AI Security + Governance
Mountain View, CA — the company that watches the watchers.
WitnessAI
The confidence layer for enterprise AI. Every prompt. Every agent. Every model. In real time.
Mountain View, CA — the company that watches the watchers.
The confidence layer for enterprise AI. Every prompt. Every agent. Every model. In real time.
There's a scene playing out in IT security departments everywhere right now. A CISO opens a dashboard and sees hundreds of employees using AI tools the company never approved. Somewhere in those conversations, financial data was pasted into a chatbot. A contractor asked an AI agent to search internal documents. A developer's coding assistant quietly connected to a third-party MCP server. No one noticed. Nothing stopped it.
WitnessAI noticed. And it stopped it.
Founded in 2023 and incubated within Ballistic Ventures - a VC firm that exclusively bets on cybersecurity - WitnessAI built a platform around a single uncomfortable truth: enterprises are deploying AI faster than they can govern it. The product operates at the network layer, cataloging every AI interaction across employees, models, applications, and agents, then enforcing behavioral policies in real time. No code changes. No browser extensions. No gaps.
"AI security, if not reimagined from the ground up, will be the constraint that limits everything else."
- Rick Caccia, CEO & Co-Founder, WitnessAIRemember shadow IT? Employees spinning up cloud tools the company never approved, creating data sprawl and compliance nightmares? That problem took a decade to manage. Shadow AI is moving on a faster timeline, and the consequences are different in kind, not just degree.
When an employee pastes customer PII into ChatGPT, they're not circumventing a file-sharing policy. They may be violating GDPR, PCI DSS, or industry-specific regulations - without knowing it, and without leaving a trace in any existing security tool. Traditional firewalls see encrypted traffic as a tunnel. DLP tools focus on files. SIEM platforms log events after the fact. None of them were built to understand what a prompt actually means, or what an AI agent is actually doing.
WitnessAI decided the answer wasn't to bolt AI governance onto existing security tools. It was to build a new category from scratch - one that understands intent, not just patterns.
Relative prevalence of AI threat categories in enterprise environments - based on industry research. "Turns out 'don't use unapproved tools' is less of a policy and more of a wish."
Rick Caccia spent years at Palo Alto Networks building security products before spending time at Google and Red Canary. Gil Spencer had already built and sold two security companies - IronKey (hardware-encrypted USB drives, acquired by Imation) and Marble Security (mobile security, acquired by Proofpoint) - plus a stint engineering Mac software at Apple in the Quicktime era. When they co-founded WitnessAI, they weren't guessing at what enterprises needed. They'd watched the playbook fail before.
The bet: enterprises won't slow down AI adoption, and telling them "no" isn't a product. The only winning strategy is a platform that makes "yes" safe.
Former SVP Marketing at Palo Alto Networks (security ops & threat intelligence division). Product and marketing roles at Google, Symantec, and Red Canary. UC Berkeley graduate focused on making enterprise AI governance practical, not punitive.
Serial security founder: built IronKey (acquired by Imation) and Marble Security (acquired by Proofpoint). Earlier career at Apple in System Software and QuickTime, and built the first Mac DVD player at E4. Has a habit of solving problems others don't know they have yet.
"I don't want to be Doctor No when it comes to AI. I want to help our employees use it to be better."
- Rick Caccia, CEOThe WitnessAI platform has three modules, and the sequencing is deliberate. You can't protect what you can't see, and you can't control what you haven't protected.
Discovers and catalogs every AI tool in use across the organization - employee chatbots, developer tools, internal models, AI agents, and MCP servers - without installing agents or browser extensions. Shadow AI becomes visible before it becomes a problem.
Intent-based detection engine that analyzes the meaning behind prompts - not just keywords - to block prompt injections, jailbreaks, and data exfiltration in real time. Detects multi-turn attacks and indirect injections hidden inside documents. 99%+ accuracy.
Behavioral policy enforcement by role, department, and data type. Real-time redaction, audit trails, and regulatory reporting. PCI DSS 4.0.1 controls included out of the box. Governs human employees and AI agents with the same rule engine.
Automated red-teaming tool that stress-tests LLMs before production deployment using multimodal attacks, multi-step jailbreaks, fuzzing, and reinforcement-learning simulations. Find the vulnerabilities before adversaries do. Supports 100+ LLM types.
As enterprises move from chatbots to AI agents, WitnessAI extends governance to MCP server connections, tool access, data sharing, and agent decision chains. Human-agent identity connection provides full explainability for every autonomous action.
