Sandbox Graveyard
Cybersecurity startups from RSAC Innovation Sandbox & Y Combinator — the acquired, the IPO'd, the shutdown, and the survivors. Every startup is a lesson.
Sourcefire
Network security and intrusion detection/prevention systems (IDS/IPS); creator of the Snort open-source IDS.
Sierra Ventures · New Enterprise Associates (NEA) · Core Capital Partners +1
Acquired by Cisco Systems in 2013 for $2.7B
Open-source community building (Snort) created massive adoption that translated into commercial success. Lesson: give away the detection engine, sell the management platform.
Imperva
Web application firewall (WAF) and database security provider.
Shlomo Kramer (founder) · U.S. Venture Partners
Acquired by Thales Group in 2023 for $3.6B (IPO 2011, taken private by Thoma Bravo for $2.1B in 2019)
IPO in 2011 raising $90M
Pioneered WAF market at scale. Lesson: creating a new security category (database activity monitoring + WAF) can yield massive returns if timing matches regulatory pressure.
Elemental Security
Security policy management and compliance platform.
Acquired by ArcSight in 2009
Yoggie Security Systems
Hardware-based personal security device providing endpoint protection via a dedicated security mini-computer.
Acquired by CUPP Computing in 2011 (acqui-hire)
Hardware-based endpoint security was too niche and expensive for mainstream adoption. Lesson: if the form factor doesn't match the market's buying behavior, even innovative tech struggles.
AlertEnterprise
Converged cyber-physical security and access governance platform.
Bridging IT and physical security was visionary but slow to adopt. Now thriving as IT/OT convergence becomes mainstream.
Yubico
Hardware authentication security keys (YubiKey) for strong two-factor authentication.
Andreessen Horowitz · New Enterprise Associates (NEA) · Bure Equity
IPO via SPAC on Nasdaq Stockholm in 2023 at ~$800M valuation
Didn't win the Sandbox but became one of the most successful finalists ever. Lesson: hardware-based auth with open standards (FIDO/U2F) can create a durable moat.
Trusteer
Online banking fraud prevention and endpoint protection against financial malware.
Shlomo Kramer · Marius Nacht
Acquired by IBM in 2013 for ~$800M-$1B
Prevx
Cloud-based anti-malware and endpoint protection.
Acquired by Webroot in 2010
NetWitness
Network forensics and security analytics platform for real-time network monitoring.
Acquired by EMC/RSA in 2011; now part of RSA NetWitness
Purewire
Cloud-based web security gateway.
Acquired by Barracuda Networks in 2009
Guardium
Database security and activity monitoring.
Acquired by IBM in 2009 for ~$225M
Catbird
Virtualization and cloud infrastructure security monitoring.
Acquired by ServiceMesh (now CSC) around 2013
Palo Alto Networks
Next-generation firewall platform with application-aware traffic inspection.
Greylock Partners · Sequoia Capital · Globespan Capital Partners
IPO in 2012; market cap over $100B as of 2025
The biggest success story among all Innovation Sandbox finalists. Didn't need to win the contest. Lesson: product-market fit in next-gen firewalls created a generational company.
Silver Tail Systems
Web session intelligence and fraud detection via behavioral analysis.
Acquired by EMC in 2012
Altor Networks
Virtual network firewall for virtualized data centers.
Acquired by Juniper Networks in 2010 for $95M
Quick acquisition validated the virtual firewall concept. Lesson: in a land grab moment, get acquired fast or get outspent. 6x return on $16M funding.
Catbird
Security compliance and monitoring for virtual and cloud environments.
Acquired by ServiceMesh (later CSC/DXC Technology)
Incapsula
Cloud-based web application security and CDN service.
Acquired by Imperva in 2014; integrated into Imperva's cloud WAF
Cloud WAF pioneer eventually absorbed by 2006 ISB winner Imperva. The Innovation Sandbox ecosystem feeds itself.
KiduSema
IT risk management and security posture monitoring.
Company appears to have ceased operations; limited public information available.
Navaho Systems
Mobile security and device management.
Acquired by Salesforce for ~$30M (December 2010). Technology integrated into Salesforce mobile platform.
Invincea
Advanced endpoint protection using application containment and machine learning to prevent malware execution.
New Enterprise Associates (NEA) · Dell Ventures · Aeris Capital
Acquired by Sophos in 2017
Early ML-based endpoint protection. Acquired by Sophos rather than competing as standalone. Lesson: deep tech in endpoint security often leads to acquisition by platform vendors.
Bromium
Micro-virtualization technology to isolate threats at the endpoint.
Andreessen Horowitz · Lightspeed Venture Partners · Intel Capital +1
Acquired by HP in 2019
Raised $116M but acquisition price was likely modest relative to funding. Lesson: heavy VC funding doesn't guarantee a good exit — hardware-assisted isolation was too niche.
