The problems cybersecurity startups attempt to solve are often a bit ahead of the mainstream. They can move faster than most established companies to fill gaps or emerging needs. Startups can often innovate faster because they are unfettered by an installed base.\n\nThe downside, of course, is that startups often lack resources and maturity. It\u2019s a risk for a company to commit to a startup\u2019s product or platform, and it requires a different kind of customer\/vendor relationship. The rewards, however, can be huge if it gives that company a competitive advantage or reduces stress on security resources.\n\nThe vendors below represent some of the most interesting startups (defined here as a company founded or emerging from stealth mode in the past two years). If you are involved with a startup emerging from stealth, please notify CSO Regional Executive Editor Andrew Flynn at firstname.lastname@example.org to be considered for inclusion in this list.\n\n[Editor\u2019s note: This article, originally published November 11, 2022, is periodically updated as new startups emerge.]\n\nAembit\n\nAembit produces a cloud-based identity platform that lets DevOps and security teams discover, manage, enforce, and audit access between federated workloads. The company helps organizations apply a zero trust security framework to workload access, similar to existing solutions for workforce access, by providing seamless and secure access from workloads to the services companies depend on, such as APIs, databases, and cloud resources. Aembit launched in 2023.\n\nAkto\n\nFounded in 2021, Akto focuses on API security. The company claims its platform, run locally or in the cloud, discovers and tests internal, external, and third-party APIs. It then finds vulnerabilities quickly during runtime. It supports key API data sources such as AWS, Google Cloud, and Kubernetes. The platform can be deployed in about a minute, according to Akto.\n\nAxiado\n\nAxiado develops trusted control\/compute unit (TCU) processors that offer hardware-based and AI-driven security technologies. The company claims its semiconductors provide pre-emptive threat detection in an AI-driven approach to platform security against ransomware, supply chain, side-channel, and other cyberattacks against cloud data centers, 5G networks and other disaggregated compute networks.\n\nBackslash\n\nBackslash Security, a cloud-native application security solution for enterprise AppSec teams, provides unified security and business context to cloud-native code risk, as well as automated threat modelling, code risk prioritization, and simplified remediation across applications and teams. The company\u2019s platform targets high-risk code combinations called \u201ctoxic code flows,\u201d in cloud-native applications.\n\nBinarly\n\nBinarly is an advanced automated firmware supply chain security platform that employs machine-learning techniques to both known and unknown vulnerabilities, misconfigurations, and malicious code in firmware and hardware components. The platform makes the darkest parts of the security stack visible, approachable, and defensible. Combining subject matter expertise with the latest artificial intelligence, it empowers defenders to protect devices from unknown and emerging threats in both firmware and hardware, giving security operations centers and incident response teams the ability to quantify, maintain, and defend the foundational elements of enterprise infrastructure. Binarly was founded in 2021.\n\nBoostSecurity\n\nBoostSecurity offers a DevSecOps automation platform that it claims can help detect and remediate vulnerabilities while allowing DevOps to work at its own pace. It also facilitates the creation and governing of policies across code, cloud, and CI\/CD flows. A single control plane provides visibility into software supply chain risks. BoostSecurity came out of stealth mode in 2022.\n\nBreachQuest\n\nBreachQuest\u2019s Priori incident response platform promises to collect and analyze security event data quickly to scope and contain attacks as well as speed recovery. Priori continuously monitors systems for malicious activity. When a breach occurs, it immediately sends an alert with information on which endpoints have been compromised. The company was founded in 2021. As of this writing in November 2022, BreachQuest had not released Priori.\n\nCamelot Secure\n\nThreat identification and mitigation company\u00a0Camelot Secure\u00a0offers \u201can offensive approach\u201d to cybersecurity offering vulnerability assessments, risk assessments, red teaming, cyber threat hunting, and cyber threat intelligence analysis employing artificial intelligence and machine learning. The company employs experts from the military, intelligence community, and private sector.