ITTech Pulse Exclusive Interview with Yossi Altevet is Co-Founder and Chief Technology Officer of DeepKeep

Yossi Altevet, Co-Founder of DeepKeep, shares in an ITTech Pulse interview how enterprises can secure AI agents through continuous monitoring, red teaming, and runtime protection.

You’ve built your career across companies like Cisco, Comverse, HCL Enterprise, and DriveU.auto before co-founding DeepKeep. What thread connects all those experiences, and what ultimately pushed you to start a company focused entirely on AI security?​

In my previous roles, the common thread has always been working at the intersection of emerging technologies and high-stakes systems, where even a small error can have major consequences. Whether in telecom environments or autonomous systems, the impact of AI-driven decisions can be significant. In telecom, for example, an incorrect decision can lead to large-scale network outages and service disruptions affecting millions of users.

My time at DriveU.auto, working on teleoperation systems for autonomous vehicles that heavily relied on AI technologies, was especially most formative. When dealing with vehicles making split-second decisions, you develop an acute awareness of just how fragile these systems can be, and how quickly the gap between a model performing well in testing and behaving unpredictably in the real world can become a serious liability. I became convinced that most organizations deploying AI had very limited visibility into that gap.

When Rony and I looked at the enterprise AI landscape, we recognized a massive emerging blind spot: businesses were rapidly adopting AI while treating security as an afterthought, relying on tools designed for traditional software that do not account for how AI systems actually behave. That gap is what pushed us to build DeepKeep.

Read More: ITTech Pulse Exclusive Interview with Michael Campell, Chief Product Officer, Hyland

DeepKeep became active in 2022, when the broader world hadn’t yet woken up to AI security as a category. How did you and Rony Ohayon identify the gap, and what did you see that others were missing about the risks of deploying AI in the enterprise?

In 2021/2022, most of the conversation around AI was focused on model accuracy, explainability, ethics, bias, and misinformation because AI was still largely viewed as a standalone model problem. It had not yet been deeply embedded into enterprise systems, connected to sensitive data, or entrusted with business-critical workflows at scale. What we saw early was that this was about to change, and that once AI became integrated into enterprise applications, databases, and decision-making systems, the security risks would shift dramatically. The real challenge would not just be the model itself, but what happens when that model is connected to internal systems, sensitive data, and operational workflows.

We began to understand the distinction between securing a model and securing an AI application. Enterprises were doing very basic testing and training on individual models, but little attention was being paid to the full ecosystem these models operate within, including broader workflows, integrations, agents, and data systems.

We also recognized early on that AI systems behave fundamentally differently from traditional software. Their outputs change based on context, phrasing, and conversation history, which means attackers can exploit subtle manipulation techniques that traditional security tools are blind to. We built DeepKeep specifically to secure that semantic layer — where language, context, and model behavior come together — and it has proven to be exactly the right problem to solve.

DeepKeep covers an impressive range across applications, agents and users – AI Firewall, Automated Red Teaming, Model Scanning, AI Usage Control, and now Vibe AI Red Teaming. How do you think about stitching these capabilities into a coherent platform, rather than a collection of point tools?

A security gap at any stage of the AI lifecycle creates exposure across the entire system. If you scan a model but don’t test it in context, you can miss vulnerabilities that only emerge during real interactions. If you red team in development but don’t apply runtime protection, you’re exposed the moment a novel attack appears in production. Point tools create a false sense of security.

The way we think about the platform is in distinct but interconnected phases: before deployment and after deployment during continuous operation. Model Scanning happens early, ensuring what you’re building on is trustworthy. Red Teaming, including our first-of-its-kind Vibe AI Red Teaming, happens across the development and testing phase, proactively identifying how an application or agent can be exploited before it goes live. The AI Firewall and AI Usage Control operate at runtime, protecting every interaction in real time. Our AI Agent Scanner maps the attack surface of agentic workflows, connecting all of that into the context of how agents actually behave.

Every component of the platform is designed to understand the specific environment it’s operating in, because enterprise AI risk is highly contextual and fragmented tools miss that context. And critically, each component actively informs the next, creating a system of interconnectivity and synergy to never miss the mark. The attack surface discovered by the AI Agent Scanner feeds directly into the Red Teaming system, testing the specific tools, data sources, and interactions that are actually exposed. The vulnerabilities surfaced through Red Teaming then flow into the AI Firewall, so the guardrails deployed at runtime reflect what was genuinely found.  This is what makes DeepKeep a holistic security layer for AI, rather than a bundle of point solutions – one system with shared context, telemetry, and policy enforcement where each capability works in synergy with the other.

Read More: ITTech Pulse Exclusive Interview with Michael Jacobs, Head of Social Innovation at IBM

You recently launched an AI Agent Scanner – a first-of-its-kind solution to map and discover the attack surface of enterprise AI agents. You’ve said that agents are ‘no longer operating in isolation.’ Can you unpack what makes agentic AI fundamentally different from traditional AI applications from a security standpoint?

The fundamental difference is that traditional AI applications are mostly passive, while AI agents are autonomous and action-oriented. In a traditional AI application, the interaction model is relatively contained: a user submits a prompt, the model generates a response, and the transaction ends there. Even if the response is incorrect or manipulated, the impact is usually limited to the content that was generated.

AI agents fundamentally change that model. They are not just generating responses — they are taking actions. Agents can autonomously initiate tasks, call external APIs, access file systems, interact with collaboration platforms and operational databases, make decisions that trigger downstream actions, and increasingly communicate with other agents. In many cases, they are effectively operating on behalf of the enterprise inside sensitive environments and business-critical workflows.

