Mend.io Launches System Prompt Hardening, Industry’s First Dedicated Solution to Secure the AI Instruction Layer

BOSTON--(BUSINESS WIRE)--Mend.io, a leader in application security, today announced the launch of System Prompt Hardening within Mend AI, the first dedicated solution built to detect, score and automatically refine weaknesses in AI system prompts. The hidden instructions in system prompts have emerged as a growing security consideration not fully addressed by traditional AppSec tools. System Prompt Hardening provides instant visibility into these behind-the-scenes instructions, identifies weaknesses and automatically strengthens prompt logic to reduce risk before applications reach production. Powered by Mend.io’s proprietary AI Weakness Enumeration (AIWE), a framework modeled on the Common Weakness Scoring System (CWSS), it assigns a one-to-100 severity score to vulnerabilities that could expose applications to prompt injection or unintended data leakage.

According to Gartner, 32% of organizations reported experiencing an attack on AI applications that leveraged the application prompt within the past year, underscoring how quickly the instruction layer has become a viable attack surface. Yet, until now, organizations have lacked a formal way to identify, quantify and prioritize system prompt vulnerabilities. Mend.io’s System Prompt Hardening moves the industry beyond manual red-teaming and ad hoc testing approaches to a standardized framework for managing AI security.

“System prompts are the behavioral blueprint for AI applications, but security standards haven’t kept pace with their growing importance,” said Rami Sass, GM of Mend AI. “While security and development teams have established frameworks like CWE and CWSS to evaluate software risk, we are now introducing System Prompt Hardening and AIWE as the first formal methods to assess and enhance these instructions.”

The New Industry Standard for AI Security

Together, Mend.io’s System Prompt Hardening and AIWE represent a paradigm shift in how organizations govern AI risk. Key capabilities include:

• Automated Detection and Contextual Labeling: Actionable context for security and development teams through continuous identification of hidden system prompts automatically classified by their function and potential attack vectors;
• Formal Severity Scoring: A proprietary one-to-100 severity scale that objectively quantifies the risk of specific prompt vulnerabilities and prioritizes remediation based on measurable impact; and
• Remediation - Proactive System Prompt Hardening: Beyond simple detection, the platform automatically suggests refinements to prompt logic to neutralize threats such as prompt injection before they reach applications in production

“As organizations accelerate AI adoption across their application portfolios, system prompts increasingly represent a material attack surface for injection and manipulation risks, yet many teams lack consistent mechanisms to inventory and assess them. Treating system prompts as governed artifacts rather than ad hoc instructions reflects a maturing approach to AI security,” said Katie Norton, Research Manager for DevSecOps and Software Supply Chain Security at IDC. “Mend.io’s approach integrates security for the AI instruction layer into the development workflow, enabling earlier identification and mitigation of gaps in the foundational behavioral and constraint controls guiding AI systems.”

System Prompt Hardening and AIWE are available in Mend AI Core and Mend AI Premium, extending the unified platform to secure AI-generated code and embedded AI components, drive risk reduction through AI-powered remediation, automate compliance, and provide enterprise-scale visibility into application risk across the development lifecycle.

For more information about how Mend.io is setting the standard for AI security, visit https://www.mend.io/mend-ai/.

About Mend.io

Mend.io is a leading application security solution that helps organizations fix less and reduce risk faster. Built for both AI-driven and modern development workflows, Mend.io gives teams visibility into all code – human-written, AI-generated, open-source, third-party and container components – and helps them prioritize and remediate the risks that matter most.