Project Looking Glass

Thank you for your interest in participating. This study explores how enterprises evaluate, adopt, and use AI safety and security software. We are seeking input from professionals involved in the selection or implementation of AI safety solutions at their organizations.

Estimated completion 20 minutes. Honorarium USD 200, payable via digital gift card, PayPal, Venmo, ACH, and other options. All responses are anonymous and analyzed in aggregate.

• I understand and am interested in the survey
• Nevermind, I am not interested

• AI consulting or professional services firm
• AI safety, security, or red-teaming software vendor
• Enterprise (in-house technology team at a non-software company)
• Financial services firm
• Foundation model lab or frontier AI lab
• Healthcare or life sciences organization
• Public sector or government agency
• Software or SaaS company building AI features
• None of the above

• One or more AI features in production, customer-facing
• One or more AI features in production, internal-only
• In active pilot, not yet in production
• Planning to deploy in next 12 months
• No active AI plans

• Under USD 250 million
• USD 250 million to USD 1 billion
• USD 1 billion to USD 5 billion
• USD 5 billion to USD 25 billion
• Over USD 25 billion

Specialist software vendor

• Alice (formerly ActiveFence), CalypsoAI, F5 AI Guardrails, HiddenLayer, Lakera (Check Point), Mindgard, Patronus AI, Prompt Security, Protect AI (Palo Alto Networks), Robust Intelligence (Cisco), Wiz (AI Security Posture Management), or another specialist (please specify)

Platform-bundled guardrails

• AWS Bedrock Guardrails, Azure AI Content Safety or Prompt Shield, or Google Cloud Model Armor / Vertex AI safety filters
• OpenAI Moderation or Anthropic safety classifiers (built-in model-provider safety)
• Databricks AI Gateway, Snowflake Cortex Guard, or Microsoft Purview AI Hub / Defender for Cloud AI

In-house or open-source

• Built in-house with no third-party vendor
• Open-source tools as primary approach (Promptfoo, NeMo Guardrails, Guardrails AI, PyRIT, Llama Guard, ShieldGemma)

Services partner

• BPO or services partner for content review

Other current state

• The AI application vendor we use (e.g. Sierra, Decagon, Cresta, ElevenLabs) handles safety on our behalf
• Nothing formal in place yet
• I'm not sure

• Primary decision-maker
• Part of the decision-making committee
• Significant input but not final decision authority
• User with limited input on decisions
• No involvement in selection or management decisions

• Yes
• No

• Yes, I have time to provide quality feedback
• Not right now — I will return when I have more time

• Zero in production today, one to two planned
• One to two in production
• Three to five in production
• Six to ten in production
• More than ten in production

• None in production today
• 1 to 5
• 6 to 15
• 16 to 50
• More than 50
• Not sure

• Under 1 million per month
• 1 million to 10 million per month
• 10 million to 100 million per month
• 100 million to 1 billion per month
• More than 1 billion per month
• Not sure

• No dedicated AI or ML engineering team
• 1 to 5 AI or ML engineers
• 6 to 20 AI or ML engineers
• 21 to 50 AI or ML engineers
• 51 to 200 AI or ML engineers
• More than 200 AI or ML engineers

• AWS
• Google Cloud Platform
• Microsoft Azure
• Multi-cloud (significant use of two or more)
• On-premises or private cloud
• No primary cloud, cloud-agnostic

• Yes, fully built and headcount is growing
• Yes, built, headcount is flat
• In progress, hiring now
• Plan to build in the next 12 months
• No plans to build internal capability

• Agents in production today, customer-facing
• Agents in production today, internal-only
• Agents in pilot, not yet in production
• Planning agent deployment in next 12 months
• Evaluating but no concrete plan
• Not on the roadmap

• Agentic systems that call tools or APIs autonomously
• AI with access to sensitive data (PII, financial, health, IP)
• AI operating in a regulated industry
• AI used to moderate user-generated content
• Customer-facing AI features in our product
• Customer-facing chatbot or virtual agent
• Internal employee assistant or copilot
• Internal AI agents built on a low-code platform (Copilot Studio, Salesforce Agentforce, ServiceNow Now Assist, etc.)
• Processes unstructured user input (text, voice, images)
• None of the above

• Almost entirely internal (90 percent or more)
• Mostly internal (60 to 90 percent)
• Roughly even (40 to 60 percent each)
• Mostly external (60 to 90 percent)
• Almost entirely external (90 percent or more)

