Lakera Guard / Lakera Red
https://www.lakera.ai/lakera-guard
Screens every prompt, response, and retrieved document for indirect prompt injection — primary vector for memory poisoning. Treats memory as untrusted: anything written to or read from memory is adversarial until proven clean. Lakera Red provides "Agent Breaker" gamified red-teaming.
At a glance
- Type
- Real-time prompt-injection + poisoning screen
- Tier
- T1
- Created
- 2021 (founded 2021; Lakera Guard product launched Aug 2023; $10M seed 2023; $20M Series A Jul 2024)
- Latest release
- not applicable — not OSS
- License
- not applicable — not OSS
- GitHub
- not applicable — no GitHub repo
- Pricing
- Developer: free (10K API calls/mo); Pro: contact sales (higher volume + advanced detection); Enterprise: custom (on…
- Funding
- $30M total ($10M seed Redalpine/Atomico 2023; $20M Series A Jul 2024 Redpoint Ventures + Dropbox VC + Citi Ventures…
Taxonomy
- storage
- proprietary
- retrieval
- injection
- persistence
- session
- update
- read-only
- unit
- attack
- governance
- auditable
- conflict
- n/a
When to use
Optimised for: governance + compliance + audit + adversarial hardening
Anti-fit: not for hobbyist / non-production use cases
Pros & cons
Pros
Memory-aware guardrail product — Guard for runtime + Red for adversarial testing; covers prompt-injection-into-memory specifically.
Cons
Closed SaaS; rule library is opaque; per-call cost can be meaningful at high volume.
Claims & capabilities
Sub-100ms p99 REST API. Threat model: poisoning, long-horizon goal hijack, cross-session manipulation.
Technical surface
- API surface
- REST, SDK: Python, JS
- Backend storage
- custom
- Deployment
- REST API (SaaS cloud) or self-hosted Enterprise deployment
- Embedding model
- locked
- Multi-tenancy
- hard-isolation
- MCP
- no data — MCP referenced in Lakera blog as a threat-research topic only; no native MCP integration advertised (searched lakera.ai, docs.lakera.ai, lakera.ai/blog)
- A2A
- no data — searched lakera.ai/lakera-guard, docs.lakera.ai, docs.lakera.ai/lakera-guard/integrations; A2A protocol not advertised
- OpenTelemetry
- no data — searched lakera.ai/lakera-guard, docs.lakera.ai; OpenTelemetry export not advertised
Compare Lakera Guard / Lakera Red with…
Similar systems
Other memory governance, privacy & safety in the catalog, ranked by inbound references.
- Acuvity (now Proofpoint) T1
Runtime enforcement targeting memory poisoning, unauthorised execution, identity spoofing per the OWASP LLM threat list. Visibility/control over MCP servers and locally-installed AI tools — the infrastructure layer where memory is most exposed.
- Enkrypt AI T1
Applies guardrails at three points: (1) before write to vector DB, (2) before query reaches embedding model, (3) before response. Detects malicious instructions in stored memory before retrieval; scans for PII/PHI in/out. Text + image + voice modalities.
- HiddenLayer AISec Platform 2.0 T1
Targets the supply-chain / lineage layer rather than runtime memory writes. Model Genealogy tracks training/fine-tuning/modification history — catches poisoning baked in during training. AIBOM generates auditable inventory of model components + datasets. Runtime layer also monitors agentic workflows.
- Mem0 Security / OpenMemory T1
Commercial Mem0 ships SOC 2 / HIPAA, zero-trust access controls, BYOK encryption, real-time monitoring, audit logs, workspace governance as defaults. OpenMemory is the local self-hosted variant (Docker + FastAPI + Postgres + Qdrant) for privacy-first deployments.
- Microsoft Agent Governance Toolkit T2
Cross-Model Verification Kernel (CMVK) requires majority-voting agreement across multiple model calls before a memory-influenced action. Agent OS package intercepts every action (memory included) at sub-millisecond latency. MIT licensed.
- OWASP Agent Memory Guard T3
Open-source runtime defense. Enforces YAML policies on every memory read/write. SHA-256 baselines detect tampering, injection, sensitive-data leakage, protected-key modification, rapid-change anomalies. Forensic snapshots + rollback. Reference impl for OWASP ASI06 (Memory Poisoning).