NeuralTrust is a Guardrails / LLM Firewall vendor based in Barcelona, Spain. Its flagship product is NeuralTrust AI Gateway + TrustGuard/TrustLens/TrustTest. Against the OWASP LLM Top 10 (2025) we score it Covered on 4 of 10 risks, Partial on 5, with 6 MITRE ATLAS techniques mapped as of . It's independent.
- 4/10
- Risks covered
- 5
- Partial
- 6
- ATLAS techniques
- $20M (€17.2M seed)
- Funding
- Active
- Status
At a glance
- Category
- Guardrails / LLM Firewall
- Headquarters
- Barcelona, Spain
- Founded
- 2022
- Employees
- 11-50
- Flagship product
- NeuralTrust AI Gateway + TrustGuard/TrustLens/TrustTest
- Deployment
- SaaS, self-hosted, or hybrid (split-plane)
- Best for
- Enterprises needing an infrastructure-level guardrail/gateway plus red teaming across many LLM apps and agents
- Funding to date
- $20M (€17.2M seed)
- Last round
- Seed · 2026-06
- Status
- Active
Facts as of .
What does NeuralTrust do?
An LLM gateway with teeth — runtime guardrails, posture checks, and red teaming behind a single front door for AI traffic. It ships as SaaS, self-hosted, or hybrid (split-plane), and it's built for enterprises needing an infrastructure-level guardrail/gateway plus red teaming across many LLM apps and agents. It's a weaker fit for teams wanting deep source-code/SDLC AppSec scanning; that is not its focus.
Which OWASP LLM Top 10 risks does NeuralTrust cover?
NeuralTrust's strongest verdict is LLM01Prompt Injection. The two tables below come from our editorial read of NeuralTrust's public documentation as of (it's what the docs support, not a hands-on lab test), and this row also sits in the full matrix across all 21 vendors.
| OWASP LLM Risk | What it is | NeuralTrust coverage | How it's addressed | Source |
|---|---|---|---|---|
| LLM01 Prompt Injection | User or hidden input overrides the model's rules or intended behavior. | Covered | TrustGate/TrustGuard detect and block prompt injection and jailbreaks; 150+ attack catalogue. | https://neuraltrust.ai/ |
| LLM02 Sensitive Information Disclosure | The model leaks secrets, personal data, or proprietary content in its output. | Covered | DLP and data-protection guardrails; split-plane keeps data in policy boundary. | https://neuraltrust.ai/ |
| LLM03 Supply Chain | Compromised models, datasets, plugins, or dependencies add risk before runtime. | Partial | Free MCP Scanner identifies vulnerabilities and misconfigurations (tool poisoning, RCE-chaining, data exfiltration) in MCP server setups — a narrow supply-chain-adjacent surface, not comprehensive model/dependency supply-chain scanning. | https://neuraltrust.ai/mcp-scanner |
| LLM04 Data and Model Poisoning | Tampered training or fine-tuning data corrupts how the model behaves. | Partial | TrustTest's red-teaming catalog explicitly tests 'Context poisoning' and the Echo Chamber attack, but this is runtime conversational/context poisoning rather than training-data or model-weight poisoning as defined by OWASP LLM04. | https://neuraltrust.ai/red-teaming |
| LLM05 Improper Output Handling | Downstream systems trust model output without checking it, enabling injection or code execution. | Covered | TrustGuard (inline enforcement engine within TrustGate) 'inspects every input and output, enforcing security decisions inline,' with dedicated content filtering/PII redaction applied to model outputs before they reach users or trigger downstream actions. | https://neuraltrust.ai/llms-full.txt |
| LLM06 Excessive Agency | An agent holds more permissions, tools, or autonomy than the task needs. | Partial | Tool-use permissions and agent posture management (TrustLens) constrain agent actions. | https://neuraltrust.ai/ |
| LLM07 System Prompt Leakage | The system prompt or the secrets inside it get exposed to users. | Partial | TrustTest's documented taxonomy of tested failure modes explicitly includes 'System-prompt extraction' — a testing/detection capability rather than an explicit dedicated runtime-blocking control. | https://neuraltrust.ai/red-teaming |
| LLM08 Vector and Embedding Weaknesses | Flaws in RAG stores let attackers poison, extract, or infer data. | Not covered | No vector/embedding security capability documented across gateway, red-teaming, or the full product-overview page. | https://neuraltrust.ai/llms-full.txt |
| LLM09 Misinformation | The model produces false or fabricated content that users act on. | Covered | 'Hallucination' is explicitly listed in TrustTest's documented taxonomy of tested failure modes/attacks. | https://neuraltrust.ai/red-teaming |
| LLM10 Unbounded Consumption | Uncontrolled requests drive cost, denial of service, or model extraction. | Partial | Gateway (TrustGate) enforces policy at scale (20K rps/node); rate-limit style controls implied but not detailed. | https://neuraltrust.ai/ |
| ATLAS Technique (ID) | Tactic | NeuralTrust coverage | Notes | Source |
|---|---|---|---|---|
| LLM Prompt Injection (AML.T0051) | Initial Access / Execution | Covered | Runtime detection and blocking of prompt injection. | https://neuraltrust.ai/ |
| LLM Jailbreak (AML.T0054) | Defense Evasion | Covered | Jailbreak detection in attack catalogue. | https://neuraltrust.ai/ |
| LLM Data Leakage (AML.T0057) | Exfiltration | Covered | DLP guardrails to prevent data leakage. | https://neuraltrust.ai/ |
| LLM Plugin Compromise (AML.T0053) | Execution | Partial | Tool-use permissions limit plugin/tool abuse. | https://neuraltrust.ai/ |
| Craft Adversarial Data (AML.T0043) | ML Attack Staging | Partial | TrustTest runs adversarial red-team attacks. | https://neuraltrust.ai/ |
| Denial of ML Service (AML.T0029) | Impact | Unverified | Gateway scale implies some abuse control; not confirmed. | None found |
Is NeuralTrust independent, and how is it funded?
NeuralTrust is an independent company as of . It has raised $20M (€17.2M seed) to date, most recently a Seed dated 2026-06. Lead investors: Alstin Capital, VentureFriends.
NeuralTrust alternatives
The closest alternatives we track in Guardrails / LLM Firewall are Enkrypt AI, Lakera, Lasso Security. On the open-source side, Guardrails covers similar ground.
Frequently asked questions
What is NeuralTrust used for?
NeuralTrust is a Guardrails / LLM Firewall vendor. Its flagship product is NeuralTrust AI Gateway + TrustGuard/TrustLens/TrustTest. It ships as SaaS, self-hosted, or hybrid (split-plane), and it's built for enterprises needing an infrastructure-level guardrail/gateway plus red teaming across many LLM apps and agents.
Is NeuralTrust independent or acquired?
NeuralTrust is an independent company as of 2026-07-13 and has not been acquired.
How many OWASP LLM Top 10 risks does NeuralTrust cover?
We score NeuralTrust as Covered on 4 of the ten OWASP LLM Top 10 (2025) risks, with 5 more Partial, as of 2026-07-13. The table on this page breaks down every risk, including the ones marked Not covered or Unverified.
How is NeuralTrust deployed?
NeuralTrust ships as SaaS, self-hosted, or hybrid (split-plane).
What are the best alternatives to NeuralTrust?
The closest Guardrails / LLM Firewall alternatives llmthreat tracks are Enkrypt AI, Lakera, Lasso Security. On the open-source side, Guardrails covers similar ground.