• AWS Bedrock / Bedrock Guardrails
• Azure AI Foundry / AI Content Safety
• Google Vertex AI / Model Armor
• Databricks (Mosaic AI)
• Microsoft Copilot Studio
• Salesforce Agentforce
• ServiceNow Now Assist
• LiteLLM (open-source AI gateway)
• LangChain / LangGraph
• AWS Strands
• Nvidia NeMo
• n8n
• Internal or proprietary orchestration layer
• None or not yet decided

• Less than 6 months
• 6 to 12 months
• 1 to 2 years
• 2 to 5 years
• More than 5 years

Scale0 = not a driver10 = top driver

• Adversarial misuse by bad actors
• Agent or tool-use misbehavior
• Agents taking unauthorized actions or calling the wrong tools
• Compliance violations (EU AI Act, NIST, state laws)
• Data exfiltration through agent tool-use (agent retrieves and discloses data it should not)
• Data leakage or PII exposure through AI
• Hallucinations or inaccurate output reaching users
• Harmful content reaching users
• Model drift or behavior change in production
• Prompt injection and jailbreaks

• Audit finding or near-miss incident
• Board, executive, or risk committee mandate
• Cost reduction in content moderation or T&S operations
• Customer or partner contractual requirement
• Inadequacy of current cloud-native or open-source tools
• Insurance or cyber underwriting requirement
• New customer-facing or regulated AI deployment
• Preparing for agentic AI deployment
• Regulatory pressure (EU AI Act, NIST, state laws)
• Specific security incident

• Alice (formerly ActiveFence)
• AWS Bedrock Guardrails
• Azure AI Content Safety or Prompt Shield
• BPO or services partner
• CalypsoAI
• Cloud-native guardrails
• Google Cloud Model Armor
• HiddenLayer
• In-house custom-built solution
• Lakera
• Manual processes
• Nothing in place
• Open-source tools
• Prompt Security
• Protect AI
• Robust Intelligence
• I'm not sure

Scale0 = not important10 = very important

• Automated remediation workflows (ticketing integration, fix recommendations, auto-fix)
• Coverage of agentic AI and tool-use scenarios
• Compliance reporting and audit trail
• Custom policy authoring and policy-as-code
• Detection accuracy and low false-positive rate
• Ease of integration and time to value
• Pre-packaged industry policies (financial services, healthcare, kids and entertainment, etc.)
• Runtime latency added per request
• Speed to deploy a new custom policy or harm classifier (hours, days, weeks)
• Threat intelligence freshness

Scale0 = very poor10 = excellentN/A

• Already underway
• Next 3 months
• 3 to 6 months
• 6 to 12 months
• 12 plus months
• No timeline

• Business unit or product line
• Chief AI Officer, Chief Data Officer, or AI/ML organization
• CISO or security organization
• CTO or CIO
• Risk, compliance, or legal organization
• Shared, no single owner
• Trust and Safety organization
• Not yet established

• Just me or a small team (1 to 2)
• 3 to 5 people
• 6 to 10 people
• More than 10 people

• Critical — we serve customers in 10 or more languages
• Important — we need solid coverage in 3 to 5 languages
• Useful — primary language plus one or two is sufficient
• Not important — English-only is fine for our use case

Scale0 = lowest budget priority10 = highest budget priority

Scale0 = will not adopt10 = will definitely adopt

• Agentic AI safety and tool-call validation
• Content moderation (user-generated and AI-generated)
• Image and video generation safety
• Multi-agent coordination safety
• Post-launch monitoring and drift detection
• Pre-launch adversarial testing and red-teaming
• Runtime input and output filtering (AI firewall)
• Sector-specific compliance modules (financial services, healthcare, public sector)
• Threat intelligence on adversarial tactics
• Unified AI policy plane / AI gateway
• Voice AI safety

Scale0 = very poor10 = excellentN/A

Scale0 = very dissatisfied10 = very satisfied

Scale0 = very poor10 = excellentN/A per row

• Agentic AI and tool-use coverage
• Compliance and audit reporting
• Documentation and developer experience
• Post-launch monitoring and drift detection breadth
• Pre-launch red-teaming depth and coverage
• Runtime detection accuracy
• Runtime guardrail latency
• Threat intelligence currency and quality

