{"id":5662,"date":"2025-11-05T07:00:00","date_gmt":"2025-11-05T07:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=5662"},"modified":"2025-11-05T07:00:00","modified_gmt":"2025-11-05T07:00:00","slug":"10-promising-cybersecurity-startups-cisos-should-know-about","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=5662","title":{"rendered":"10 promising cybersecurity startups CISOs should know about"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Coming up with an accurate head count for cybersecurity startups is virtually impossible, with a new ventures popping up seemingly every day. And there\u2019s no industry standard for how many years it takes before a startup should cease being called a startup.<\/p>\n

Overall, industry veteran Richard Stiennon, who tracks cybersecurity vendors on his IT-Harvest dashboard<\/a>, lists more than 4,000 companies in the cybersecurity sector, startup or not, including more than 170 AI security vendors alone.<\/p>\n

For this article, we have set 2020 as a cutoff for defining a startup, so any vendor founded before then has been excluded from consideration. Because there are dozens of startups worthy of note, we\u2019ve also decided that highlighting a cross-section of vendors with different areas of focus is worthwhile given the range of cyber work undertaken by cyber startups today.<\/p>\n

In otherwise determining this list, criteria include the amount of venture capital raised, acquisitions (if any), management team, awards recognition, and the company\u2019s ability to articulate a clear strategic vision that resonates with enterprise security professionals, CISOs particularly. Virtually all these vendors are privately held, but those that announce strong revenue growth and customer wins get extra points.<\/p>\n

1. Astrix Security<\/h2>\n

Category:<\/strong> Non-human identity (NHI) security<\/p>\n

Why they\u2019re here<\/strong>: For every human user in an enterprise, there could be dozens of non-human identities executing machine-to-machine interactions<\/a>. These include API keys, service accounts, and AI agents making autonomous decisions. Astrix argues that these NHIs constitute a blind spot<\/a> in most enterprise security defenses.<\/p>\n

Astrix provides visibility into non-human identities, and automatically detects and remediates overprivileged, unnecessary, and malicious access to prevent supply chain attacks and data leaks. Founded in 2021 by two veterans of the Israel Defense Force military intelligence unit, CEO\u00a0Alon Jackson\u00a0and CTO\u00a0Idan Gour, Astrix has raised\u00a0$85M\u00a0in funding.<\/p>\n

Rama Sekhar<\/a>, a partner at Menlo Ventures, says, \u201cAstrix is tackling the challenge of securing non-human identities head-on by addressing the full lifecycle of NHIs, ensuring that enterprises can automate confidently and securely.\u201d<\/p>\n

2. Chainguard<\/h2>\n

Category:<\/strong> Software supply chain security<\/p>\n

Why they\u2019re here:<\/strong> Founded in 2021 by Dan Lorenc (formerly at Microsoft and Google), Chainguard offers a Linux-based platform for securely building applications. The company has raised more than $600M and is valued at $3.5B. In fiscal year 2025, Chainguard reached a $40M annual run rate and by the end of fiscal 2026, expects to hit $100M.<\/p>\n

The Chainguard automated build system, Chainguard Factory, includes Chainguard OS, which it describes as \u201czero-trust immutable infrastructure.\u201d The platform includes libraries, as well as more than 1,700 trusted container images. Chainguard recently extended the platform to virtual machines.<\/p>\n

Mamoon Hamid<\/a>, partner at Kleiner Perkins, says, \u201cThe speed at which Chainguard has established itself as the go-to provider for trusted open-source software is remarkable.\u201d<\/p>\n

3. Cyera<\/h2>\n

Category: <\/strong>Data security posture management (DSPM)<\/p>\n

Why they\u2019re here:<\/strong> Founded in 2021 by Israeli military veterans Yota Segev (CEO) and Tamar Bar-Ilan (CTO), New York-headquartered Cyera has raised an astounding $1.3B, including $540M in Series E funding in June. The company is valued at $6B.<\/p>\n