\n\nCeritas\n\nCeritas provides hardware bill of materials (HBOM) vulnerability analysis and digital bill of materials (DBOM) data transfer. The platform identifies all known vulnerability relationships and leverages artificial intelligence (AI) to help companies reduce risk by monitoring equipment currently in use and conducting purchasing due diligence. The company launched in 2022.\n\nCircle Security\n\nCybersecurity company Circle Security has developed a platform \u201cpurpose-built\u201d to protect against credential-driven threats and cloud attacks. Powered by a decentralized architecture, Circle is available as a device-native service, a mobile app, a browser-based solution, and via a developer-focused API, according to the firm. Circle\u2019s decentralized platform ensures secure access to cloud data and applications while protecting data during sign-in and throughout the user journey, no matter where the data travels, the company said in a press release.\n\nCommandK\n\nFounded in 2022, CommandK offers management solutions for the end-to-end lifecycle of sensitive data within a company\u2019s virtual private cloud. Its platform aims to ensure zero developer dependency in managing sensitive data, allowing security teams to attain a high order of security while letting developers focus on building features. CommandK is deployed as a managed solution within a company\u2019s virtual private cloud, ensuring that sensitive data remains inside the company\u2019s network.\n\nConfidencial\n\nCalifornia-based Confidencial produces a solution for the secure sharing of sensitive information within unstructured documents. The company claims it has \u201ccreated a product that meets the needs of individuals and businesses looking for a better way to share documents containing sensitive customer or corporate information.\u201d The platform\u2019s core features include integration into common desktop applications, full-document, or selective encryption and has a robust analytics and reporting dashboard. The production release of the platform includes individual and team document tracing, folder encryption, search and encryption for PDF, and image encryption.\n\nConveyor\n\nConveyor, founded in 2021, offers a way to make filling out customer security questionnaires easier. It is an online service where vendors can upload relevant security documents and answers to common questions in Conveyor\u2019s Customer Trust Platform. Customers can then access that content through the company\u2019s Vendor Trust Platform, which is gated and requires a non-disclosure agreement for access, or customers can compare the security posture of multiple vendors.\n\nCranium\n\nAI security and trust software firm Cranium offers the Cranium Enterprise software platform, aimed at helping organizations map, monitor, and manage AI\/ML environments against threats without interrupting how teams train, test, and deploy their AI models. On June 15, the company released its Cranium AI Card, which allows organizations to gather and share information about the trustworthiness and compliance of their AI models with both clients and regulators and gain visibility into the security of their vendors\u2019 AI systems.\n\nCyclops\n\nCyclops, based in Tel Aviv, produces a contextual cybersecurity search platform. Founded in 2020 by cybersecurity veterans Eran Zilberman (CEO), Elay Gueta (CTO) and Biran Franco (CPO), Cyclops offers a search engine powered by generative AI to answer critical and timely questions about the state of an organization's security posture and provide proactive defense against cyber threats and address vulnerabilities.\n\nDapple\n\nDapple Security offers the ability to securely log into systems without storing sensitive identity data. Since there is no need to store sensitive user data, Dapple Security prevents phishing and related attacks that rely on stolen credentials, preserving user privacy and dramatically reducing the data attack surface. Dapple was founded in 2022.\n\nDescope\n\nDescope is an authentication and user management platform for passwordless authentication. It offers tools for developers to easily add authentication, user management, and authorization capabilities to apps. The platform protects against bot attacks on login pages, account takeover fraud, and session theft by identifying risky user signals to enact step-up authentication. The company was founded in 2022.\n\nDiscern Security\n\nDiscern Security defines itself as a \u201cpolicy intelligence Hub\u201d, leveraging AI capabilities to monitor and optimize security controls across a number of cybersecurity tools. It aims to leverage artificial intelligence to create a dynamic, interconnected platform for security configuration and policy management. The company was founded in 2023.