Today, we announced the acquisition of AllTrue.ai, an AI Trust, Risk, and Security Management (AI TRiSM) company that helps organizations understand and control how AI systems behave across the enterprise.
The acquisition of AllTrue.ai brings real-time visibility and control to AI systems themselves, complementing Varonis’ deep understanding of enterprise data, identities, and access. Together, the combined platform helps organizations see and protect everything they build and run with AI.
As companies deploy AI models, copilots, and agents at scale, these systems are no longer just analyzing data — they are reading, writing, modifying, and acting on it at machine speed. This shift introduces a new class of risk: AI systems that operate without clear visibility, governance, or guardrails.
AI systems can behave unpredictably. Without knowing which systems exist, what they’re doing, or what data they can reach, organizations can’t safely use AI at scale. By combining AllTrue’s AI visibility and enforcement with the Varonis Data Security Platform, we’re giving organizations a way to adopt AI while keeping risk under control.
Comprehensive observability and control over every AI system
A pioneer in AI Trust, Risk, and Security Management (AI TRiSM), AllTrue.ai provides visibility into what AI systems exist across an organization — including shadow AI — what they are connected to, what actions they can take, and whether they’re safe. It also enforces guardrails in real-time, helping prevent unsafe, non-compliant, or unintended behavior.
AllTrue’s solution set includes the following capabilities:
-
AI Visibility. Continuously discover AI assets, projects, and systems, including shadow AI, across your entire environment.
-
AI Security Posture Management (AI-SPM). Scan your AI agents, chatbots, and models for vulnerabilities and misconfigurations.
-
AI Runtime Protection. Enforce real-time policies via our LLM and tool-agnostic AI gateway to prevent sensitive data leakage and block malicious and non-compliant use of any AI asset.
-
AI Detection and Response (AIDR). Detect and monitor all AI usage within your organization, store audit events, and generate real-time alerts on suspicious or risky behavior.
-
AI Security Testing. Proactively stress test your AI systems for vulnerabilities like prompt injection and jailbreaks.
-
AI Compliance Management. Get out-of-the-box audit reporting to validate your compliance with ever-changing AI regulations and frameworks.
Comprehensive AI-TRiSM to address risks at design-time, before agents or users take action, and run-time.
Comprehensive AI-TRiSM to address risks at design-time, before agents or users take action, and run-time.
AI security is data security
AI does not operate in isolation. It feasts on data. Models, copilots, and agents derive their value — and their risk — from the data they can access. Prompts and agents simply facilitate questions, answers, and actions. The true blast radius of AI lives in the data layer.
As enterprises deploy more autonomous and agentic AI systems, risk escalates. Agents, for example, can create biased or incorrect data and improperly modify data, and small misconfigurations can result in massive data breaches or compliance fines. This is why AI security must be rooted in data security.
“Most AI security efforts focus on models and prompts,” said Ron Bennatan, CEO and co-founder of AllTrue.ai and creator of Guardium (acquired by IBM) and jSonar (acquired by Imperva). “But the real value, and risk, of AI is related to the enterprise data AI can access. Varonis pioneered the data-centric security approach that must be the bedrock of AI security. Together, we can give organizations the fastest path to safe, compliant, and trustworthy AI.”
The combined Varonis platform enables organizations to:
- See what AI systems and agents exist, what they’re connected to, what they were built to do, and how they behave
- Control AI behavior in real-time to filter or block unsafe or non-compliant actions
- Reduce risk by understanding exactly what critical data AI systems can access and automatically enforcing least-privilege policies
- Prove accountability with clear evidence for internal governance and external compliance
As AI becomes embedded in core business processes, security is no longer just about stopping breaches; it’s about whether organizations can trust autonomous systems to act safely, reliably, and in line with policy. Varonis is building the platform to make that possible.
