Sectum AI vs Lakera

TL;DR. Lakera is an AI-native security platform (Guard for runtime protection, Red for adversarial testing, PII Detection for sensitive-data filtering) that sits in the request path and blocks or scores AI traffic. Sectum AI sits across the multi-tenant boundary and verifies and attests — it provisions synthetic tenants, plants cryptographic markers, runs cross-tenant probes across 13 surfaces, and produces a tamper-evident evidence pack. The two products solve different problems for the same buyer and complement each other; neither replaces the other.

The two products

Lakera (lakera.ai)

Category: AI-native security platform. Three products:

Lakera Guard — runtime visibility and protection for AI applications and agents. Single-API drop-in (cloud or in-VPC Docker). Detects and blocks prompt injection, harmful content, and PII leakage in real time.
Lakera Red — adversarial testing / red-team for AI systems. Simulates attacks to find vulnerabilities pre-production.
Lakera PII Detection — sensitive-data filtering / redaction.

License: commercial. No open-source core.

Pricing (Lakera platform pricing):

Community — free, 10,000 requests / month, solo devs or small teams.
Enterprise — custom-quoted; SSO, self-hosting, advanced features, premium support.

Public customer: Dropbox uses Lakera Guard as an in-VPC Docker microservice for AI-powered features (smart search, document summarization).

Funding: Series A; specifics for 2026 not publicly surfaced.

Sectum AI (sectum.ai)

Category: multi-tenant AI verification. Not a runtime guardrail. Not a firewall. The deliverable is auditor-acceptable, tamper-evident evidence that the tenant boundary holds across the AI stack.

License: Apache 2.0 OSS core (substrate, attack catalog, adapters, evidence chain, sectum-ai verify). Sectum Cloud commercial. The evidence layer in the OSS produces the same artifacts the hosted product does — by design.

Method: synthetic-tenant marker substrate. Provisions tenants on the customer’s AI stack, seeds them with cryptographic canary markers and a hashed ground-truth manifest, runs 11 cross-tenant probe classes across 13 surfaces, produces a tamper-evident evidence pack (RFC 3161 TSA + Sigstore Rekor + in-toto envelope, control-mapped audit PDF, machine-readable evidence.json).

The categorical difference: blocking vs. verifying

The fundamental difference is what the product does to a request:

	Lakera Guard	Sectum AI
Mode	Runtime: intercept, score, and block traffic	Periodic verification: provision synthetic tenants, run probes, produce evidence
Position	In the request path	Outside the request path
Unit	Per-request decision (allow / block / score)	Per-run audit pack
Detection	Real-time content filtering, prompt-injection classifier	Manifest-grounded layered detection (exact → semantic → calibrated judge)
Output	Block / allow / score per request	Tamper-evident audit pack (RFC 3161 + Rekor + in-toto + PDF + JSON)
For	Application engineering and platform security	CISOs, DPOs, audit firms
Deployment	API or in-VPC Docker microservice (request path)	CLI in customer’s environment (BYOC); only signed evidence leaves
When it fires	Every request	On a schedule, on-demand, or at every audit cycle / Article 17 ticket
What it can attest	Live blocking rate, per-policy metrics	”Tenant A’s data cannot reach tenant B across these 13 surfaces under this manifest hash, signed and cryptographically timestamped”

Lakera Guard is a control — a runtime mitigation that does work on every request. Sectum AI is a verifier and attester — it doesn’t touch live traffic; it produces evidence that the boundary holds. Both are useful; they answer different questions; deploying both on the same stack is the natural pattern for a serious multi-tenant AI SaaS.

Lakera Red and Sectum AI: closer, still different

Lakera Red is the closest thing in Lakera’s portfolio to Sectum AI — both test the AI system rather than blocking traffic. But the unit of analysis differs:

Lakera Red simulates attacks against AI systems (a general adversarial suite) and surfaces vulnerabilities. It’s broad — like Promptfoo or Garak — but with the commercial wrap of the Lakera platform.
Sectum AI is opinionated and category-specific: it tests multi-tenant isolation with a marker substrate and produces auditor-acceptable, tamper-evident evidence. Not generic adversarial testing; specifically the cross-tenant boundary, specifically with manifest-grounded zero-FP detection, specifically with a cryptographic evidence chain.

If you want broad adversarial testing of an AI system, Lakera Red is a strong commercial option. If you specifically need to prove multi-tenant isolation with auditor-grade evidence — and if GDPR Article 17 erasure attestation is on your roadmap — Sectum AI is the focused tool.