Mykonos Software
Web application intrusion deception technology.
Acquired by Juniper Networks in 2012 for $80M
Zscaler
Cloud-native secure web gateway and zero-trust network security.
Lightspeed Venture Partners · Symmetric Capital · Google
IPO in 2018; market cap ~$25B+ as of 2025
Another non-winner that became a massive public company. Lesson: cloud-delivered security (SASE/SSE) was the right bet at the right time.
Immun.io
Runtime application self-protection (RASP).
Acquired by Trend Micro (November 2017). RASP technology folded into Trend Micro Cloud One.
Virtustream
Cloud infrastructure management and migration for enterprise workloads.
Acquired by EMC in 2015 for $1.2B; now part of Dell Technologies
Cyphort
Advanced threat detection using sandboxing and machine learning.
Acquired by Juniper Networks in 2017
PacketMotion
Network user activity monitoring and insider threat detection.
Acquired by VMware in 2012
Vaultive
Cloud data encryption gateway for SaaS applications.
Acquired by CyberArk (March 2018). Encryption gateway technology integrated into CyberArk's privileged access platform.
Cloud encryption proxy became a feature of CASB platforms, not a standalone product. Lesson: when your product is a feature, platform vendors will absorb you or kill you.
Solera Networks
Full packet capture and network forensics platform.
Acquired by Blue Coat Systems in 2013 for $105M; Blue Coat later acquired by Symantec
Appthority
Mobile application risk management and app reputation scoring.
U.S. Venture Partners · Venrock · Trident Capital Cybersecurity
Acquired by Symantec in 2018
Mobile app risk scoring was ahead of its time. Lesson: being early in a market can work if you survive long enough for demand to catch up.
CloudPassage
Automated security and compliance for cloud infrastructure (Halo platform).
Benchmark Capital · Tenaya Capital · Lightspeed Venture Partners
Acquired by Fidelis Cybersecurity in 2021
Content Raven
Secure content sharing and document DRM for enterprises.
Dome9 Security
Cloud security posture management (CSPM) for AWS and Azure.
SoftBank Capital · Opus Capital
Acquired by Check Point Software in 2018 for $175M
CSPM became a critical cloud security category. Lesson: early movers in cloud security config get acquired by firewall vendors seeking cloud relevance.
Impermium
Social media and web platform abuse/fraud detection.
Accel Partners · Charles River Ventures · Greylock Partners
Acquired by Google in 2014
Sonatype
Software supply chain security and open-source component management (Nexus).
Software supply chain security was prescient. Lesson: the SolarWinds and Log4j incidents proved this market's importance a decade later.
Sumo Logic
Cloud-native log management and security analytics (SIEM).
Greylock Partners · Accel Partners · Sequoia Capital +2
Acquired by Francisco Partners in 2023 for $1.7B (taken private)
IPO in 2020 on NASDAQ
Cloud SIEM competed with Splunk. Lesson: going public then private shows the challenge of cloud SIEM economics against platform plays.
Remotium
Secure mobile workspace delivering virtual applications to mobile devices.
CyberAgent Capital · DNX Ventures
Acquired by Avast Software in 2015; all 15 employees joined Avast.
Mobile workspace virtualization was a valid approach but became a feature rather than a company. Lesson: acqui-hires can be a soft landing when the market picks simpler MDM/MAM approaches over elegant virtualization.
Bluebox Security
Mobile threat detection and app security testing.
Acquired by Lookout in 2015
Cylera
IoT and medical device security analytics.
Elastica
Cloud application security broker (CASB) with data science-driven threat detection.
Mayfield Fund · Third Point Ventures · Pelion Venture Partners
Acquired by Blue Coat Systems in 2015 for $280M; Blue Coat later acquired by Symantec
CASB was one of the hottest security categories of 2014-2016. Lesson: when Gartner creates a Magic Quadrant for your category, it's time to sell or scale fast.
Light Point Security
Remote browser isolation (RBI) platform.
Acquired by McAfee in 2020
Mashape
API marketplace and API management (later became Kong).
API management pivoted from marketplace to gateway/mesh. Lesson: the pivot from marketplace to infrastructure platform unlocked the real value.
Morta Security
Advanced threat protection and breach detection. Founded by former NSA officials.
Andreessen Horowitz · Greylock Partners · Norwest Venture Partners
Acquired by Palo Alto Networks in 2014 (acqui-hire, PAN's first acquisition)
Perspecsys
Cloud data protection and tokenization gateway.
Acquired by Blue Coat Systems in 2015; Blue Coat later acquired by Symantec
ThreatStream
Threat intelligence platform aggregating and operationalizing threat data.
Rebranded as Anomali; raised significant funding; still active as Anomali
Vormetric
Data-at-rest encryption and key management.