\n\nDoControl\n\nThe DoControl platform provides automated, self-service tools for data access monitoring, orchestration, and remediation of SaaS applications. It has the ability to identify sensitive information and prevent it from leaving an organization\u2019s cloud instance. DoControl is an agentless, event-driven platform. The company was founded in 2020. \n\nDope.security\n\nBilling itself as \u201cthe world\u2019s only fly-direct secure web gateway (SWG),\u201d dope.security performs security directly on the endpoint instead of routing traffic through stopover data centers. The process \u201cimproves performance up to 4X, ensures that decrypted data never leaves the device, and improves reliability by eliminating external dependencies.\n\nEureka Security\n\nEureka Security is a cloud data security posture management platform that helps security teams understand where and what type data is, learn who and what can access it, and keep it continuously secure. The Saas-based platform launched in January 2022 with $8 million in funding. \n\nGem Security\n\nGem Security, founded in May 2022, offers a cloud detection and response (CDR) platform with a centralized approach to cloud threat response. The platform adopts an \u201cassume breach\u201d methodology with real-time operational visibility. The solution provides a holistic approach for SecOps teams to tackle cloud-native threats, providing cloud context via a single platform, integrated into existing SecOps workflows (SIEM\/SOAR, IAM, CSPM, ticketing systems, etc.) The company emerged from stealth in February 2023.\n\nGutsy\n\nGutsy applies process mining to cybersecurity, providing automatic, data-driven insight into how an organization's teams, tools, and processes work together and what outcomes they deliver. The platform provides security leaders with the data and understanding to ask hard questions and make good decisions, according to the company. It provides three modules covering processes in identity management, incident response, and vulnerability management, integrating with a broad range of tools from cloud providers to HR systems, vulnerability management tools, ticketing systems, EDR platforms, and more.\n\nHadrian Security\n\nHadrian is a hacker-led cybersecurity startup based in London and Amsterdam that offers an event-based, offensive security platform in a SaaS model. The company says its \u201cautonomous technology identifies real threats and prioritizes where action is needed, connecting urgent tasks to existing workflow tools and processes so that the important stuff gets handled first.\u201d Using cloud-native technology and ML modules, Hadrian proactively and continuously scans and tests companies\u2019 IT infrastructures to provide fast and precise holistic insights.\n\nHarmonic Security\n\nHarmonic Security, founded in 2023, provides visibility into AI adoption across an enterprise. The platform performs risk assessments of all AI apps so that high-risk AI services that could lead to compliance, security, or privacy incidents are identified. That allows organizations to control access to AI applications as required, including selective blocking of sensitive content from being uploaded, without needing rules or exact matches.\n\nHush\n\nHush offers AI-based digital privacy services for individuals and families, but it also has an enterprise-grade product to protect workforce privacy. Once businesses deploy the Hush service, their employees are able to manage their own Hush profiles. This allows them to monitor for and report privacy issues and remediate issues that put their privacy at risk. Hush also makes a \u201cprivacy advocate\u201d available by phone or online. The company was founded in 2021.\n\nInside-Out Defense\n\nLaunched in 2023, Inside-Out Defense claims to be \u201cthe cybersecurity industry\u2019s first platform to solve privilege access abuse.\u201d The company\u2019s offering provides access intent, real-time detection, and in-line remediation through a SaaS platform. \u201cThe platform enables the determination of the gaps between known and unknown abuse behaviors, thereby stopping privilege abuse in real-time, at scale,\u201d the company says.\n\nInterpres Security\n\nEmerging from stealth mode in December 2022, Interpres Security offers a platform that allows organizations to better manage their \u201cdefense surface.\u201d It will show what their current security toolset can detect and defend against. The platform also helps identify gaps and inefficiencies in cyber defenses, allowing security teams to use a data-driven approach to improving security posture.\n\nKodem\n\nKodem claims to be the \u201cworld\u2019s first dynamic software composition platform.