Last updated: 2026-06-20
HiddenLayer scans 35+ AI model formats for backdoors and blocks runtime prompt injection. SOC 2 Type II and ISO 27001 certified. Enterprise quote pricing only.
HiddenLayer is an AI security platform founded in Austin in 2022 that protects enterprise ML models throughout their lifecycle. Its ModelScanner analyzes 35+ model file formats for backdoors, trojans, and serialization exploits. The MLDR module monitors live model inputs and outputs in real time without requiring access to model weights. Pricing is enterprise quote-based. HiddenLayer holds SOC 2 Type II and ISO 27001 certifications.
HiddenLayer is an enterprise AI security platform founded in Austin, Texas in March 2022 by Chris Sestito, Jim Ballard, and Tanner Burns. The company has raised $56M in two rounds, including a $50M Series A led by Microsoft's venture fund M12 in September 2023, with participation from IBM Ventures, Capital One Ventures, Booz Allen Ventures, and Moore Strategic Ventures. It protects organizations that run machine learning models in production from four categories of risk: model supply chain attacks, adversarial inputs, runtime exploitation, and unauthorized model access. The platform is built around four integrated modules. AI Discovery automatically inventories every AI and ML asset across cloud environments, giving security teams a full picture of their AI footprint. AI Supply Chain Security, powered by ModelScanner, analyzes model files in 35+ formats (including PyTorch, TensorFlow, ONNX, Keras, and Pickle) for backdoors, trojans, and serialization exploits before they reach production. AI Attack Simulation runs continuous adversarial red teaming against deployed models. AI Runtime Security, the original MLDR (machine learning detection and response) capability, monitors live model inputs and outputs in real time without requiring access to model weights or training data. In March 2026, HiddenLayer launched agentic runtime security capabilities, allowing security teams to reconstruct every autonomous agent session, detect prompt injection and malicious tool calls, and stop data exfiltration in multi-step workflows. This makes it one of the first platforms to cover the full AI security surface from model files to live agent execution. HiddenLayer's own 2026 AI Threat Landscape Report found that one in eight AI breaches now involves an agentic system. The platform deploys as SaaS, on-prem, air-gapped, or hybrid. SDKs are available for Python, TypeScript, and Java (the Python SDK is published on PyPI as hiddenlayer-sdk). It integrates with AWS Bedrock, Amazon SageMaker, Amazon AgentCore, Google Cloud, Azure, MLflow, Hugging Face Hub, and Databricks Unity Catalog. Pricing is enterprise quote-based with no published tiers. HiddenLayer holds SOC 2 Type II and ISO 27001 certifications. HiddenLayer remains independent while three of its main rivals were absorbed by larger vendors: Protect AI (acquired by Palo Alto Networks, 2025), Lakera (acquired by Check Point, November 2025), and Robust Intelligence (acquired by Cisco, August 2024). That consolidation leaves HiddenLayer as the primary standalone AI model security platform for organizations that want a dedicated vendor rather than a module inside a broader security suite.
Enterprise pricing only, quote-based. No public tiers or self-serve plan. Third-party estimates suggest contracts may start around $500/month. Deployment options include SaaS, on-prem, and air-gapped. Contact sales at hiddenlayer.com for a custom proposal.
HiddenLayer is an enterprise AI security platform founded in Austin, Texas in March 2022 by Chris Sestito, Jim Ballard, and Tanner Burns. The company has raised $56M in total funding, including a $50M Series A led by Microsoft's venture fund M12 in September 2023. HiddenLayer protects organizations that run ML models in production from four types of threat: model supply chain attacks, adversarial inputs, runtime exploitation, and unauthorized model access. Its flagship product includes four integrated modules: AI Discovery, AI Supply Chain Security powered by ModelScanner, AI Attack Simulation, and AI Runtime Security (MLDR). In March 2026, HiddenLayer added agentic runtime security to protect autonomous AI agent workflows from prompt injection, malicious tool calls, and data exfiltration. The platform deploys as SaaS, on-prem, air-gapped, or hybrid and integrates with AWS, Azure, Google Cloud, MLflow, and Hugging Face.
HiddenLayer does not publish pricing publicly. All plans are enterprise quote-based, and you must contact the sales team for a custom proposal. There is no self-serve free tier or published monthly plan. Third-party sources suggest enterprise contracts may start around $500 per month, but this is not confirmed by HiddenLayer directly. Pricing varies based on the number of models monitored, the deployment mode (SaaS vs on-prem vs air-gapped), and the specific modules required. Organizations evaluating HiddenLayer should expect to go through a sales discovery process before receiving a quote. For teams without large security budgets, this lack of pricing transparency is a real barrier to evaluation compared to vendors with published tiers.
