KonaSense: People-first AI security for the real world!

Enterprise GenAI adoption is moving faster than most security programs can track. Tools are multiplying, “approved” lists are outdated within weeks, and the real risk is not a single model or a single prompt. The risk is the workflow: everyday people making fast decisions with powerful AI tools, often with sensitive context in the clipboard, in a tab, or inside an agent run.

That is why we built KonaSense.

We are live, and we are building the people first platform for AI security: visibility, control, and protection across how employees and teams actually use AI at work.

The problem we kept seeing

Most companies are trying to govern AI with policies, training, and a short list of approved vendors. That is necessary, but it is not sufficient.

Because in the real world, exposure does not come from a single bad decision at the top. It comes from thousands of normal decisions made every day by smart people moving fast.

A support engineer pastes a customer email thread into a chatbot to summarize it.
A developer drops proprietary code into a model to debug faster.
A sales rep uploads a contract to generate a negotiation response.
A team installs a browser extension that quietly routes prompts through an untrusted service.
A new agent workflow gets access to internal tools and starts acting at machine speed.

None of this is “malicious.” It is modern work.

That is the gap: policy lives in documents, but AI usage lives in moments. And those moments include prompts, files, screenshots, copy-paste, tool calls, and agent actions, all happening across dozens of AI products, often outside of centralized procurement.

So we stopped treating AI security as a tool problem and started treating it as a human problem.

KonaSense is built for the human layer: the interaction where intent, context, and data meet. Because that is where risk is created and that is where it can be prevented without killing productivity.

Our thesis: AI risk is human shaped

Traditional security approaches often default to two extremes:

• Allow everything and hope training works.
• Block everything and kill adoption.

Both fail.

KonaSense is built on a different premise: you can enable GenAI adoption safely if you deliver controls that match how people work. That means:

• Visibility that shows what is happening, across teams, tools, and workflows.
• Guardrails that enforce policy in real time, not after the fact.
• Coaching that helps people do the right thing without slowing down.
• Evidence that security and GRC can report to leadership with confidence.

If employees are the ones interacting with AI, then employees must be in the control loop.

What KonaSense does

KonaSense unifies visibility, control, and protection across how people actually use AI at work. Not just APIs. Not just one model. The full reality: browser-based chat tools, desktop copy and paste workflows, IDE usage, and agentic systems that can take actions on behalf of users.

At a high level, KonaSense delivers three outcomes through one platform:

Governance View
Define and operationalize how AI is allowed to be used.
This includes approved AI catalogs, policy management, role-based guardrails, workflow controls, and accountability. It gives security and compliance teams a clear control plane for GenAI adoption, without relying on documents and hope.

Security View
Detect and stop risky behavior in real time, grounded in what users are doing.
KonaSense identifies high-risk interactions, suspicious patterns, sensitive data exposure, and policy violations as they happen, then enforces actions like allow, block, redact, warn, or coach. It is AI security designed for the human layer, where most mistakes occur.

Observability View
Measure adoption and risk with metrics you can act on.
You get usage analytics, behavioral signals, and trend reporting that shows which tools are being used, where risk is clustering, how policies are performing, and how AI adoption is evolving across teams and time.

All three views run on one shared foundation: capture the interaction, enrich it with context, apply policy in the moment, and produce evidence. That means every AI event can be understood, governed, and proven, without guesswork.

In practice, KonaSense helps you move from “AI is happening somewhere” to “AI is adopted safely, with controls we can demonstrate.”

Why we created KonaSense

We have spent our careers on the front lines of security: building, defending, responding to incidents, and watching how new technology gets adopted long before controls catch up.

GenAI is not “just another SaaS app.” It is a new interface to decision making, data handling, and execution. The moment a model output influences a customer email, a code change, a policy decision, or an agent action, it becomes part of your operational risk.

We built KonaSense because we believe the next generation of security must protect people, not just systems.

Meet the team behind KonaSense

KonaSense is built by a team that has spent decades shipping security products and operating in real security environments.

• Rafael Da Silva (Founder - CEO): Rafael is a security builder and operator who has spent his career turning real security problems into shipped products and repeatable programs. He was the CEO of El Pescador, later acquired by KnowBe4, giving him firsthand experience building, scaling, and navigating the full lifecycle from product execution to acquisition and integration. At KonaSense, he leads strategy, product direction, and go to market with one obsession: protect people where AI work actually happens
• Felipe Zimmerle, PHD (Founder - CTO): Felipe is a deeply technical engineering leader focused on building security systems that hold up under real load and real adversaries. He is a lead contributor to ModSecurity and brings a PhD level research mindset combined with pragmatic execution. At KonaSense, he leads architecture and engineering with a focus on robustness, performance, and controls that are hard to bypass.
• Lincoln Mattos (Founder and Investor): Lincoln is a long-time security entrepreneur and strategic partner helping build KonaSense the right way from day one. He founded Tempest Security and later saw it acquired by Embraer, bringing a founder-investor perspective on durable company-building, governance, and strategic execution. At KonaSense, he supports strategy, capital formation, and long-term decision quality.