\u201d The company\u2019s offering uses application runtime to spotlight application risks, creating application context based on what is happening during runtime, not just in static code. According to the company, \u201cafter researching the problem of noise, false positives, and inefficient remediation, we have found that the only way to eliminate false positives and effectively prioritize remediation is to observe applications during runtime. By analyzing them as they\u2019re operating, it\u2019s possible to know exactly which components are in use, how data moves between them, and what part of the application is really vulnerable.\u201d\n\nLasso Security\n\nLasso provides a dedicated suite of tools to identify, monitor, and secure the use of large language models (LLM). The platform detects shadow AI usage, and identifies which tools and models are being used across an organization\u2019s network. It logs external and internal user interaction with LLM-based tools, detects risky data, and blocks malicious attempts from threat actors or internal users. The company was founded in 2023.\n\nLeakSignal\n\nLeakSignal is a data visibility and posture management platform for microservices offering continuous visibility into data leakage and risk exposures. It provides layer 4-7 data visibility and protection for microservices environments, allowing security teams to take control and set limits on sensitive data access with technology for the analysis and identification of potential data exfiltration, strengthening mesh networks. It was founded in 2021.\n\nMobb\n\nAutomatic vulnerability fixer Mobb uses AI-powered technology to automate vulnerability remediations to significantly reduce security backlogs and free developers to focus on innovation. Mobb ingests SAST results from various scanning tools and automatically fixes code, while keeping the developers informed during the process to instill trust and ensure accuracy. Mobb ingests findings from multiple SAST solutions. The company says \u201cits automatic code remediations are powered by AI, and informed by security best practices and input from the developers who commit the fixes.\u201d\n\nNaxo Labs\n\nNaxo Labs was founded in 2022 by a group of noted experts and former FBI special agents to provide forensic and investigation services. The company works on cases involving cybercrimes such as insider threats or intellectual property theft and packages the facts for referral to law enforcement or for litigation. Naxo is also capable of performing blockchain and cryptocurrency analysis as well as data recovery.\n\nNudge Security\n\nNudge Security offers a solution aimed at managing the security of software as a service (SaaS) for distributed workforces. Its platform allows for the discovery of cloud SaaS assets created without the need for network changes, endpoint agents, or browser extensions. The company claims it provides visibility into the entire SaaS attack surface, including managed and unmanaged accounts, OAuth connections, and resources. It also notifies when new SaaS accounts are created. Nudge was founded in 2022.\n\nOligo Security\n\nFounded in 2022,\u00a0Oligo\u00a0offers an open-source security platform that detects and prevents attacks such as Log4Shell by monitoring malicious activity at the library level. The company claims that its runtime monitoring of open-source libraries focuses only on vulnerabilities that are relevant. The platform works with most modern development languages such as Python, Go, Java, and Node and all cloud service providers such as GCP, Azure and AWS.\n\nOpus Security \n\nCloud security orchestration and remediation platform Opus Security launched in September 2022. Opus enables cloud security teams to see beyond alerts and threats and gain the control, knowledge, and capabilities to resolve them. The platform integrates with existing security tools and orchestrates the entire remediation process across all stakeholders and organizational environments. \n\nPhylum.io\n\nPhylum.io is a software supply chain security company that offers a security-as-code platform that gives security and risk teams more visibility into the code development lifecycle and the ability to enforce security policy without disrupting innovation. The platform protects developers and applications at the perimeter of the open-source ecosystem and the tools used to build source code. The company was the inaugural Black Hat Innovation Spotlight competition winner in 2022 and claims to have been the first to detect and mitigate three separate attacks against npm developers by nation-state bad actors since June.\n\nPiiano\n\nPiiano offers two products: Piiano Scanner scans source code for references to personally identifiable information (PII), and Piiano Vault secures sensitive data while allowing it to be used. Scanner can scan any Java or Python GitHub projects on a single click and is intended to improve collaboration between development and privacy teams. Vault\u2019s API-based infrastructure allows the safe storage of sensitive data and provides compliance with GDPR and CCPA. Piiano was founded in 2021.