Blog · Market analysis · 2026-04-30
What Check Point buying Lakera means for self-serve AI-security buyers
In Sept–Nov 2025, Check Point Software acquired Lakera, the most visible self-serve prompt-injection scanner on the market. This is a buyer-side read: what an enterprise consolidation of a SMB-tier security tool tends to do, what it has already started doing in this case, and what is left for teams who still need a defence and were paying under $100 a month for it.
TL;DR
Big-platform acquirers of self-serve security tools almost never preserve the self-serve motion at the original price. Their go-to-market is enterprise contracts, integrated platform deals, and security-team budgets — not a developer with a credit card. The pattern, repeated across many similar acquisitions, is gradual onboarding friction, a public-pricing page that gets thinner, and a recommended path that runs through sales. For the AI-security buyer at a seed or Series-A startup, the SMB tier of text prompt-injection defence has narrowed at the moment the threat surface widened (images, audio, agent screenshots). The honest move now is a run-both architecture: keep what you have, layer the missing coverage in parallel, and switch on contract events rather than panic. Glyphward's $29 / $99 tier covers the multimodal half of that posture; this post is the buyer-context.
1. What happened, factually
Public reporting in the Sept–Nov 2025 window covered the acquisition of Lakera by Check Point Software, a network-security and threat-prevention platform vendor with a multi-decade enterprise sales motion. The acquisition was framed as Check Point extending its platform into AI-application security: prompt-injection scanning, content moderation around model I/O, and adjacent posture controls for teams shipping LLM features. From Lakera's side, the framing was reach and platform integration; from Check Point's side, the framing was gen-AI security as a category their existing customer base was asking for.
This post does not dispute any of that framing. The acquisition makes strategic sense for both sides on the strategic narrative, and Check Point is well-positioned to push the technology into accounts that Lakera would not have reached on its own commercial bandwidth. The issue this post is concerned with is narrower: what an acquisition like this tends to do to the self-serve, under-$100/mo, credit-card-and-API-key tier of the acquired product. That tier is the one the seed and Series-A AI startups in our target audience were actually buying.
It is worth saying what we are not claiming. We are not claiming the product has shut down. We are not claiming customers have been moved against their will. We are not claiming any specific dollar figure or contract term as fact — the post links to the public reporting and the vendors' own sites. The argument is about the pattern: what a security platform acquisition normally does to a SMB SKU, and what an honest buyer should plan for given that pattern.
2. What "going up-market" usually looks like in practice
Across two decades of enterprise security acquisitions, the pattern is consistent enough to predict. Three things move on the buyer side in the year following an acquisition like this, almost regardless of the acquirer's stated intent.
The public pricing page gets thinner. Tiers under a certain band drift behind a "contact us" button or quietly lose their per-month price. The SKU does not always disappear, but the page that lets you self-select into it does. A developer doing a vendor scan in 2026 is more likely to land on a "request a demo" CTA than on a flat $99/mo plan they can sign up for with a corporate card.
Sign-up flow accumulates friction. Free trials get shorter or gated to verified-business email. Onboarding sequences that used to be "create account, copy API key, send first request" pick up steps — sales-assisted setup, security questionnaires, AUP attestations, sometimes a regional-availability gate. Each step is defensible in isolation; in aggregate, the developer who could ship in 30 minutes can no longer.
Roadmap weight shifts toward platform integration. Engineering effort follows revenue. When the revenue centre of gravity is large enterprise deals, the new features that ship are platform connectors, RBAC, SSO, audit-log exporters, deployment-region controls — not the SMB-grade workflow polish that mattered to a 5-person AI startup. The product gets better for the buyer it is being optimised for, and that buyer is not the indie shop.
Each individual change here is small. The cumulative effect on a self-serve buyer is large. The friction does not need to be intentional or hostile — the new sales motion is simply not the old sales motion. We covered the architectural side of the same shift on the Lakera alternative (multimodal) page, where the read-out is the practical "what does this look like on Tuesday" version.
3. Why the self-serve SMB tier is the squeeze point
The self-serve / SMB tier of AI security is structurally squeezed for a separate reason that the acquisition just compounded. The economics of a managed PI scanner are unusual: high training-data and corpus costs, low marginal-request cost, classifier-research-grade engineering effort. To recover those costs at $29 or $99 a month, a vendor needs either tens of thousands of self-serve customers or a free tier that funnels efficiently into a paid plan. Both are hard. Neither is naturally the priority of an enterprise security platform absorbing the product.
At the same time, the threat surface the SMB tier needs to cover got wider, not narrower. In 2023, prompt injection was an overwhelmingly text problem and a text-only scanner covered the surface. In 2026, the modal teams shipping AI features actually ingest — images uploaded to chatbots, audio fed into voice agents, screenshots read by agentic copilots, documents mixed into RAG — are exactly the modalities that text-only scanners do not see. We wrote the architectural argument for that gap on why every text-only PI scanner misses a 30-pixel PNG, and the full threat-model in the 2026 multimodal PI threat model.
Put the two things together. The SMB self-serve tier of the most-visible incumbent is being absorbed into an enterprise platform whose go-to-market does not target SMB. The threat surface SMB needs to defend has expanded in directions the absorbed product does not cover. The buyer who was happily paying $99/mo for text PI in 2024 is now looking at a vendor whose pricing page is harder to find and a coverage gap their old subscription never closed in the first place. That is the squeeze point.
4. What is actually left under $100/mo
The remaining options for an indie or early-stage team need to be looked at honestly, including ours. None of them is a drop-in replacement for what a Lakera Guard self-serve subscription delivered.
LLM Guard (Protect AI, MIT) stays free and self-hosted. It is text-only by design, well-maintained, and the right baseline for any team that prefers the run-it-yourself posture. The honest comparison and the run-both pattern we recommend with Glyphward is on the Glyphward vs LLM Guard page, plus the LLM Guard alternative page for the half it does not cover.