That shift dramatically expands the attack surface. The risk is no longer limited to manipulating a model’s output; an attacker may be able to influence actions, access connected systems, manipulate workflows, or move laterally across integrated environments. Every additional integration, tool, permission set, or connected data source becomes part of the agent’s attack surface.

What makes this even more challenging is that most organizations do not fully understand or document how these agents are connected across their environment. That is exactly why we built the AI Agent Scanner. The platform automatically discovers and maps the full attack surface of enterprise AI agents, including connected tools, data sources, permissions, workflows, and potential vulnerabilities. This attack surface mapping is then leveraged during the platform’s red-teaming and security validation process to simulate realistic attack paths and identify exploitable weaknesses before attackers do. The result is a structured visual risk map that gives security teams visibility into how their agents actually behave and where the real risks lie.

Prompt injection, jailbreaking, and PII leakage are threats that didn’t exist before LLMs. How do you explain these risks to a CISO who built their career defending traditional network perimeters, and what do they tend to underestimate most?

In traditional cybersecurity, most defenses are built around protecting system boundaries: preventing unauthorized access, blocking malware, or stopping attackers from breaching the network perimeter. With AI systems, the challenge is fundamentally different because the attack surface is no longer just the infrastructure — it is also the model’s behavior and decision-making process itself.

Prompt injection and jailbreaking are good examples of this shift. In both cases, the attacker is not necessarily exploiting a software vulnerability in the traditional sense. Instead, they are manipulating the model through language and context. An attacker can craft inputs that cause the AI system to ignore instructions, bypass guardrails, expose sensitive information, or perform actions it was never intended to take. The attack happens at the semantic layer, which traditional security tools were never designed to monitor or understand.

The challenge becomes even more complex in multi-turn interactions and agentic environments, where the model accumulates context over time and is connected to external tools, data sources, and workflows. A seemingly harmless conversation can gradually evolve into a successful manipulation attempt because the model continuously adapts its behavior based on context and memory.

Interestingly, most CISOs today are already highly aware of the PII leakage and governance risks around AI. In almost every conversation we have, concerns around sensitive data exposure, employee usage of public AI tools, and lack of visibility into AI interactions come up immediately. What many organizations still underestimate, however, is how quickly the attack surface expands once AI systems become autonomous, interconnected, and integrated into operational environments. At that point, the risk is no longer just about data leakage — it becomes about influencing decisions, manipulating workflows, and abusing the AI system itself as an operational entry point into the enterprise. Employees are sharing sensitive documents and customer data with AI tools every day, often with no visibility or governance in place. 97% of organizations reported an AI-related security incident in 2025, and 63% of those had no governance policy in place. This gap must be closed, and the urgency is already visible.

Research suggests only 14% of CEOs believe their AI systems adequately protect sensitive data, yet organizations continue to accelerate deployment. How do you help enterprises balance the pressure to move fast with the imperative to build secure, trustworthy AI systems?

That statistic reflects something we hear consistently from enterprise customers: there’s enormous organizational pressure to deploy AI quickly, and security is treated as a constraint rather than an enabler. The result is that businesses are operating with a significant confidence gap. They know they’re exposed and are lacking the tools or the time to address it properly.

Our approach is to make security fast and flexible to deploy. Model Scanning as well as AI Agent Scanning can identify vulnerabilities before a model or agent goes anywhere near production. Automated Red Teaming and now our Vibe AI Red Teaming solution with human-in-the-loop guidance, dramatically reduces the time and expertise required to test AI applications comprehensively. At runtime, the AI Firewall and AI Usage Control enforce real-time protections around sensitive data, unsafe outputs, and policy violations without disrupting performance.

That combination gives enterprises what they actually need: the ability to move quickly without deploying blindly. Security becomes a built-in control layer for visibility, testing, and enforcement so organizations can accelerate AI adoption with confidence, not just speed.

Looking forward, AI agents are projected to handle at least 15% of routine business decisions by 2028. As that number grows, how do you see the AI security landscape transforming – and what must the industry get right in the next 12 to 24 months to avoid a systemic security crisis?

The 15% figure is an important marker, but the more consequential shift is qualitative, not quantitative. As agents become capable of executing complex tasks across enterprise systems, making decisions, and interacting with each other in what we see as an emerging “Internet of Agents”, the risk of a security failure expands dramatically.

In the next 12 to 24 months, the industry needs to get three things right. First, visibility: enterprises need to actually know what agents they have deployed, what those agents can access, and how they’re behaving. Most organizations today have no structured answer to that question. Second, standards: the absence of a common framework for describing agent behavior and threats across vendors and platforms creates a coordination problem that individual solutions can only partially address. Third, governance: Agentic AI cannot be treated as a one-time deployment. It requires continuous monitoring, runtime protection, and the ability to intervene when agent behavior deviates from what was intended.

Adoption is accelerating faster than security frameworks are maturing, which is exactly the dynamic that produces systemic incidents. DeepKeep’s focus for 2026 and beyond is specifically to close that gap, expanding our agentic security capabilities across the full AI lifecycle so enterprises can adopt them safely without losing control of how they behave in production.

Thank you, Mr.Yossi, for taking the time to share your insights with us.

Write to us [⁠wasim.a@demandmediaagency.com] to learn more about our exclusive editorial packages and programmes.