Every founder dreams about landing that first enterprise customer. The demos go smoothly, the product works, and momentum finally feels real. But then comes the moment most early teams aren’t prepared for: the security review. A single vulnerability, exposed API, or overlooked compliance gap can stall deals instantly, not because the product is bad, but because trust breaks before adoption begins.

Nitesh Sinha, co-founder of Trampolyne AI and formerly product lead at Zepto, has sat across the table from that moment- not just once, but repeatedly, with the startups he now works with. His message to founders building with AI is simple, and a little uncomfortable: The speed at which you’re building is outpacing the speed at which you’re protecting.

And the stakes, he says, are higher than most founders realise.

Why Does AI Change the Security Equation?

Security has always lagged behind threats. That’s not new! What is new and genuinely different is how dramatically AI has tilted the playing field.

Nitesh puts it plainly: AI follows instructions directionally, not exactly. It works with abstract inputs, it doesn’t give up when it fails, and it operates at machine scale. Those are also the exact traits that make it dangerous in the wrong hands or in a poorly designed system.

“Practically anyone can use AI to get subject matter expert-calibre work done, at machine scale and speed,” he says. “That’s also true for someone with malicious intent.”

Is this just in theory? No! He shared the story of a student in India whose API keys got leaked, and they woke up to a $50,000 bill. There are startups whose entire production databases got deleted because an MCP tool was given too much authority and received the wrong instructions. They’re happening with increasing regularity to people who were trying to build fast and forgot to build safe.

AI Security Threats Every Founder Should Know

Nitesh’s co-founder, Manish Kumar, walked through the types of AI-specific threats that are now showing up in the wild.

• Direct Prompt Injection is essentially SQL injection for the AI era, except you don’t need to know any code. A person with ordinary language skills can craft a message that tricks your AI into revealing information it shouldn’t.

• Indirect Prompt Injection is subtler and harder to solve. Here, hidden instructions are embedded in content your AI reads- an email, a document, a web page. Your system processes it, trusts it, and quietly sends your user’s sensitive data to an attacker’s server.

Microsoft’s 365 Copilot had a publicly documented vulnerability of exactly this kind.

• Supply Chain Attacks happen when a third-party library or dependency your product uses is compromised. You didn’t build the vulnerability, but it’s living inside your system.

One well-known case: LiteLLM, used across 36% of cloud environments, was compromised. Four terabytes of data were stolen. This is particularly relevant now because AI is generating code at massive speed, and those AI-generated libraries often aren’t audited before they go into production.

• Shadow AI is closer to home for most teams: your own employees uploading client documents to ChatGPT or a public LLM to make sense of them faster. Once that data leaves your system, you’ve lost control of it. India’s DPDP Act is already partially in force and will be fully enforced by April 2027. If your users’ data ends up exposed this way, you’re liable- not the tool your team used.

The Race Between AI Innovation and Regulation

This is where the conversation shifted for many founders in the room. Security felt abstract until the numbers came up.

India’s DPDPA imposes fines of up to Rs. 250 crores for inadequate data protection, and that’s per type of violation. The EU AI Act, which came into enforcement in August 2025, carries penalties of 35 million euros or 7% of global turnover, whichever is higher. Nitesh didn’t mince words: for a small or medium company, this is a company-shutting-down event.

The enforcement will come. Not immediately, but a few high-profile examples will be made, and the larger industry will course-correct overnight. You don’t want to be the example.

More importantly, enterprise customers are already raising these questions. Nitesh shared the example of an AI-native SaaS startup that had completed traditional security audits and standard VAPT checks, yet continued to struggle during enterprise security reviews.

The reason was simple: conventional security testing wasn’t built to detect AI-specific vulnerabilities. Critical gaps had existed within the system for nearly 18 months because nobody was assessing the product through an AI-security lens.

Practical Steps to Improve AI Security Right Now

• Find your flaws first

You’re building fast using LLMs and vibe-coded tools. That’s fine. But run your system through at least a basic security lens. Identify your P0s and P1s- the critical vulnerabilities and fix those. You can use LLMs to help fix vulnerabilities, but review the code yourself. They make mistakes!

• Consider small language models for sensitive workflows

You don’t need a large language model for everything. Small language models can be self-hosted, tuned for your specific use case, and kept entirely within your infrastructure. If you’re handling health data or financial records, this is worth exploring before you scale.

• Map Your AI Stack

Most startups underestimate how many AI systems are already embedded into their workflows, products, and operations. Before improving security, founders need complete visibility into their AI infrastructure.

Start by creating a clear inventory of every AI model, API, tool, and integration being used across the company. Identify what kind of data flows through these systems, which employees have access to them, which external vendors store or process information, and what third-party plugins or automations are connected to your stack.

• Create AI Usage Policies

As AI adoption grows across teams, startups can no longer rely on informal usage or individual judgment alone.

The policy should clearly outline what employees are allowed to upload into AI systems and what information must never be shared. Customer data, financial records, confidential business information, source code, legal documents, and internal strategy discussions should all have clearly defined handling rules.

• Limit Sensitive Data Exposure

One of the biggest mistakes startups make with AI is feeding systems far more information than necessary.

To reduce exposure, startups should follow strict data minimisation practices. Customer identifiers such as names, phone numbers, email addresses, or account details should be masked or anonymised wherever possible before being processed by AI systems.

Confidential metadata, internal notes, legal information, and business-sensitive context should also be removed unless absolutely required for the task. The safest approach is to treat AI systems as high-risk environments by default.

• Conduct AI-Specific Security Testing

This means actively testing systems for prompt injection vulnerabilities, jailbreak attempts, unsafe or harmful outputs, data leakage risks, model abuse scenarios, and manipulation of AI-powered workflows.

Attackers are increasingly experimenting with ways to override system instructions, extract hidden information, manipulate outputs, or force AI agents into unintended actions.

AI-specific testing also helps startups understand how models behave under edge cases, adversarial prompts, and real-world misuse attempts. In many cases, vulnerabilities are not found through traditional code scanning because the weakness exists in the model’s behaviour rather than the infrastructure itself.

• Get your security documentation ready

Enterprise clients have a standard set of questions about AI governance, data flows, and tenant isolation. If you wait until the first one asks, you’ll start from zero every time. If you build a library of answers and architecture diagrams once, you can respond in hours instead of weeks.

Final Thoughts

Traditionally, founders treat security like a tax, something you pay reluctantly, usually when someone forces you to. But Nitesh offered a different way to see it: if you know your security boundaries clearly, you can run hard to that boundary and maximise your ROI fast. If you don’t know where the boundary is, you’ll either be too cautious and move slowly or too bold and get burnt.

Building is no longer the differentiator. Anyone can build. What separates founders now is how responsibly and confidently they can deploy AI in critical workflows and whether the enterprises that could transform their business are willing to trust them enough to let them in.

That trust is earned. And a big part of earning it is being able to say, clearly and honestly: here’s what we’ve built, here’s how we’re protecting it, and here’s what happens if something goes wrong.

This article is published in collaboration with Nitesh Sinha from Trampolyne AI, exploring the growing importance of AI security for modern startups and what founders need to know as AI becomes core to product and business infrastructure.

The next part will dive deeper into AI governance, compliance, and security frameworks for startups.

At Razorpay Rize, we get it- building a startup is tough. That’s why we’re more than just a space for connecting with other founders. We’ve got programs, tools, and services designed to take some of the weight off the shoulders and make the journey just a little bit easier.

Dive into Vault today & unlock a world of possibilities. 

Subscribe