haas on saas

about me.

if you're reading this, you're probably trying to ship something ambitious without lighting production on fire. same. i'm building evaluation infrastructure for teams weaving large language models into products that real customers touch every day.

instead of trusting vibes, i wire up systematic evals that stress-test model behavior, force honest scoring on outputs, and surface failure modes before they escape to production—whether you're running commercial apis or your own tuned checkpoints.

the playbook comes from years of shipping security tooling. i led security platform integrations at vanta, co-founded threatkey, and kept teams like snap, doordash, and carta out of the headlines. those roles taught me to measure twice, deploy once.

in september i joined an undisclosed generative ai company in san francisco to push embedded security forward. i'm threading ai through every control and review with one goal: make the 1000x security engineer feel real, not folklore.

translation: i obsess over durable systems, crisp feedback loops, and teams who want receipts for the claims their models make.

quick hits

  • powered by analog notebooks, single-origin espresso, and aggressively curated playlists.
  • collects security war stories, then turns them into playbooks that teammates can actually run.
  • takes thinking breaks on san francisco's 49-mile scenic drive with a field recorder for stray ideas.
  • hosts friday pizza nights starring doughvid—the temperamental sourdough starter who's somehow family now.
jonathan haas in san franciscotap for the full frame

experience

embedded security lead

undisclosed generative ai company, sep 2025 - present

driving embedded security so the company can weave AI into every control.

  • threading AI through security processes and procedures
  • laying the groundwork for the 1000x security engineer

senior product manager

vanta, oct 2024 - aug 2025

brought on to advance vanta's next-generation security automation vision.

  • led strategic security integrations across cloud, code, and infrastructure platforms
  • built partnerships with wiz, github, gitlab, and other key security vendors
  • developed comprehensive integration strategy for compliance automation ecosystem

co-founder & ceo

threatkey, oct 2020 - oct 2024

pioneered ai evaluation methods for compliance automation

  • built custom evaluation datasets for security compliance tasks
  • developed model-graded evaluation framework for policy analysis
  • created domain-specific benchmarks for legal text classification
  • achieved 95%+ accuracy through rigorous evaluation methodology

lead, security operations

carta, nov 2020 - jul 2021

led security operations for equity management platform

  • built security operations from ground up
  • implemented incident response protocols
  • left to go full-time on threatkey

beyond work

when i'm not building security tools, you'll find me slow-walking san francisco's 49-mile scenic route, cooking dishes from my travels across 37 countries, or hosting pizza nights featuring doughvid—my temperamental but talented sourdough starter. i believe the best ideas come from diverse experiences, whether that's exploring a new neighborhood, perfecting a recipe, or debugging code at 2 AM.

connect

whether you're tackling security challenges, building products that matter, or just want to swap stories about san francisco's hidden gems, i'd love to hear from you.

email / linkedin / github