We are not approaching AI security as a research project. We are approaching it as a product that must survive enterprise reality: procurement, compliance, user experience, and security outcomes.

What “live” means today

Today, KonaSense is already delivering core capabilities for enterprises adopting GenAI:

• Browser level coverage for day to day GenAI usage
• Unified console with Governance, Security, and Observability views
• Policy driven controls that can support allow, block, and guided workflows
• Reporting that helps security leaders answer: who is using what, how, and where risk is emerging
• Identity integrations to anchor usage and accountability to real users and teams

What is coming next is equally important:

• IDE and developer workflow coverage
• Agent readiness features to govern and observe agentic workflows
• Expanded control points beyond the browser, including proxy and API level enforcement

If your organization is already using agents or planning to, we are designing KonaSense to handle that shift as a first class requirement.

What makes our approach different

Most AI security tools start from infrastructure control: network gateways, CASB-style monitoring, or model-level scanning. Those layers matter, but they often miss the real unit of risk: the human decision in the moment. The prompt typed in a hurry, the file uploaded to “just test something,” the copy-paste of sensitive data into the wrong chat, the agent action approved without thinking.

KonaSense starts at the interaction and builds outward. We treat every AI action as a security event, with context, intent, and policy attached. That shift changes what you can actually do.

Detect Shadow AI as it happens, not after the damage is done
Not months later via surveys, expense reports, or hope. You get visibility at the point of use: prompts, uploads, copy and paste, extensions, and agent workflows.

Enforce policy with precision, not blunt blocking
Instead of “allow all” or “block all,” you can apply targeted controls: allow, block, redact, warn, or require justification. Different rules for different roles, tools, data types, and risk levels.

Coach users in context, turning security into a guardrail
Most mistakes are not malicious. They are fast, human, and predictable. KonaSense can nudge the user at the exact moment of risk with clear guidance, so people learn the safe path while still getting work done.

Create audit-ready evidence without guesswork
You can show what was used, by whom, when, what data types were involved, what policy applied, and what action was taken. That means faster audits, cleaner internal reporting, and real accountability.

Move from policies on paper to policies in motion
The outcome is simple: it is the difference between “we published a policy” and “we can prove the policy is working.”

In a world of agentic workflows and nonstop GenAI adoption, the winning strategy is not just controlling the infrastructure. It is protecting the interaction where risk is created.

Who KonaSense is for

KonaSense is for organizations that want GenAI adoption, but refuse to accept unmanaged risk. If your company is rolling out AI copilots, experimenting with multiple models, or watching teams adopt tools on their own, you need more than a policy document. You need visibility and control at the moment risk is created.

KonaSense is typically owned or championed by:

CISOs and Security Leaders
Teams accountable for risk who need real visibility, enforceable guardrails, and proof that controls are working, not just “best effort” awareness.

IT Leaders and Enterprise Enablement Teams
Teams managing tool sprawl, standardizing approved AI, and rolling out copilots at scale without breaking productivity or creating a support nightmare.

GRC and Compliance
Teams that need audit-ready evidence of AI governance: who used what, under which policy, what data types were involved, and what controls were applied.

Security Operations and Threat Detection
Teams that want signals grounded in real user behavior, not generic telemetry. If AI is becoming a new exfil path or phishing surface, you need detections that reflect how people actually use it.

If you are hearing any of the following internally, KonaSense is built for your reality:

• “We do not know which AI tools are being used across the company.”
• “We cannot tell if sensitive data is being pasted into models.”
• “We published a policy, but adoption is happening anyway.”
• “Different teams are using different models, and nobody can explain the risk.”
• “We are rolling out Copilot, but we cannot measure what is safe vs risky usage.”
• “Agents are coming, and we do not have a control model for tool calls and autonomous actions.”

KonaSense fits especially well when you are past the curiosity stage and entering the adoption stage, when leadership wants speed, teams want freedom, and security is expected to keep both aligned.

The outcome we care about

Our goal is simple: help enterprises adopt GenAI safely, without slowing down the people who are trying to do their jobs.

That means you should be able to:

• Enable approved AI tools with confidence
• Reduce data exposure risk in day to day workflows
• Detect risky patterns early, before they become incidents
• Report adoption and risk trends to leadership with real metrics
• Prepare for agentic workflows with governance and observability already in place

What happens next

We are opening a small number of design partner pilots.

If you are a CISO, security leader, or IT leader dealing with Shadow AI and unmanaged AI workflows, we would like to talk. We are prioritizing teams that:

• Have active GenAI usage today
• Need visibility across multiple tools and teams
• Want enforceable controls that do not break productivity
• Are planning for agents, IDE usage, or internal AI apps

Book a demo, See the platform and discuss your environment.