讓世界再次看見臺灣AI資安實力，奧義兩款產品列入OWASP AI 安全地圖 Summary — iThome 新聞

Summary

CyCraft (奧義智慧), a Taiwan-based cybersecurity startup previously known for participating in MITRE ATT&CK evaluations as Taiwan's first company to demonstrate detection capabilities on the global stage, has announced a new breakthrough in AI security. The company revealed that two of its products have been included in OWASP's latest AI Security Solutions Map.

The first product, XecGuard, is a next-generation AI firewall security module launched in July of last year. OWASP has categorized it under four enterprise AI adoption phases: Operate, Deploy, Test & Evaluate, and Augment & Fine Tune Data. XecGuard is designed to strengthen the security defenses of Large Language Models (LLMs) by providing real-time mechanisms to prevent sensitive data leakage during AI service operations. It offers autonomous and quantifiable security management through continuous monitoring and analysis of conversational content, enabling detection of AI agents being manipulated into executing off-task tool calls or generating unsafe workflows. The product also supports API and gateway modes to accommodate various industry needs around regulatory compliance, data sovereignty, and deployment flexibility, while integrating readily with existing AI applications, agent architectures, and internal workflows.

The second product, XecART, is listed under three enterprise AI adoption phases: Scope & Plan, Develop & Experiment, and Test & Evaluate. Specializing in AI Red Teaming, XecART has been referenced in various contexts since mid-last year — including an analysis of Apple device-side foundation models in late June, the launch of XecGuard in July, a feature in Japan's weekly BCN magazine in December where the XecART name was formally introduced, and a mention during CyCraft's listing on the Taiwan Stock Exchange Innovation Board in February. The April announcement provided the most detailed description of XecART's capabilities, highlighting its ability to precisely simulate attack paths to ensure AI agents comply with enterprise and organizational policies. It provides multi-turn conversational loop testing and automated red team exercises targeting risks such as goal deviation, prompt injection, and tool misuse, helping enterprises validate the safety, stability, and policy compliance of AI agents in multi-agent environments.

Key Insights

CyCraft claims XecGuard can detect when AI agents are being manipulated into executing off-task tool calls or generating unsafe workflows by continuously monitoring and analyzing conversational content in real time.

OWASP's classification places XecGuard across four enterprise AI adoption stages (Operate, Deploy, Test & Evaluate, Augment & Fine Tune Data), suggesting the product is positioned as a broad lifecycle security solution rather than a point tool.

XecART's identity as a distinct product was not publicly named until December last year despite the underlying capabilities being referenced in earlier product announcements, indicating a gradual and strategic product disclosure approach by CyCraft.

CyCraft argues that XecART addresses three specific AI agent risk categories — goal deviation, prompt injection, and tool misuse — using multi-turn conversational loop testing, a methodology that mirrors how real adversarial interactions with AI agents occur.

CyCraft positions itself as Taiwan's first cybersecurity startup to have competed in MITRE ATT&CK evaluations and now claims to be among the first Taiwanese firms to gain OWASP-recognized standing in AI security, framing both achievements as evidence of global-stage credibility.

讓世界再次看見臺灣AI資安實力，奧義兩款產品列入OWASP AI 安全地圖

Summary

Key Insights

Topics

Get AI summaries delivered to your inbox