Robust Intelligence threat coverage: OWASP LLM Top 10 & MITRE ATLAS (2026)
Acquired · CiscoRobust Intelligence is an AI Red Teaming vendor based in San Francisco, USA. Its flagship product is AI Validation (automated red teaming) + AI Protection (runtime AI firewall); now Cisco AI Defense. Against the OWASP LLM Top 10 (2025) we score it Covered on 3 of 10 risks, Partial on 5, with 6 MITRE ATLAS techniques mapped as of . It now operates under Cisco.
- 3/10
- Risks covered
- 5
- Partial
- 6
- ATLAS techniques
- ~$44M total (seed + Series A + $30M Series B)
- Funding
- Acquired
- Status
At a glance
- Category
- AI Red Teaming
- Headquarters
- San Francisco, USA
- Founded
- 2019
- Employees
- 51-100 (approx)
- Flagship product
- AI Validation (automated red teaming) + AI Protection (runtime AI firewall); now Cisco AI Defense
- Deployment
- SaaS + self-hosted; inline AI firewall proxy + validation pipeline
- Best for
- Automated pre-deployment red teaming plus runtime guardrails, especially for Cisco-aligned enterprise stacks
- Funding to date
- ~$44M total (seed + Series A + $30M Series B)
- Last round
- Series B ($30M) · 2021-12
- Status
- Acquired by Cisco
Facts as of .
What does Robust Intelligence do?
Algorithmic red teaming plus a runtime AI firewall — the technology that became Cisco AI Defense. It ships as SaaS + self-hosted; inline AI firewall proxy + validation pipeline, and it's built for automated pre-deployment red teaming plus runtime guardrails, especially for Cisco-aligned enterprise stacks. It's a weaker fit for teams focused narrowly on ML model-file provenance/signing.
Which OWASP LLM Top 10 risks does Robust Intelligence cover?
Robust Intelligence's strongest verdict is LLM01Prompt Injection. The two tables below come from our editorial read of Robust Intelligence's public documentation as of (it's what the docs support, not a hands-on lab test), and this row also sits in the full matrix across all 21 vendors.
| OWASP LLM Risk | What it is | Robust Intelligence coverage | How it's addressed | Source |
|---|---|---|---|---|
| LLM01 Prompt Injection | User or hidden input overrides the model's rules or intended behavior. | Covered | AI firewall detects prompt injection; validation red-teams for it. | https://blogs.cisco.com/news/fortifying-the-future-of-security-for-ai-cisco-announces-intent-to-acquire-robust-intelligence |
| LLM02 Sensitive Information Disclosure | The model leaks secrets, personal data, or proprietary content in its output. | Covered | Runtime guardrails and validation address sensitive data leakage. | https://www.cisco.com/site/us/en/products/security/ai-defense/robust-intelligence-is-part-of-cisco/index.html |
| LLM03 Supply Chain | Compromised models, datasets, plugins, or dependencies add risk before runtime. | Partial | Model validation scans models before deployment; supply-chain aspects partial. | https://sequoiacap.com/article/robust-intelligence-spotlight/ |
| LLM04 Data and Model Poisoning | Tampered training or fine-tuning data corrupts how the model behaves. | Covered | Detects data/model poisoning and integrity failures via automated validation. | https://sequoiacap.com/article/robust-intelligence-spotlight/ |
| LLM05 Improper Output Handling | Downstream systems trust model output without checking it, enabling injection or code execution. | Partial | Red teaming and firewall address unsafe/malicious output handling. | https://blogs.cisco.com/news/fortifying-the-future-of-security-for-ai-cisco-announces-intent-to-acquire-robust-intelligence |
| LLM06 Excessive Agency | An agent holds more permissions, tools, or autonomy than the task needs. | Partial | Validation evaluates agent/model behavior boundaries. | https://www.cisco.com/site/us/en/products/security/ai-defense/robust-intelligence-is-part-of-cisco/index.html |
| LLM07 System Prompt Leakage | The system prompt or the secrets inside it get exposed to users. | Partial | Algorithmic red teaming probes for system-prompt leakage. | https://blogs.cisco.com/news/fortifying-the-future-of-security-for-ai-cisco-announces-intent-to-acquire-robust-intelligence |
