Coming up with an accurate head count for cybersecurity startups is virtually impossible, with a new ventures popping up seemingly every day. And there’s no industry standard for how many years it takes before a startup should cease being called a startup.
Overall, industry veteran Richard Stiennon, who tracks cybersecurity vendors on his IT-Harvest dashboard, lists more than 4,000 companies in the cybersecurity sector, startup or not, including more than 170 AI security vendors alone.
For this article, we have set 2020 as a cutoff for defining a startup, so any vendor founded before then has been excluded from consideration. Because there are dozens of startups worthy of note, we’ve also decided that highlighting a cross-section of vendors with different areas of focus is worthwhile given the range of cyber work undertaken by cyber startups today.
In otherwise determining this list, criteria include the amount of venture capital raised, acquisitions (if any), management team, awards recognition, and the company’s ability to articulate a clear strategic vision that resonates with enterprise security professionals, CISOs particularly. Virtually all these vendors are privately held, but those that announce strong revenue growth and customer wins get extra points.
1. Astrix Security
Category: Non-human identity (NHI) security
Why they’re here: For every human user in an enterprise, there could be dozens of non-human identities executing machine-to-machine interactions. These include API keys, service accounts, and AI agents making autonomous decisions. Astrix argues that these NHIs constitute a blind spot in most enterprise security defenses.
Astrix provides visibility into non-human identities, and automatically detects and remediates overprivileged, unnecessary, and malicious access to prevent supply chain attacks and data leaks. Founded in 2021 by two veterans of the Israel Defense Force military intelligence unit, CEO Alon Jackson and CTO Idan Gour, Astrix has raised $85M in funding.
Rama Sekhar, a partner at Menlo Ventures, says, “Astrix is tackling the challenge of securing non-human identities head-on by addressing the full lifecycle of NHIs, ensuring that enterprises can automate confidently and securely.”
2. Chainguard
Category: Software supply chain security
Why they’re here: Founded in 2021 by Dan Lorenc (formerly at Microsoft and Google), Chainguard offers a Linux-based platform for securely building applications. The company has raised more than $600M and is valued at $3.5B. In fiscal year 2025, Chainguard reached a $40M annual run rate and by the end of fiscal 2026, expects to hit $100M.
The Chainguard automated build system, Chainguard Factory, includes Chainguard OS, which it describes as “zero-trust immutable infrastructure.” The platform includes libraries, as well as more than 1,700 trusted container images. Chainguard recently extended the platform to virtual machines.
Mamoon Hamid, partner at Kleiner Perkins, says, “The speed at which Chainguard has established itself as the go-to provider for trusted open-source software is remarkable.”
3. Cyera
Category: Data security posture management (DSPM)
Why they’re here: Founded in 2021 by Israeli military veterans Yota Segev (CEO) and Tamar Bar-Ilan (CTO), New York-headquartered Cyera has raised an astounding $1.3B, including $540M in Series E funding in June. The company is valued at $6B.
Cyera is taking a platform approach to data security in the age of AI. The company just bought Israeli data loss prevention (DLP) startup Trail Security for $162M to help fill out its portfolio. On top of its core products, AI-SPM, which inventories AI assets, and AI Runtime Protection, which monitors and responds to AI risks in real-time, Cyera recently launched AI Guardian, aimed at securing any type of AI, as well as DataWatcher, a managed SPM service.
Says Patrick Backhouse, partner at Greenoaks, “We believe Cyera has built the world’s best data security platform, with a classification engine that is dramatically better than the rules-based paradigm, and which has earned genuine love from CISOs across industries.”
4. Drata
Category: AI-powered governance, risk, compliance (GRC)
Why they’re here: Drata has achieved 60% year-over-year growth and hit $100M in annual recurring revenue with its security compliance automation platform. Drata says it has attracted more than 7,000 global customers since its founding in 2020. Earlier this year, Drata acquired SafeBase, which automates software security reviews, for $250M.
Drata’s vision is a trust management platform that not only changes GRC from a manual to an automated process, but also transforms GRC from a cost center to a business accelerator. The company has launched an AI agent as well as the Drata Model Context Protocol (MCP). The goal is a fully agentic platform where AI agents act on behalf of end users to evaluate risks, validate evidence, trigger workflows, and manage trust autonomously.
5. Island Technology
Category: Secure enterprise browser
Browsers might not be as exciting as AI, but a secure enterprise browser is becoming an important element in a layered defense. Gartner predicts that “by 2028, 25% of organizations will augment existing secure remote access and endpoint security tools by deploying at least one secure enterprise browser.”