Surface coverage

Surface	Lakera Guard	Lakera Red	Sectum AI
LLM endpoint (input/output filtering)	✓ (runtime)	✓ (test)	✓ (probe surface)
PII detection in real time	✓	—	— (not a goal — Sectum AI tests cross-tenant flow, not PII filtering)
Cross-tenant boundary on a shared vector DB	—	partial (general probes)	✓ (Class 2 + direct Pinecone/pgvector/Weaviate/Chroma adapters)
Semantic-cache contamination	—	—	✓ (Class 4 + live Redis adapter)
KV-cache timing side channel	—	—	✓ (Class 5, statistical effect-size test)
Embedding inversion across tenants	—	—	✓ (Class 6)
Agent / MCP confused-deputy + token passthrough	partial (Lakera Guard for agents)	partial	✓ (Class 7 — the Asana-class flaw with per-finding evidence)
Persistent agent memory cross-tenant	—	—	✓ (Class 8)
LoRA / fine-tune cross-tenant influence	—	—	✓ (Class 9)
Multi-turn benign extraction (IKEA/Silent Leaks)	—	partial	✓ (Class 10)
RAG poisoning	—	partial	✓ (Class 3)
GDPR Article 17 erasure verification	—	—	✓ (Class 11 — the Erasure Attestation engagement)
Observability backends (Langfuse/LangSmith/Phoenix)	— (Lakera has its own observability)	—	✓ (live adapters; erasure verifies these too)

Lakera Guard is depth on the request path (blocking, filtering, real-time PII). Sectum AI is depth on the tenant boundary across 13 surfaces. The two coverages are perpendicular.

Evidence model

Lakera Guard’s output is per-request decisions and platform telemetry. Lakera Red’s output is a vulnerability report. Both are excellent for security operations; neither is shaped like an auditor attestation.

Sectum AI’s output is a different artifact:

Canonicalized run → SHA-256 digest.
Digest timestamped by an RFC 3161 Time-Stamp Authority.
Digest + signature recorded in a Sigstore Rekor transparency log entry with an inclusion proof.
Wrapped in an in-toto attestation envelope.
Bundled with the ground-truth manifest hash, control mappings (per-finding owasp_llm + atlas[] + nist[]), the audit-pack PDF, and evidence.json.
Independently verifiable — sectum-ai verify <pack> recomputes the chain end-to-end and exits 4 on any tampering. No Sectum AI installation required; the OSS verifier is the same code anyone can run.

For an auditor or DPO asking “can you prove tenant A’s data didn’t reach tenant B?” — the Lakera platform gives a runtime story; Sectum AI gives a cryptographic chain of custody.

When to use Lakera

You need runtime AI protection in the request path — block prompt injections, filter PII, redact sensitive outputs before they leave your AI service.
You operate at scale where a real-time AI firewall has measurable production value (per-request blocking, per-policy metrics).
You want a single commercial AI security vendor with platform breadth (Guard + Red + PII Detection) and enterprise support.
You’re a Lakera customer already running Guard and want adversarial testing in the same console.

When to use Sectum AI

You operate a multi-tenant AI SaaS and need to prove the tenant boundary holds across all surfaces — not just the LLM endpoint, but the vector DB, semantic cache, KV cache, agent memory, MCP servers, fine-tune adapters, eval sets, search indexes, and tracing.
You’re facing a GDPR Article 17 erasure obligation for a churned tenant and need to attest the data has actually left every AI surface — useful for DPOs and regulator-facing posture.
You’re preparing for SOC 2 / ISO 27001 / HIPAA in a multi-tenant AI product and need auditor-acceptable, control-mapped, tamper-evident evidence for the AI portion of the stack.
You want independently-verifiable evidence — a pack a third party can verify without your vendor.
You want an open-source evidence layer — the same artifacts the hosted product produces.

Using both

The mature multi-tenant AI SaaS deploys Lakera Guard in the request path (runtime protection) and runs Sectum AI periodically (verification + auditor evidence). They serve different parts of the same security posture:

Lakera handles the active threat on every request.
Sectum AI handles the verification + attestation the auditor and DPO require.

Neither blocks live traffic the way Lakera Guard does. Neither produces the cryptographic chain of custody Sectum AI does. The two compound, and using both is the cleanest pattern for an AI shop that takes both runtime protection and audit readiness seriously.

The “AI security” category, broken down

“AI security” is a label that mixes runtime guardrails, adversarial testing, supply-chain scanning, and audit evidence — all under one banner. A more precise breakdown:

Runtime protection — Lakera Guard, NeMo Guardrails, ProtectAI Layer, Cisco AI Defense (firewall side), Prompt Security.
Adversarial testing — Lakera Red, Promptfoo, Garak, PyRIT, DeepTeam, ProtectAI Recon.
Verification and attestation — Sectum AI.
Model security / supply-chain — ProtectAI Guardian.
GRC / compliance automation — Vanta, Drata.
DSR / privacy workflows — Securiti, OneTrust.

A serious AI program touches several of these. Sectum AI focuses on the verification and attestation slice at the multi-tenant boundary.

Pricing

Lakera Community — free, 10,000 requests / month.
Lakera Enterprise — custom-quoted; SSO, self-hosting, advanced features.
Open Sectum (OSS) — Apache 2.0, free; evidence layer fully open.
Sectum Cloud — see pricing.

References

Lakera — homepage, Lakera Guard product page, platform pricing, G2 reviews, Crunchbase profile, overview (eesel AI, 2026).
Sectum AI — GitHub, docs, attack catalog, evidence chain, sample evidence packs.