Split Rock Partners · Sigma Partners · Jackson Square Ventures
Acquired by Thales in 2016 for $400M
RedOwl
Insider threat detection using behavior analytics on employee communications and activity.
AllegisCyber Capital · Blackstone Group · Marc Benioff +1
Acquired by Forcepoint in 2017
Insider threat analytics was compelling but privacy concerns slowed adoption. Lesson: employee monitoring solutions face cultural headwinds regardless of technical merit.
Cylance
AI/ML-based endpoint protection that prevents malware pre-execution using mathematical models.
Khosla Ventures · Blackstone · KKR +2
Acquired by BlackBerry in 2019 for $1.4B. BlackBerry later sold Cylance to Arctic Wolf for $160M in 2024 — a massive loss.
ML-first endpoint protection was revolutionary but got absorbed into a declining platform (BlackBerry). Lesson: who acquires you matters as much as the acquisition price.
Aorato
Active Directory security and identity attack detection.
Accel Partners · Innovation Endeavors (Eric Schmidt) · Glilot Capital Partners
Acquired by Microsoft in 2014 for ~$200M; became Microsoft Advanced Threat Analytics (ATA) / Defender for Identity
AD security became a critical Microsoft product. Lesson: if your product protects a Microsoft asset, Microsoft will buy you.
Vectra AI
AI-driven network detection and response (NDR) for real-time cyberattack identification.
NDR category pioneer. Lesson: patience and category leadership can sustain an independent security company.
TrustInSoft
Formal methods and mathematical verification for C/C++ code security.
Fortscale
User and entity behavior analytics (UEBA) for insider threat detection.
Merged with Presidio Identity to form Fortscale; eventually wound down or absorbed
Vera
Digital rights management (DRM) and file-level encryption for enterprise documents.
Acquired by HelpSystems (now Fortra) in 2020
TaaSera
Threat detection through network behavior analysis of pre-breach activity.
Company appears to have shut down.
Trusted Objects
Security for IoT devices and embedded systems using secure elements.
Bitglass
Cloud access security broker (CASB) and cloud DLP.
New Enterprise Associates (NEA) · Norwest Venture Partners · Singtel Innov8
Acquired by Forcepoint in 2021
Waratek
Runtime application self-protection (RASP) and virtual patching for Java applications.
RASP and virtual patching for Java — practical but niche. Lesson: winning the Sandbox with a solid product doesn't mean the market will be huge.
SentinelOne
Autonomous AI-powered endpoint detection and response (EDR) platform.
Tiger Global · Sequoia Capital · Insight Partners +1
IPO in 2021 at $8.9B valuation; peaked over $18B market cap. Highest-valued cybersecurity IPO at the time.
Didn't win the Sandbox but became a top-5 cybersecurity company by market cap. Lesson: autonomous EDR was the right product at the right time, and execution beat contest wins.
Cybereason
Endpoint detection and response using behavioral analysis and operation-centric approach.
Massive valuation but couldn't IPO. Lesson: in the EDR wars, only the top 2-3 vendors survive as independents; the rest consolidate.
Phantom
Security orchestration, automation, and response (SOAR) platform.
Acquired by Splunk in 2018 for $350M; Splunk later acquired by Cisco for $28B
SOAR pioneer. Lesson: automation in security ops was the right bet; getting acquired by Splunk (then Cisco) validated the approach.
SecurityDo (Fluency)
Security analytics and log management platform.
Bastille Networks
RF (radio frequency) threat detection for enterprise IoT and wireless security.
Prevoty
Runtime application security and autonomous protection.
Acquired by Imperva in 2018
Menlo Security
Isolation-based web security platform eliminating malware from web/email.
ProtectWise
Cloud-based network detection and response with full packet capture visualization.
Acquired by Verizon in 2019
Dtex Systems
Insider threat detection and user behavior intelligence.
Merged with CISO Global; later acquired by Proofpoint in 2023
Phantom Cyber
Security orchestration, automation and response (SOAR) — automate playbooks across security tools.
Kleiner Perkins · Blackstone · In-Q-Tel +1
Acquired by Splunk in 2018 for $350M; Splunk acquired by Cisco in 2024 for $28B
Defined the SOAR category. Lesson: building a platform that integrates with other tools (rather than replacing them) is a powerful go-to-market wedge.
Bastille Networks
Enterprise RF threat detection for IoT/wireless security.
Illusive Networks
Deception-based cybersecurity — creates fake credentials and data trails to detect attackers.
Team8 · NEA · Bessemer Venture Partners +1
Acquired by Proofpoint in 2022 for est. $100-150M
Menlo Security
Cloud-based isolation platform for web and email security.
Prevoty
Runtime application self-protection (RASP).
