BREAKING: F5 acquires SurePath AI to power its new AI Security Platform (June 2026) SEED: $5.2M raised Nov 2024 - led by Uncork Capital, with Operator Collective MISSION: Turn "block AI" into "govern AI" across the enterprise workforce SHADOW AI: Found at the network layer - no app integrations required HQ: Denver, Colorado  |  Founded 2023  |  ~19 employees BREAKING: F5 acquires SurePath AI to power its new AI Security Platform (June 2026) SEED: $5.2M raised Nov 2024 - led by Uncork Capital, with Operator Collective MISSION: Turn "block AI" into "govern AI" across the enterprise workforce SHADOW AI: Found at the network layer - no app integrations required HQ: Denver, Colorado  |  Founded 2023  |  ~19 employees
SurePath AI logo
SurePath AI - the "S" that stands for the sure path between blocking AI and losing control of it.
Company Profile · Enterprise AI Security

SurePath AI

The Denver startup that found a third door for enterprise generative AI - between "ban it" and "pray about it" - then got acquired by F5.

Founded 2023 Denver, CO Seed · $5.2M Acquired by F5 · 2026 GenAI Governance
Share this story

Somewhere in a mid-size enterprise right now, an analyst is pasting a spreadsheet of customer data into a chatbot the security team has never heard of. Nobody signed off. Nobody logged it. And nobody - until recently - could even see it happen. This is the exact moment SurePath AI was built for: not the demo, not the policy PDF, but the quiet, ungoverned prompt.

For most of the last few years, companies handled generative AI with one of two strategies, both bad. Strategy one: block it. Firewall the chatbots, forbid the tools, and watch employees route around you on their phones. Strategy two: allow it and hope. Neither is a plan. Both leave a CISO answering the same unanswerable question - "what is our workforce actually doing with AI, and what data is walking out the door?"

SurePath AI, founded in Denver in 2023 by Casey Bleeker and Randy Birdsall, decided the interesting problem was not building another AI tool. It was building the thing that watches the AI tools. Their bet: enterprises don't fear AI so much as they fear not knowing. Give them visibility, and "block it" turns into "govern it."

SurePath transformed our approach from blocking to enabling, offering a secure path for GenAI adoption.
- Ben Shupe, COO, C&R Software

Governance that employees never feel

Most AI security bolts onto a single approved chatbot. SurePath AI went lower - to the network layer. It watches AI traffic across the enterprise, sanctioned or not, without requiring a single application integration. It sees the tools IT approved and the ones nobody mentioned. Then it classifies the intent behind each interaction, redacts sensitive data before it reaches a public model, and keeps an audit trail an auditor can actually read.

1

Discover

Spot every AI tool in use - including shadow AI - from network traffic, no integrations.

2

Classify

Detect unauthorized activity and read the intent behind each workflow and agent call.

3

Protect

Redact sensitive data in prompts before it ever leaves for a public model.

4

Govern

Apply role-based policy, log everything, and hand compliance a clean audit trail.

Caption: The magic isn't a smarter chatbot. It's the boring, invaluable ability to see the ones already in your building.

2023
Founded in Denver
$5.2M
Seed Round
~19
Team at Exit
3 yrs
Founding to Acquisition

Two bad options, one third door

The old way

  • Block the chatbots outright
  • Employees route around IT
  • Zero visibility into usage
  • Sensitive data leaks anyway
  • Productivity left on the table

The SurePath way

  • Enable AI, safely
  • See sanctioned and shadow use
  • Redact secrets in the prompt
  • Role-based access policies
  • Audit trails for compliance

Six parts, one control plane

Discovery

Network-Based AI Discovery

Finds sanctioned and shadow AI via network redirects and out-of-band analysis - no direct app integrations.

Intelligence

Intent Classification

Detects unauthorized activity and traces agent tool calls and MCP server connections.

Protection

Data Redaction

Detects and redacts sensitive data in prompts before it reaches public models.

Control

Policy & RBAC

Granular, role-based guardrails with group-membership sync for private models and data.

Access

Enterprise GenAI Portal

A branded interface that lets employees use approved AI while fitting existing workflows.

Compliance

Audit & Analytics

Captures every GenAI conversation for audit trails, usage insights, and reporting.

Enterprise veterans who turned on the lights

CEO & Co-Founder

Casey Bleeker

A career in enterprise software, previously VP & GM of Cloud, Digital Velocity at CDW. Saw the block-or-allow dilemma up close and decided visibility was the answer.

CPO & Co-Founder

Randy Birdsall

Product and engineering leader who paired with Bleeker's go-to-market instincts. Together they bet on governing AI, not banning it.

Most AI security today is a wrapper around a chatbot. That is not security.
- Kunal Anand, Chief Product Officer, F5 (on the platform SurePath now powers)

Founding to acquisition

2023

Founded in Denver by Casey Bleeker and Randy Birdsall to solve the block-or-allow problem for enterprise GenAI.

NOV 2024

Closes a $5.2M seed round led by Uncork Capital, with significant participation from Operator Collective. Total funding reaches ~$6.3M.

2024-2026

Signs enterprise customers across finance, healthcare, education, and professional services - Georgia United Credit Union, Schellman, Caylent, vRad, Thresholds, Divine Savior Academy, C&R Software.

JUN 2026

Acquired by F5 (NASDAQ: FFIV). SurePath AI's technology anchors network-based AI discovery inside the newly launched F5 AI Security Platform.

Built for the CISO's blind spot

SurePath AI sells to enterprise security and IT leaders in exactly the industries where a leaked prompt is a headline: financial services, healthcare, education, and professional services. Named customers span a credit union (Georgia United), a compliance and audit firm (Schellman), a cloud consultancy (Caylent), a radiology group (vRad), a mental-health nonprofit (Thresholds), a school (Divine Savior Academy), and a fintech software maker (C&R Software).

Field notes · things that amuse and inform
  • The name is the pitch: a "sure path" between blocking AI and losing control of it.
  • Discovery runs at the network layer, so it catches shadow AI tools nobody told IT about.
  • Founder Casey Bleeker previously ran Cloud & Digital Velocity as VP & GM at CDW.
  • Founding to public-company acquisition took roughly three years - lean, fast, done.

The scene, rewritten

Return to that analyst pasting customer data into an unknown chatbot. In a SurePath-governed enterprise, the prompt still gets sent - the analyst keeps their productivity - but the sensitive fields are redacted on the way out, the interaction is classified and logged, and the tool that was "shadow AI" yesterday is a known, policy-bound quantity today. The security team isn't chasing a ghost. They're reading a dashboard.

That is the change SurePath AI set out to make, and it is why F5 folded the company into its AI Security Platform in 2026: not to add another chatbot to the pile, but to give security leaders the one thing prohibition never could - a clear view of what their people and agents are actually doing with AI. The block-or-allow trap was a false choice. SurePath AI just built the door in between.

Sources: SurePath AI, F5 press & blog, GeekWire, SecurityWeek, PRNewswire, FinSMEs, Crunchbase. Figures approximate where noted; deal terms undisclosed.