Founder • Executive • AI Security
The man who gave enterprise AI its brakes - and its steering wheel.
CEO & Co-Founder, WitnessAI. Betting that every AI interaction needs a witness.
The Story
Rick Caccia spent twenty-something years being the person who explained cybersecurity to the world. At Palo Alto Networks, he was SVP and CMO. At Google, he was the founding CMO of Chronicle - the cybersecurity unit that Alphabet quietly spun out of X. At Exabeam, he was the first person with "Chief Marketing Officer" on a business card. He knew how to tell the story. What changed in 2023 is that he decided to write it himself.
The origin of WitnessAI is not a garage moment or a lightbulb over a whiteboard. It came out of conversations - dozens of them - with security leaders at large enterprises who were all saying the same thing: "My employees are already using AI everywhere. I can't ban it. I can't see it. I'm terrified of it." Those CISOs weren't looking for someone to say no. They wanted someone to build the equivalent of seatbelts and lane assist for the AI cars their employees had already driven off the lot.
Caccia's metaphor for this is precise and deliberate: "I think of it like a sports car: having a more powerful engine - i.e., model - doesn't buy you anything unless you have good brakes and steering, too." He was talking about the then-raging debate over whether companies should focus on model safety or usage safety. WitnessAI's answer is firmly the latter. Every interaction. Every application. Every prompt - including the ones sent to unauthorized "shadow AI" tools that nobody in IT knows about.
The product that emerged does three things: it watches (observability across thousands of AI apps), it enforces (policy controls based on intent, not just keywords), and it protects (guarding internal AI deployments against jailbreaks, prompt injection, and adversarial attacks). Each enterprise gets a completely isolated instance, encrypted with their own keys. "Their AI activity data is isolated to them - we can't see it," Caccia told TechCrunch. In a world where AI activity logs are exactly the kind of thing that would end up in breach disclosures, that architecture choice is not cosmetic.
The business is moving fast. In the twelve months to January 2026, WitnessAI grew ARR by over 500% and scaled its headcount five times over. The $58M round announced that month - led by Ashton Kutcher's Sound Ventures, with Samsung Ventures and Qualcomm Ventures as strategic investors - brought total funding to $85.5M. The customer list reads like a cross-section of regulated industries: financial services, airlines, utilities, automakers, retailers, telecom carriers. The sectors where a single AI-related data leak could cost hundreds of millions and end careers.
"Securing AI models is a real problem - but it's different from securing use. Having a more powerful engine doesn't buy you anything unless you have good brakes and steering, too."- Rick Caccia, to TechCrunch
Caccia is a Silicon Valley native in the literal sense - born and raised in the Valley, never left. He and his wife have collectively worked across thirteen startups. That number is both a badge and a method: you develop a tolerance for uncertainty, a calibration for when product-market fit is real versus wished for, and a strong opinion on which early hires determine everything. Two teenage daughters, a cycling club, and a home in Redwood City give him the grounding that makes grinding sustainable.
The addition of retired U.S. Army General Paul M. Nakasone to WitnessAI's board of directors in 2025 sent a signal that this company isn't playing in the demo sandbox. Nakasone ran both U.S. Cyber Command and the NSA. His presence on the board is a statement about who WitnessAI's customers are and what they need: not a consumer app company that added an enterprise tier, but a company built from day one for the threat models that keep the actual CISO up at night.
The March 2026 AI governance landscape is still being written in real time - new regulations in the EU, executive orders in the US, and enterprise boards asking for AI audit trails the way they once asked for SOC 2. Caccia's bet is that the winners in this market won't be the loudest about AI danger, but the most useful at turning that danger into operational confidence. "We can fear these systems - or we can enable them responsibly," he said at the $58M announcement. That line doesn't sound like a press release. It sounds like a person who's been having the same conversation with CISOs for three years and finally got tired of watching them freeze.
His three metrics for enterprise AI success are direct and unsentimental: Cost ("Are you operating smarter?"), Adoption ("Is AI actually being used?"), and Risk ("Are vulnerabilities, noise, and response times going down?"). No vague ROI promises, no hand-waving about transformation. Just three numbers that a board can read without a glossary.
Career Arc
In His Own Words
"I don't want to be 'Doctor No' when it comes to AI; I want to help our employees use it to be better."
"There is no going back. But there is a way forward."
"We are the only AI security vendor that can secure every AI interaction, everywhere, with a unified solution."
"We create a separate instance of our platform for each customer, encrypted with their keys. Their AI activity data is isolated to them - we can't see it."
"Most companies are stuck, trying to figure out how to enable their employees to use new tooling, while still maintaining the level of security and control they have over data."
"We can fear these systems - or we can enable them responsibly."
Funding Story
Where He's Been
The Details
Find Rick Online
Sources