Unbound

What do they actually do

Unbound is an AI gateway that sits between employees’ AI tools (chatbots, coding copilots, internal assistants) and the model APIs they call. It inspects prompts in real time, detects secrets or PII, automatically redacts or blocks risky content, and routes each request to approved models (public, cheaper, or private) based on policy. IT/security deploy it as an HTTP/LLM proxy with bring‑your‑own API keys and connect it to identity/MDM systems so developers keep using their normal tools while policies are enforced centrally (docs).

Today it includes discovery of AI tools and coding agents in use, usage analytics/visibility, reliability features (e.g., fallback routing), and integrations with popular coding copilots (e.g., Roo, Cursor, Cline) (site; docs). Unbound sells to mid‑market and enterprise customers; public references include THG and Exterro, and the company reports preventing credential and PII exposures in production environments (press). Pricing shown publicly includes a Discover plan at $5 per active user per month with a 100‑user minimum; enterprise tiers are custom (site).

Who are their target customer(s)

• Head of IT / Head of Security (mid‑market or enterprise): Needs to enable AI use without risking secrets or regulated data leaving the org; today many teams either block AI or accept unmanaged use. Wants centralized discovery and real‑time redaction/blocking to enforce policy across tools (docs).
• Security engineer / data‑protection lead: Lacks visibility into which AI tools/copilots are being called and cannot reliably stop credentials or PII from being sent out. Needs automatic detection and masking/blocking at runtime (docs).
• Engineering manager / developer team lead: Developers want coding copilots, but security reviews and manual approvals slow work. Needs routing that keeps sensitive prompts on private models and lower‑risk work on cheaper models without breaking workflows (docs).
• Compliance, privacy, or legal officer (regulated industries): Worried about audit/regulatory exposure if protected data leaves the organization. Needs enforceable controls, logging options, and support for private/self‑hosted model routing to keep data in‑house (site).
• IT operations / cloud cost owner: Faces unpredictable AI API spend and reliability issues as teams hit different external models. Needs policy‑based routing, cost tiering, and fallbacks to control spend and availability (docs).

How would they acquire their first 10, 50, and 100 customers

• First 10: Run fast, low‑friction pilots via founder/investor intros and early inbound: wire Unbound as the LLM/HTTP proxy with BYO keys and MDM/identity, prove it prevents real credential/PII leaks and optimizes routing within 1–3 weeks, then convert with the Discover plan or pilot credits (docs; YC).
• First 50: Publish 2–3 detailed case studies (e.g., from THG/Exterro) and do targeted outbound to IT/security teams currently blocking AI; shorten procurement with AWS Marketplace/fixed Discover pricing and a standard one‑week SAML/SCIM+MDM implementation playbook (press; site).
• First 100: Productize self‑serve onboarding for Discover while building a partner/channel motion (MSPs, MDM vendors, security consultancies, AWS Marketplace/resellers) and a small enterprise sales team to run paid pilots. Ship prebuilt integrations and compliance templates so partners can deploy with minimal engineering time (docs; site).

What is the rough total addressable market

Top-down context:

The broad ceiling is enterprise information security spend in the low hundreds of billions annually (e.g., Gartner ~$183B in 2024), while the directly relevant categories are DLP (sized in the single‑digit billions with ~20%+ CAGR) and emerging AI governance (smaller today but growing quickly) (Gartner; M&M; GVR DLP; Forrester; GVR AI Gov).

Bottom-up calculation:

Illustratively, if all 166,964 U.S. firms with 100+ employees bought Unbound’s Discover plan at the 100‑user minimum and $5/user/month, that implies ~16.7M seats and ~$1.0B ARR (166,964×100×$5×12) (pricing; NAICS counts).

Assumptions:

• Counts include only U.S. firms with 100+ employees; global markets not included.
• Each firm buys exactly the 100‑seat minimum for Discover; enterprise tiers excluded.
• Pricing remains $5/user/month and all seats are active/billable.

Who are some of their notable competitors

• Cloudflare AI Gateway: Cloudflare’s AI gateway adds DLP scanning and centralized reporting to AI traffic so enterprises can apply sensitive‑data rules to prompts and model responses.
• Prompt Security: Focuses on prompt security and guardrails for employee/developer AI use; intercepts prompts and code‑assistant traffic to detect/block/redact secrets and prompt‑injection and provides authorization/audit features.
• Nightfall AI: A DLP offering for GenAI and “shadow AI” that monitors prompts (including browser‑level agents) and auto‑redacts credentials, PHI/PII, and other sensitive data before it reaches public models.
• Lasso Security: An LLM‑first security platform with a secured gateway, continuous discovery/monitoring of GenAI use, and real‑time masking, blocking, and policy enforcement aimed at enterprise compliance.
• liteLLM (open‑source): An open‑source LLM proxy that teams can self‑host for multi‑provider routing; enterprise features include secret/PII detection and redaction for guardrails.