llmthreat
For vendors 21 vendors · 10 tools Matrix Vendors

TrojAI is an AI Red Teaming vendor. Its flagship product is TrojAI Detect (red teaming) + TrojAI Defend (AI firewall). Against the OWASP LLM Top 10 (2025) we score it Covered on 5 of 10 risks, Partial on 4, with 6 MITRE ATLAS techniques mapped as of . It now operates under A10 Networks.

5/10
Risks covered
4
Partial
6
ATLAS techniques
Funding
Acquired
Status

At a glance

Category
AI Red Teaming
Headquarters
Undisclosed
Founded
Undisclosed
Employees
Undisclosed
Flagship product
TrojAI Detect (red teaming) + TrojAI Defend (AI firewall)
Deployment
SaaS and self-hosted; runtime firewall (Defend), incl. MCP
Best for
Enterprises wanting model/agent red teaming with OWASP mapping plus runtime firewall for LLM and MCP/agentic workflows
Funding to date
Undisclosed
Last round
Undisclosed
Status
Acquired by A10 Networks

Facts as of .

What does TrojAI do?

Two products, one loop: Detect red-teams models at build time, Defend firewalls them at runtime, both mapped to OWASP. It ships as SaaS and self-hosted; runtime firewall (Defend), incl. MCP, and it's built for enterprises wanting model/agent red teaming with OWASP mapping plus runtime firewall for LLM and MCP/agentic workflows. It's a weaker fit for buyers needing full ASPM/source-code AppSec; TrojAI centers on model behavior and runtime.

Which OWASP LLM Top 10 risks does TrojAI cover?

TrojAI's strongest verdict is LLM01Prompt Injection. The two tables below come from our editorial read of TrojAI's public documentation as of (it's what the docs support, not a hands-on lab test), and this row also sits in the full matrix across all 21 vendors.

OWASP LLM Top 10 (2025) coverage — as of 2026-07-13
OWASP LLM Risk What it is TrojAI coverage How it's addressed Source
LLM01 Prompt Injection User or hidden input overrides the model's rules or intended behavior. Covered Detect assesses prompt injection; Defend blocks at runtime; results mapped to OWASP 2025. https://troj.ai/products/detect
LLM02 Sensitive Information Disclosure The model leaks secrets, personal data, or proprietary content in its output. Covered Detect finds data and PII leakages. https://troj.ai/products/detect
LLM03 Supply Chain Compromised models, datasets, plugins, or dependencies add risk before runtime. Partial JFrog DevSecOps integration scans models in the pipeline/supply chain. https://troj.ai/blog/devsecops-ai-security-trojai-jfrog-integration
LLM04 Data and Model Poisoning Tampered training or fine-tuning data corrupts how the model behaves. Partial Detect red teams model behavior with adversarial/multi-turn attacks. https://www.prnewswire.com/news-releases/trojai-detect-advances-ai-red-teaming-with-agentic-and-multi-turn-attacks-302515382.html
LLM05 Improper Output Handling Downstream systems trust model output without checking it, enabling injection or code execution. Partial Assesses/filters toxic, unwanted or harmful content. https://troj.ai/products/detect
LLM06 Excessive Agency An agent holds more permissions, tools, or autonomy than the task needs. Covered Defend for MCP and agent-led red teaming secure agentic workflows. https://www.troj.ai/blog/agentic-ai-defend-for-mcp-model-context-protocol
LLM07 System Prompt Leakage The system prompt or the secrets inside it get exposed to users. Covered TrojAI Defend's product page explicitly lists system prompt leakage among the attack vectors it addresses: 'TrojAI Defend reduces the risk that the system prompts or instructions used to steer the behavior of the model may contain sensitive information or secrets.' https://troj.ai/products/defend
LLM08 Vector and Embedding Weaknesses Flaws in RAG stores let attackers poison, extract, or infer data. Covered TrojAI Defend's product page explicitly documents vector/embedding weakness protection: 'The system stops weaknesses in how vectors and embeddings are generated, stored, or retrieved from being exploited to inject harmful content, manipulate models, or access sensitive data.' https://troj.ai/products/defend
LLM09 Misinformation The model produces false or fabricated content that users act on. Partial Detect flags unwanted/harmful content; explicit misinformation/hallucination scope unconfirmed. https://troj.ai/products/detect
LLM10 Unbounded Consumption Uncontrolled requests drive cost, denial of service, or model extraction. Unverified Runtime firewall exists but rate-limit/consumption controls not explicitly documented. None found
MITRE ATLAS coverage — as of 2026-07-13
ATLAS Technique (ID) Tactic TrojAI coverage Notes Source
LLM Prompt Injection (AML.T0051) Initial Access / Execution Covered Detect tests and Defend blocks prompt injection. https://troj.ai/products/defend
LLM Data Leakage (AML.T0057) Exfiltration Covered Detect uncovers PII/data leakage. https://troj.ai/products/detect
Craft Adversarial Data (AML.T0043) ML Attack Staging Covered Automated multi-turn/agentic adversarial red teaming. https://www.prnewswire.com/news-releases/trojai-detect-advances-ai-red-teaming-with-agentic-and-multi-turn-attacks-302515382.html
LLM Jailbreak (AML.T0054) Defense Evasion Partial Red teaming exercises jailbreak/harmful-content bypass. https://troj.ai/products/detect
LLM Plugin Compromise (AML.T0053) Execution Partial Defend for MCP protects tool/agent workflows. https://www.troj.ai/blog/agentic-ai-defend-for-mcp-model-context-protocol
ML Supply Chain Compromise (AML.T0010) Initial Access Partial JFrog integration scans models in the supply chain. https://troj.ai/blog/devsecops-ai-security-trojai-jfrog-integration