HiddenLayer's platform covers the full AI model security lifecycle through four core modules. ModelScanner analyzes 35+ ML model file formats (PyTorch, TensorFlow, ONNX, Keras, Pickle, and others) for backdoors, trojans, and serialization exploits before they reach production. AI Runtime Security (MLDR) monitors live model inputs and outputs in real time to detect adversarial attacks and prompt injection without accessing model weights. AI Discovery automatically inventories all AI and ML assets across cloud environments to eliminate shadow AI risk. AI Attack Simulation runs continuous adversarial red teaming against deployed models. In March 2026, HiddenLayer also launched agentic runtime security, which reconstructs autonomous agent sessions to detect malicious tool calls and data exfiltration in multi-step workflows.
HiddenLayer does not offer a free tier or a self-serve trial plan. The platform is aimed exclusively at enterprise customers and requires a sales conversation before you can access the product. HiddenLayer may offer proof-of-concept or demo environments through its sales process, but these are not publicly documented on its website. If you need to evaluate the product, the first step is to request a demo at hiddenlayer.com. This contrasts with some competitors that offer open-source companion tools or limited-access trial plans. Teams looking for a no-cost entry point into AI model security may find open-source tools like ModelScan (which HiddenLayer itself contributed to) more accessible for initial exploration before committing to an enterprise platform.
Three of HiddenLayer's most direct competitors have been acquired: Protect AI was acquired by Palo Alto Networks in 2025, Lakera by Check Point in November 2025, and Robust Intelligence by Cisco in August 2024. This means those tools now exist as modules inside larger security suites rather than as standalone products. CalypsoAI remains an independent option focused on AI application security and governance. For teams that need LLM-specific runtime protection only, rather than full model lifecycle security, NVIDIA's NeMo Guardrails and open-source projects like Guardrails AI and LLM Guard offer focused options. HiddenLayer's main advantage over all alternatives is its 35+ format ModelScanner and non-invasive MLDR approach. Organizations already using Palo Alto Networks, Cisco, or Check Point may find it easier to use their respective acquired products within their existing security stack.
HiddenLayer is best for large enterprises with dedicated security and MLOps teams that deploy ML models in production, especially in regulated industries like financial services, defense, and government. The ideal buyer is a CISO or AI risk officer at a company pulling models from public repositories like Hugging Face and needing to verify model integrity before production use. MLOps engineers managing multi-framework model registries across AWS SageMaker, Databricks, or MLflow will find the CI/CD pipeline integration especially useful. HiddenLayer is not well suited for small startups, individual developers, or teams without dedicated security staff, since deployment requires significant infrastructure expertise. Organizations needing HIPAA compliance should verify whether HiddenLayer can issue a BAA before committing, as HIPAA attestation has not been publicly confirmed.
To get started with HiddenLayer, visit hiddenlayer.com and request a demo via the contact form. The sales team will schedule a discovery call to understand your AI environment and configure a proof of concept. Once contracted, HiddenLayer can deploy as SaaS (fastest to set up), on-prem inside your data center, or in an air-gapped environment for high-security use cases. SDKs are available for Python, TypeScript, and Java; the Python SDK is on PyPI as hiddenlayer-sdk. Integration with AWS SageMaker, MLflow, and Hugging Face requires additional configuration documented in HiddenLayer's platform guides. Gartner Peer Insights reviewers note that initial deployment typically requires a team of ML and infrastructure engineers and several weeks of setup before the platform is fully operational.
HiddenLayer and Protect AI were the two most direct competitors in AI model security before Protect AI was acquired by Palo Alto Networks in 2025. Both platforms covered the full ML security lifecycle including supply chain scanning, adversarial defense, and runtime monitoring. The key difference before acquisition was in funding scale: Protect AI raised roughly $108M versus HiddenLayer's $56M, giving it a larger development budget and broader go-to-market reach. Post-acquisition, Protect AI's capabilities are now integrated into Palo Alto's AI Security platform, which gives buyers broader threat intelligence and SIEM integrations from a single vendor. HiddenLayer remains independent, which means a more focused roadmap on AI-specific threats and no risk of feature de-prioritization by a large parent company. For organizations already inside the Palo Alto ecosystem, Protect AI post-acquisition may simplify deployment. For those wanting a dedicated AI security vendor with no vendor lock-in, HiddenLayer is the stronger standalone choice.