Nightfall AI

Who they are, today

The company that watches the things you forgot you typed

It is 2026, and the average enterprise employee uses about a dozen AI tools before lunch. Some are sanctioned. Most are not. Sensitive data leaks out the way water leaks out of an old house - quietly, constantly, through joints nobody thought to seal. Nightfall AI sells the seal. And the inspector. And the alarm.

Nightfall calls itself the first data loss prevention and insider risk platform built for the AI era. That is marketing copy, but it is also accurate. While legacy DLP vendors were still writing regex for credit card numbers, Nightfall was training models to recognize context - the difference between a customer's social security number in a help desk ticket and a screenshot of one in a Notion doc that should not exist.

It is not a firewall. It is a reader. And it reads everything before it leaves the building.- The Nightfall pitch, paraphrased

The problem they saw

DLP was broken long before ChatGPT showed up

For two decades, data loss prevention meant one thing: pattern matching. A regex looked for sixteen consecutive digits and flagged a credit card. It flagged a tracking number too. It flagged a phone string a developer hard-coded for testing. Security teams drowned in false positives. Engineers learned to ignore the alerts. The product worked exactly as designed and protected almost nothing.

Then SaaS happened. Data stopped living in a tidy data center and started living in 200 places at once - Slack messages, Google Docs, Salesforce notes, Jira tickets, GitHub gists. Legacy DLP, designed for the perimeter, found itself defending a building that no longer had walls. The vendors responded by acquiring smaller vendors. The product got worse.

200+
SaaS apps in the average enterprise stack

Exhibit A: the number of doors a modern company leaves unlocked. Regex was not going to fix this. Neither was a quarterly compliance training, charming as those usually are.

Then generative AI happened. And suddenly the question was not "did someone email a spreadsheet to the wrong address" but "did someone paste the entire customer database into a prompt to summarize it." The old playbook had no chapter for this.

The founders' bet

An investor and an ex-Uber engineer walk into a problem

In 2018, Isaac Madan was an investor at Venrock looking at every security pitch that came through the door. None of them solved the problem he cared about. Rohan Sathe was at UberEats running applied machine learning - the kind that figures out when your dinner is going to arrive and whether the restaurant can handle a Friday-night rush. He had spent years teaching models to read context at scale.

The two decided that the same approach - context-aware ML, trained on real enterprise data - could replace the regex era of DLP entirely. They co-founded a company called Watchtower AI. They worked in stealth for about a year, which in startup terms is roughly forever. Then in November 2019 they launched as Nightfall with $20.3M from Bain Capital Ventures and Venrock.

The bet was not that AI would help DLP. The bet was that without AI, DLP was finished.

The market quietly agreed. By August 2022, WestBridge Capital led a $40M Series B, bringing total funding to $60.3M. The board collected unusually senior advisors: Kevin Mandia, the FireEye CEO who once told a US Senate committee about Russian election interference; Enrique Salem, the former CEO of Symantec. People who had seen the old DLP world from the inside and were willing to bet against it publicly.

The short version

2018

Founded as Watchtower AI in San Francisco by Rohan Sathe and Isaac Madan.

2019

Public launch as Nightfall with $20.3M Series A from Bain Capital Ventures and Venrock.

2020

Native integrations land for Slack, Google Drive, GitHub, Confluence.

2022

$40M Series B led by WestBridge. Total funding crosses $60M.

2024

Expansion into AI/LLM data protection and shadow-AI prevention.

2025

Launches Nyx, an autonomous DLP analyst, plus MCP and AI agent security.

The product

Five tools, one job: find the data, then act

Nightfall ships as a platform, but it is easier to understand as five jobs the same brain is doing in parallel. Discovery finds sensitive data sitting where it should not. Classification labels it. Detection catches it in motion. Response decides what to do - redact, quarantine, alert, escalate. And, lately, an agent named Nyx does the analyst work that a junior SOC employee would otherwise be paid to do at three in the morning.

Data Discovery

AI-driven scanning that finds PII, PHI, credentials, and secrets wherever they live.

Detection & Response

Real-time monitoring across 20+ SaaS apps with policy-driven action.

Exfiltration Prevention

Stops data from leaving sanctioned systems - including AI prompts.

Nyx

An autonomous DLP analyst. Triages alerts, recommends remediations, and never asks for PTO.

AI Agent Security

Guardrails for emerging AI agents and Model Context Protocol integrations.

The platform integrates with Slack, Google Workspace, Microsoft 365, Salesforce, Jira, Confluence, Notion, GitHub, Zendesk, and a dozen others. There is also an API, which is how customers extend Nightfall into the systems Nightfall has not officially gotten around to yet. Engineers seem to appreciate this. They tend to.

There are vendors who promise security teams ten dashboards. Nightfall promises them six fewer hours of triage.

The proof

What the numbers say (and who is signing the checks)

Customer logos read like a tour of mid-market and enterprise software in 2026: Snyk and Klaviyo on the developer-tools side, Genesys and Exabeam in enterprise SaaS, Kandji and Aaron's in device and retail, Acquia and UserTesting in digital experience. These are not pilot deployments measured in seats. These are companies that decided their existing DLP did not work and replaced it.

Funding stack, by round

Seed (2018)

$3M

Series A (2019)

$20.3M

Series B (2022)

$40M

Total

$60.3M

Apollo data lists revenue around $35M and a team of roughly 78. Small for the addressable market, which is the entire enterprise SaaS economy. That is either ambition or arithmetic, depending on your mood.

Snyk uses it. Klaviyo uses it. Genesys uses it. The product is past the part where you have to take the founders' word for it.- Loosely, the customer page

The mission

Scale the boring, important work

If you ask Nightfall's leadership what they are building toward, you get a version of the same answer: data protection should be a default, not a project. The unstated half of the sentence is that today it is a project. A multi-year, multi-vendor, multi-headache project, usually owned by a CISO whose budget has not grown as fast as the attack surface.

Nightfall's bet is that AI - the same thing that broke the old model - is also the only tool that can fix it. Models that read context. Agents that triage. Detectors that learn what your company's "sensitive" actually means, instead of waiting for a human to write a rule for every edge case.

Why it matters tomorrow

Shadow AI is the new shadow IT, and it moves faster

The next five years of enterprise security will be defined by a single, awkward fact: employees will use AI tools faster than their employers can sanction them. Some of those tools will be helpful. Some will leak. The question is no longer "should we allow this" - the question is "what did we just allow." Nightfall is one of the few vendors built, from the first commit, to answer it.

That is the entire bet. Not that AI is good. Not that AI is bad. That AI is happening, at the keyboard of every employee in every company, and somebody has to read along.

An engineer pastes an API key into a chatbot. The chatbot does not flinch. Somewhere in San Francisco, a model wakes up and the key never makes it out the door.

Back to the scene we opened with. Same engineer, same chatbot, same Tuesday afternoon. Nightfall does not stop her from using AI - it stops the company from finding out about the leak six months later in a breach report. The boring outcome. The expensive one to deliver. The one Nightfall has spent eight years and $60 million learning how to ship.