Cyera is taking a platform approach to data security in the age of AI. The company just bought Israeli data loss prevention (DLP) startup Trail Security for $162M to help fill out its portfolio.\u00a0 On top of its core products, AI-SPM<\/a>, which inventories AI assets, and AI Runtime Protection, which monitors and responds to AI risks in real-time, Cyera recently launched AI Guardian, aimed at securing any type of AI, as well as DataWatcher, a managed SPM service.<\/p>\n

Says Patrick Backhouse<\/a>, partner at Greenoaks,\u00a0\u201cWe believe Cyera has built the world\u2019s best data security platform, with a classification engine that is dramatically better than the rules-based paradigm, and which has earned genuine love from CISOs across industries.\u201d<\/p>\n

4. Drata<\/h2>\n

Category:<\/strong> AI-powered governance, risk, compliance (GRC)<\/p>\n

Why they\u2019re here:<\/strong> Drata has achieved 60% year-over-year growth and hit $100M in annual recurring revenue with its security compliance automation platform. Drata says it has attracted more than 7,000 global customers since its founding in 2020. Earlier this year, Drata acquired SafeBase, which automates software security reviews, for $250M.<\/p>\n

Drata\u2019s vision is a trust management platform that not only changes GRC from a manual to an automated process, but also transforms GRC from a cost center to a business accelerator. The company has launched an AI agent as well as the Drata Model Context Protocol (MCP). The goal is a fully agentic platform where AI agents act on behalf of end users to evaluate risks, validate evidence, trigger workflows, and manage trust autonomously.<\/p>\n

5. Island Technology<\/h2>\n

Category:<\/strong> Secure enterprise browser<\/p>\n

Browsers might not be as exciting as AI, but a secure enterprise browser<\/a> is becoming an important element in a layered defense. Gartner predicts that \u201cby 2028, 25% of organizations will augment existing secure remote access and endpoint security tools by deploying at least one secure enterprise browser.\u201d<\/p>\n

Enter Island Technology, which launched its Chromium-based Enterprise Browser in 2022. The browser is designed to provide a safe workspace for users as they access SaaS and other web apps, with its built-in safe browsing, web filtering, web isolation, exploit prevention, and zero-trust network access.<\/p>\n

The Dallas-based company, founded by industry veterans Mike Fey and Dan Amiga, has raised $730M and is valued at $4.8B. Island says it has more than 450 enterprise customers.<\/p>\n

6. Mimic<\/h2>\n

Category:<\/strong> Ransomware defense<\/p>\n

Palo Alto-based Mimic was founded in 2023 by Derek Smith, former CEO of Shape Security. Mimic bills itself as the last line of defense against ransomware with its kernel-level approach to detecting and deflecting attacks. The company also provides a rapid recovery feature that helps organizations spin up critical assets that \u201cmimic\u201d the enterprise\u2019s original data stores so they can avoid paying a ransom.<\/p>\n

\u201cMimic\u2019s ability to detect and deflect ransomware so much faster than traditional defenses is unique in the market,\u201d says Google Ventures General Partner Karim Faris<\/a>. \u201cWe believe Mimic\u2019s capabilities, combined with their use of AI, will become part of every CISO\u2019s minimum required defense strategy.\u201d<\/p>\n

Mimic recently announced the launch of Mimic Signal Generator, a new capability that enables customers to simulate the impact of ransomware attacks in a controlled environment.<\/p>\n

7. Noma Security<\/h2>\n

Category:<\/strong> AI security\/AI agent security<\/p>\n

Why they\u2019re here<\/strong>: Recognized by Gartner as a \u201cCool Vendor\u201d in AI security, Noma provides an AI and agent security and governance platform that includes discovery for AI asset and agent attack surfaces, AI security posture management and risk prioritization, runtime controls for blocking malicious prompts and destructive agent actions; automated AI red teaming and compliance support.<\/p>\n