Is TrojAI independent, and how is it funded?

TrojAI was acquired by A10 Networks for Undisclosed (2026-06-15) and now operates as a brand of A10 Networks. Packaging, pricing, and support can shift under new ownership, so confirm current terms with A10 Networks before you buy.

TrojAI alternatives

The closest alternatives we track in AI Red Teaming are CalypsoAI, Giskard, Mindgard. On the open-source side, garak covers similar ground.

Frequently asked questions

What is TrojAI used for?

TrojAI is an AI Red Teaming vendor. Its flagship product is TrojAI Detect (red teaming) + TrojAI Defend (AI firewall). It ships as SaaS and self-hosted; runtime firewall (Defend), incl. MCP, and it's built for enterprises wanting model/agent red teaming with OWASP mapping plus runtime firewall for LLM and MCP/agentic workflows.

Is TrojAI independent or acquired?

TrojAI was acquired by A10 Networks and now operates as a subsidiary, as of 2026-07-13.

How many OWASP LLM Top 10 risks does TrojAI cover?

We score TrojAI as Covered on 5 of the ten OWASP LLM Top 10 (2025) risks, with 4 more Partial, as of 2026-07-13. The table on this page breaks down every risk, including the ones marked Not covered or Unverified.

How is TrojAI deployed?

TrojAI ships as SaaS and self-hosted; runtime firewall (Defend), incl. MCP.

What are the best alternatives to TrojAI?

The closest AI Red Teaming alternatives llmthreat tracks are CalypsoAI, Giskard, Mindgard. On the open-source side, garak covers similar ground.

Last verified . Sources: https://www.businesswire.com/news/home/20260615349365/en/A10-Networks-Acquires-TrojAI-Inc.-Expanding-AI-Roadmap, https://troj.ai/products/detect, https://troj.ai/products/defend, https://www.prnewswire.com/news-releases/trojai-raises-5-75m-in-seed-funding-to-secure-ai-in-the-enterprise-302106426.html, https://www.crunchbase.com/organization/trojai. Funding and repo figures are third-party and go stale. Re-verify before you rely on them.
Informational, not professional security advice — verify TrojAI's claims and threat coverage against the official OWASP and MITRE sources and the vendor directly before making a purchasing or security decision. OWASP, MITRE, and the listed vendors and maintainers do not endorse llmthreat.com.