ICYMI: "We Don't Trust Agents" - Here's How to Control Them
Invisible Layer in OpenAI, Mistral, JPMorgan, Perplexity, Netflix
‘Agent Handler’ is now available
Control AI Access, Tokenmaxxed $$$ Bills, & Stop Mass Data Leaks
Merge co-founders Shensi Ding (CEO) + Gil Feig (CTO) join Sourcery for a wide-ranging conversation on building AI infrastructure that quietly powers some of the biggest companies in tech — including OpenAI, JPMorgan, Perplexity, Netflix, Uber, Mistral, and Dropbox.
→ Listen on X, Spotify, YouTube, Apple
Shensi & Gil break down Merge’s three-product suite (Unified, Agent Handler, & Gateway), the make-or-break month that pushed them to rebuild around AI, and why they now believe “English is your programming language.” Gil gets candid on the state of AI security from supply chain attacks, agentic code flooding GitHub, & why the scariest threat is always internal. Shensi shares hard-won hiring philosophy (missionaries vs. mercenaries), her admiration for Benioff and the “beginner’s mind,” and a hot take on companies over-engineering their own models.
Plus: the SaaSpocalypse, the brutal reality of token-maxxing $$$ bills, governing employee AI access, headless Salesforce, & whether today’s AI valuations will ever make any sense at all.
This was a real treat, both of them are more open than other founders, discussing the realities of building a company in the AI era.
𝐓𝐈𝐌𝐄𝐒𝐓𝐀𝐌𝐏𝐒
(00:00) Shensi Ding & Gil Feig, Co-Founders at Merge
(01:04) Three products. One big bet
(03:20) How Merge made the AI pivot
(04:42) The Classic Innovator’s Dilemma
(05:58) Building culture around AI
(07:10) The leverage nobody’s talking about
(08:52) Codex vs Claude Code
(09:15) The scale nobody knew about
(09:47) SaaS, Finance, and the Biggest AI Labs
(10:46) Why AI companies buy differently
(12:04) What AI sales actually looks like
(13:04) The Fastest sales cycles in the market
(14:35) Why is Cybersecurity broken
(15:59) Merge's solution to agent security
(19:16) Mythos, Wiz, and the GitHub Hack
(22:34) 1,000 Bot signups in one hour
(23:23) Real reason companies pay ransom to hackers
(25:43) The State of AI Infrastructure Costs
(26:41) Internal AI Governance is the next big problem
(29:28) Most Popular Integrations on Merge
(30:54) Big Giants are planning big moves
(31:54) What does Salesforce going headless exactly mean
(33:41) Agents don’t need a UI anymore
(36:59) Can this AI generation actually adapt
(38:25) What Merge looks for in talent
(41:25) The SaaSpocalypse is real
(45:03) Are AI valuations actually insane?
(47:11) How Merge landed OpenAI, Perplexity, Netflix & Uber
(49:02) The Metrics that actually drive the business
(49:58) Biggest misconceptions in tech right now
(51:55) The market is finally catching up to Merge
Brought to you by:
Brex—The intelligent finance platform: cards, expenses, travel, bill pay, banking—wrapped into a high-performance stack. Built for scale. Trusted by teams that move fast. visit → brex.com/sourcery
Turing—Turing partners with frontier AI labs to improve model capabilities in coding, reasoning, tool use, & multimodality, as well as with Fortune 500 enterprises to build & deploy end-to-end agentic AI systems in mission-critical workflows Visit: turing.com/sourcery
VCX—VCX is the public ticker for private tech, allowing investors of all sizes to invest in venture capital. View The Portfolio at GetVCX.com
Deel—Deel is the global people platform that helps startups hire, manage, pay, and equip anyone, anywhere. Trusted by more than 35,000 fast-growing companies, Deel is the people platform that just works, so teams can scale without the chaos. Visit: deel.com/sourcery
Public-–Investing platform Public just launched Generated Assets, which lets you turn any idea into an investable index with AI. With Generated Assets, you can build, backtest, refine, and invest in any thesis with AI. Gone are the days of one-size-fits-all ETFs. Try it today: public.com/sourcery
Merge—The leading provider of customer-facing integrations and agentic tools for frontier LLMs, Fortune 500 organizations, and B2B SaaS companies. Visit: https://merge.dev
Inside Merge: How a Data-Sync Startup Became Infrastructure for Enterprise AI
Merge co-founders Shensi Ding (CEO) and Gil Feig (CTO) recently joined Sourcery for a wide-ranging conversation about how they made a intentional effort to pivot their business for the AI era, the challenges that came with it, the security questions they spend their time on, and why they take a cautious view of AI agents.