Richard Seewald<\/a>, Evolution Equity Partners founder, said, \u201cWe chose to invest in Noma Security based on two main factors. First, the Noma Security founding team had the foresight to build a comprehensive AI security and governance platform to address all CISO challenges related to AI security. Second, as evidenced by rapid customer growth, Noma Security quickly found product-market fit within the enterprise CISO\u2019s organization with a solution for agentic AI security and governance.\u201d Noma was founded in 2023 and has already raised $135M.<\/p>\n

8. Reality Defender<\/h2>\n

Category:<\/strong> Deepfake detection<\/p>\n

Why they\u2019re here:<\/strong> Reality Defender was selected as a winner in the 2024 SINET16 Innovator Awards and was named the most innovative company at the 2024 RSA Innovation Sandbox. Founded in 2021 by Ben Colman, Reality Defender is a detection platform designed to spot deepfakes across audio, video, images, and text. Investors include Booz Allen Ventures, IBM Ventures, Accenture, DCVC, and Y Combinator.<\/p>\n

Reality Defender trains its algorithms on massive datasets of both authentic and generated media. This enables it to \u201canalyze pixel-level traces in video and frequency patterns in audio to find signals invisible to humans.\u201d<\/p>\n

\u201cReality Defender has swiftly established itself as the industry leader in deepfake detection,\u201d says\u00a0Ali Tamaseb<\/a>, a general partner at DCVC.<\/strong> \u201cIt offers vitally needed protection against emerging digital threats against enterprises, governments, and the world\u2019s largest banks and financial institutions.\u2019\u2019<\/p>\n

9. Upwind<\/h2>\n

Category: \u00a0<\/strong>Cloud native application protection platform (CNAAP)<\/p>\n

Why they\u2019re here:<\/strong> San Francisco-based Upwind has raised $180M, reported 4,000% year-over-year revenue growth in 2024, 40% customer expansion, and more than 30 product updates. Upwind is challenging legacy CNAPP vendors<\/a> with a runtime-first detection and protection platform that covers every layer of the cloud stack.<\/p>\n

Upwind\u2019s unified CNAPP platform integrates cloud security posture management (CSPM)<\/a>, cloud workload protection, cloud detection and response, vulnerability management, and identity security, and grounds it in live runtime activity. Customers report up to 95% fewer alerts and faster time-to-remediation.<\/p>\n

Over the summer, there were reports that Datadog was in talks to buy Upwind; however, no acquisition has taken place. Upwind was founded in 2022 by Amiram Shachar, who founded Spot, a cloud cost optimization platform<\/a>, and sold it to NetApp for $450M.<\/p>\n

10. Zenity<\/h2>\n

Category:<\/strong> AI trust, risk, and security management (AITRiSM)<\/p>\n

Why they\u2019re here<\/strong>: Zenity was selected as the \u201cAgentic AI Security Solution of the Year\u201d by the CyberSecurity Breakthrough Awards<\/a> program, and was also cited as a \u201cCool Vendor\u201d by Gartner.<\/p>\n

Zenity offers a comprehensive platform that governs how AI agents are built, what they can access, and what they can do, in real-time. The platform includes discovery of all agents across SaaS, cloud, and endpoints; governance in the form of applying policies; and continuous monitoring of agent behavior to detect malicious intent. The company, founded by Ben Kliger, a former Microsoft employee, has raised $38M.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Coming up with an accurate head count for cybersecurity startups is virtually impossible, with a new ventures popping up seemingly every day. And there\u2019s no industry standard for how many years it takes before a startup should cease being called a startup. Overall, industry veteran Richard Stiennon, who tracks cybersecurity vendors on his IT-Harvest dashboard, […]<\/p>\n","protected":false},"author":0,"featured_media":5663,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-5662","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5662"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5662"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5662\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/5663"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5662"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5662"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5662"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}