Silmaril

Competitive Intelligence & Product Roadmap

Self-healing prompt-injection defense for AI agents.

Technology

|

AI Security

|

YC Spring 26

|

Valuation:

Unknown

Company Overview

Silmaril is an AI security platform that wraps agent inference calls, red-teams workflows, and blocks prompt-injection chains at runtime. Serving AI-native app teams, security teams, and platform engineers; public customers are not named.

Latest Intel

Zeitgeist tracks private signals to determine where the company is heading strategically.

May 18, 2026
|
Product Surface
|
Confidence:
Medium

New Intel: Silmaril is pairing autonomous red-team agents with a runtime classifier. If it works, the company pressures guardrail vendors like Lakera by turning customer-specific exploit traces into production defense.

What They're Building

The company's public product roadmap & what they're committed to building.

Runtime Firewall

Silmaril wraps inference calls and blocks prompt-injection chains across user inputs, tool calls, connectors, MCP, internal agents, and agentic SDKs.

Autonomous Threat Hunting

The product uses red-team agents to probe customer workflows, map trust boundaries, and generate exploit traces before attackers can reuse the same paths.

Self-Healing Retraining

Silmaril says discovered attacks generate synthetic training data and update firewall weights in under an hour.

Agent Framework Coverage

The company lists support for LangChain, OpenAI Agents SDK, CrewAI, Vercel AI SDK, Google ADK, Python, and TypeScript.

Add To Your Portfolio

Founder and Key Execs

Aum Upadhyay

Co-Founder and CEO (ex-AWS tech lead; built a security and privacy framework at AWS)

Eduardo Velasco

Co-Founder and CTO (ex-Amazon; low-latency ML systems background)

Founder Force Multiplier

Upadhyay brings AWS security and privacy infrastructure experience, while Velasco brings low-latency ML systems experience from Amazon and AWS. That pairing fits a product where the technical bar is production-time security detection with tight inference budgets.

Funding History

2025 | Founded
2026 | Accepted into Y Combinator Spring 2026, with YC standard deal terms reported as $500K

Competitors

Lakera Guard:

A named benchmark alternative focused on LLM guardrails and prompt-injection protection.

BrowseSafe:

A named benchmark alternative in Silmaril’s public comparison set.

GPT Safeguard:

A named benchmark alternative that Silmaril positions against on detection quality and latency.

Model Armor:

A named benchmark alternative in the broader AI security and guardrail category.

Silmaril

's Moat:

Candidate moat is proprietary data: customer-specific exploit traces can tune the runtime classifier, but defensibility depends on proving low false positives in production.

How They're Leveraging AI

Self-Healing Model Updates From Exploits

Silmaril says newly discovered attacks can retrain and redeploy firewall weights in under an hour. The use case is fast adaptation to novel promptware patterns before they spread across customer environments.

Runtime Classifier for Agent Attacks

Silmaril uses a runtime firewall to classify whether an AI agent execution path is drifting toward a harmful outcome. The system is built for AI-native app teams that need protection across prompts, tools, connectors, and agent state.

Autonomous Red-Team Trace Generation

Silmaril uses autonomous threat-hunting agents to probe customer AI workflows, map trust boundaries, and discover prompt-injection exploit chains. Those attacks become the raw material for improving the runtime defense layer.

AI Use Overview:

Silmaril uses a ModernBERT-derived multihead classifier over execution state, tool context, and intent, with retraining from autonomous red-team traces instead of prompt-only rules.

More
Model Evaluation and AI Reliability

Arena (formerly LLMArena)

Crowdsourced human-preference benchmarking platform for LLMs and generative AI models.

Neutral third-party evaluation becomes critical infrastructure as model proliferation outpaces any single lab's ability to grade itself credibly.

Ashr

Catches AI agent failures before users see them by stress-testing across text, voice, and images.

AI agents are shipping to production faster than anyone can test them. Ashr generates synthetic users that stress-test agents across text, voice, and images before real users hit the failure modes.

Cajal

Deploys AI mathematicians that formally verify proofs, grounding outputs in truth not guesses.

LLMs hallucinate. Lean proves things. Cajal pairs LLMs with formal verification so every mathematical result is machine-checked, starting with quantum computing and finance where a wrong proof costs real money.

Cascade

Evaluates and certifies AI agents for safe deployment with red teaming and formal guarantees.

Red teaming and guardrails exist as separate tools. Cascade combines them into one platform with adaptive scaffolding that learns from production runs, already deployed across legal reasoning and customer support agents. The CEO researched graph reasoning and agentic safety at UC Berkeley's BAIR Lab.

Back To All Companies >