Agentic AI
,
Artificial Intelligence & Machine Learning
,
Next-Generation Technologies & Secure Development
Startup Targets MSSPs and MDR Vendors, Shadow AI Detection and Global Growth
An artificial intelligence security startup led by a former Palo Alto Networks executive raised $58 million to scale product innovation and international expansion.
See Also: Proof of Concept: Bot or Buyer? Identity Crisis in Retail
Silicon Valley-based WitnessAI plans to use the strategic funding to build enhanced policy enforcement, tailored offerings for managed service providers and localized interfaces for international growth, said CEO Rick Caccia. WitnessAI already offers shadow AI detection, tracking of LLM-issued commands and an intention classification model that evaluates whether an agent’s actions align with prompt intentions.
“We’ve taken down as customers the top three leaders in six different big industries,” Caccia said. “And we looked ahead and said, ‘The market looks great. It’s pulling this out. We’re seeing the international demand, and it was time to put extra gas in the tank and push the gas on this thing and grow internationally.”
WitnessAI, founded in 2023, employs 73 people and previously closed a $27.5 million Series A funding round in May 2024 co-led by GV and Ballistic Ventures. The company has been led since its inception by Caccia, who previously led marketing for Palo Alto Networks’ Cortex and Unit 42 businesses, Red Canary, Google’s cloud security products, Google’s Chronicle security operations platform and Exabeam (see: AI’s Cyber Impact in Focus at ISMG Virtual AI Summit).
Why Two-Way Observability Matters in Agentic AI
Caccia said the latest $58 million round is large enough to support international expansion and long-term growth, but not so large that it would result in unnecessary dilution. The round was led by Sound Ventures, which is known for early stakes in OpenAI and Anthropic and brings strong AI ecosystem connections, and includes investors that provide exposure to financial services and edge computing.
“That was a good number that got us where we needed to go,” Caccia said. “It’ll get us through the next couple of years. And we didn’t want to take more and dilute more, and I didn’t want to take less and be short on cash.”
WitnessAI’s product focus in 2026 includes detecting unregistered AI agents running in the network, observing the flow of commands between large language models and agents and applying proprietary models to analyze the intention of actions. A network-based approach helps WitnessAI operate at the infrastructure level, giving it visibility into all AI activity without requiring installation on individual devices, Caccia said.
“You could say, ‘Hey, this agent got a prompt to optimize your file system, and what they’re actually doing is deleting all your files. That doesn’t sound like it’s in line with the intention of the prompt. Maybe we should stop this thing before it wipes your system out,'” Caccia said.
Not only can WitnessAI track the prompts sent to agents and the tools they’re authorized to use, but it can also see the commands issued by the LLMs in response. This two-way observability gives security teams complete context into what AI agents are being asked to do and what they’re actually doing. The company’s purpose-built LLM analyzes whether an agent’s actions align with the original prompt.
“By and large today, agents have all of the authorization and access rights of the human they are an agent for,” Caccia said. “If the agent has all of my access and authorization rights, it may actually go do something stupid. We want to control what the agent says to their LLM brain. But I also want to control what comes back, because if that brain somehow got hijacked, we want to be able to control it.”
Why MSSPs, MDR Vendors Are Clamoring for WitnessAI
WitnessAI began with employee usage of AI tools, focusing on data leakage prevention, intention classification and bi-directional prompt control. The company then launched Witness Protect, aimed at B2C chatbot protection from risks like prompt injection and unauthorized LLM outputs. WitnessAI’s platform approach helps them to serve all these needs from a single control point, Caccia said.
“Because we already run in the network at a company, when a random developer builds an agent and deploys it in the corporate network, we actually see it,” he said. “So, we can tell a security department, ‘Here are all the agents,’ whether they’re home-built or someone rolled in some SaaS agent. We see not only what the agent tool calls are, but also what the LLM brains are telling them to go do.”
MSSPs and MDR firms are being asked by their own clients how they plan to support secure AI adoption, but many lack the internal capabilities or tools to do so, Caccia said. Instead of a packaged platform with its own console and logging system, MSSPs want API-driven access so they can plug WitnessAI’s features into their own management environments. WitnessAI is working on modularizing its platform, he said.
“You can imagine those end customers are asking their managed service providers, ‘Hey, we’re adopting AI. How are you going to help us do that in a safe and secure way?'” Caccia said. “And for a lot of these guys, the answer is, ‘We don’t really know. We don’t have an answer.'”
In enterprise deals, WitnessAI most frequently faces large incumbent security vendors such as Zscaler for employee compliance, Palo Alto Networks via Protect AI for chatbot security and Google with Model Garden in some agentic use cases. In contrast, WitnessAI offers protection across employees using third-party tools, customers interacting with AI bots and developers deploying autonomous agents, he said.
“We see different big companies depending on the use case,” Caccia said. “The alternative to us is buy three products, one for employees, one for customers, one for developers and agents, and somehow knit all the stuff together. It’s a mess.”