Filling the gap of AI security and nearing a 7-figure ARR

Oliver Friedrichs just built his fourth security company. This time, he's focusing on a big gap: AI security.

The market is only now starting to understand the problem that he's solving, and Pangea is already nearing 7-figure ARR.

Here's Oliver on how he's doing it. 👇

Building his fourth security company

I’ve been in cybersecurity since the late '90s, starting out as an ethical hacker. Since then, I’ve founded four security companies, each tackling the next big wave — from network security to cloud security, and now AI.

We launched Pangea in 2021 to make it easier for developers to build secure cloud applications. At the time, we saw the developer population exploding — 27 million and counting — and realized there wasn’t a security platform designed for them.

Since then, we’ve built nearly two dozen developer-focused security services for applications, ranging from file scanning to authorization.

But then, AI adoption started exploding.

Pivoting to AI security

Companies are building hundreds of AI applications across their organizations, and this rush creates massive security risks around data leakage, prompt injection, and sensitive information disclosure. Traditional security tools aren't equipped for these new threats.

I draw a direct parallel to my experience in the anti-malware space. When viruses and malware first came out in the 80s and 90s, they were a new threat. We had to create new detection technology to detect that threat because it didn't exist before. This new threat is similar — only, words are weapons now instead of the bytes that we used to detect with antivirus products.

AI security is the new frontier, so we pivoted to focus specifically on helping teams build and secure AI applications and agents from the ground up.

Today, Pangea offers a unified AI security platform that allows both developers and security teams to secure GenAI, with security products that cover homegrown AI workloads and employee adoption of AI technology.

We expect to cross 7 figures in ARR this year.

Using AI to detect AI threats

The core innovation was recognizing that we could use generative AI to detect AI threats. We fine-tune much smaller models — around 300 million parameter models — to detect multilingual prompt injection threats across almost 100 languages.

Having spent years at companies like Symantec, Cisco, and McAfee running research teams to detect malware, where we claimed 99.9+% efficacy — we can now claim the same level of effectiveness for prompt injection detection. The challenge is that there's no real third-party testing body yet, so we built our AI guardrails with four main categories of protection:

1. Prompt injection - the #1 threat in the OWASP top 10 for large language model threats.

2. Confidential information and PII detection - we detect over 50 types of confidential information, with options to block, report, or encrypt using format-preserving encryption.

3. Malicious content filtering - partnering with companies like CrowdStrike to integrate threat intelligence.

4. Topic alignment - ensuring content aligns with organizational intent.

These protections power our newest product design for security teams, AI Detection & Response (AIDR), which deploys across a range of sensor form factors such as apps, agents, endpoints, and more, and feeds into a unified policy and detection engine to help enterprises gain visibility, threat detection, and control over the use of AI in their environment.

Building for scale

We built this platform to be internet-scale ready, as well as incredibly developer-friendly. Think Stripe and Twilio-like experience, where anyone can sign up, get an auth token, and start using our API immediately, embedding guardrails into their AI applications. There are several integration options:

• API-first with SDKs in Go, Python, JavaScript, Java, and C#

• AI gateway integrations for Kong, LiteLLM, Portkey, and others

• MCP proxy to scrub and secure model-generated content

• Browser extension to monitor shadow AI usage

• Deployment flexibility run locally with Kubernetes/Helm or use our hosted SaaS

The platform also supports protection for AI gateways such as Kong and LiteLLM, integrates the Pangea SDK for application-level AI security, and ingests OpenTelemetry log formats to enhance observability across cloud-native environments.

We also support integration with common SIEMs like CrowdStrike, NextGen SIEM, and Splunk. 

The goal is to fit into existing infrastructure.

A rapidly-evolving market

One big challenge is just how fast the landscape is changing. Every model comes with different guardrails, and new ones are constantly emerging.

Claude, for example, is currently one of the hardest to bypass. Others? Not so much. You can’t assume the model itself will keep you safe.

And there are always new threats to discover. For example, one of our AI security researchers at Pangea Labs discovered an exploit recently called LegalPwn, that affects many common models and bypasses their malicious content filters by mimicking legal notices triggered.

Generally speaking, organizations are facing two major categories of AI security risk:

1. Workforce AI risk: Like shadow AI, where employees are using unvetted third-party tools and unknowingly feeding them confidential data.

2. Homegrown AI workload risk: Building proprietary software and systems on top of AI, such as customer-facing chatbots, creates new risks like prompt injection attacks.

Multi-pronged growth

We've taken a multi-pronged approach to growth:

1. Developer community engagement - Making our API incredibly easy to use and integrate.

2. Security team focus - Targeting CISOs and product security teams.

3. Educational content - We've classified 169 prompt injection methods and released resources for the community.

4. Open source contributions - Our Prompt Lab testing tool helps establish credibility.

We've secured strategic partnerships with CrowdStrike and backing from Google Ventures and Okta Ventures, validating our comprehensive approach to AI security.

We also launched The Great AI Escape in early 2025, a virtual escape room challenge that showcased real-world prompt injection threats in an interactive format. Over $10K in prizes and three increasingly tough rooms helped drive awareness in a fun, developer-friendly way.

The challenge of educating your market

The biggest hurdle has been education. Many teams are racing to build with AI, prioritizing functionality — only to realize later that security is a critical gap.

If I had to do it again, I'd go after security teams first. Once security teams see the risks and value, they bring developers into the conversation.

Parting advice

1. Build with scale in mind from day one. Even if you're starting small, architect your system to handle enterprise-scale traffic.

2. Focus on developer experience. Whether you're selling to developers or not, making your product easy to integrate is crucial.

3. Know your market’s maturity. AI security is only top of mind once things move to production.

4. Lead with education. Sharing what you know builds trust.

5. Most importantly, security can’t be an afterthought with AI. The speed, scale, and autonomy of this tech mean the risks can multiply faster than anything we’ve seen before. Guardrails need to be built in from the start.

What's next?

With GenAI, we're witnessing the fastest software adoption curve in history — but also the fastest-growing security blind spot. 

That’s why we just launched Pangea AIDR alongside our guardrails for AI applications, and our research arm, Pangea Labs, is also ramping up — driving new protections for emerging threats like image injection attacks on LLMs, and offering AI red teaming services.

GenAI is being embedded everywhere, and it’s only a matter of time before the security incidents start making headlines. We’re building the infrastructure now to prevent that.

You can visit pangea.cloud to learn more about our platform and sign up to try our APIs. We also have a ton of resources, such as our prompt injection taxonomy that we update on a regular basis, and our in-house research provided by Pangea Labs. Or connect with me on LinkedIn.