Last updated 06-28-2026
Category:
Reviews:
Join thousands of AI enthusiasts in the World of AI!
TrojAI
TrojAI is an enterprise AI security platform for testing and protecting models, applications, and agents across the full lifecycle. It helps security and ML teams find vulnerabilities before deployment, block prompt injection and data leakage at runtime, and govern agent workflows that use the Model Context Protocol. The platform is built for Fortune 500 organizations that need to scale agentic AI without leaving behavior unchecked.
The company was founded in 2020 by James Stewart and Stephen Goddard to address adversarial attacks on AI and ML systems. TrojAI Detect runs automated red teaming at build time with more than 150 built-in security and safety tests, while TrojAI Defend acts as a real-time firewall that filters inputs and outputs in production. A dedicated MCP module gives security teams visibility into registered servers, approved tools, and metadata tampering across agentic deployments.
Security engineers use TrojAI to align deployments with OWASP, MITRE, and NIST frameworks and to integrate monitoring into SIEM, SOAR, and ticketing systems. The platform supports commercial, open source, and custom models across any cloud, with self-hosted deployment options so sensitive data stays inside the enterprise.
More than 150 built-in security tests plus custom policies for red teaming
Static, manipulated, and dynamic LLM-on-LLM attack methodologies
Runtime firewall blocks, redacts, and logs threats across models and agents
Scales past 10 million tokens per second for high-volume production traffic
Browser extensions filter third-party GenAI and copilot app inputs and outputs
MCP module discovers servers, approves tools, and catches metadata tampering
Maps findings to OWASP, MITRE, and NIST security standards automatically
Covers both build-time red teaming and runtime firewall protection in one platform.
Defend for MCP addresses agent-specific risks like rogue servers and tampered tool metadata.
Self-hosted deployment option keeps enterprise data inside customer environments.
Named a Gartner Representative Vendor for AI TRiSM and to the CB Insights AI 100 list.
SOC 2 Type II certified with AES-256 encryption at rest and TLS 1.2 in transit.
No public pricing or self-serve signup; access requires contacting sales or booking a demo.
Focused on enterprise buyers rather than individual developers or small teams.
Pricing page is not published on the TrojAI website.
Does TrojAI have a free plan?
TrojAI does not publish a free tier or self-serve pricing on its website. Organizations contact sales or book a demo to discuss TrojAI Detect, TrojAI Defend, and TrojAI Defend for MCP through the contact form.
What is the difference between TrojAI Detect and TrojAI Defend?
TrojAI Detect focuses on build-time protection through automated red teaming and pentesting to find model vulnerabilities before deployment. TrojAI Defend is a runtime AI firewall that monitors, alerts, blocks, redacts, and logs active threats to production models, applications, and agents.
What types of AI models does TrojAI support?
TrojAI Detect supports red teaming for tabular, NLP, and LLM models in commercial, open source, or custom deployments. TrojAI Defend secures AI models, applications, and agents across any model, cloud, or enterprise environment.
Does TrojAI protect Model Context Protocol deployments?
Yes. TrojAI Defend for MCP gives security teams visibility into MCP servers and tools, blocks unregistered or rogue servers, detects prompt injections hidden in tool metadata, and revokes approval when tool definitions change after sign-off.
What security standards does TrojAI map to?
TrojAI maps testing and protection coverage to industry frameworks including OWASP, MITRE, and NIST. Detect generates reports segmented by policy or test that align with these standards, and Defend helps enterprises meet recognized AI security best practices.
How can I contact TrojAI sales or report a security issue?
TrojAI lists [email protected] and toll-free (888) 4-TROJAI for sales inquiries, with offices in Saint John, NB and Boston, MA. Security issues can be reported to [email protected], as noted on the TrojAI security page.