Acquired by Imperva in 2018
ProtectWise
Cloud-delivered NDR with immersive 3D visualization of network threats.
Acquired by Verizon in 2019
SafeBreach
Breach and attack simulation (BAS) platform for continuous security validation.
Skyport Systems
Trusted computing infrastructure with hardware-rooted security.
Acquired by Cisco in 2018
Vera
File-level security and DRM for enterprise content.
Acquired by HelpSystems (Fortra) in 2020
Versa Networks
SD-WAN and SASE platform combining networking and security.
UnifyID
Implicit authentication using machine learning on sensor data (gait, environment) for passwordless identity.
NEA · Andreessen Horowitz · Stanford-StartX Fund
Acquired by Prove (identity verification) in June 2021
Behavioral biometrics for passive auth was innovative but niche. Acquired by Prove for the team/tech. Lesson: winning the Sandbox with cool demo tech doesn't guarantee a big exit.
Obsidian Security
Cloud detection and response for SaaS application security.
EnVeil
Homomorphic encryption and encrypted search — compute on encrypted data without decryption.
C5 Capital · USAA · Mastercard +2
Homomorphic encryption remains promising but performance overhead limits real-world use. Lesson: cryptographic breakthroughs need practical performance to reach adoption.
Claroty
OT/IoT/ICS security platform for industrial control systems and critical infrastructure.
Bessemer Venture Partners · Temasek · SoftBank Vision Fund +2
OT security became critical infrastructure priority. Lesson: timing with ICS/OT threat landscape expansion was perfect.
Mashero
API security and protection against bot attacks.
Company no longer appears operational.
Awake Security
Network detection and response (NDR) using AI-driven entity analysis.
Acquired by Arista Networks in 2020
ShieldX Networks
Multi-cloud micro-segmentation and network security.
Acquired by Fortinet (FTNT) — integrated into FortiGate network security platform
Multi-cloud micro-segmentation found a home inside a platform vendor. Lesson: niche capabilities get absorbed by firewall giants seeking cloud relevance.
Solebit
Deep inspection for detecting evasive malware and document-based threats.
ClearSky Security · MassMutual Ventures · Glilot Capital Partners
Acquired by Mimecast in 2018 for ~$100M
GreatHorn
Cloud-native email security using behavioral AI.
Acquired by Barracuda Networks in 2022
Dispel
Secure remote access using disposable virtual infrastructure.
RedLock
Cloud threat defense and security analytics — cloud security posture management (CSPM) with real-time threat detection across AWS, Azure, and GCP.
Sierra Ventures · Storm Ventures
Acquired by Palo Alto Networks for $173M (October 2018). Technology became the foundation of Prisma Cloud.
Cloud security posture management hit a nerve as multi-cloud adoption exploded. RedLock's $12M-to-$173M exit in ~3 years is one of the best ROIs in the RSAC Sandbox history. Lesson: right category + right timing = massive acqui-hire by platform vendors racing to fill cloud gaps.
BigID
Data intelligence platform for privacy, protection, and governance — discover and classify personal data at scale.
Bessemer Venture Partners · Salesforce Ventures · Tiger Global +2
GDPR timing was perfect. Lesson: regulatory tailwinds (GDPR, CCPA) can create billion-dollar companies overnight if you're in the right category.
Acalvio Technologies
Autonomous deception technology using AI-driven honeypots and decoys.
BluVector
AI-powered network detection for fileless malware and advanced threats.
Acquired by Comcast in 2019
CyberGRX
Third-party cyber risk management exchange and assessment platform.
Merged with ProcessUnity in 2023
Fortanix
Runtime encryption and confidential computing using Intel SGX enclaves.
Hysolate
Endpoint isolation using OS-level virtual workspaces.
Acquired by Perception Point (March 2022). Distressed exit — technology absorbed into Perception Point's endpoint protection.
OS-level isolation struggled against lighter-weight browser isolation approaches. Timing and market fit matter — even great technology can fail if adoption friction is too high.
ReFirm Labs
IoT firmware security analysis and binary scanning.
DataTribe · New Dominion Angels · TEDCO
Acquired by Microsoft in 2021
Firmware security became critical for IoT. Lesson: Microsoft's IoT ambitions made firmware scanning strategically valuable.
ShiftLeft
Application security testing (SAST/DAST) with code property graphs.
Merged with Qwiet AI in 2023
Awake Security
Network traffic analysis using entity-based security model.
Acquired by Arista Networks in 2020
Securiti.ai
AI-driven data privacy and governance automation.
Acquired by Veeam in 2025 for $1.725B
Axonius
Cybersecurity asset management platform — aggregates data from all security tools to give unified visibility.
YL Ventures · Bessemer Venture Partners · Lightspeed Venture Partners +2
Asset visibility sounds boring but it's foundational. Lesson: the unsexy 'Toyota Camry of cybersecurity' can be worth billions if every CISO needs it.
