WitnessAI

One-liner — Inline “AI enablement” platform that gives security teams visibility, identity-aware access governance, and runtime guardrails over how employees and agents use AI.

Categoriesai-access-governance, ai-runtime-security

What it does

WitnessAI sits inline between users/apps and AI services and does three jobs (the “Observe / Govern / Protect” split): Observe — discover and audit which AI apps and models employees use, with per-interaction visibility and risk scoring (a CASB-for-AI / shadow-AI view); Govern — apply identity-aware access policy (who can use which AI tools for what, with redaction/blocking by role and data type); Protect — runtime guardrails that block prompt injection, multi-turn attacks, toxic output, and sensitive-data leakage. Its newer Agentic Control extends the same model to AI agents and MCP — tracking which agents and MCP servers/tools are active and what an agent is doing on a user’s behalf.

Where it sits in the stack

Primary slot is ai-access-governance (CASB-for-AI / shadow-AI control — the access-governance and visibility job), with a strong secondary in ai-runtime-security (the inline Protect guardrails). Because it’s an inline chokepoint on AI traffic, it covers all three core risks: it screens untrusted input (prompt-injection/jailbreak blocking), protects sensitive data (redaction/DLP on prompts), and controls outbound data flows (governing which AI destinations data can flow to). It’s a yellow-zone enforcement point in front of model and agent calls.

Deployment & architecture

Inline — proxy/gateway-style interception of AI traffic (browser/network/API paths) with policy enforcement and logging. Emphasizes an enterprise-first, single-tenant architecture for data sovereignty and compliance, with hybrid-cloud and edge deployment. Identity integration (IdP/SSO) drives the per-user policy; logs feed SIEM/SOC. Agentic Control adds MCP-server and tool visibility for agent governance.

Positioning & differentiators

Known for the “AI enablement, not blocking” framing — letting employees use AI under guardrails rather than banning tools. Differentiators: identity-aware governance (ties policy to user identity, not just network), single-tenant/sovereign deployment, and an early push into agentic + MCP governance. Founder/CEO Rick Caccia (ex-Palo Alto, Exabeam, Google marketing leadership) gives it strong enterprise-security GTM credibility. Nearest neighbors on access governance: harmonic-security, aurascape, cyberhaven, zscaler/netskope AI modules; on runtime: prisma-airs, prompt-security, lakera, cisco-ai-defense.

Ownership, funding & M&A

No seed M&A flag; confirmed independent. Founded 2023 by Rick Caccia (co-founder & CEO) and Gil Spencer; HQ Mountain View, CA. Raised $27.5M Series A (May 2024) led by GV (Google Ventures) and Ballistic Ventures (which incubated it), then a $58M Series B announced 2026-01-13 led by Sound Ventures (early OpenAI/Anthropic/SentinelOne investor) with Fin Capital, Qualcomm Ventures, Samsung Ventures, and Forgepoint Capital — $86.5M total. Independent as of 2026-06-28; the Series B is growth capital for global expansion and agent security. ownership_confidence: high.

CTO / hedge-fund lens

Day-1 for a hedge fund — the shadow-AI visibility + identity-aware access governance job is exactly what a fund needs first when employees start pasting data into ChatGPT/Claude: see what’s being used, stop MNPI/PII from leaking into prompts, and enforce role-based rules. Single-tenant/sovereign deployment is attractive for a fund unwilling to route prompts through a shared multi-tenant cloud. SR 11-7 angle is indirect (it’s a usage-control, not a model-validation tool), but the audit trail of AI interactions supports acceptable-use enforcement and surveillance/compliance needs (comms-surveillance adjacency). Fit high for the access-governance job; if you also want deep model-supply-chain or build-time red teaming, pair with hiddenlayer / promptfoo. Main caution: inline interception adds a latency/availability dependency and overlaps with SSE/CASB (zscaler, netskope) you may already own.

Competitors / alternatives

harmonic-security, aurascape, cyberhaven, prompt-security, prisma-airs, lakera, zscaler, netskope, wald-ai.

Open questions / to verify

  • Exact inline insertion modes (forward proxy vs. browser vs. API gateway) and supported AI destinations.
  • Whether the single-tenant architecture is customer-cloud, vendor-managed, or both.
  • Real-world latency/availability impact of inline enforcement at scale.

Sources

History

  • [2026-06-28] Stub created from seed registry.
  • [2026-06-28] Researched; CONFIRMED independent, set ownership_confidence high. Established founding 2023 (Caccia/Spencer; Mountain View), $27.5M Series A (May 2024, GV/Ballistic) + $58M Series B (2026-01-13, Sound Ventures) = $86.5M total. Documented Observe/Govern/Protect + Agentic Control; inline architecture. hedge_fund_fit raised to high.