\n\nPingSafe\n\nPingSafe is a cloud-native application platform (CNAPP) that uses attacker intelligence and an offensive security engine to help clients address critical and exploitable vulnerabilities at speed and scale. The platform helps secure cloud environments across hyper scalers such as AWS, GCP, Azure and various deployments like Kubernetes, VMs, and serverless. The company was founded by Anand Prakash and Nishant Mittal in 2021 and is based out of San Francisco and Bangalore.\n\nPrivya\n\nFounded in 2021, Privya\u2019s platform provides a cloud-native approach to data privacy by design. The company claims it will allow organizations to better enable privacy and data protection within the development lifecycle process. The Privya platform is able to discover and identify personal data across multiple data sources and map the data flow and business logic. It also provides an automated architecture to better meet compliance requirements.\n\nProtect AI\n\nProtect AI is an artificial intelligence and machine learning security company that help organizations protect ML systems and AI applications from unique security vulnerabilities, data breaches and emerging threats. Its platform, AI Radar, \u201chelps organizations build safer AI by providing developers, ML engineers, and AppSec professionals a way to see, know, and manage an ML environment,\u201d according to the company. \u201cAI Radar enables customers to quickly identify and remediate risks, and maintain a strong security posture for ML systems and AI applications.\u201d\n\nSavvy\n\nSavvy\u2019s workforce security automation platform addresses human error by giving SecOps visibility and security automation playbooks for orchestrating SaaS incident response before an unsecure action takes place. The company claims its platform \u201cprovides real-time alerts and suggestive guidance to improve user decision-making. Savvy\u2019s focus on the \u2018human\u2019 attack surface and protecting employees across browsers and work apps solves a massive problem all enterprises face and is only getting worse.\u201d\n\nSharepass\n\nFounded in 2020, Sharepass provides a means to share confidential information securely across platforms. The company claims its web-based product does not leave a digital trail when data is shared. Sharepass first encrypts the information being shared and sends a link to the recipient. That link becomes inactive once the recipient opens it. Senders can specify email addresses, set time limits for how long the link is valid, or require a PIN code. \n\nSilk Security\n\nSilk Security offers a sustainable cyber risk resolution platform that enables security and operations stakeholders to collaboratively align finding risk with fixing risk, enhancing enterprise security and compliance posture and centralizing visibility into risk resolution status. The platform incorporates AI technologies to consolidate and contextualize findings from multiple detection tools, automates prioritization based on severity, asset profiles and environmental factors, and predictively assigns fix ownership.\n\nSnapAttack\n\nSnapAttack provides a purple-teaming platform that the company claims to address the entire threat detection process. The platform includes an Attack Signal Library that catalogs attack threats and simulations. Red and blue teams can create their own attack sessions. SnapAttack allows purple teams to identify gaps against the MITRE ATT@CK matrix and to create detection logic with a no-code detection builder. The company was founded in 2021.\n\nSocket\n\nThe Socket platform is designed to prevent malicious open-source dependencies from infiltrating apps by\u00a0detecting and blocking unexpected attacks that aren't caught by CVE vulnerability scanners via malware, hidden code, typo-squatting, and other vectors. The platform also finds actionable security information directly inline in GitHub. The company was founded in 2021 and launched in 2022.\n\nSpera\n\nThe Spera platform provides visibility and contextualized insight into identities, permissions, and actions collected from identity providers and applications (SaaS, cloud providers, and on-prem) using an agentless process. The solution is designed to integrate with identity providers and both cloud and on-prem applications to produce an organization-wide identity maturity report within one hour of deployment, providing a real-time picture of identity attack surface as well as context on identity permissions and usage. The company launched in March 2023 with $10 million in funding.