Arising with an correct head rely for cybersecurity startups is nearly unimaginable, with a brand new ventures popping up seemingly every single day. And there’s no business normal for what number of years it takes earlier than a startup ought to stop being referred to as a startup.
Total, business veteran Richard Stiennon, who tracks cybersecurity distributors on his IT-Harvest dashboard, lists greater than 4,000 corporations within the cybersecurity sector, startup or not, together with greater than 170 AI security distributors alone.
For this text, we’ve got set 2020 as a cutoff for outlining a startup, so any vendor based earlier than then has been excluded from consideration. As a result of there are dozens of startups worthy of observe, we’ve additionally determined that highlighting a cross-section of distributors with completely different areas of focus is worth it given the vary of cyber work undertaken by cyber startups at this time.
In in any other case figuring out this checklist, standards embrace the quantity of enterprise capital raised, acquisitions (if any), administration staff, awards recognition, and the corporate’s means to articulate a transparent strategic imaginative and prescient that resonates with enterprise security professionals, CISOs notably. Just about all these distributors are privately held, however people who announce sturdy income development and buyer wins get additional factors.
1. Astrix Safety
Class: Non-human identification (NHI) security
Why they’re right here: For each human person in an enterprise, there could possibly be dozens of non-human identities executing machine-to-machine interactions. These embrace API keys, service accounts, and AI brokers making autonomous choices. Astrix argues that these NHIs represent a blind spot in most enterprise security defenses.
Astrix gives visibility into non-human identities, and robotically detects and remediates overprivileged, pointless, and malicious entry to stop provide chain assaults and knowledge leaks. Based in 2021 by two veterans of the Israel Protection Drive army intelligence unit, CEO Alon Jackson and CTO Idan Gour, Astrix has raised $85M in funding.
Rama Sekhar, a companion at Menlo Ventures, says, “Astrix is tackling the problem of securing non-human identities head-on by addressing the total lifecycle of NHIs, guaranteeing that enterprises can automate confidently and securely.”
2. Chainguard
Class: Software program provide chain security
Why they’re right here: Based in 2021 by Dan Lorenc (previously at Microsoft and Google), Chainguard affords a Linux-based platform for securely constructing functions. The corporate has raised greater than $600M and is valued at $3.5B. In fiscal yr 2025, Chainguard reached a $40M annual run price and by the tip of fiscal 2026, expects to hit $100M.
The Chainguard automated construct system, Chainguard Manufacturing unit, contains Chainguard OS, which it describes as “zero-trust immutable infrastructure.” The platform contains libraries, in addition to greater than 1,700 trusted container pictures. Chainguard not too long ago prolonged the platform to digital machines.
Mamoon Hamid, companion at Kleiner Perkins, says, “The velocity at which Chainguard has established itself because the go-to supplier for trusted open-source software program is exceptional.”
3. Cyera
Class: Data security posture administration (DSPM)
Why they’re right here: Based in 2021 by Israeli army veterans Yota Segev (CEO) and Tamar Bar-Ilan (CTO), New York-headquartered Cyera has raised an astounding $1.3B, together with $540M in Collection E funding in June. The corporate is valued at $6B.
Cyera is taking a platform method to knowledge security within the age of AI. The corporate simply purchased Israeli knowledge loss prevention (DLP) startup Path Safety for $162M to assist fill out its portfolio. On high of its core merchandise, AI-SPM, which inventories AI belongings, and AI Runtime Safety, which screens and responds to AI dangers in real-time, Cyera not too long ago launched AI Guardian, aimed toward securing any sort of AI, in addition to DataWatcher, a managed SPM service.
Says Patrick Backhouse, companion at Greenoaks, “We imagine Cyera has constructed the world’s finest knowledge security platform, with a classification engine that’s dramatically higher than the rules-based paradigm, and which has earned real love from CISOs throughout industries.”
4. Drata
Class: AI-powered governance, threat, compliance (GRC)
Why they’re right here: Drata has achieved 60% year-over-year development and hit $100M in annual recurring income with its security compliance automation platform. Drata says it has attracted greater than 7,000 world clients since its founding in 2020. Earlier this yr, Drata acquired SafeBase, which automates software program security critiques, for $250M.
Drata’s imaginative and prescient is a belief administration platform that not solely modifications GRC from a guide to an automatic course of, but in addition transforms GRC from a value heart to a enterprise accelerator. The corporate has launched an AI agent in addition to the Drata Mannequin Context Protocol (MCP). The purpose is a completely agentic platform the place AI brokers act on behalf of finish customers to judge dangers, validate proof, set off workflows, and handle belief autonomously.
