Knostic

AI security vendor focused on enterprise AI deployments. Two product surfaces:

1. Knowledge-layer governance for enterprise AI search — Microsoft Copilot, Glean, Gemini, custom LLMs. Detects and remediates oversharing; builds dynamic, need-to-know boundaries that reflect role, context, and actual usage rather than only static labels. Plugs into M365 / Purview / Glean / AWS / ServiceNow / custom LLMs.
2. Coding-agent governance via Kirin — covering Cursor, GitHub Copilot, IDE extensions, MCP servers.

Aligns publicly with Gartner AI TRiSM, Sounil Yu’s Cyber Defense Matrix, OWASP GenAI / ASI Top 10, NIST AI RMF, and Google SAIF.

Gartner Guardian Agents Market Guide inclusion (Feb 2026)

Knostic is named in the Agent security and risk specialists segment of the Gartner Market Guide for Guardian Agents (February 2026), confirming the wiki’s existing positioning of Knostic as a guardian-agent vendor. Co-listed with Aiceberg, Apiiro, NeuralTrust, Pillar, Zenity, Varonis, Noma Security, and others in the same segment.

Notable Output

• Blog: AI Data Security (2026-05, ingested) — see AI Data Security (Knostic blog, 2026). Vendor-content survey of AI data security with strong standards anchoring; introduces the Inference Exposure (and Retrieval Exposure) / retrieval-exposure framing, the AI-UC layer beyond access control, and the AI Security Posture Management (AI-SPM) / Data Security Posture Management (DSPM) for AI posture pair.
• Blog: AI Coding Agent Governance (2026, ingested) — see AI Coding Agent Governance (Knostic, 2025–2026). Argues governance is structurally distinct from security; introduces the “shadow automation” framing and a four-component / three-phase model.
• Cyber Defense Matrix ebook (Sounil Yu collaboration) — “Rethinking Cyber Defense for the Age of AI.”
• Kirin — coding-agent security product targeting Cursor, GitHub Copilot, IDE extensions, MCP servers. See Kirin (Knostic).

Capabilities (per published material)

• Prompt simulation — synthetic-employee-prompt testing to surface oversharing paths before users hit them
• Continuous monitoring at the knowledge layer — flags AI-specific exposure that file-centric DLP misses
• Audit trail of who accessed what knowledge and how, including AI-inferred answers from multiple documents
• Remediation playbooks scoped by project, department, or data type
• Sensitivity-label optimization — reads and tunes M365 sensitivity labels and policies

Relations

• Produces: Kirin (Knostic)
• Authored: AI Coding Agent Governance (Knostic, 2025–2026), AI Data Security (Knostic blog, 2026)
• Aligned with: AI TRiSM, Cyber Defense Matrix, AI Security Posture Management (AI-SPM), Data Security Posture Management (DSPM) for AI
• Adjacent vendors named in published material: Glean, Microsoft Copilot (see Microsoft Responsible AI Standard (RAI)), Gemini (Google)