The AI Security Reckoning with WitnessAI’s CEO, Rick Caccia

If there’s one thing Rick Caccia has earned over three decades in the Valley, it’s perspective. He has watched tectonic shifts reshape the industry again and again - the rise of the web, the explosion of mobile, the move to cloud and now, the Great Acceleration: AI.

So when Rick says this wave reminds him of the early web, you pay attention.

He still remembers walking into companies in the late ’90s explaining the mind-bending idea that you could connect a webpage to a database. Executives stared blankly, puzzled as to why anyone would check their bank balance in a browser when an ATM already existed. Today, their confusion sounds absurd. And Rick believes AI is about to hand us that same sense of retrospective disbelief.

Enterprises are racing ahead, desperate not to fall behind, yet no one truly knows what the “AI enterprise era” will look like. Rick shared a moment that captures this perfectly: a global investment bank experimenting with 500 internal AI projects. How many would be in production the following year? Zero. Not because AI lacks potential but because no one fully understands yet how to implement it safely.

That uncertainty is where Rick lives. And where WitnessAI is thriving.

Security teams have always relied on predictability. Web attacks had signatures. Databases returned deterministic answers. Networks behaved according to rules.

AI does not.

A large language model is not a data store - it's a probabilistic reasoning engine. Its outputs shift. It learns. It can be manipulated conversationally. And its users often have no idea what they’re exposing when they interact with it.

The traditional security stack simply wasn’t built for this world.

Rick explains the shift through a simple but powerful framing: data scanning versus intention.

Legacy DLP tools search for suspicious strings - keywords, patterns, regular expressions but AI leaks don’t look like strings. They look like behaviors: a summer intern dumping proprietary pharma research into ChatGPT "to summarize before a meeting." The intern isn’t malicious. But the damage is the same.

And so Rick argues security can’t simply track what went out - it must understand what the user was trying to do.

AI security becomes less about blocking, and more about interpreting motivations, steering safe usage, and preserving productivity. It’s a philosophical shift as much as a technical one.

Rick doesn’t believe the major architectural disruption has hit yet. For now, most AI appears at the application layer - Salesforce, Grammarly, Microsoft - quietly embedding intelligence into everyday tools.

But the real tectonic change will come with agentic computing.

The moment every device can run local agents with deep system access, we reopen old attack surfaces that the industry spent decades closing. And the security community is not yet ready for a world where every desktop acts as its own autonomous decision-maker.

That’s the next frontier and Rick sees it coming faster than people expect.

When Rick and his co-founder first started WitnessAI, they assumed the existential threat would be “evil AI attacking your AI.” It sounded cinematic. It sounded future-proof.

It also turned out to be wrong.

CISOs across the industry told them the real crisis was much more fundamental: employees were already using AI everywhere, with sensitive data, across tools no one had approved or even knew existed.

Marketing teams uploading customer databases. Developers pasting proprietary source code. Lawyers feeding contracts into public models. Every employee, in every department, trying to reinvent their job with AI and no way for leadership to see it or shape it.

WitnessAI became the guardrail system enterprises needed: invisible, sophisticated, intention-aware control that sits across the network and safely mediates every AI interaction. Not blocking productivity but amplifying it, securely.

The proof? A global telco flipping the switch for 150,000 employees in just 10 days, with the CISO declaring to the board: “No Witness, no AI.”

For a startup, that is not just validation - it’s velocity at enterprise scale.

Rick laughs about the “dog that caught the car” moment - the sudden realization that the world’s biggest companies wanted WitnessAI, and they wanted it now.

But scaling wasn't about brute force; it was about elegance. A lightweight integration with identity systems like Okta. A connection to existing proxies like Zscaler or Palo Alto. A design philosophy that never required endpoint agents or invasive deployments.

And when a customer’s global identity system stitched together thousands of roles into a barely decipherable mess? The team trained an internal AI model in days to harmonize it. That speed - that willingness to race toward complexity instead of backing away - is what built trust.

Rick puts it simply: “The moving fast is how you earn the trust.”

One of the most compelling parts of our conversation came when Rick described the cultural rewiring happening inside corporate security teams. Historically, security’s unofficial mandate was: say no.

Don’t click that link.
Don’t use that app.
Don’t share that data.

But AI rewrites that playbook entirely.

CISOs tell Rick they can’t be the “Department of No” anymore. They must become enablers - the ones who make AI adoption possible, not prohibited. They are being pulled into product strategy, productivity workflows, and the very fabric of how employees get work done.

Security becomes a growth driver, not a guard tower.

That shift in mindset is as significant as any shift in technology.

Rick has lived through eight startups over 30 years, and describes a world unrecognizable from his early career:

Software once shipped on CDs - physical discs that took weeks to manufacture.
Startups were local - recruiting limited to whoever lived within 20 miles.
Branding was an afterthought.
Everything moved slowly.

Today the tempo is violent. Distributed teams, AI-supercharged engineering, hyper-competitive markets, metrics-driven everything, and companies reaching tens of millions in revenue with only a handful of developers.

But beneath all this acceleration, Rick insists some things are unchanged and immovable:

You still need a real problem.
You still need a product that solves it better than anything else.
You still need a team that works well together.
And you still must accept that most startups - even good ones - simply won’t make it.

His honesty is refreshing. Some of the most painful failures, he says, were also the most meaningful - the ones where the culture was strongest, the bonds deepest, and the lessons unforgettable.

Rick’s view on failure is elegant in its simplicity: Most startups fail because they build something for a market that never materializes.

Sometimes you miss the wave.
Sometimes you're too early.
Sometimes technology shifts under your feet and wipes the problem away entirely.

But when you catch the right wave - when the market is erupting in real time, when customers are desperate for help, when demand keeps outpacing your capacity - that’s when a startup becomes inevitable.

WitnessAI is surfing that wave.

Rick Caccia speaks with clarity, humility, and the hard-earned wisdom of someone who has built companies through multiple ages of technology. His view of AI is refreshing not because it’s optimistic, but because it’s grounded.

AI will be everywhere.
AI will become invisible.
AI will redefine productivity.
And AI security, if not reimagined from the ground up, will be the constraint that limits everything else.

WitnessAI is Rick’s answer to that constraint - a company built to enable, not restrict; to accelerate, not impede; to let enterprises embrace the future without fear of losing themselves in it.

And in Rick’s own words, that may just be the final startup he ever builds but in the Valley, as he joked, you never really know.

Until next time,

Firas Sozan
Your Cloud, Data & AI Search & Venture Partner

Find me on Linkedin: https://www.linkedin.com/in/firassozan/
Personal website: https://firassozan.com/
Company website: https://www.harrisonclarke.com/
Venture capital fund: https://harrisonclarkeventures.com/
‘Inside the Silicon Mind’ podcast: https://insidethesiliconmind.com/