Arkose Labs
Fraud and bot detection using adaptive challenges.
CloudKnox Security
Cloud infrastructure entitlement management (CIEM) — manage and reduce cloud permissions.
Acquired by Microsoft in 2021; became Microsoft Entra Permissions Management
CIEM became a critical cloud security capability. Lesson: identity-centric cloud security is a must-have, and Microsoft buys what it can't build fast enough.
DFLabs
Security orchestration, automation and response (SOAR) with case management.
Acquired by Sumo Logic in 2021
DisruptOps
Cloud security operations automation.
Acquired by FireMon in 2021
Eclypsium
Firmware and hardware-level security for enterprise devices and supply chains.
Salt Security
API security platform using AI/ML for threat detection in API traffic.
Capsule8
Real-time detection and response for Linux production environments.
Acquired by Sophos in 2021
WireWheel
Privacy management and data rights automation platform.
Acquired by Mimecast in 2022
Duality Technologies
Privacy-enhancing computation using homomorphic encryption.
Acquired by Baffle in 2023
Securiti.ai
PrivacyOps platform combining AI-powered data discovery, DSR automation, and compliance management.
General Catalyst · Mayfield · Cisco Investments +1
Acquired by Veeam in October 2025 for $1.725B (~3x last valuation of $575M)
Privacy automation at the right regulatory moment. Lesson: GDPR/CCPA created a rush for automated compliance, and the winner captured massive value.
AppOmni
SaaS security posture management (SSPM) for enterprise SaaS environments.
BluBracket
Code security for detecting secrets and PII in source code repositories.
Evolution Equity Partners · Unusual Ventures · Point72 Ventures
Acquired by HashiCorp in 2023 (integrated into Vault)
Elevate Security
Human risk quantification and employee security behavior scoring.
Sqreen
In-app security monitoring and protection (RASP + WAF).
Greylock Partners · Y Combinator · Alven Capital
Acquired by Datadog in 2021
RASP embedded in observability. Lesson: security that lives inside the observability pipeline is where the market is heading.
Tala Security
Client-side web security protecting against Magecart-style attacks.
Jackson Square Ventures · TriplePoint Capital
Acquired by Intuit in 2021
Vulcan Cyber
Vulnerability remediation orchestration — prioritize and fix vulns across tools.
Acquired by Tenable in 2025 to supercharge exposure management platform Tenable One
Pixm
Computer vision-based anti-phishing for detecting fake login pages.
Inky
AI-powered email security using computer vision and machine learning.
Obsidian Security
SaaS security and cloud detection/response.
Apiiro
Code risk platform that analyzes code changes in real-time to identify risks before they reach production.
Shift-left risk analysis connecting code to cloud. Lesson: developers making security decisions need context, not just alerts.
Wiz
Agentless cloud security platform scanning entire cloud environments for risks across VMs, containers, and serverless.
Sequoia Capital · Index Ventures · Insight Partners +3
Acquired by Google/Alphabet in 2025 for $32B (all cash). Largest cybersecurity acquisition in history.
Didn't win the Sandbox but became the biggest cybersecurity acquisition in history. Lesson: fastest-growing security startup ever proved that agentless cloud scanning + amazing UX beats everything.
Abnormal Security
AI-based email security using behavioral analysis to detect business email compromise (BEC).
Axis Security
Zero-trust network access (ZTNA) as a service.
Acquired by Hewlett Packard Enterprise (HPE) in 2023
Cape Privacy
Encrypted data collaboration using secure multi-party computation.
Deduce
Identity fraud prevention using a network of anonymized identity signals.
Open Raven
Cloud-native data discovery and classification for data security posture management.
Satori
DataSecOps platform — universal data access control and security for databases and data lakes.
Acquired by Hive (part of Cisco/ThousandEyes)
Strata Identity
Identity orchestration for multi-cloud and hybrid environments.
WABBI
Continuous security and compliance governance for DevSecOps pipelines.
Talon Cyber Security
Enterprise browser — secure, managed browser for distributed workforces replacing VDI.
Evolution Equity Partners · Team8 · Lightspeed Venture Partners +2
Acquired by Palo Alto Networks in December 2023 for $625M
Enterprise browser became a hot new category. Lesson: the browser as the new endpoint struck a nerve, and getting acquired by Palo Alto within 2 years shows how fast things move in cyber.
Torq
No-code security automation and orchestration platform.
Dasera
Automated data governance and security for cloud data stores.
Acquired by Netskope (October 2024). DSPM technology integrated into Netskope One Platform for unified data protection.
Data security posture management (DSPM) became a must-have as enterprises moved data to Snowflake, Databricks, and hyperscalers. Lesson: standalone DSPM gets absorbed by SSE/SASE platforms seeking unified data security.