\n\nSquareX\n\nSquareX is developing a browser-based cybersecurity product to keep consumers safe online. The company\u2019s product aims to address threats such as phishing, identity theft, session hijacking, and other browser-based attacks using a browser extension that monitors and protects users while they go about their online activities. The company, founded in 2023, plans to launch a beta version beginning in May.\n\nStack Identity\n\nIdentity and access management (IAM) governance company Stack Identity targets the problem of shadow access \u2014unauthorized, unmonitored, and invisible cloud data access patterns created by the myriad of human and machine cloud identities accessing the cloud. \u201cIt\u2019s our vision and conviction that the future of cloud security must be identity-first, access-centric and with a deep context of data, applications, and software,\u201d according to CEO and founder Venkat Raghavan. Stack employs its Breach Prediction Index algorithm to reduce the risk of cloud vulnerabilities and improve IAM audits, compliance, and governance.\n\nSweet Security\n\nSweet Security\u2019s Cloud Runtime Security Suite provides runtime defenses across all of the stages of an attack including detection and response, discovery, and prevention. According to the company, \u201cSweet leverages an eBPF-based sensor to attain cloud-native cluster visibility and stream key application data and business logic to its servers. Using an innovative framework to profile workload behavior anomalies and contextualize them with traditional TTPs, its analysis uses a deep understanding of cloud attacks and custom client environments.\u201d The company was founded in 2021 by Dror Kashti, former CISO of the Israel Defense Forces (IDF) and Eyal Fisher, former head of the Cyber Department at Unit 8200.\n\nTrustCloud (formerly Kintent)\n\nThe TrustCloud platform is intended to help companies pass audits, manage risk, and complete security reviews. It uses programmatic API-based control and risk verification, which can automate workflows and evidence collection. TrustCloud can analyze a compliance program and map it to multiple standards. It also has an AI-based feature that helps fill out security questionnaires. TrustCloud was founded in 2020 as Kintent.\n\nTrustmi\n\nBusiness payments security company Trustmi offers an end-to-end solution aimed at helping businesses protect their bottom line by eliminating losses from cyberattacks, internal collusion, and human error. Founded in Israel in 2021, Trustmi claims to help reduce B2B payment fraud through \u201ca holistic approach to overcome the fragmentation of payment processes by providing a flexible solution that seamlessly integrates into existing organizational workflows.\u201d The platform utilizes a unique trust network that unites crowd-sourced data from thousands of vendors and businesses to help uncover vulnerabilities and detect suspicious signals to maximize protection for business payments.\n\nValence Security\n\nValence Security, founded in 2021, offers a platform to remediate SaaS security risks around third-party integration, identity, misconfiguration, and data sharing. The platform provides its own cross-SaaS data and permissions model to help maintain access control. It also comes with a set of automated SaaS security remediation workflows to minimize the need for specialized knowledge to set them up.\n\nVanta\n\nTrust management platform developer Vanta has launched its Vendor Risk Management product, providing third-party vendor security reviews and due diligence. The offering is designed to reduce the time and cost of reviewing, managing, and reporting on third-party vendor risk. The company launched in 2018.\n\nVaultree\n\nVaultree, founded in 2020, has developed what it claims is the first \u201cfully functional\u201d data-in-use encryption software development kit (SDK). The product is designed to eliminate the risk of data being leaked or stolen in plaintext form. According to Vaultree, can process, search, and compute data at scale without surrendering encryption keys or decrypting on the server side.\n\nVeza\n\nVeza provides an authorization platform for data for use in hybrid, multi-cloud environments. The company claims it enables organizations to better understand, manage, and control who can and should take actions on data. It focuses on streamlining data access governance, implementing data lake security, managing cloud entitlements, and modernizing privileged access. Veza was founded in 2020. \n\nWing Security\n\nWing\u2019s platform is designed to detect and automatically remediate SaaS application threats. It continuously monitors usage for every user, app and file. The platform can shut down what it considers risky app-to-app connections, restrict and govern data shared with external users over SaaS apps, and manage vulnerabilities around risky user behavior. It can also manage tokens and permissions of SaaS applications. Wing was founded in 2020.