Scale0 = not at all critical10 = absolutely essential

• Yes, that should be their responsibility
• Partially, but I want my own guardrails layered on top
• No, I want to own the safety layer independently of any application vendor
• Not applicable, we don't use AI application vendors

Scale0 = much worse10 = significantly better

• Not applicable, no spend
• Under USD 500k
• USD 500k to USD 2 million
• USD 2 million to USD 10 million
• Over USD 10 million
• Prefer not to say

• No dedicated budget
• Under USD 50k
• USD 50k to USD 250k
• USD 250k to USD 1 million
• USD 1 million to USD 5 million
• Over USD 5 million

Scale0 = very poor10 = excellentN/A

• Custom enterprise agreement
• Flat annual platform fee
• Per protected AI application or per model
• Per-request or per-token consumption
• Per-seat or per-developer pricing
• Tiered by feature with usage caps

• Nothing extra, it should be included
• Up to 10 percent more
• 10 to 25 percent more
• 25 to 50 percent more
• More than 50 percent more
• Don't know

• AWS, Azure, or GCP marketplace
• Direct from the vendor
• Through a managed security services provider (MSSP)
• Through a systems integrator or consultancy
• Through our incumbent enterprise security vendor (Palo Alto, Cisco, Check Point, F5, CrowdStrike, etc.)
• No preference

• I would only pay for the unified platform, not separate modules
• I would expect to pay 25 percent or more LESS in total if buying separately
• I would expect to pay roughly the same total
• I would expect to pay 25 percent or more MORE in total if buying separately
• Don't know

• One combined solution covering both internal employee-facing AI and external customer-facing AI
• Separate solutions, with different vendors for internal versus external
• Only for external customer-facing AI (internal handled by IT or built-in tools)
• Only for internal AI (external handled by application vendor or not yet a priority)
• Undecided

Scale0 = very unlikely10 = very likely

Scale0 = very easy, minimal disruption10 = very difficult, prohibitive disruption

Scale0 = very unlikely to renew10 = very likely to renewNot Involved

• Better alternative found
• Budget constraints
• Business needs changed
• Integration issues
• Lacks innovation or AI roadmap
• Low user adoption internally
• Missing key features
• Poor vendor support
• Reliability or uptime issues
• ROI not realized
• Other (please specify)

• Not aware of the company
• Aware of the name only
• Aware and have read about the product
• Evaluated the product
• Trialed or piloted the product
• Current customer

Scale0 = not appealing10 = very appealing

• WonderBuild — pre-launch adversarial testing
• WonderFence — runtime AI firewall, sub-150ms latency
• WonderCheck — post-launch monitoring and drift detection
• Rabbit Hole — threat intelligence feed
• Agentic AI safety and tool-call validation (roadmap)
• Industry-specific policy packs (financial services, healthcare, kids and entertainment, etc.)
• A unified bundle of WonderBuild + WonderFence + WonderCheck

Scale0 = very unlikely10 = very likely

• A unified platform covering pre-launch testing, runtime guardrails, and post-launch monitoring
• Post-launch monitoring and ongoing red-teaming
• Pre-launch testing and red-teaming
• Runtime guardrails and runtime protection
• None of the above is a priority

• Customer VPC (private deployment within our cloud account)
• On-premises or air-gapped
• Vendor SaaS, multi-tenant
• Vendor SaaS, single-tenant or dedicated
• No preference

• Action audit trail and forensics
• Cost and runaway-loop protection
• Cross-agent and multi-agent coordination safety
• Goal and intent verification (is the agent doing what was asked)
• Identity and entitlement propagation
• Sandboxing and blast radius controls
• Tool-call validation and authorization

• To be so expensive that you would not consider buying it
• Starting to get expensive, but not out of the question
• To be a bargain — a great buy for the money
• To be priced so low that you would question the quality

• Already committed to cloud-native or open-source approach
• Already committed to or satisfied with current vendor
• Budget constraints
• Concern about company longevity or financial backing
• Concern about coverage gaps in our use case
• Concern about data residency or privacy
• Concern about integration or implementation effort
• Frontier-lab-first positioning feels misaligned with enterprise needs
• Not familiar enough with the brand
• Other (please specify)
• Nothing significant — we are open to evaluating

Scale0 = strong negative, different buyer and product5 = neutral10 = strong positive, best possible credential

• First name
• Last name
• Job title
• Company
• Email

• Yes, I am interested
• No, I am not interested
• Maybe, please send more detail