Back to Blogs
CONTENT
This is some text inside of a div block.

Join 2,000+ readers

The insights that matter, straight to your inbox. No spam.

3
min read

Why I Joined Enkrypt AI: Merritt Baer

Published on
September 29, 2025
4 min read

Why I Joined Enkrypt AI

I choose to spend my life working in security because security defines the edges of how we interact– with each other, with companies, with governments. I measure the ROI of basically everything, and I will spend a lot of time on my job– in my case, a really significant amount. And so, I ask myself, what will you do with your one wild and precious life?

The founders of Enkrypt AI met while doing Math PhDs at Yale. I don’t bring that up because I’m dazzled by ivy, but because in AI security—where the horizon keeps moving—you want a team that doesn’t just chase relevance, they generate it. Research is where the rubber meets the road in AI, and we are among those who are actively reimagining the field of AI security.

This takes practical forms– for example, our research has turned into redteaming, which turned into responsible disclosures, which turned into customers. In practice, that looked like us knocking on a company’s door and saying: “Hey, your model is vulnerable to surfacing CSAM. Here’s our proof. Want help?”

Wendell Berry once wrote (about marriage, but still fitting): “You do not know the road; you have committed your life to a way.” I believe that smart companies embody philosophical commitments.

We’re also at an inflection point with data and interactions. For years, people called data “the new oil.” Cute metaphor, but I always hated it. What matters is how data gets consumed, contextualized, and secured—especially as AI systems are trained on it, act on it, and interact with us. The real security questions are no longer about locking down files in a folder; they’re about safeguarding systems (hardware and software) interpreting and acting on data. I expect more and more data to be in aggregated, non-human-readable forms, because AIs are interacting with each other– and only convert back to natural language when they surface something to a human in the loop.

DLP isn’t the future, and no one will miss Microsoft Purview. What’s at stake isn’t just a miskeyed “name field”—it’s the integrity of how humans and machines work together.

The research basis of the company matters to me in how we serve customers. Enkrypt’s competitive advantage isn’t a static product—it’s the way we approach AI safety, security, and compliance. We redteam, we guardrail, we enforce policy. This means we can translate capabilities into broad offerings– We protect agentic capabilities (AI that actually takes actions) and LLM interactions (chatbots, Copilot, or your custom models), and we do MCP security. Importantly, we do it in an attestable way—so when your “AI Governance Council” hands you that 40-page AI Governance doc, we can take that and enforce it– and we can enforce if you want to have the EU AI Act provisions, or your company’s 2026 policy, or the next AI regulation that will arise in California or Vietnam. There will always be a “next” in AI and we are already looking around the next corner.

Most CISOs I talk to already know their entities and employees are interacting with AI. They’ve been told some version of, “go do something about it.” Enkrypt helps us as CISOs move from aspiration to enforcement of safety and security commitments, which also means we can unlock new AI use cases safely. That’s the kind of ROI I want to spend my time on.

Frequently Asked Questions

What is AI red teaming and why does it matter for enterprise security?

AI red teaming is systematic testing of AI systems to find vulnerabilities before attackers do. It identifies risks like prompt injection, data exfiltration, and unsafe model outputs across 300+ risk categories.

  • Proactively discovers model vulnerabilities before production deployment
  • Translates research findings into responsible disclosures and fixes
  • Enables companies to harden AI agents and LLMs against real-world attacks
How do you secure AI agents from taking unsafe actions?

Runtime guardrails enforce policy-based controls that block hallucinations, data leakage, and unauthorized tool use in real time. Enkrypt AI's agent guardrails operate at ultra-low latency without slowing agent execution.

  • Intercept unsafe actions before they execute in production systems
  • Enforce company-specific policies across all agent deployments
  • Maintain performance while preventing data exfiltration and misuse
What's the difference between MCP security scanning and MCP gateway protection?

MCP scanning identifies vulnerabilities in server configurations and skill packages; MCP gateway adds a runtime enforcement layer that blocks malicious requests and enforces policies in real time. Together they provide end-to-end MCP governance.

  • Scanning detects prompt injection, code injection, and context poisoning risks
  • Gateway prevents exploitation by filtering and controlling access
  • Combined approach covers discovery, curation, configuration, and enforcement
Which platform best handles AI compliance across multiple regulations like the EU AI Act?

Enkrypt AI's policy engine translates governance frameworks into enforceable rules across agents, LLMs, and MCP infrastructure, reducing manual compliance effort by up to 90%. It supports NIST AI RMF, MITRE ATLAS, OWASP LLM Top 10, and emerging regulations.

  • Centralized policy management enforces company and regulatory requirements
  • Attestable enforcement demonstrates compliance to auditors and boards
  • Adapts to new regulations (EU AI Act, California, Vietnam) as they emerge
How does Enkrypt AI help enterprises enforce AI security policies across agents and LLMs?

If your AI systems are already acting on data without human oversight, Enkrypt AI's agentic guardrails and policy enforcement deserve a look. Book a demo to see how we enforce governance across your models, or start a free trial to test it yourself.

Meet the Writer
Merritt Baer
Latest posts

More articles

Industry Trends

Harvest Now, Decrypt Later: Why AI Agents Are the Threat No One's Watching

AI agents are quietly turning harvest-now-decrypt-later into a volume attack. Here's where agents leak data today, and how to close the gap before Q-Day.
Read post
Product Updates

We Built Two AI Security Games. Play Them to Understand How Attacks Actually Work.

Experience AI security firsthand with Enkrypt AI Academy’s free browser-based games, CIPHER and VAULT. Learn prompt injection, tool chain attacks, and agentic AI exploitation by playing real-world attack scenarios.
Read post
Guest Posts

Securing AI at Scale in APAC: Why Kode-1 and Enkrypt AI Are Building This Together

Explore how Enkrypt AI and Kode-1 combine AI governance, security, and risk management expertise to help enterprises adopt AI responsibly and at scale.
Read post