The Denver startup that found a third door for enterprise generative AI - between "ban it" and "pray about it" - then got acquired by F5.
Somewhere in a mid-size enterprise right now, an analyst is pasting a spreadsheet of customer data into a chatbot the security team has never heard of. Nobody signed off. Nobody logged it. And nobody - until recently - could even see it happen. This is the exact moment SurePath AI was built for: not the demo, not the policy PDF, but the quiet, ungoverned prompt.
For most of the last few years, companies handled generative AI with one of two strategies, both bad. Strategy one: block it. Firewall the chatbots, forbid the tools, and watch employees route around you on their phones. Strategy two: allow it and hope. Neither is a plan. Both leave a CISO answering the same unanswerable question - "what is our workforce actually doing with AI, and what data is walking out the door?"
SurePath AI, founded in Denver in 2023 by Casey Bleeker and Randy Birdsall, decided the interesting problem was not building another AI tool. It was building the thing that watches the AI tools. Their bet: enterprises don't fear AI so much as they fear not knowing. Give them visibility, and "block it" turns into "govern it."
SurePath transformed our approach from blocking to enabling, offering a secure path for GenAI adoption.
Most AI security bolts onto a single approved chatbot. SurePath AI went lower - to the network layer. It watches AI traffic across the enterprise, sanctioned or not, without requiring a single application integration. It sees the tools IT approved and the ones nobody mentioned. Then it classifies the intent behind each interaction, redacts sensitive data before it reaches a public model, and keeps an audit trail an auditor can actually read.
Spot every AI tool in use - including shadow AI - from network traffic, no integrations.
→Detect unauthorized activity and read the intent behind each workflow and agent call.
→Redact sensitive data in prompts before it ever leaves for a public model.
→Apply role-based policy, log everything, and hand compliance a clean audit trail.
Caption: The magic isn't a smarter chatbot. It's the boring, invaluable ability to see the ones already in your building.
Finds sanctioned and shadow AI via network redirects and out-of-band analysis - no direct app integrations.
Detects unauthorized activity and traces agent tool calls and MCP server connections.
Detects and redacts sensitive data in prompts before it reaches public models.
Granular, role-based guardrails with group-membership sync for private models and data.
A branded interface that lets employees use approved AI while fitting existing workflows.
Captures every GenAI conversation for audit trails, usage insights, and reporting.
A career in enterprise software, previously VP & GM of Cloud, Digital Velocity at CDW. Saw the block-or-allow dilemma up close and decided visibility was the answer.
Product and engineering leader who paired with Bleeker's go-to-market instincts. Together they bet on governing AI, not banning it.
Most AI security today is a wrapper around a chatbot. That is not security.
Founded in Denver by Casey Bleeker and Randy Birdsall to solve the block-or-allow problem for enterprise GenAI.
Closes a $5.2M seed round led by Uncork Capital, with significant participation from Operator Collective. Total funding reaches ~$6.3M.
Signs enterprise customers across finance, healthcare, education, and professional services - Georgia United Credit Union, Schellman, Caylent, vRad, Thresholds, Divine Savior Academy, C&R Software.
Acquired by F5 (NASDAQ: FFIV). SurePath AI's technology anchors network-based AI discovery inside the newly launched F5 AI Security Platform.
SurePath AI sells to enterprise security and IT leaders in exactly the industries where a leaked prompt is a headline: financial services, healthcare, education, and professional services. Named customers span a credit union (Georgia United), a compliance and audit firm (Schellman), a cloud consultancy (Caylent), a radiology group (vRad), a mental-health nonprofit (Thresholds), a school (Divine Savior Academy), and a fintech software maker (C&R Software).
Return to that analyst pasting customer data into an unknown chatbot. In a SurePath-governed enterprise, the prompt still gets sent - the analyst keeps their productivity - but the sensitive fields are redacted on the way out, the interaction is classified and logged, and the tool that was "shadow AI" yesterday is a known, policy-bound quantity today. The security team isn't chasing a ghost. They're reading a dashboard.
That is the change SurePath AI set out to make, and it is why F5 folded the company into its AI Security Platform in 2026: not to add another chatbot to the pile, but to give security leaders the one thing prohibition never could - a clear view of what their people and agents are actually doing with AI. The block-or-allow trap was a false choice. SurePath AI just built the door in between.
Sources: SurePath AI, F5 press & blog, GeekWire, SecurityWeek, PRNewswire, FinSMEs, Crunchbase. Figures approximate where noted; deal terms undisclosed.