Raft sees a new market: integrators are offered a way to earn from AI security

AI security is rapidly becoming a separate service market rather than a side task. Against this backdrop, Raft is offering integrators a niche in AI pentesting: demand is growing due to new types of attacks, regulatory requirements, and a shortage of specialists who can test models, datasets, and RAG systems.

Why the Topic Has Grown

Artificial intelligence in the corporate segment has stopped being an experiment. Companies are deploying LLM chatbots on websites, integrating AI assistants into document workflows, and implementing RAG systems to work with internal knowledge bases. According to data cited by Raft, as of 2026, 39% of Russian companies already use AI.

Business enters this zone for speed, cost reduction, and automation, but implementation almost always outpaces risk assessment processes. Because of this, AI enters infrastructure before a clear security scheme emerges. The problem is that classical information security tools cover only part of the threats.

For WAF, DLP, or NGFW, a user's dialogue with a generative model often looks like normal service usage. But an attack can happen directly inside a text query, without exploits or malicious files. This changes the approach to defense: it is not enough to simply secure the perimeter, you need to check how the model itself responds to provocations, what data it can disclose, and whether it can be forced to violate its original instructions.

Which Attacks Matter

A new layer of threats appeared alongside generative models and agents that gain access to documents, code, and internal services. For the customer, this means the attack surface expands not only through the AI itself, but also through its integration into business processes. The environment becomes especially risky when models are connected to corporate knowledge bases, internal APIs, and development tools. And the deeper such integration, the less useful standard security checklists become.

• Prompt injection — an attempt to substitute or bypass system instructions through a specially crafted query.
• Data poisoning — introduction of malicious or corrupted data into training and reference datasets.
• Model extraction — recovering model logic through API or mass requests, up to data leaks.
• Supply chain risks — vulnerabilities in the tool chain, when AI agents use libraries, code, and shell commands without sufficient control.

Raft particularly emphasizes that this landscape changes very quickly: a scheme that was secure yesterday can prove vulnerable today to a new jailbreak or injection. This is why AI security does not combine well with a one-time "checkbox" audit. This forces business to transition to continuous red teaming checks, where the model is tested as regularly as external services and user interfaces.

"Defense here requires not a one-time implementation of a magic pill,

but constant monitoring and testing."

Where the Money Is for Integrators

Against the backdrop of these risks, the market is beginning to demand separate expertise. The article cites an estimate that in 2026, up to 10% of attacks on banking IT infrastructures may be related to AI vulnerabilities. At the same time, Russian Federal Service for Technical and Export Control Order No.

117 of March 1, 2026 came into effect, which for the first time directly mentions the protection of training datasets, models, parameters, and decision-making services. For large customers, this means a simple conclusion: AI can no longer be considered an "add-on," it will have to be checked as a full-fledged element of a critical IT environment. This is the window of opportunity for integrators.

Customers are already buying AI solutions, but many lack the methodology, specialists, or tools to assess their resilience to attacks. This is why AI Security Assessment or AI pentesting is beginning to look like a new high-margin service. A basic package can include inventory of all AI components, threat modeling, controlled attacks like jailbreaks and prompt injections, and then a risk map and security recommendations.

This is not a one-off package, but a service with regular checks and subsequent support. Raft is trying to occupy this niche with its HiveTrace Red platform and partner program for integrators. The company promises a tool for automated and semi-automated attacks on LLMs, RAG solutions, and ML models, plus training in selling and conducting such projects.

Essentially, this is an attempt to package AI security into an understandable B2B product: give contractors a platform, methodology, and first joint case studies to enter the market faster. For small teams, this is a way to enter the field without a multi-year proprietary R&D phase.

What This Means

The AI market is gradually repeating the path of classical information security: first, business massively implements new technologies, then attacks appear, regulatory requirements emerge, and a separate class of contractors. If the demand forecast proves correct, in the coming years AI pentesting and model audits will become as normal for integrators as web pentesting or infrastructure audits. For customers, this means growing costs for AI verification, and for contractors, the emergence of new revenue.