Pangea threat coverage: OWASP LLM Top 10 & MITRE ATLAS (2026)
Acquired · CrowdStrikePangea is a Guardrails / LLM Firewall vendor based in Palo Alto, California, USA. Its flagship product is AI Guard, Prompt Guard, AI Access Control, AI Visibility (API-based guardrails). Against the OWASP LLM Top 10 (2025) we score it Covered on 3 of 10 risks, Partial on 5, with 6 MITRE ATLAS techniques mapped as of . It now operates under CrowdStrike.
- 3/10
- Risks covered
- 5
- Partial
- 6
- ATLAS techniques
- ~$51-52M total (Series A $25M + Series B $26M)
- Funding
- Acquired
- Status
At a glance
- Category
- Guardrails / LLM Firewall
- Headquarters
- Palo Alto, California, USA
- Founded
- 2021
- Employees
- 11-50
- Flagship product
- AI Guard, Prompt Guard, AI Access Control, AI Visibility (API-based guardrails)
- Deployment
- SaaS API guardrails (cloud + self-hosted deployment options)
- Best for
- Developers embedding API-based prompt-injection and data-leakage guardrails into GenAI apps
- Funding to date
- ~$51-52M total (Series A $25M + Series B $26M)
- Last round
- Series B ($26M) · 2022-11
- Status
- Acquired by CrowdStrike
Facts as of .
What does Pangea do?
A guardrail suite — AI Guard, Prompt Guard, and AI access visibility — that now powers CrowdStrike's AI protection. It ships as SaaS API guardrails (cloud + self-hosted deployment options), and it's built for developers embedding API-based prompt-injection and data-leakage guardrails into GenAI apps. It's a weaker fit for buyers needing ML model-file scanning or full training-pipeline supply-chain security.
Which OWASP LLM Top 10 risks does Pangea cover?
Pangea's strongest verdict is LLM01Prompt Injection. The two tables below come from our editorial read of Pangea's public documentation as of (it's what the docs support, not a hands-on lab test), and this row also sits in the full matrix across all 21 vendors.
| OWASP LLM Risk | What it is | Pangea coverage | How it's addressed | Source |
|---|---|---|---|---|
| LLM01 Prompt Injection | User or hidden input overrides the model's rules or intended behavior. | Covered | Prompt Guard detects injection via heuristics, classifiers, and trained LLMs (>99% claimed efficacy). | https://pangea.cloud/blog/pangea-unveils-suite-of-ai-security-guardrails-and-jailbreak-competition/ |
| LLM02 Sensitive Information Disclosure | The model leaks secrets, personal data, or proprietary content in its output. | Covered | AI Guard detects 50+ types of PII/confidential data and can redact/block. | https://pangea.cloud/blog/pangea-unveils-suite-of-ai-security-guardrails-and-jailbreak-competition/ |
| LLM03 Supply Chain | Compromised models, datasets, plugins, or dependencies add risk before runtime. | Unverified | No explicit model supply-chain scanning documented. | None found |
| LLM04 Data and Model Poisoning | Tampered training or fine-tuning data corrupts how the model behaves. | Unverified | No explicit data/model poisoning coverage documented. | None found |
| LLM05 Improper Output Handling | Downstream systems trust model output without checking it, enabling injection or code execution. | Partial | AI Guard inspects/filters model outputs (malicious content, redaction). | https://www.securityweek.com/pangea-launches-ai-guard-and-prompt-guard-to-combat-gen-ai-security-risks/ |
| LLM06 Excessive Agency | An agent holds more permissions, tools, or autonomy than the task needs. | Partial | AI Access Control governs what AI can access/do. | https://pangea.cloud/blog/pangea-unveils-suite-of-ai-security-guardrails-and-jailbreak-competition/ |
| LLM07 System Prompt Leakage | The system prompt or the secrets inside it get exposed to users. | Partial | Prompt Guard analyzes system prompts and blocks extraction/jailbreak. | https://pangea.cloud/blog/pangea-unveils-suite-of-ai-security-guardrails-and-jailbreak-competition/ |
