MurmurCast
NewsTechnical

讓世界再次看見臺灣AI資安實力,奧義兩款產品列入OWASP AI 安全地圖

iThome 新聞

Taiwan-based cybersecurity firm CyCraft (奧義智慧) announced that two of its AI security products, XecGuard and XecART, have been listed in OWASP's latest AI Security Solutions Map. XecGuard is an AI firewall security module focused on real-time LLM protection, while XecART specializes in automated AI red teaming evaluation. This marks a significant milestone for CyCraft as a Taiwan-founded cybersecurity startup gaining global AI security recognition.

Summary

CyCraft (奧義智慧), a Taiwan-based cybersecurity startup previously known for participating in MITRE ATT&CK evaluations as Taiwan's first company to demonstrate detection capabilities on the global stage, has announced a new breakthrough in AI security. The company revealed that two of its products have been included in OWASP's latest AI Security Solutions Map.

The first product, XecGuard, is a next-generation AI firewall security module launched in July of last year. OWASP has categorized it under four enterprise AI adoption phases: Operate, Deploy, Test & Evaluate, and Augment & Fine Tune Data. XecGuard is designed to strengthen the security defenses of Large Language Models (LLMs) by providing real-time mechanisms to prevent sensitive data leakage during AI service operations. It offers autonomous and quantifiable security management through continuous monitoring and analysis of conversational content, enabling detection of AI agents being manipulated into executing off-task tool calls or generating unsafe workflows. The product also supports API and gateway modes to accommodate various industry needs around regulatory compliance, data sovereignty, and deployment flexibility, while integrating readily with existing AI applications, agent architectures, and internal workflows.

The second product, XecART, is listed under three enterprise AI adoption phases: Scope & Plan, Develop & Experiment, and Test & Evaluate. Specializing in AI Red Teaming, XecART has been referenced in various contexts since mid-last year — including an analysis of Apple device-side foundation models in late June, the launch of XecGuard in July, a feature in Japan's weekly BCN magazine in December where the XecART name was formally introduced, and a mention during CyCraft's listing on the Taiwan Stock Exchange Innovation Board in February. The April announcement provided the most detailed description of XecART's capabilities, highlighting its ability to precisely simulate attack paths to ensure AI agents comply with enterprise and organizational policies. It provides multi-turn conversational loop testing and automated red team exercises targeting risks such as goal deviation, prompt injection, and tool misuse, helping enterprises validate the safety, stability, and policy compliance of AI agents in multi-agent environments.

About this episode

過去曾多次參加MITRE ATT&CK評估,奧義成為臺灣首家站上全球舞臺展現資安廠商偵測實力的新創公司,本週他們宣布在AI資安領域獲得新突破,因為旗下有兩款資安產品列入OWASP最新版AI安全解決方案地圖。

Key Insights

  • CyCraft claims XecGuard can detect when AI agents are being manipulated into executing off-task tool calls or generating unsafe workflows by continuously monitoring and analyzing conversational content in real time.
  • OWASP's classification places XecGuard across four enterprise AI adoption stages (Operate, Deploy, Test & Evaluate, Augment & Fine Tune Data), suggesting the product is positioned as a broad lifecycle security solution rather than a point tool.
  • XecART's identity as a distinct product was not publicly named until December last year despite the underlying capabilities being referenced in earlier product announcements, indicating a gradual and strategic product disclosure approach by CyCraft.
  • CyCraft argues that XecART addresses three specific AI agent risk categories — goal deviation, prompt injection, and tool misuse — using multi-turn conversational loop testing, a methodology that mirrors how real adversarial interactions with AI agents occur.
  • CyCraft positions itself as Taiwan's first cybersecurity startup to have competed in MITRE ATT&CK evaluations and now claims to be among the first Taiwanese firms to gain OWASP-recognized standing in AI security, framing both achievements as evidence of global-stage credibility.

Topics

OWASP AI Security Solutions Map inclusionXecGuard AI firewall security moduleXecART AI Red Teaming evaluation toolCyCraft's global AI security positioningLLM security and AI agent risk management

Transcript

過去曾多次參加MITRE ATT&CK評估,奧義成為臺灣首家站上全球舞臺展現資安廠商偵測實力的新創公司,本週他們宣布在AI資安領域獲得新突破,因為旗下有兩款資安產品列入OWASP最新版AI安全解決方案地圖。 其中一款是去年7月推出的 新世代AI防火牆安全模組XecGuard , 被OWASP列入該份地圖的企業導入AI階段,分別是:營運(Operate)、部署(Deploy)、測試與評估(Test & Evaluate)、增強與資料微調(Augment, Fine Tune Data)。 這項產品可強化大型語言模型(LLM)的安全防禦能力,在AI服務運作過程中,提供 即時防止敏感資料外洩的機制 ,實現自主與量化的資安管理, 持續監控與分析對話內容 ,藉此偵測AI代理是否被引導執行偏離任務的工具呼叫程序,或是產生不安全的工作流程。除此之外,XecGuard可提供API與閘道模式,因應不同產業對於法規遵循、資料主權與部署的需求,也能快速整合既有的AI應用系統、AI代理架構與內部作業流程。 另一款是XecART,被列入OWASP AI安全解決方案地圖的企業導入 AI階段,涵蓋:範圍與規畫(Scope & Plan)、開發與實驗(Develop & Experiment),以及測試與評估。這款產品專攻AI紅隊安全評測(AI Red Teaming),去年奧義陸續在幾篇新聞稿提及,像是6月底 針對蘋果裝置端基礎模型的分析 , 7月發表 XecGuard,直到12月接受 日本週刊 BCN 報導 ,XecART這個稱呼才真正浮上檯面,今年2月正式於 台灣證券交易所創新板掛牌交易 ,XecART則以「模型自動化評測」再度被提到。 在4月底奧義宣布入選OWASP AI安全解決方案地圖的消息中,他們更具體描繪XecART的特色,像是 精準模擬攻擊路徑,確保AI代理的行為能夠遵循企業與組織的政策, 並且針對目標偏移、提示注入、工具濫用等風險, 提供多回合的對話循環測試與自動化紅隊演練 ,藉此協助企業驗證在多AI代理環境下,AI代理是否安全、穩定及遵循規範。

Full transcript available for MurmurCast members

Sign Up to Access
View original source →

More from iThome 新聞

Get AI summaries like this delivered to your inbox daily

Get AI summaries delivered to your inbox

MurmurCast summarizes your YouTube channels, podcasts, and newsletters into one daily email digest.