| LLM08 Vector and Embedding Weaknesses | Flaws in RAG stores let attackers poison, extract, or infer data. | Unverified | No explicit vector/embedding weakness coverage found. | None found |
| LLM09 Misinformation | The model produces false or fabricated content that users act on. | Partial | Validation tests for hallucination/unsafe content. | https://sequoiacap.com/article/robust-intelligence-spotlight/ |
| LLM10 Unbounded Consumption | Uncontrolled requests drive cost, denial of service, or model extraction. | Unverified | No explicit unbounded-consumption control documented. | None found |
| ATLAS Technique (ID) | Tactic | Robust Intelligence coverage | Notes | Source |
|---|---|---|---|---|
| LLM Prompt Injection (AML.T0051) | Initial Access / Execution | Covered | AI firewall and validation both target injection. | https://blogs.cisco.com/news/fortifying-the-future-of-security-for-ai-cisco-announces-intent-to-acquire-robust-intelligence |
| Craft Adversarial Data (AML.T0043) | ML Attack Staging | Covered | Algorithmic AI Validation auto-generates adversarial test inputs. | https://sequoiacap.com/article/robust-intelligence-spotlight/ |
| Poison Training Data (AML.T0020) | Resource Development | Covered | Validation detects data poisoning and integrity issues. | https://sequoiacap.com/article/robust-intelligence-spotlight/ |
| LLM Data Leakage (AML.T0057) | Exfiltration | Covered | Runtime guardrails prevent sensitive data exposure. | https://www.cisco.com/site/us/en/products/security/ai-defense/robust-intelligence-is-part-of-cisco/index.html |
| Erode ML Model Integrity (AML.T0031) | Impact | Partial | Continuous validation checks model integrity/robustness. | https://sequoiacap.com/article/robust-intelligence-spotlight/ |
| LLM Jailbreak (AML.T0054) | Defense Evasion | Covered | Automated red teaming discovers jailbreaks. | https://blogs.cisco.com/news/fortifying-the-future-of-security-for-ai-cisco-announces-intent-to-acquire-robust-intelligence |
Is Robust Intelligence independent, and how is it funded?
Robust Intelligence was acquired by Cisco for ~$400M (reported; Cisco did not officially disclose terms) (2024-09) and now operates as a brand of Cisco. Packaging, pricing, and support can shift under new ownership, so confirm current terms with Cisco before you buy.
Robust Intelligence alternatives
The closest alternatives we track in AI Red Teaming are CalypsoAI, Giskard, Mindgard. On the open-source side, garak covers similar ground.
- Robust Intelligence vs Mindgard
- Robust Intelligence vs Giskard
- Robust Intelligence vs TrojAI
- Robust Intelligence vs CalypsoAI
Frequently asked questions
What is Robust Intelligence used for?
Robust Intelligence is an AI Red Teaming vendor. Its flagship product is AI Validation (automated red teaming) + AI Protection (runtime AI firewall); now Cisco AI Defense. It ships as SaaS + self-hosted; inline AI firewall proxy + validation pipeline, and it's built for automated pre-deployment red teaming plus runtime guardrails, especially for Cisco-aligned enterprise stacks.
Is Robust Intelligence independent or acquired?
Robust Intelligence was acquired by Cisco and now operates as a subsidiary, as of 2026-07-13.
How many OWASP LLM Top 10 risks does Robust Intelligence cover?
We score Robust Intelligence as Covered on 3 of the ten OWASP LLM Top 10 (2025) risks, with 5 more Partial, as of 2026-07-13. The table on this page breaks down every risk, including the ones marked Not covered or Unverified.
How is Robust Intelligence deployed?
Robust Intelligence ships as SaaS + self-hosted; inline AI firewall proxy + validation pipeline.
What are the best alternatives to Robust Intelligence?
The closest AI Red Teaming alternatives llmthreat tracks are CalypsoAI, Giskard, Mindgard. On the open-source side, garak covers similar ground.