security covers similar ground.
Frequently asked questions
What is Akto used for?
Akto is an Agentic AI Security vendor. Its flagship product is Akto Agentic AI Security Platform. It ships as SaaS and self-hosted (plug-n-play), runtime monitoring, and it's built for teams that already need API security and want unified discovery plus testing of AI agents, MCP servers and LLM endpoints.
Is Akto independent or acquired?
Akto is an independent company as of 2026-07-13 and has not been acquired.
How many OWASP LLM Top 10 risks does Akto cover?
We score Akto as Covered on 3 of the ten OWASP LLM Top 10 (2025) risks, with 4 more Partial, as of 2026-07-13. The table on this page breaks down every risk, including the ones marked Not covered or Unverified.
How is Akto deployed?
Akto ships as SaaS and self-hosted (plug-n-play), runtime monitoring.
What are the best alternatives to Akto?
The closest Agentic AI Security alternatives llmthreat tracks are Straiker, Vijil. On the open-source side, Agentic Security covers similar ground.