5. Island Expertise
Class: Safe enterprise browser
Browsers may not be as thrilling as AI, however a safe enterprise browser is turning into an vital component in a layered protection. Gartner predicts that “by 2028, 25% of organizations will increase present safe distant entry and endpoint security instruments by deploying a minimum of one safe enterprise browser.”
Enter Island Expertise, which launched its Chromium-based Enterprise Browser in 2022. The browser is designed to offer a secure workspace for customers as they entry SaaS and different internet apps, with its built-in secure looking, internet filtering, internet isolation, exploit prevention, and zero-trust community entry.
The Dallas-based firm, based by business veterans Mike Fey and Dan Amiga, has raised $730M and is valued at $4.8B. Island says it has greater than 450 enterprise clients.
6. Mimic
Class: Ransomware protection
Palo Alto-based Mimic was based in 2023 by Derek Smith, former CEO of Form Safety. Mimic payments itself because the final line of protection towards ransomware with its kernel-level method to detecting and deflecting assaults. The corporate additionally gives a fast restoration characteristic that helps organizations spin up vital belongings that “mimic” the enterprise’s authentic knowledge shops to allow them to keep away from paying a ransom.
“Mimic’s means to detect and deflect ransomware a lot sooner than conventional defenses is exclusive available in the market,” says Google Ventures Common Associate Karim Faris. “We imagine Mimic’s capabilities, mixed with their use of AI, will turn into a part of each CISO’s minimal required protection technique.”
Mimic not too long ago introduced the launch of Mimic Sign Generator, a brand new functionality that permits clients to simulate the impression of ransomware assaults in a managed setting.
7. Noma Safety
Class: AI security/AI agent security
Why they’re right here: Acknowledged by Gartner as a “Cool Vendor” in AI security, Noma gives an AI and agent security and governance platform that features discovery for AI asset and agent assault surfaces, AI security posture administration and threat prioritization, runtime controls for blocking malicious prompts and damaging agent actions; automated AI crimson teaming and compliance assist.
Richard Seewald, Evolution Fairness Companions founder, mentioned, “We selected to put money into Noma Safety primarily based on two essential components. First, the Noma Safety founding staff had the foresight to construct a complete AI security and governance platform to handle all CISO challenges associated to AI security. Second, as evidenced by fast buyer development, Noma Safety rapidly discovered product-market match inside the enterprise CISO’s group with an answer for agentic AI security and governance.” Noma was based in 2023 and has already raised $135M.
8. Actuality Defender
Class: Deepfake detection
Why they’re right here: Actuality Defender was chosen as a winner within the 2024 SINET16 Innovator Awards and was named probably the most modern firm on the 2024 RSA Innovation Sandbox. Based in 2021 by Ben Colman, Actuality Defender is a detection platform designed to identify deepfakes throughout audio, video, pictures, and textual content. Traders embrace Booz Allen Ventures, IBM Ventures, Accenture, DCVC, and Y Combinator.
Actuality Defender trains its algorithms on large datasets of each genuine and generated media. This permits it to “analyze pixel-level traces in video and frequency patterns in audio to search out alerts invisible to people.”
“Actuality Defender has swiftly established itself because the business chief in deepfake detection,” says Ali Tamaseb, a normal companion at DCVC. “It affords vitally wanted safety towards rising digital threats towards enterprises, governments, and the world’s largest banks and monetary establishments.’’
9. Upwind
Class: Cloud native software safety platform (CNAAP)
Why they’re right here: San Francisco-based Upwind has raised $180M, reported 4,000% year-over-year income development in 2024, 40% buyer enlargement, and greater than 30 product updates. Upwind is difficult legacy CNAPP distributors with a runtime-first detection and safety platform that covers each layer of the cloud stack.
Upwind’s unified CNAPP platform integrates cloud security posture administration (CSPM), cloud workload safety, cloud detection and response, vulnerability administration, and identification security, and grounds it in dwell runtime exercise. Clients report as much as 95% fewer alerts and sooner time-to-remediation.
Over the summer time, there have been stories that Datadog was in talks to purchase Upwind; nevertheless, no acquisition has taken place. Upwind was based in 2022 by Amiram Shachar, who based Spot, a cloud price optimization platform, and bought it to NetApp for $450M.
10. Zenity
Class: AI belief, threat, and security administration (AITRiSM)
Why they’re right here: Zenity was chosen because the “Agentic AI Safety Resolution of the 12 months” by the CyberSecurity Breakthrough Awards program, and was additionally cited as a “Cool Vendor” by Gartner.
Zenity affords a complete platform that governs how AI brokers are constructed, what they will entry, and what they will do, in real-time. The platform contains discovery of all brokers throughout SaaS, cloud, and endpoints; governance within the type of making use of insurance policies; and steady monitoring of agent conduct to detect malicious intent. The corporate, based by Ben Kliger, a former Microsoft worker, has raised $38M.