| LLM08 Vector and Embedding Weaknesses | Flaws in RAG stores let attackers poison, extract, or infer data. | Partial | AI Guard filters data flowing to/from RAG; vendor claims 8/10 OWASP coverage. | https://www.prnewswire.com/news-releases/pangea-unveils-suite-of-ai-security-guardrails-to-address-llm-software-risks-and-accelerate-ai-development-debuts-10-000-jailbreak-competition-302379049.html |
| LLM09 Misinformation | The model produces false or fabricated content that users act on. | Covered | AI Guard detects and disarms malicious/harmful content in interactions. | https://www.securityweek.com/pangea-launches-ai-guard-and-prompt-guard-to-combat-gen-ai-security-risks/ |
| LLM10 Unbounded Consumption | Uncontrolled requests drive cost, denial of service, or model extraction. | Partial | Vendor claims coverage of 8/10 OWASP LLM risks; specific consumption controls not detailed. | https://www.prnewswire.com/news-releases/pangea-unveils-suite-of-ai-security-guardrails-to-address-llm-software-risks-and-accelerate-ai-development-debuts-10-000-jailbreak-competition-302379049.html |
| ATLAS Technique (ID) | Tactic | Pangea coverage | Notes | Source |
|---|---|---|---|---|
| LLM Prompt Injection (AML.T0051) | Initial Access / Execution | Covered | Prompt Guard core capability incl. indirect injection and token smuggling. | https://pangea.cloud/blog/pangea-unveils-suite-of-ai-security-guardrails-and-jailbreak-competition/ |
| LLM Jailbreak (AML.T0054) | Defense Evasion | Covered | Prompt Guard blocks jailbreaks; ran $10K jailbreak competition. | https://www.securityweek.com/pangea-launches-ai-guard-and-prompt-guard-to-combat-gen-ai-security-risks/ |
| LLM Data Leakage (AML.T0057) | Exfiltration | Covered | AI Guard prevents sensitive-data leakage (50+ PII types). | https://pangea.cloud/blog/pangea-unveils-suite-of-ai-security-guardrails-and-jailbreak-competition/ |
| Extract LLM System Prompt (AML.T0056) | Discovery | Partial | Prompt Guard analyzes system prompts for extraction attempts. | https://pangea.cloud/blog/pangea-unveils-suite-of-ai-security-guardrails-and-jailbreak-competition/ |
| External Harms (AML.T0048) | Impact | Partial | AI Guard disarms malicious/harmful content in outputs. | https://www.securityweek.com/pangea-launches-ai-guard-and-prompt-guard-to-combat-gen-ai-security-risks/ |
| LLM Plugin Compromise (AML.T0053) | Execution | Partial | AI Access Control governs agent/tool access. | https://pangea.cloud/blog/pangea-unveils-suite-of-ai-security-guardrails-and-jailbreak-competition/ |
Is Pangea independent, and how is it funded?
Pangea was acquired by CrowdStrike for ~$260M (SEC: ~$212.1M cash net + replacement equity/liability awards) (2025-09; closed 2025-09-26) and now operates as a brand of CrowdStrike. Packaging, pricing, and support can shift under new ownership, so confirm current terms with CrowdStrike before you buy.
Pangea alternatives
The closest alternatives we track in Guardrails / LLM Firewall are Enkrypt AI, Lakera, Lasso Security. On the open-source side, Guardrails covers similar ground.
Frequently asked questions
What is Pangea used for?
Pangea is a Guardrails / LLM Firewall vendor. Its flagship product is AI Guard, Prompt Guard, AI Access Control, AI Visibility (API-based guardrails). It ships as SaaS API guardrails (cloud + self-hosted deployment options), and it's built for developers embedding API-based prompt-injection and data-leakage guardrails into GenAI apps.
Is Pangea independent or acquired?
Pangea was acquired by CrowdStrike and now operates as a subsidiary, as of 2026-07-13.
How many OWASP LLM Top 10 risks does Pangea cover?
We score Pangea as Covered on 3 of the ten OWASP LLM Top 10 (2025) risks, with 5 more Partial, as of 2026-07-13. The table on this page breaks down every risk, including the ones marked Not covered or Unverified.
How is Pangea deployed?
Pangea ships as SaaS API guardrails (cloud + self-hosted deployment options).
What are the best alternatives to Pangea?
The closest Guardrails / LLM Firewall alternatives llmthreat tracks are Enkrypt AI, Lakera, Lasso Security. On the open-source side, Guardrails covers similar ground.