Seattle startup Glacis brings long-time Microsoft leader on board to navigate AI’s big blind spot
As a veteran engineer and product lead within Microsoft Azure, Rohit Tatachar saw that many companies were building AI systems that they couldn’t fully monitor or control in production.
In his new role at the beginning of Seattle, he is doing something about it.
Tatachar is now the co-founder and CTO of Glacis, which creates uninterrupted records of AI behavior — what CEO Joe Braidwood called “the flight record of enterprise AI.” His arrival comes as Glacis launches new open source tools for monitoring and controlling AI agents.
Glacis, first covered by GeekWire in November 2025, was started by Braidwood and Dr. Jennifer Shannon, a psychiatrist and adjunct professor at the University of Washington.
The company grew from a hard lesson: Braidwood’s previous startup, Yara, an AI-powered mental health tool, had to be shut down after realizing that the models deviated from their intended behavior during long interviews with vulnerable users.
After writing about the shutdown of LinkedIn, regulators, doctors, engineers and insurance managers reached the same realization: when AI systems make decisions, no one can independently verify whether security controls are actually working.
That was the spark of Glacis.
How does this work: The startup’s main product, called Arbiter, sits in the path of every conceivable AI call and creates a signed record of input, active security checks and the final result.
A record cannot be changed after the fact. At scale, a system Glacis calls the Witness Network makes those records readable.
Customers can choose to use the system in “shadow mode,” which observes without intervention, or in enforcement mode, where it inhibits AI behavior.
Shannon, Glacis’ chief medical officer, said the numbers are the highest in health care. As a practicing child psychiatrist, he has seen AI-powered local scribes manipulate the contents of his clinical notes, including making prescriptions for medications he never made.
“I would like to be able to go back and see every step of how the AI model made that decision,” he said. “If there’s no infrastructure for that, who’s to blame? Nobody’s going to sue AI. It’s me.”
The main challenge: Tatachar has worked at Microsoft across two divisions spanning nearly 19 years, most recently as principal product manager on the Microsoft Foundry team, its platform for building and deploying enterprise and agent AI systems.
He said he’s seen companies build tools and proof-of-concepts but struggle to bring AI to production because they can’t explain or validate what their systems are doing.
There are three sides to the problem, he said: the basic state of the customer’s infrastructure, the model’s behavior, and what is known as “target drift,” where the system behaves differently than the customer intended, even if the underlying model is working normally.
Glacis monitors shipments to all three. “It’s only when you combine these three that the customer has a real idea of what happened,” said Tatachar.
New releases: Glacis releases auto-redteam, an open source tool that automatically attacks AI systems at multiple levels of vulnerability, then generates fixes and validates their functionality.
The company has also published OVERT 1.0, a standard for what it calls “virtual proof of runtime trust,” which is intended to give organizations a framework for building virtual AI security into their operations.
The launch comes at a changing time for AI agent security. OpenClaw, an open agent AI framework, has attracted hundreds of thousands of developers since its launch in late 2025, but its adoption has quickly outpaced its security architecture.
Major cyber security firms including CrowdStrike and Cisco have published security risk analysis alerts in the framework. Braidwood said this shows the need for an infrastructure that can implement security controls during operations, not just pre-deployment exercises.
Target market: The company focuses on clients in healthcare, fintech and insurance.
It signed two pilot deals at the JP Morgan healthcare conference earlier this year, and three more are in the works. Braidwood said the company sees health care as its entry point, but is looking at the bottom line in any AI deployment.
New development this week: Glacis is also opening a waiting list for a $49 per month beginner plan that includes red collaboration, enforcement and cryptographic proof for up to 10,000 AI events per month. The $499 pro tier includes up to 100,000 events.
Braidwood said the move is a deliberate shift in making the technology accessible beyond the regulated businesses and design partners the company has worked with to date.
Broad landscape: AI analytics and security is a booming market, with well-funded startups and large companies offering runtime monitoring and business AI analytics.
Braidwood said Glacis differentiates itself by focusing on cryptographic validation — not just finding problems but generating irrefutable evidence that security controls are working, which he said can help companies negotiate insurance and satisfy regulators.
Sponsorship: Glacis has raised $575,000 from a group of investors that includes Geoff Ralston’s Safe Artificial Intelligence Fund, Mighty Capital, Sourdough Ventures and AI2 Incubator.
It’s also part of Cloudflare’s Launchpad program and Seattle’s third Plug and Play cluster. Braidwood said the company hopes to close the seed round by the end of the year.
Team: Glacis has five employees, including three founders and two engineers.
Tatachar said the company’s sixth “employee” will be an AI agent tasked with handling SOC 2 compliance with Vanta. The team writes its core cryptographic code in Rust and uses Claude, Codex, and ChatGPT throughout its workflow.
“We have a company of 100 people,” Braidwood joked. Five of them are physical, and the rest are in the cloud or on the table.
