Lasso’s AI Security Platform gives enterprises visibility, control, and protection across AI models, agents, and apps. Reduce GenAI risk in real time.
Lasso Security is recognized for its advanced AI capabilities and publishing insightful research, particularly concerning vulnerabilities like indirect prompt injection in coding environments. Users appreciate its open-source defense tools, which contribute positively to its reputation for enhancing cybersecurity. However, there are limited reviews directly addressing pricing, suggesting ambiguity in user sentiment regarding cost. Overall, Lasso Security enjoys a favorable reputation for its proactive approach to digital security threats.
Mentions (30d)
0
Reviews
0
Platforms
2
Sentiment
0%
0 positive
Lasso Security is recognized for its advanced AI capabilities and publishing insightful research, particularly concerning vulnerabilities like indirect prompt injection in coding environments. Users appreciate its open-source defense tools, which contribute positively to its reputation for enhancing cybersecurity. However, there are limited reviews directly addressing pricing, suggesting ambiguity in user sentiment regarding cost. Overall, Lasso Security enjoys a favorable reputation for its proactive approach to digital security threats.
Features
Use Cases
Industry
information technology & services
Employees
73
Funding Stage
Seed
Total Funding
$6.2M
Claude Code with --dangerously-skip-permissions is a real attack surface. Lasso published research + an open-source defender worth knowing about.
If you use Claude Code with --dangerously-skip-permissions, this is worth 10 minutes of your time. Lasso Security published research on indirect prompt injection in Claude Code. The short version: when Claude reads files, fetches pages, or gets output from MCP servers, it can't reliably tell the difference between your instructions and malicious instructions embedded in that content. So if you clone a repo with a poisoned README, or Claude fetches a page that has hidden instructions in it, it might just... follow them. With full permissions. The attack vectors they document are pretty unsettling: Hidden instructions in README or code comments of a cloned repo Malicious content in web pages Claude fetches for research Edited pages coming through MCP connectors (Notion, GitHub, Slack, etc.) Encoded payloads in Base64, homoglyphs, zero-width characters, you name it The fundamental problem is simple: Claude processes untrusted content with trusted privileges. The --dangerously-skip-permissions flag removes the human checkpoint that would normally catch something suspicious. To their credit, Lasso also released an open-source fix: a PostToolUse hook that scans tool outputs against 50+ detection patterns before Claude processes them. It warns rather than blocks outright, which I think is the right call since false positives happen and you want Claude to see the warning in context, not just hit a wall. Takes about 5 minutes to set up. Works with both Python and TypeScript. Article: https://lasso.security/blog/the-hidden-backdoor-in-claude-coding-assistant GitHub: https://github.com/lasso-security/claude-hooks Curious whether people actually run Claude Code with that flag regularly. I can see why you would, the speed difference is real. But the attack surface is bigger than I think most people realize. submitted by /u/amitraz [link] [comments]
View originalLasso Security uses a tiered pricing model. Visit their website for current pricing details.
Key features include: Inventories every agent and application, Maps models, system prompts, tools and guardrails, Tracks red teaming scans policies, Kept current on every change, Misconfigurations and policy gap analysis, Supply chain risk assessment, NIST and OWASP compliance framework alignment, Proactive exposure assessment.
Lasso Security is commonly used for: Context poisoning and tool chain manipulation, Adversarial recon before every dynamic attack.
Lasso Security integrates with: Slack, Microsoft Teams, Jira, GitHub, AWS, Azure, Google Cloud, Trello, Zapier, ServiceNow.