Merge has raised $75M from Accel, Addition, & New Enterprise Associates (NEA) to help prevent large-scale data leaks, and much of the discussion traced back to that focus. Here’s a breakdown of the episode, the products behind it, and what it suggests about where enterprise AI is heading.
→ Listen on X, Spotify, YouTube, Apple
The Bet That Reshaped the Company
About a year and a half ago, Merge made a deliberate, three-part push into AI: using it more aggressively internally, repositioning the existing product to sell to AI companies, and launching new AI products. As Shensi put it, “those bets have really paid off, especially in the past year and a half.”
A turning point came from an unlikely source, a paused deal. A single contract that would have taken up roughly 90% of the company’s resources stalled for a month, and Merge used that window to build. “That month actually really transformed the business,” Shensi said, because firsthand experience with AI coding “allowed us to see what was possible with our existing products as well.”
That experience wasn’t delegated. Both founders went back to the keyboard, using Claude Code and Windsurf to ship their second product. Gil framed it as part of the job: “If we are the leaders of this company, we have to know everything there is to know about how AI works, how you build with AI.” It was the innovator’s dilemma in real time. A fast-growing core product was generating revenue, but the founders knew where the space was heading and wanted to shift resources toward where, as Gil said, “the puck is going.”
The Three-Product Suite
Merge sells three products today, each aimed at a different layer of the enterprise AI stack. The original is Merge Unified, which syncs and normalizes data so companies can power experiences like enterprise search and RAG. “You ingest all the data, we normalize it, and it’s there for your customers,” Gil explained. It remains the deterministic backbone many large financial services customers buy first.
The second product, Merge Agent Handler, works as a single MCP server that lets companies offer hundreds of integrations inside agents. It covers internal agents, external customer-facing agents like support bots, and internal use cases. As Gil described it, when a whole team is in Claude Code, Claude, or ChatGPT, “the connectors all just appear in there and work with whatever AI tools you’re using.”
The third is Merge Gateway, infrastructure for switching between hundreds of AI models and routing requests based on policy. It includes a security layer, routing and cost-saving policies, and dashboards. The goal, in Gil’s words, is to help “your whole company to really optimize your AI spend and usage.”
The three map fairly cleanly to different buyers. Shensi noted that large financial services tend to start with the unified API for deterministic use cases, large AI companies lean on connectivity, & traditional SaaS platforms “could be all three.”
Agent Handler & the Employee AI Problem
One of the more useful insights from the episode came from a customer conversation. The CTO of a large financial firm told Gil that employees kept asking why they couldn’t use agents to automate their work the way their friends at other companies could. The answer was regulation: “We can’t let you just connect all of our internal services to all of your external services.” The demand was there. The governance wasn’t.
Agent Handler is Merge’s answer to that gap. It works as a central hub. Employees connect their AI tools to Agent Handler, and Agent Handler connects to every downstream platform in a governed way. As Gil described the pitch to security teams, an employee can use whatever new AI tool they want, but “the only tool you’re allowed to connect it to is Merge Agent Handler.” From there, IT gets visibility into every connection, action, and security violation in one place.
The control extends to granular permissions, which Shensi illustrated with an example. Hire a PR intern who needs to see accounts in Salesforce, and historically you faced an all-or-nothing choice. With Agent Handler, “that IT manager or that CTO can make it so that PR intern can only see accounts and nothing else.” Even if they try to write or delete data, “it’s just not possible.”
Identity sits underneath all of this. Customers want Agent Handler to “tightly couple with our identity providers,” Gil said, so that when an employee leaves, “they immediately get access revoked.” It’s a governance layer built for the reality that employees adopt new tools faster than security teams can track them.
A Cautious View of Agents
Gil’s view on security comes down to a simple distinction. The risk of an agent isn’t its intelligence, it’s its access. He used an analogy to make the point. A capable agent with no tools is like “an evil genius who’s a mass murderer, but they’re locked in a jail cell.” It can’t do much. “The second you connect it to tools, which is what everyone is trying to do right now, that’s where everything goes wrong.”
That view shapes the product. Merge doesn’t rely on asking an agent to behave. “We don’t trust agents,” Gil said. “We can try to set rules, but there need to be hard guardrails and blocks for things like sensitive data being sent across.” In practice, that means scanning outbound payloads in real time and blocking data like Social Security numbers or proprietary information before it leaves a company boundary. It’s the core of the data-leak prevention work behind the company’s funding.
The wider threat landscape supports the caution. Gil pointed to supply chain attacks, where agent-generated code is being pushed to GitHub faster than humans can review it: “Agents are pushing a ton of code. You don’t have enough humans to read all that code, and so things are slipping by.” A single injected vulnerability in a widely-used open source package can spread across many codebases.
