llmthreat
For vendors 21 vendors · 10 tools Matrix Vendors

Cranium is an AI-SPM / Runtime Protection vendor based in Short Hills, New Jersey, USA. Its flagship product is Cranium AI security platform (AI inventory / system-of-record, Exposure Management, Detect AI, red teaming). Against the OWASP LLM Top 10 (2025) we score it Covered on 1 of 10 risks, Partial on 4, with 6 MITRE ATLAS techniques mapped as of . It's independent.

1/10
Risks covered
4
Partial
6
ATLAS techniques
$32M
Funding
Active
Status

At a glance

Category
AI-SPM / Runtime Protection
Headquarters
Short Hills, New Jersey, USA
Founded
2023
Employees
51-100
Flagship product
Cranium AI security platform (AI inventory / system-of-record, Exposure Management, Detect AI, red teaming)
Deployment
SaaS (app.cranium.ai)
Best for
Enterprises needing to discover and inventory AI models/data/vendors (AI Bill of Materials), map exposure, and stress-test models across a large AI estate
Funding to date
$32M
Last round
Series A $25M · 2023-10
Status
Active

Facts as of .

What does Cranium do?

A KPMG Studio spinout that maps your AI estate — asset discovery, supply-chain inventory, and red-team testing for posture. It ships as SaaS (app.cranium.ai), and it's built for enterprises needing to discover and inventory AI models/data/vendors (AI Bill of Materials), map exposure, and stress-test models across a large AI estate. It's a weaker fit for teams primarily wanting inline runtime guardrails/prompt-response blocking or deep agentic runtime defense.

Which OWASP LLM Top 10 risks does Cranium cover?

Cranium's strongest verdict is LLM03Supply Chain. The two tables below come from our editorial read of Cranium's public documentation as of (it's what the docs support, not a hands-on lab test), and this row also sits in the full matrix across all 21 vendors.

OWASP LLM Top 10 (2025) coverage — as of 2026-07-13
OWASP LLM Risk What it is Cranium coverage How it's addressed Source
LLM01 Prompt Injection User or hidden input overrides the model's rules or intended behavior. Partial Red teaming/threat simulation surfaces prompt-injection vulnerabilities; not explicit on marketing pages. https://cranium.ai/
LLM02 Sensitive Information Disclosure The model leaks secrets, personal data, or proprietary content in its output. Partial Exposure management and AI visibility highlight data-exposure risk. https://cranium.ai/
LLM03 Supply Chain Compromised models, datasets, plugins, or dependencies add risk before runtime. Covered System-of-record for models, data, infra and vendors; third-party AI monitoring (AIBOM-style supply-chain inventory). https://cranium.ai/
LLM04 Data and Model Poisoning Tampered training or fine-tuning data corrupts how the model behaves. Partial Threat simulation/red teaming can surface poisoning-related weaknesses; not explicitly detailed. https://cranium.ai/
LLM05 Improper Output Handling Downstream systems trust model output without checking it, enabling injection or code execution. Not covered No output-handling/sanitization feature documented across Platform pages (Exposure Management, AI Card, Cranium Arena, Detect AI). https://cranium.ai/
LLM06 Excessive Agency An agent holds more permissions, tools, or autonomy than the task needs. Partial New AgentSensor capability (Oct 2025) gives visibility into the agentic layer: automatically detects AI agents, the tools they invoke, and other agents in their networks — a monitoring/discovery capability for agent scope, not an explicit runtime-blocking control for excessive agency. https://cranium.ai/resources/press-release/cranium-ai-launches-new-ai-security-governance-and-agentic-features-to-enhance-its-award-winning-platform/
LLM07 System Prompt Leakage The system prompt or the secrets inside it get exposed to users. Not covered No system-prompt-leakage-specific capability documented across product pages. https://cranium.ai/
LLM08 Vector and Embedding Weaknesses Flaws in RAG stores let attackers poison, extract, or infer data. Not covered No vector/embedding security capability documented. https://cranium.ai/
LLM09 Misinformation The model produces false or fabricated content that users act on. Not covered Cranium Arena stress-tests models/decision engines generally, but hallucination is not named as a tested failure mode anywhere in the documented product surface. https://cranium.ai/platform/cranium-arena/
LLM10 Unbounded Consumption Uncontrolled requests drive cost, denial of service, or model extraction. Not covered No consumption/rate-limiting/DoS control documented across product pages. https://cranium.ai/
MITRE ATLAS coverage — as of 2026-07-13
ATLAS Technique (ID) Tactic Cranium coverage Notes Source
ML Supply Chain Compromise (AML.T0010) Resource Development Covered AI inventory of models/data/infra/vendors and third-party AI monitoring. https://cranium.ai/
Discover AI Artifacts (AML.T0007) Discovery Covered Discovers and catalogs AI models across the enterprise. https://cranium.ai/
LLM Prompt Injection (AML.T0051) Initial Access Partial Red teaming stress-tests models for injection paths. https://cranium.ai/
Craft Adversarial Data (AML.T0043) ML Attack Staging Partial Simulates real-world threats to surface vulnerabilities. https://cranium.ai/
LLM Data Leakage (AML.T0057) Exfiltration Partial Exposure management surfaces data-leakage risk. https://cranium.ai/
External Harms (AML.T0048) Impact Partial Compliance/exposure posture addresses harmful-use risk. https://cranium.ai/

Is Cranium independent, and how is it funded?

Cranium is an independent company as of . It has raised $32M to date, most recently a Series A $25M dated 2023-10. Lead investors: Titanium Ventures.

Cranium alternatives

The closest alternatives we track in AI-SPM / Runtime Protection are Apiiro, HiddenLayer, Noma Security.

Frequently asked questions

What is Cranium used for?

Cranium is an AI-SPM / Runtime Protection vendor. Its flagship product is Cranium AI security platform (AI inventory / system-of-record, Exposure Management, Detect AI, red teaming). It ships as SaaS (app.cranium.ai), and it's built for enterprises needing to discover and inventory AI models/data/vendors (AI Bill of Materials), map exposure, and stress-test models across a large AI estate.

Is Cranium independent or acquired?

Cranium is an independent company as of 2026-07-13 and has not been acquired.

How many OWASP LLM Top 10 risks does Cranium cover?

We score Cranium as Covered on 1 of the ten OWASP LLM Top 10 (2025) risks, with 4 more Partial, as of 2026-07-13. The table on this page breaks down every risk, including the ones marked Not covered or Unverified.

How is Cranium deployed?

Cranium ships as SaaS (app.cranium.ai).

What are the best alternatives to Cranium?

The closest AI-SPM / Runtime Protection alternatives llmthreat tracks are Apiiro, HiddenLayer, Noma Security.

Last verified . Sources: https://cranium.ai/, https://cranium.ai/resources/press-release/kpmg-spins-out-software-business-cranium-to-tackle-ai-security/, https://cranium.ai/resources/press-release/cranium-series-a-funding-to-secure-ai/, https://techcrunch.com/2023/04/05/cranium-launches-out-of-kpmgs-venture-studio-to-tackle-ai-security/, https://www.prnewswire.com/news-releases/cranium-announces-25-million-in-series-a-funding-to-secure-ai-301968195.html. Funding and repo figures are third-party and go stale. Re-verify before you rely on them.
Informational, not professional security advice — verify Cranium's claims and threat coverage against the official OWASP and MITRE sources and the vendor directly before making a purchasing or security decision. OWASP, MITRE, and the listed vendors and maintainers do not endorse llmthreat.com.