Promptfoo Cloud Team is in the $50/mo neighbourhood but is a test harness, not an inline scanner. It runs evals against your model and helps you regression-test prompts. It is not what a request-time PI defence is. The complementarity, with Glyphward as the inline scanner inside a Promptfoo CI suite, is documented on the Promptfoo + multimodal page.
Azure AI Content Safety — Prompt Shields is genuinely under $100/mo at low volume on pay-per-use, but is gated to Azure tenants. For teams not on Azure (most), the path runs through Azure Prompt Shields alternative for non-Azure teams.
Glyphward, what we ship, is $29/mo for 100k scans and $99/mo for 1M scans, free tier covers 10 scans/day on the public scanner with no card (free tier details). We cover the multimodal half — image and audio prompt injection — that text-only scanners do not. We are explicitly additive to a text PI scanner, not a replacement; the run-both pattern is what we recommend for any production stack that ingests both modalities. The full pricing matrix across the category is on multimodal prompt-injection scanner pricing comparison.
The shape of the right architecture for an SMB stack in 2026 is: an open-source or managed text PI scanner on the gateway, plus a multimodal scanner on the image and audio paths, joined by a trace ID. That is the run-both pattern, and it is what every honest comparison page on this site lays out. The single-vendor-everything pattern that Lakera Guard self-serve approximated for some teams in 2024 is not on the table at SMB pricing in 2026, regardless of what the acquired vendor decides to do next.
5. What this means for a buying decision this quarter
If you are running Lakera Guard in production today, do nothing in panic. The product still works the day after an acquisition, and the smart move is to use the time to prototype the run-both stack rather than to switch under deadline pressure. If your contract is up for renewal, ask the vendor directly what the self-serve plan looks like in 2026 and what the price is, in writing. If the answer is satisfying, stay; if it is not, you have a parallel stack already wired.
If you have not bought a PI scanner yet and are sizing one now, the calculus is simpler. You need text coverage and you need image/audio coverage if your product accepts those modalities. Pick the text scanner whose pricing and onboarding match how you actually buy software (LLM Guard if self-hosted, Promptfoo for eval, a managed text scanner with public pricing for inline), and add a multimodal scanner in parallel. That stack costs under $150/mo for most production volumes and covers more of the modern attack surface than what was available at any price point in 2024.
The buying-decision argument is also on the multimodal LLM security API hub page, which is the category-level read on what a 2026 stack should look like. Or if you want to see the multimodal half running, the embed widget preview mounts three live scanners on a single page; the free tier covers integration testing without a card.
FAQ
Is Lakera Guard going away?
No public statement says so. The product is being absorbed into Check Point's platform, which historically points at deeper enterprise integration rather than discontinuation. The relevant question for a self-serve buyer is not whether the product exists, but whether the SKU, pricing, and onboarding flow that mattered to a small team still does. Check that the self-serve sign-up, the public pricing page, and the under-$100/mo tier are still where you left them before counting on continuity.
What does "self-serve tier" actually mean in this market?
A self-serve tier is one where a developer can sign up with a credit card, generate an API key, ship to production the same week, and not be passed to a sales rep at any point under, in this category, roughly $500/mo of spend. The opposite is enterprise-gated: a contact form, a discovery call, security questionnaires, and a multi-month procurement cycle before the first request runs. Most large security platforms are enterprise-gated by design — that is the business they are in.
Are there other text PI scanners under $100/mo?
Yes, but the set is narrower than it was in 2024. LLM Guard remains free and open-source and is still the right baseline for text PI on a self-hosted stack. Promptfoo's Cloud Team SKU lands in this band but is a test harness, not an inline scanner — it is for evaluation, not request-time defence. Azure Prompt Shields is technically pay-per-use under $100/mo at low volume but is gated to Azure tenants. Indie tools exist but are early. None of those, including Glyphward, fully replace what a Lakera Guard self-serve subscription delivered.
Should I switch now, or wait?
Wait for a contract event — renewal, a price change, or a credible discontinuation signal — before paying a switching cost. Use the time to prototype a run-both architecture: keep your existing scanner in front of the model and add the missing modality coverage in parallel. That posture lets you switch on the timeline that suits your contract, not one imposed by a re-platforming. The architectural difference is documented on the Glyphward vs Lakera Guard comparison page.
Does any of this affect LLM Guard, the open-source library?
No. LLM Guard is a different project and a different distribution model — MIT-licensed, self-hosted, no SaaS dependency. The acquisition affects buyers whose security posture depended on a managed text PI scanner sold by a vendor. Open-source users keep what they had. The only thing the acquisition changes for an LLM Guard user is the vendor landscape on the managed side, which most LLM Guard adopters do not depend on by definition.
Further reading
- Lakera alternative for multimodal prompt injection — the buyer-side mirror of this post, written for someone evaluating a switch.
- Glyphward vs Lakera Guard — the architectural feature-by-feature comparison and the run-both pattern.
- LLM Guard alternative for image and audio PI — the open-source-text-plus-managed-multimodal architecture in detail.
- Azure Prompt Shields alternative for non-Azure teams — what to do if you are not on Azure and do not want to be.
- Promptfoo + multimodal scanning — eval-time vs inference-time, with a working YAML provider config.
- Multimodal PI scanner pricing comparison (2026) — the full matrix across all five vendors.
- The multimodal PI threat model (2026) — what the run-both stack actually has to defend against.
- Why every text-only PI scanner misses a 30-pixel PNG — the architectural argument for the multimodal half.
- Multimodal LLM security API — the category overview of what the 2026 stack should look like.
- Glyphward pricing — free / $29 / $99, full breakdown.