The following is an interview between James Stewart, Co-Founder and CTO of TrojAI, and Julie Peterson, Head of Marketing.
Julie Peterson (JP): James, before TrojAI, you founded EhEye. Can you share how that journey began and where it led you?
James Stewart: EhEye was inspired by the Parliament Hill attack in 2014. That event made me think deeply about how technology could play a role in preventing violence. We built a company around computer vision that could monitor video surveillance feeds in real time and automatically detect threats like guns or fights.
EhEye grew quickly and was eventually acquired by a publicly traded company. After the acquisition, I became SVP of Video Analytics. It was a great opportunity to see our work at scale and understand how enterprise organizations adopt and operationalize emerging technology.
JP: What inspired the shift from video analytics to launching TrojAI?
James: The shift came from being a lead data scientist in the cybersecurity space and watching the research in adversarial machine learning evolve.
In 2015, I read the “panda paper,” where researchers added noise to an image and forced a misclassification. At the time, I dismissed it. No attacker was going to take the time to figure that out, and our camera systems were secure.
In 2018, a team showed that a 3D-printed turtle could consistently be classified as a rifle by a computer vision system. Again, I thought it was super interesting, but not directly threatening.
The turning point for me was 2019. Researchers developed an adversarial patch that could make an object invisible to computer vision models. Suddenly, the exploit was no longer in my control. That realization resonated with me because it’s the same dilemma CISOs face every day: deciding which threats to prioritize and recognizing when something once dismissed becomes unavoidable. That’s when I knew AI security needed its own company. TrojAI launched in June of that year.
JP: TrojAI has been called one of the “original 3” in AI security. How do you view TrojAI’s place in the early evolution of AI security?
James: Interestingly enough, NeuroCat, founded in 2017 in Germany, deserves credit as the first AI security vendor. TrojAI came shortly after, alongside Calypso and Robust Intelligence.
Initially, Calypso began as a ModelOps company, and Robust Intelligence was more of a testing platform. Both companies were geared toward data scientists and both pivoted into AI security, building strong offerings. They’ve put together incredibly talented teams, and we’ve genuinely enjoyed competing with them.
From day one, though, TrojAI was focused exclusively on AI security. That was and is our DNA. And we’ve watched the industry grow up around us too, with NIST, OWASP, MITRE ATLAS, and CSA all developing frameworks that help security leaders understand this new threat landscape.
JP: What were some early milestones that shaped TrojAI?
James: We started by protecting computer vision, natural language processing, and traditional machine learning models, not just a single domain. That breadth mattered.
One of the highlights was earning our first Fortune 100 customer before generative AI was even a thing. We beat out a much larger, better-funded competitor because we understood the problem, moved quickly, and worked side by side with the customer’s security team. That customer-centric focus has always been at the core of what we do.
JP: What pressures are organizations facing today when it comes to AI?
James: Organizations are under immense pressure to innovate with AI, to push faster and further than ever. At the same time, security teams are being tasked with making sure those deployments are safe. That tension between innovation and protection is where TrojAI sits.
Security leaders don’t have the luxury of ignoring these threats. They’re being asked to keep pace with innovation cycles that move at months, not years, and that’s a completely different dynamic than traditional IT or cybersecurity.
JP: Who do you most enjoy working with?
James: The organizations we love working with are the ones who want to lean in. They see AI security not as a checkbox, but as a collaboration. They’re willing to engage deeply, to push us, and to demand excellence.
These are customers who know the landscape is evolving quickly, and they want to be proactive rather than reactive. They understand that success comes from working closely together, with security teams, data science teams, and business leaders all aligned around deploying AI safely.
JP: And today? How has TrojAI evolved?
James: Today, we secure AI at build time with our auto red teaming solution (TrojAI Detect) and at runtime with our AI runtime defense offering (TrojAI Defend). Our deployments range from very small to massive. In one particular case, we secure nearly 200 AI applications across an entire innovation program, including agentic AI systems. We’ve even been flagged by their audit group as a “critical vendor” to their innovation program.
Our platform has always been about extensibility, flexibility, and scalability. That’s why we succeed even in the messiest environments. We never assumed AI would be deployed in clean, academic setups.
We’ve also built an extraordinary team. Our team includes people from cybersecurity and data science worlds who bring both the adversary mindset and the defender’s expertise. That combination is rare, and it’s what makes us a trusted partner to some of the most respected companies in the world.
Closing Thoughts
TrojAI’s story began with an unsettling realization that AI itself could be attacked, and those attacks were no longer theoretical. From that moment, James and the team set out with a clear mission: to help organizations secure their AI as they innovate.
Today, TrojAI is trusted by enterprises across industries, not because it chased trends, but because it stayed true to its roots: partnering with customers, anticipating the threats of tomorrow, and delivering solutions built for the real world.
Want to learn more about TrojAI? Contact us today.
.png)