The attacks are also getting more capable. Gil mentioned that while on-call that week, Merge saw over 1,000 bot signups in an hour, scanning backend endpoints from IPs around the world. His broader point was that attackers who once faced language and skill barriers now “speak English perfectly,” “write code perfectly,” and “have unlimited manpower all driven by AI.”
How AI Companies Actually Buy
The sales motion has changed. Gil described the old version. A SaaS company would put “seven people who are API experts on the call asking detailed questions around rate limits and how it handles this and that.” The new version is closer to the opposite. AI buyers often show up without that depth, asking for a chart of how things work because, as Gil paraphrased them, “we don’t know the MCP protocol.”
That uncertainty pushes Merge to be more prescriptive. Shensi explained that the team draws on its experience to guide customers toward best practices, since many “don’t have experience with partnerships for these different integrations” and aren’t sure what the best end-user experience looks like. The product has had to adapt to “what people think that they want when no one really even knows what they want right now.”
What buyers lack in specification, they often make up for in speed. Deal cycles for large AI companies move fast because, as Shensi noted, “the competition is just so fierce.” Many skip the proof-of-concept. Gil recalled customers responding to a proposed POC with “we already had our agent build into it. We know it works.”
When they do have specific asks, those tend to cluster around deployment. Shensi said the recurring requests are deployment options, security requirements, and custom connectors, often tied to existing cloud-provider partnerships Merge has to work around.
The Cost Problem & the Case for Routing
For all the talk of “token max,” Gil flagged a less glamorous reality, the bill. Heavy AI usage works well in theory and often in practice, “but then the bill comes to the CFO, and it’s actually really brutal and way worse than they expected.” Even teams that doubled productivity didn’t necessarily double their budget.
This is where Gateway fits in. Merge has “invested really heavily in cost savings” through the product, routing requests across hundreds of models based on policy. Shensi added that margin discipline is becoming a broader industry focus, citing Cursor’s margin improvements as a signal of where things are heading.
The routing logic can be straightforward. For simple requests, Shensi pointed out, “there are a lot of really great open source providers out there too that are very cheap.” Routing a query like “what’s one plus one” or a simple “thanks” to a cheaper model can cut spend, “but it’s really hard to automate that” without dedicated infrastructure.
The takeaway for buyers is that cost control in AI is becoming a real consideration rather than an afterthought. As budgets tighten and CFOs look closely at spend, the ability to route between models becomes part of running a sustainable AI product.
The SaaSpocalypse & Road Ahead
The founders have a clear read on the pressure facing traditional software. Shensi argued that enterprise sales is harder now because “the time to build the same exact product in-house is just significantly lower.” The old negotiating line of “I could just build this” used to carry a real cost. Today that cost is “very, very cheap.”
That connects to a shift both founders returned to throughout the conversation. Programming is becoming more conversational. Gil described vibe coding daily, with AI now “asking clarifying questions” and “building a pretty robust system.” His view: “It gets to the point where English becomes your programming language.” Shensi added that consumer expectations have risen too, so SaaS that can’t deliver automation out of the box will have a harder time competing.
They see the same logic in the move toward headless software, which they discussed through Salesforce’s announcement. The idea is that an agent can do most things via API or CLI without touching a UI. Shensi, who admires Marc Benioff’s “beginner’s mind” approach, noted how difficult it is to sustain a dominant product through multiple tech shifts: “I just would not count Benioff out.”
On talent and staying focused through the noise, their philosophy is consistent. They hire for “missionaries versus mercenaries,” filtering out candidates chasing flashy valuations, and they look for Keith Rabois’ “barrels” who push to get things done over more task-specific “ammunition.”
Shensi’s closing point captured the tone of the whole conversation: “The best way to succeed is to just do things. If you over-intellectualize your company building instead of actually doing anything, you’re too high on Maslow’s hierarchy.”
→ Listen on X, Spotify, YouTube, Apple
The material presented on Molly O’Shea’s website are my opinions only and are provided for informational purposes and should not be construed as investment advice. It is not a recommendation of, or an offer to sell or solicitation of an offer to buy, any particular security, strategy, or investment product. Any analysis or discussion of investments, sectors or the market generally are based on current information, including from public sources, that I consider reliable, but I do not represent that any research or the information provided is accurate or complete, and it should not be relied on as such. My views and opinions expressed in any website content are current at the time of publication and are subject to change. Past performance is not indicative of future results.
Paid Endorsement. Brokerage services by Open to the Public Investing Inc, member FINRA & SIPC. Advisory services by Public Advisors LLC, SEC-registered adviser. Crypto trading provided by Zero Hash LLC, licensed by the NYSDFS. Generated Assets is an interactive analysis tool by Public Advisors. Output is for informational purposes only and is not an investment recommendation or advice. See disclosures at public.com/disclosures/ga. Matched funds must remain in your account for at least 5 years. Match rate and other terms are subject to change at any time.