The Company That Sells Enterprise AI a Seatbelt
Here is a fact about large language models that everyone in a boardroom loves and everyone in a security team dreads: they are extremely good at reading documents and telling you what is in them. This is wonderful when the document is a product FAQ. It is considerably less wonderful when the document is the compensation spreadsheet, and the person asking the AI a friendly question is an intern who was never supposed to see it. The model does not know the difference. The model just reads.
Credal.ai is a New York company that exists in the gap between those two sentences. Its pitch is not that AI is magic - everyone already believes that - but that AI is dangerous in a specific, boring, expensive way, and that the danger is a plumbing problem. Somebody has to sit between the model and the company's data and enforce, on every single request, the rule that already exists inside the organization: this person is allowed to see this, and not that. Credal is that somebody.
Two Palantir engineers walk into a compliance meeting
The company was founded in 2022 by Ravin Thambapillai and Jack Fischer, who met at Palantir - the sort of place where you learn, viscerally, that the hard part of putting software into a bank or a hospital is not the software. It is the seven months of security review, the permission model, the audit trail, the lawyer in the corner asking what happens if this leaks. Thambapillai spent roughly seven years there building AI-powered systems inside large financial institutions. Before that he was at Google, and before that he studied Philosophy, Politics and Economics at Oxford and taught himself to code. His LinkedIn vanity URL is, with a straight face, linkedin.com/in/ai-security.
The two of them bonded, by their own account, over a shared interest in security and compliance, which is either the least romantic origin story in startups or exactly the right one for this particular business. Their first product did not work. They pivoted toward AI security and governance, and the thing started to grow - by their telling, 20 to 30 percent a month. The lesson, which they have repeated in interviews, is the oldest one there is: they stopped building what they wanted and started building what regulated enterprises actually needed to say yes.
What it actually does
Strip away the vocabulary and Credal is a control plane - a single place where a company decides which AI agents exist, what data and tools each one can touch, and what gets logged when they act. The clever part is what Credal calls permission synchronization. Rather than asking a customer to rebuild its entire access-control scheme from scratch, Credal inherits the permissions that already live in Google Drive, Slack, Salesforce, SharePoint and 50-odd other systems, and mirrors them. When an employee asks a Credal-powered agent a question, the agent can only retrieve the documents that employee could already open by hand. The intern still cannot see the comp sheet. The model reads only what it is allowed to read.
On top of that sits the unglamorous, essential machinery: data-loss prevention that redacts and anonymizes personally identifiable information before it ever reaches an external model; human-in-the-loop approval gates for sensitive actions; and an audit log that records every prompt, every response, every action an agent takes. In a regulated industry, that log is not a feature. It is frequently the entire reason the deal closed.
The economics of boring
Consider the money. Credal raised a $4.8 million seed round in October 2023, led by Spark Capital, with Alumni Ventures, Swell Partners and Adeline Arts and Science along for the ride - about $5 million in total funding. That is a modest number by the standards of a category where companies routinely raise nine figures to train models. But Credal is not trying to train a model. It is trying to be the thing every model has to pass through on its way into a regulated company, which is a very different sort of business with a very different balance sheet. You do not need a nine-figure round to build a permission-enforcement layer; you need a small, technical team and a lot of patience for security questionnaires.
An 18-person company processing more than a million governed queries a month is, in the arithmetic of enterprise software, a good ratio. The whole appeal of infrastructure that sits in the request path is that it scales with usage rather than headcount. Every new agent a customer builds, every new data source it connects, every new employee who starts asking the AI questions - all of it flows through the same control plane, and none of it requires Credal to hire proportionally. This is the quiet leverage that makes governance companies interesting to investors who have watched the model-training arms race set money on fire.
What a control plane actually promises
The phrase "control plane" is borrowed, deliberately, from networking, where it refers to the layer that decides how traffic moves rather than the layer that carries it. Applied to AI, the analogy is precise. Credal does not want to be the model, and it does not particularly want to be the application. It wants to be the layer that sits above both and answers the questions a nervous executive actually asks: Which agents exist inside my company? What can each of them touch? Who approved that? Show me everything this one did last Tuesday. Turn that one off.
Framed that way, Credal is selling something closer to accountability than intelligence. The deployment options underline the point - cloud, on-premise, or hybrid, with SOC 2 Type 2, GDPR and CCPA compliance, because a hospital or a bank cannot always let its data leave the building, and a control plane that only runs in someone else's cloud is a non-starter for exactly the customers Credal wants. The willingness to run inside the customer's own walls is itself a sales argument, and a reminder that this is a company organized around the word "no" as much as the word "yes."
Who is paying for this
The customer list is the argument. Credal says it is in production at MongoDB, Wise, Checkr, Lattice, incident.io, Comcast NBCUniversal, Flatiron Health, ButterflyMX, the IFRS Foundation - and the US Department of Health and Human Services. That last one matters more than it looks. A federal health agency does not adopt a two-year-old startup's AI infrastructure casually; it does so after a compliance review that would make most founders weep. Clearing that bar is, in a sense, the product working exactly as advertised.
Across those customers, Credal says it processes more than a million LLM queries a month, each one passing through its permission checks. Which points at the genuinely hard engineering problem underneath the compliance story: governance has to be fast. If checking who is allowed to see what adds a second to every answer, nobody uses the AI, and the whole thing collapses back into a slide deck. The trick is to be invisible - to enforce the rules in the request path without anyone noticing they were enforced.
The bet on agents
Credal has since repositioned itself, in the current argot, as "the control plane for enterprise agents." The shift tracks where the industry went. In 2023 the fear was that an AI might read the wrong document. In 2025 the fear is that an AI might do the wrong thing - post to the wrong Slack channel, update the wrong Salesforce record, email the wrong customer - because agents no longer just answer, they act. Credal added an agent registry (a dashboard to register, verify and revoke agents and the newly fashionable MCP servers), tool-level access controls, and governance for multi-agent workflows.
It is a crowded-ish field - Credo AI, OneTrust, TrueFoundry, MintMCP and enterprise-search incumbents like Glean all circle the same anxiety from different angles. Credal's wager is that the winning position is the one closest to the data and the permissions, rather than the one closest to the model or the policy PDF. Whether that is right is unknowable today. What is knowable is that the anxiety is real, the buyers are regulated, and the company that can honestly say "here is the log of everything the AI did, and here is proof it only saw what it was allowed to" has something worth paying for.
There is a version of the AI story where the winners are the companies with the biggest models and the flashiest demos. There is another version - quieter, less fun at parties - where the winners are the companies that made all that capability safe enough to actually turn on inside a place with real customers and real regulators and real consequences. Credal is a wager on the second version. It is a small team in New York selling the least glamorous thing in artificial intelligence, which is the assurance that nothing embarrassing is going to happen. So far the bet is holding.