Lightspin
Cloud security posture management with attack path analysis.
Dell Technologies Capital · Ibex Investors · IBM
Acquired by Cisco in 2023 for $200-250M
Neosec
API security using XDR-like behavioral analytics for API traffic.
True Ventures · TLV Partners
Acquired by Akamai in 2023
Sevco Security
Cloud-native asset intelligence to find and fix gaps in security tool coverage.
Spin.AI
SaaS security for protecting data in SaaS applications (Google Workspace, Microsoft 365).
BastionZero
Zero-trust infrastructure access for remote access to servers, containers, and clusters.
Dell Technologies Capital · Akamai Technologies
Acquired by Cloudflare in 2024
Cado Security
Cloud-native digital forensics and incident response (DFIR).
Ten Eleven Ventures · Blossom Capital · Eurazeo
Acquired by Darktrace in January 2025 for ~$100M
Cycode
Software supply chain security — protect CI/CD pipelines and source code.
HiddenLayer
AI/ML model security platform — protect machine learning models from adversarial attacks, model theft, and inference manipulation.
First AI-security-focused winner, perfectly timed with GenAI explosion. Lesson: protecting AI models (not just using AI for security) is a new frontier.
Pangea
Security-as-code APIs — embeddable security services (auth, vault, audit) for developers.
Dazz
Cloud security remediation platform unifying findings across tools.
Insight Partners · Greylock Partners · Index Ventures +1
Acquired by Wiz in November 2024 for $450M (ISB finalist acquiring ISB finalist)
Remediation (not just detection) became the differentiator. Lesson: ISB finalists acquiring other ISB finalists (Wiz buying Dazz) shows the ecosystem's compounding effect.
Endor Labs
Dependency lifecycle management — secure open-source selection and vulnerability management.
Zama
Open-source fully homomorphic encryption (FHE) tools for developers.
Relyance AI
Data governance using AI to trace data flows and enforce privacy policies in code.
SafeBase
Smart trust center for automating security questionnaires and compliance sharing.
Valence Security
SaaS security posture management with focus on SaaS-to-SaaS supply chain risks.
Astrix Security
Non-human identity security — secure service accounts, API keys, and machine identities.
Non-human identity security emerged as a category. Lesson: as APIs and service accounts proliferate, managing non-human identities becomes critical.
AnChain.AI
Blockchain security and crypto compliance using AI-powered analytics.
Reality Defender
Deepfake and AI-generated media detection platform for enterprises and governments.
Deepfake detection became critical as generative AI exploded. Lesson: the flip side of GenAI innovation is GenAI-powered fraud, creating an entirely new security category.
Harmonic Security
Data protection for GenAI — prevent sensitive data from leaking into LLMs and AI tools.
Dropzone AI
AI-powered SOC analyst that autonomously investigates security alerts.
Bedrock Security
Data security posture management (DSPM) for protecting sensitive data across clouds.
Mitiga
Cloud investigation and response automation (CIRA) for SaaS and cloud environments.
P0 Security
Cloud access governance — just-in-time privileged access for cloud environments.
Antimatter
Data privacy infrastructure for building privacy-compliant applications.
Aembit
Workload identity and access management — IAM for machine-to-machine communication.
RAD Security
Cloud-native runtime security using behavioral fingerprints instead of signatures.
VulnCheck
Vulnerability intelligence and exploit detection platform.
ProjectDiscovery
Open-source vulnerability detection and security automation platform (Nuclei) for finding and fixing security issues.
Open-source-first security tooling (Nuclei) with massive community adoption. Lesson: building community-driven detection templates created a moat that proprietary scanners can't replicate.
Aurascape
AI security and protection platform for monitoring and securing AI applications.
CalypsoAI
AI application security at runtime — guardrails for LLM deployments.
Command Zero
Autonomous investigations platform using AI agents for security operations.
EQTY Lab AG
AI integrity and governance — cryptographic provenance for AI model training and outputs.
Knostic
LLM access control — need-to-know controls for enterprise AI deployments.
Metalware
Firmware security and automated fuzzing for embedded systems and IoT devices.
MIND
Data loss prevention and insider risk management with real-time data flow visibility.
Smallstep
Device identity and zero-trust infrastructure using automated certificate management.
Twine Security
AI digital employees (agents) for cybersecurity tasks — autonomous security workforce.
Charm Security
AI-powered social engineering defense.
Clearly AI
AI security and explainability platform.
Crash Override
Attack surface management and exposure prioritization.
Fig Security
Identity security and access governance.
Geordie AI
AI agent security and governance.
Glide Identity
Identity verification using telco network signals.
Humanix
Human-centric cybersecurity with behavioral AI.
Realm Labs
Security infrastructure for AI agents.
