llmthreat
For vendors 21 vendors · 10 tools Matrix Vendors

CalypsoAI is an AI Red Teaming vendor based in Dublin, Ireland + New York, USA. Its flagship product is CalypsoAI Inference Platform (Inference Defend, Inference Red-Team, Security Leaderboard). Against the OWASP LLM Top 10 (2025) we score it Covered on 2 of 10 risks, Partial on 7, with 6 MITRE ATLAS techniques mapped as of . It now operates under F5.

2/10
Risks covered
7
Partial
6
ATLAS techniques
~$40M+ venture funding
Funding
Acquired
Status

At a glance

Category
AI Red Teaming
Headquarters
Dublin, Ireland + New York, USA
Founded
2018
Employees
51-100 (approx)
Flagship product
CalypsoAI Inference Platform (Inference Defend, Inference Red-Team, Security Leaderboard)
Deployment
SaaS + self-hosted; inference proxy/API
Best for
Continuous agentic red-teaming plus real-time inference guardrails for large enterprise and national-security use cases
Funding to date
~$40M+ venture funding
Last round
~$23M growth round (2023) · 2023
Status
Acquired by F5

Facts as of .

What does CalypsoAI do?

Defends at the inference layer, red-teams with agentic attackers, and publishes a model security leaderboard; now part of F5. It ships as SaaS + self-hosted; inference proxy/API, and it's built for continuous agentic red-teaming plus real-time inference guardrails for large enterprise and national-security use cases. It's a weaker fit for buyers needing ML model-file supply-chain scanning or artifact integrity checks.

Which OWASP LLM Top 10 risks does CalypsoAI cover?

CalypsoAI's strongest verdict is LLM01Prompt Injection. The two tables below come from our editorial read of CalypsoAI's public documentation as of (it's what the docs support, not a hands-on lab test), and this row also sits in the full matrix across all 21 vendors.

OWASP LLM Top 10 (2025) coverage — as of 2026-07-13
OWASP LLM Risk What it is CalypsoAI coverage How it's addressed Source
LLM01 Prompt Injection User or hidden input overrides the model's rules or intended behavior. Covered Real-time threat prevention against prompt injection; Inference Red-Team simulates attacks. https://www.f5.com/company/news/press-releases/f5-to-acquire-calypsoai-to-bring-advanced-ai-guardrails-to-large-enterprises
LLM02 Sensitive Information Disclosure The model leaks secrets, personal data, or proprietary content in its output. Covered Protects against data leakage at the inference layer. https://www.f5.com/company/news/press-releases/f5-to-acquire-calypsoai-to-bring-advanced-ai-guardrails-to-large-enterprises
LLM03 Supply Chain Compromised models, datasets, plugins, or dependencies add risk before runtime. Partial F5/CalypsoAI blog: mitigates risks from outdated models, vulnerable pre-trained models, and weak model provenance via red-teaming and continuous monitoring — not full supply-chain artifact scanning. https://www.f5.com/company/blog/protecting-the-future-how-calypsoai-aligns-with-the-owasp-top-10-for-llms
LLM04 Data and Model Poisoning Tampered training or fine-tuning data corrupts how the model behaves. Partial Same blog: helps identify poorly trained/poisoned models and provides protection for RAG systems during inference (training-phase poisoning explicitly out of scope). https://www.f5.com/company/blog/protecting-the-future-how-calypsoai-aligns-with-the-owasp-top-10-for-llms
LLM05 Improper Output Handling Downstream systems trust model output without checking it, enabling injection or code execution. Partial Red-teaming surfaces unsafe output handling; runtime guardrails filter responses. https://calypsoai.com/news/ai-security-risks-why-inference-red-team-is-essential/
LLM06 Excessive Agency An agent holds more permissions, tools, or autonomy than the task needs. Partial Agentic red-teaming targets agent/tool misuse and excessive agency. https://calypsoai.com/news/redefining-ai-security-calypsoai-security-leaderboard-inference-red-team/
LLM07 System Prompt Leakage The system prompt or the secrets inside it get exposed to users. Partial Red-team probes for system-prompt leakage. https://calypsoai.com/news/ai-security-risks-why-inference-red-team-is-essential/
LLM08 Vector and Embedding Weaknesses Flaws in RAG stores let attackers poison, extract, or infer data. Not covered F5/CalypsoAI blog explicitly states this is not addressed: "CalypsoAI operates at inference layer and does not directly handle vector storage vulnerabilities." https://www.f5.com/company/blog/protecting-the-future-how-calypsoai-aligns-with-the-owasp-top-10-for-llms
LLM09 Misinformation The model produces false or fabricated content that users act on. Partial Guardrails and leaderboard assess harmful/unsafe model outputs. https://calypsoai.com/news/redefining-ai-security-calypsoai-security-leaderboard-inference-red-team/
LLM10 Unbounded Consumption Uncontrolled requests drive cost, denial of service, or model extraction. Partial Blog states platform "prevents excessive API usage and abuse, ensuring efficient and secure resource utilization" — general claim, no rate-limiting/cost-control detail. https://www.f5.com/company/blog/protecting-the-future-how-calypsoai-aligns-with-the-owasp-top-10-for-llms
MITRE ATLAS coverage — as of 2026-07-13
ATLAS Technique (ID) Tactic CalypsoAI coverage Notes Source
LLM Prompt Injection (AML.T0051) Initial Access / Execution Covered Real-time defense and red-team both target injection. https://www.f5.com/company/news/press-releases/f5-to-acquire-calypsoai-to-bring-advanced-ai-guardrails-to-large-enterprises
LLM Jailbreak (AML.T0054) Defense Evasion Covered Inference Red-Team automates jailbreak discovery; leaderboard scores model resistance. https://calypsoai.com/news/redefining-ai-security-calypsoai-security-leaderboard-inference-red-team/
Craft Adversarial Data (AML.T0043) ML Attack Staging Covered Agent-driven red-teaming crafts adversarial prompts. https://calypsoai.com/news/ai-security-risks-why-inference-red-team-is-essential/
LLM Data Leakage (AML.T0057) Exfiltration Partial Runtime guardrails aim to prevent inference-time data leakage. https://www.f5.com/company/news/press-releases/f5-to-acquire-calypsoai-to-bring-advanced-ai-guardrails-to-large-enterprises
LLM Plugin Compromise (AML.T0053) Execution Partial Agentic red-teaming targets agent/tool abuse paths. https://calypsoai.com/news/redefining-ai-security-calypsoai-security-leaderboard-inference-red-team/
Extract LLM System Prompt (AML.T0056) Discovery Partial Red-team probes for system-prompt extraction. https://calypsoai.com/news/ai-security-risks-why-inference-red-team-is-essential/

