Rohan Sathe, Co-Founder & CEO of Nightfall – Interview Series

In the early days, we wanted to use machine learning to discover and protect sensitive data wherever it lives across cloud apps and modern workflows. When we came out of stealth in 2019, we positioned ourselves as a cloud-native, ML-powered SaaS DLP solution with a vision of building the ‘control plane for cloud data.’ As we expanded beyond SaaS to cover data exfiltration across endpoints and generative AI, ‘AI-native DLP’ became our umbrella term.

Before starting Nightfall, you were a founding engineer at Uber Eats, where you saw firsthand how data spread across SaaS and cloud tools. How did your experiences there shape your perspective on data security, and what specific moments or challenges sparked the idea for Nightfall?

At Uber Eats, I was leading backend teams and building applied ML services—things like ETAs and supply and demand forecasting. We were dealing with petabyte-scale data spread across many different systems, which is an environment where sensitive information can move really quickly and often invisibly. That experience, combined with what the whole industry learned from incidents like Uber’s 2016 breach—where attackers basically leveraged credentials that were exposed in code on GitHub to reach AWS data—really highlighted how this combination of data sprawl, credentials, and cloud infrastructure creates this outsized risk without better detection and guardrails. Those realities shaped Nightfall’s focus on context-aware discovery and prevention right from the start.

Nightfall launched publicly in 2019 with Series A funding. Can you walk us through the early journey from stealth mode to launch, including any key inflection points?

We operated in stealth for about a year, then launched officially I on November 7th, 2019 with $20.3 million in funding led by Bain Capital Ventures and Venrock. The early inflection points really revolved around building out broad SaaS integrations and developing higher-accuracy ML-based content classification that could reduce the false positives that plagued legacy DLP solutions.

Shadow AI refers to the unmonitored use of tools like ChatGPT, Gemini, and Copilot in the workplace, often resulting in invisible data leaks. How do you define Shadow AI, and why is it such a growing concern for modern organizations?

We define Shadow AI as the unauthorized or unmonitored use of AI tools by employees—think pasting source code or customer data into chatbots—which creates exposure risks outside of IT governance. This definition aligns with what we’re seeing from other industry players like IBM and Splunk. Shadow AI is essentially AI being used without approval or oversight, which introduces these blind spots and potential data exfiltration risks. The combination of easy-to-use Generative AI apps and the lack of proper controls is why this problem is growing so rapidly.

You’ve described multiple ways that Nightfall’s approach to Shadow AI differs from traditional DLP. Which of these features—whether it’s context-aware monitoring, data lineage, or real-time blocking—has proven most impactful for your customers?

From what we consistently hear from customers, there are really two main levers that make the biggest difference. First is pre-submission controls—actually catching sensitive content before it’s sent to AI tools or posted on the web. Second is our AI-native detection that moves beyond legacy pattern-matching to understand data lineage and context.

What’s really powerful is our noise reduction through continuous learning. Our system understands content and file lineage, learns from user annotations and actions, and identifies safe workflows to suppress low-risk activity. This dramatically reduces false positives compared to legacy DLP solutions. We’re also doing real-time threat detection and risk prioritization using LLMs, transformers, and computer vision, with custom file and sensitivity classifiers that can uncover movement of intellectual property and high-value documents that go way beyond simple rules-based entity detection. Our customers tell us they’re seeing this transformation from alert fatigue to focused, high-impact security actions.

How does Nightfall’s browser-based and endpoint-native detection system stop leaks before they happen, and how does that compare to legacy DLP systems that only detect breaches after submission?

Our browser extension and endpoint agents actually scan prompts and files before they’re submitted. We can redact or block risky content in real time—so before a ChatGPT prompt is sent, for example. We’re also tracing lineage so security teams know if a file originated in a corporate system. We deploy on macOS and Windows with Chrome and Firefox extensions that provide this before-you-send redaction and upload blocking functionality. This is a pretty stark contrast to legacy DLP, which is mostly about after-the-fact detection.

Nightfall has expanded significantly since its founding. How have enterprise security needs evolved over that time, and how has your product adapted in response?

The landscape has really shifted dramatically. We started with SaaS scanning—think Slack and Google Drive—around 2020-2021. Then Generative AI guardrails became critical starting in 2023, and now we’re seeing this urgent need for autonomous, intelligent threat prevention that can scale with organizational growth.

Security operations teams are struggling with increasingly complex tools, legacy pattern-matching DLP, constant manual policy tuning, and just crushing alert fatigue. These issues slow investigations, increase overhead, and reduce security effectiveness. Our product evolution has tracked this shift from reactive and manual operations to proactive, intelligent automation. We announced Generative AI coverage in 2023, expanded to exfiltration prevention, encryption, and email protection in 2024, and now with Nyx, we’re ushering in what we see as the next era of agentic AI in data protection—transforming alert fatigue into focused, high-impact security actions across SaaS, endpoints, and AI tools.

You recently introduced Nightfall Nyx, which you describe as the industry’s first autonomous AI-native DLP platform. What makes it autonomous, and what problems does that solve for security teams?

Nightfall’s AI detection platform already delivers highly accurate, low-noise results — 95% precision compared to the 5–30% typical of traditional regex or rules-based DLP. Sitting on top of that foundation, Nyx is the AI-intelligence layer that helps security teams investigate, correlate, and understand risks.

Even after the noise is gone, the real work begins. In large organizations, SecOps teams can still face hundreds of legitimate alerts every day. Sifting through them to separate business-approved workflows from risky data hygiene issues or insider threats can eat up hours. Nyx takes on this investigative heavy lifting — accelerating analysis so teams can focus on action, not searching and sorting through pages of alerts.

Nyx connects the dots across exfiltration events — users, domains, devices, data types, file names, and more — surfacing patterns instantly. Through her natural-language interface, analysts can act on patterns, investigate findings, produce reports, and get recommended actions in seconds. Tasks that once took two hours can now be done in under two minutes — a true 20× time-savings game-changer.

With generative AI usage exploding in workplaces and security teams struggling to keep up, do you believe tools like Nightfall will become a default layer of control for enterprise environments?

I think the trajectory suggests yes. We’re seeing widespread Generative AI adoption plans across enterprises, and major platforms like Microsoft Entra Internet Access are rolling out inline, pre-submission controls for Generative AI traffic. When you pair that with the industry consensus around Shadow AI risks, it’s reasonable to expect pre-submission, AI-aware DLP to become a default control layer alongside things like identity and access management and endpoint detection and response.

Finally, as a founder building in such a fast-moving space, what’s your long-term vision for Nightfall and the role of AI in enterprise data protection?

Our long-term vision builds on what we articulated at launch—to be the control plane for cloud data—but now we’re extending that with autonomous operations and agentic AI capabilities. We envision a future where security posture improves continuously without piling more work on analysts, where AI eliminates the need for specialized domain expertise, and where organizations can shift from reactive, manual security operations to proactive, intelligent threat prevention.

In practice, that means AI that both understands data in context and takes safe, intelligent actions—investigate, coach, redact, block—across SaaS, endpoints, email, and Shadow AI. We want to close the loop from detection to prevention, giving security teams an always-on intelligent partner that gets smarter with every investigation and transforms weeks of manual forensics into minutes of focused response.

Thank you for the great interview, readers who wish to learn more should visit Nightfall.