Enter Island Technology, which launched its Chromium-based Enterprise Browser in 2022. The browser is designed to provide a safe workspace for users as they access SaaS and other web apps, with its built-in safe browsing, web filtering, web isolation, exploit prevention, and zero-trust network access.
The Dallas-based company, founded by industry veterans Mike Fey and Dan Amiga, has raised $730M and is valued at $4.8B. Island says it has more than 450 enterprise customers.
6. Mimic
Category: Ransomware defense
Palo Alto-based Mimic was founded in 2023 by Derek Smith, former CEO of Shape Security. Mimic bills itself as the last line of defense against ransomware with its kernel-level approach to detecting and deflecting attacks. The company also provides a rapid recovery feature that helps organizations spin up critical assets that “mimic” the enterprise’s original data stores so they can avoid paying a ransom.
“Mimic’s ability to detect and deflect ransomware so much faster than traditional defenses is unique in the market,” says Google Ventures General Partner Karim Faris. “We believe Mimic’s capabilities, combined with their use of AI, will become part of every CISO’s minimum required defense strategy.”
Mimic recently announced the launch of Mimic Signal Generator, a new capability that enables customers to simulate the impact of ransomware attacks in a controlled environment.
7. Noma Security
Category: AI security/AI agent security
Why they’re here: Recognized by Gartner as a “Cool Vendor” in AI security, Noma provides an AI and agent security and governance platform that includes discovery for AI asset and agent attack surfaces, AI security posture management and risk prioritization, runtime controls for blocking malicious prompts and destructive agent actions; automated AI red teaming and compliance support.
Richard Seewald, Evolution Equity Partners founder, said, “We chose to invest in Noma Security based on two main factors. First, the Noma Security founding team had the foresight to build a comprehensive AI security and governance platform to address all CISO challenges related to AI security. Second, as evidenced by rapid customer growth, Noma Security quickly found product-market fit within the enterprise CISO’s organization with a solution for agentic AI security and governance.” Noma was founded in 2023 and has already raised $135M.
8. Reality Defender
Category: Deepfake detection
Why they’re here: Reality Defender was selected as a winner in the 2024 SINET16 Innovator Awards and was named the most innovative company at the 2024 RSA Innovation Sandbox. Founded in 2021 by Ben Colman, Reality Defender is a detection platform designed to spot deepfakes across audio, video, images, and text. Investors include Booz Allen Ventures, IBM Ventures, Accenture, DCVC, and Y Combinator.
Reality Defender trains its algorithms on massive datasets of both authentic and generated media. This enables it to “analyze pixel-level traces in video and frequency patterns in audio to find signals invisible to humans.”
“Reality Defender has swiftly established itself as the industry leader in deepfake detection,” says Ali Tamaseb, a general partner at DCVC. “It offers vitally needed protection against emerging digital threats against enterprises, governments, and the world’s largest banks and financial institutions.’’
9. Upwind
Category: Cloud native application protection platform (CNAAP)
Why they’re here: San Francisco-based Upwind has raised $180M, reported 4,000% year-over-year revenue growth in 2024, 40% customer expansion, and more than 30 product updates. Upwind is challenging legacy CNAPP vendors with a runtime-first detection and protection platform that covers every layer of the cloud stack.
Upwind’s unified CNAPP platform integrates cloud security posture management (CSPM), cloud workload protection, cloud detection and response, vulnerability management, and identity security, and grounds it in live runtime activity. Customers report up to 95% fewer alerts and faster time-to-remediation.
Over the summer, there were reports that Datadog was in talks to buy Upwind; however, no acquisition has taken place. Upwind was founded in 2022 by Amiram Shachar, who founded Spot, a cloud cost optimization platform, and sold it to NetApp for $450M.
10. Zenity
Category: AI trust, risk, and security management (AITRiSM)
Why they’re here: Zenity was selected as the “Agentic AI Security Solution of the Year” by the CyberSecurity Breakthrough Awards program, and was also cited as a “Cool Vendor” by Gartner.
Zenity offers a comprehensive platform that governs how AI agents are built, what they can access, and what they can do, in real-time. The platform includes discovery of all agents across SaaS, cloud, and endpoints; governance in the form of applying policies; and continuous monitoring of agent behavior to detect malicious intent. The company, founded by Ben Kliger, a former Microsoft employee, has raised $38M.
No Responses