Token Security
Non-human identity security and machine credential management.
ZeroPath
AI-powered application security testing.
BeeSafe AI
Stopping Scams Before They Reach Your Customers
Carson
Carson is a desktop AI workspace that replaces MS Office with agents
Cascade
Making Autonomous Intelligence Safe & Reliable
Clam (formerly Baseframe)
Enterprise-grade security for broad-access AI Agents like OpenClaw
Crosslayer Labs
Protect, monitor and defend your Internet presence
Hex Security
Agentic Offensive Security at Scale
Lexius
AI for Corporate Security Cameras
Oximy
The system of record for enterprise AI usage.
Protent
Protent turns passive surveillance into proactive intelligence.
Alter
Secure access control and authorization platform for agent workflows
Better Auth
The authentication framework for TypeScript
BitPatrol
AI-powered code security
Casco
Autonomous security testing for web apps, APIs, cloud, and AI systems
ComplyDo
Global Compliance for Enterprises
ContextFort
Visibility and Controls for Browser Agents
Cotool
AI Agents for Security Operations Teams
GhostEye
Vulnerability Management for Human Risk
Golf
Agentic AI Security and Governance
Kestrel AI
AI-Native Cloud Incident Response Platform
LogosGuard
The risk management software for enterprises adopting AI
MindFort
Autonomous Security Agents
Multifactor
Zero-trust authentication, authorization, and auditing for AI agents
Probo
We help you get compliant while you focus on your business.
Riverbank
AI-native Red Teaming and Offensive Security
Theorem
Program verification so even your systems engineers can vibecode
Tinfoil
Tinfoil makes your AI workflows secure, verifiable, and private.
Veria Labs
Continuous AI pentesting that finds and fixes vulnerabilities
Archon
We help software companies sell to government.
Haleum
Human Risk Intelligence for the AI-era
SubImage
Software that maps your infrastructure. Open core alternative to Wiz
Gecko Security
The AI Security Engineer to Find and Fix Vulnerabilities
Unbound
Use AI tools without fear of data leakage
winfunc
ai-native security engineering for mission critical codebases
Aedilic
Open-Source AI-generated image/deepfake detection
Delve
AI that makes compliance effortless
PromptArmor
LLM Security and Compliance
Pythagora
Worlds first all-in-one AI development platform.
Risotto
Risotto auto-solves IT support requests using AI
Shiboleth
Shiboleth automates lending compliance for financial institutions…
Superagent
Red teaming for AI agents
Tesseral
The open source platform for managing identity in business software
Corgea
Corgea finds, and fixes insecure code and packages autonomously.
Hiro
Your first security hire
Roundtable
Proof of Human - invisible human verification
Xeol
Close your outdated dependency attack vector
Adri AI
Vanta for AI
Blyss
End-to-end encrypted AI.
Credal.ai
Connect AI to every tool. Enterprise security built in.
EdgeBit
Autofix your software dependencies
Escape
Offensive security for the teams that are 100x outnumbered
Infisical
Unified platform for secrets, certs, and privileged access management
Logital AI (Teclada)
Compare models and ouputs without random noise skewing your results.
Matano
Cloud Native SIEM (alternative to Splunk/Elastic)
Repacket
Employee security done for you.
Variance
AI Agents for Fraud Review and Investigations
compliant-llm
Detect every data leak into third-party GenAI tools
AccessOwl
Managing your Employees' Access to SaaS
Oneleet
YC's most popular security compliance platform (SOC 2, ISO 27001,…
Overwatch
Enterprise software for strategic, risk, and cyber fraud intelligence
Slauth.io
The IAM Policy Copilot
Acquired by Ark Infotech (December 2023). IAM policy automation integrated into Ark's cloud security platform.
Wolfia
We help security, legal and sales teams answer customer questions
Agency
Solving Complex Security and Compliance
Argument Computer Corporation
Accelerate verifiable computing
Bunkyr
Zero-Knowledge security without seed phrases or backup codes
Cinder
Cinder | Responsible AI, Trust & Safety, and Data Labeling At Scale
Firezone
Easiest way to set up Zero Trust Access for your team
JumpWire
Dynamic access controls for all data and databases
Munily
Access control management app for Latam´s gated communities
Optery
Opt out software that removes your private info from the internet
Palitronica Inc
Detect cyber attacks on critical physical infrastructure
Prembly (formerly Identitypass)
Identity Verification API for Emerging Markets
Strac
Data Discovery, DLP, DSPM for SaaS, Cloud, Gen AI & Endpoints
Cloudanix
Cloud and Container Security Platform
ContraForce
Security Delivery Platform to orchestrate AI agents for Service…
Hyperbrowser
Web infra for AI agents
Keyri
Secure fraud prevention and authentication platform for developers
Malloc Inc
AI-driven mobile cybersecurity
Protego
We help companies recover lost revenue from chargebacks
Rootly
AI-native on-call and incident response carefully crafted to help…
Squire.ai
Never code alone.