Rick Caccia and Gil Spencer co-found WitnessAI within Ballistic Ventures, a cybersecurity-focused VC firm.
Led by GV (Google Ventures) and Ballistic Ventures. Unveiled the AI safety platform publicly.
Platform becomes commercially available to enterprise customers across regulated industries.
Released with PCI DSS 4.0.1 compliance controls and agentless remote employee monitoring. SC Awards finalist for Best Compliance Solution.
Automated red-teaming and next-generation AI firewall protection announced for enterprise LLMs. 99%+ prompt injection detection validated.
Named to Fortune's Cyber 60 list alongside 500% ARR growth and 5x headcount expansion milestones.
Led by Sound Ventures with Fin Capital, Qualcomm Ventures, Samsung Ventures, and Forgepoint Capital. Agentic security and MCP governance launched.
NTT DATA Japan partnership announced. WitnessAI integrated into NTT DATA's "Responsible and Secure AI" service for Japanese enterprises.
The financial services sector, utilities, airlines, automotive, retail, and telecoms share something besides good lawyers: they cannot afford an AI incident. Customer data, regulated transactions, proprietary models - the downside of getting AI governance wrong is not an awkward press release. It is regulatory fines, customer loss, and potential liability.
SK Telecom, one of South Korea's largest telecom carriers, deployed WitnessAI to secure GPT-4 implementations handling Korean-language customer conversations. Telecommunications is a category where customer data flows at enormous scale and where one prompt injection could expose millions of records. That's not a beta customer. That's a proof point.
The company's 500% ARR growth in 2025 and 5x headcount expansion suggest the proof point is not an anomaly. Strategic investors Qualcomm Ventures and Samsung Ventures - both with direct interests in enterprise AI deployment at scale - joined the Series B in January 2026, adding industrial weight to the financial backing of Sound Ventures and existing investors Google Ventures and Ballistic Ventures.
"The platform can distinguish between a CFO legitimately analyzing financial data via AI and an employee trying to exfiltrate the same data. Same query. Very different intent."
- WitnessAI platform documentationWitnessAI is not trying to replace existing security infrastructure - it's threading into it. Partnerships with system integrators and hardware vendors let the platform reach organizations that can't rip and replace their stacks.
Strategic reseller agreement. WitnessAI integrated into NTT DATA's "Responsible and Secure AI" service for Japanese enterprises, aligned with Japan's AI Promotion Act.
Managed security and compliance services partnership. Combines TENEX.AI's managed services wrapper with WitnessAI's platform for organizations that want governance without standing up a security team.
Integration with F5 BIG-IP platform for encrypted GenAI traffic visibility. Catches AI usage that hides inside HTTPS, which is almost all of it.
AI chatbots were the opening act. The real transformation is AI agents - systems that don't just answer questions but take actions: querying databases, writing code, sending emails, booking meetings, executing API calls. Enterprises are already deploying them. The Model Context Protocol (MCP) is connecting agents to tools at a rate that makes 2024's shadow AI problem look quaint.
WitnessAI launched agentic security capabilities in January 2026 specifically because the governance gap isn't shrinking - it's widening. The platform now fingerprints MCP servers, categorizes their functional capabilities (software development, research, data access), tracks tool access in real time, and creates a human-agent identity connection so every autonomous action has a traceable owner. When an AI agent takes action on behalf of an employee, WitnessAI treats it as an extension of that employee's access policy.
That design choice matters. Most security tools govern people. WitnessAI governs both people and the AI acting on their behalf from the same policy engine. As AI agents become a core part of the enterprise workforce, that distinction becomes the entire product.
Fortune Cyber 60 - top venture-backed cybersecurity companies, 2025
500% ARR growth in 12 months through 2025
Over 99% detection rate for prompt injection attacks
Active in Japan, Korea, US - and expanding globally post-Series B
"The next 18 months in AI governance? It's going to move fast."
- Rick Caccia, CEOHere's what the opening scene looks like now: a CISO opens the WitnessAI console. The dashboard shows every AI interaction across the organization, categorized by risk, flagged by policy, traceable to an identity. An agent tried to connect to an unapproved MCP server at 2:47 AM. The connection was blocked automatically. The incident report is already generated. Nobody had to notice because the platform noticed for them.
That's not a vision statement. It's a product demo. The gap between enterprise AI ambition and enterprise AI governance is exactly the gap WitnessAI was built to close - and it's closing it one blocked prompt at a time.