Is CalypsoAI independent, and how is it funded?

CalypsoAI was acquired by F5 for $145.2M (2025-09-11; closed 2025-09-26) and now operates as a brand of F5. Packaging, pricing, and support can shift under new ownership, so confirm current terms with F5 before you buy.

CalypsoAI alternatives

The closest alternatives we track in AI Red Teaming are Giskard, Mindgard, Robust Intelligence. On the open-source side, garak covers similar ground.

Frequently asked questions

What is CalypsoAI used for?

CalypsoAI is an AI Red Teaming vendor. Its flagship product is CalypsoAI Inference Platform (Inference Defend, Inference Red-Team, Security Leaderboard). It ships as SaaS + self-hosted; inference proxy/API, and it's built for continuous agentic red-teaming plus real-time inference guardrails for large enterprise and national-security use cases.

Is CalypsoAI independent or acquired?

CalypsoAI was acquired by F5 and now operates as a subsidiary, as of 2026-07-13.

How many OWASP LLM Top 10 risks does CalypsoAI cover?

We score CalypsoAI as Covered on 2 of the ten OWASP LLM Top 10 (2025) risks, with 7 more Partial, as of 2026-07-13. The table on this page breaks down every risk, including the ones marked Not covered or Unverified.

How is CalypsoAI deployed?

CalypsoAI ships as SaaS + self-hosted; inference proxy/API.

What are the best alternatives to CalypsoAI?

The closest AI Red Teaming alternatives llmthreat tracks are Giskard, Mindgard, Robust Intelligence. On the open-source side, garak covers similar ground.

Last verified . Sources: https://www.f5.com/company/news/press-releases/f5-to-acquire-calypsoai-to-bring-advanced-ai-guardrails-to-large-enterprises, https://www.geekwire.com/2025/f5-paying-180m-to-acquire-calypsoai-to-boost-ai-enterprise-security-offerings/, https://www.cooley.com/news/coverage/2025/2025-09-17-calypsoai-to-be-acquired-by-f5, https://calypsoai.com/news/redefining-ai-security-calypsoai-security-leaderboard-inference-red-team/, https://www.paladincapgroup.com/paladin-capital-group-portfolio-company-calypsoai-enters-into-agreement-to-be-acquired-by-f5/. Funding and repo figures are third-party and go stale. Re-verify before you rely on them.
Informational, not professional security advice — verify CalypsoAI's claims and threat coverage against the official OWASP and MITRE sources and the vendor directly before making a purchasing or security decision. OWASP, MITRE, and the listed vendors and maintainers do not endorse llmthreat.com.