Tarsal
Data pipeline for your security data lake.
Telivy
Automate your cyber security risk assessments
idemeum
AI-powered Application Control
Cyble
Cyble - World’s First Intelligence-Driven, AI-Native Security…
Feroot Security
AI-powered Compliance Platform for PCI 4, CCPA, HIPAA, CIPA, 50+ laws
Observa
Catch accidental database exposures before the bad guys
SlashAuth
The solution for fine-grained access control in web3
Stacksi
Automated Answers to Security Questionnaires
authzed
Cloud Infrastructure for Authorization
Formal
Take control of your data in real-time.
Notabene
The Notabene platform is the trust layer for global money movement.
SuperTokens
Open source alternative to Auth0 / AWS Cognito / Firebase Auth
Swif.ai
The guardrail for AI on every device
Vectrix
Scan your SaaS apps and instantly identify security issues
Datree
Datree prevents Kubernetes misconfigurations from reaching production
Riot
Cybersecurity awareness for fast growing companies
Skypher
AI agent for Compliance Questionnaires Automation
Visual One
AI for security cameras
Canix
Canix makes it easy to get and stay compliant as a cannabis business.
LunaSec
An Open Source dependency security tool that is smarter than the rest
TRM Labs
TRM is building a safer financial system for billions of people.
Traces
Transform your video monitoring with AI
Doppler
Secure secrets. Prevent breaches. Keep teams moving.
Dyneti Technologies
Reduce payment fraud
Fuzzbuzz
Fuzzing as a Service
MedCrypt
MedCrypt gives medical device vendors cybersecurity features in a few…
Sublime Security
AI-powered email security platform for detecting and preventing phishing, BEC, and other email threats.
IVP · Citi Ventures · Index Ventures
Termius
Termius is an SSH client with team collaboration features
Federacy
Penetration testing and bug bounty platform.
Tall Poppy
Protecting your employees against online harassment
Anjuna
Anjuna enabled organizations to trust any infrastructure
EnvKey
End-to-end encrypted configuration and secrets management
Hunter2
Hunter2 trains engineering teams in application security through…
Quantstamp
Security auditing for Web3
Vanta
Vanta—the proven leader in automated compliance helping startups…
D-ID
Enable creators and developers to generate realistic AI personas
Templarbit
Protecting applications from malicious activity
Upfort
Turnkey security & hassle-free cyber insurance from leading insurers
Ambient.ai
AI company transforming enterprise physical security to prevent…
Apozy
Apozy makes every website safe to browse
Metapacket
Metapacket is the first selective web gateway that stops malware by…
AmberBox Gunshot Detection
Detect Gunshots | Inform Law Enforcement | Empower First Responders
Castle
Block bots & bad behavior
Patchwork Security
Security patch notifications for servers. Build it, deploy it, and…
Appcanary
Appcanary tracks the dependencies you use in your apps and servers…
Cymmetria
Cyber deception platform using decoy virtual machines to detect lateral movement, hunt attackers, and automate incident response. First Israeli security company selected by Y Combinator.
Y Combinator · Felicis Ventures · Seedcamp
Acquired by Stage Fund (September 2019). Deception technology market later consolidated around Attivo Networks (acquired by SentinelOne) and others.
Deception technology proved effective but struggled as a standalone category — eventually absorbed by EDR/XDR platforms. Attivo Networks (similar space) was acquired by SentinelOne for $616M in 2022.
Foxpass
Making enterprise security practices available for all companies.
Sphere Secure Workspace
Sphere Secure Workspace
Traversal Networks
Enterprise Threat Detection: Tuning, Triage, and Analysis by Experts.
CyberFend
Cyberfend delivers robust, real-time web and mobile security by…
Final
A credit card that drastically reduces payment fraud and gives…
Rescue Forensics
Actionable human trafficking intelligence
Acquired by IST Research (December 2016). Technology integrated into IST's intelligence and analytics platform.
Smyte
Smyte stops bad actors on social networks and marketplaces.
ThinAir
Intelligent data security for teams
Bannerman
Security Guard Company Marketplace
Kuna Systems
We're making a smart, front door camera with intercom that lets you…
Meldium
Simple password & identity management for teams. Acquired by LogMeIn…
Mattermost
Secure Collaboration for Technical Teams
Authy
Authy is a Two-Factor Authentication platform for developers
Documents.Me
Client-side encryption for your devices and the cloud.
WireOver
Really secure file sending for big files.
Sift
The Leader in Digital Trust & Safety
AeroFS
Secure Enterprise Collaboration.
Clickfacts
Clickfacts