Echo Raises $35 Million to Secure Container Images with AI Agents That Eliminate Vulnerabilities

Echo raises $35M to secure the enterprise cloud's base layer -- container images -- with autonomous AI agents

As enterprises accelerate the deployment of LLMs and agentic workflows, they are hitting a critical infrastructure bottleneck: the container base images powering these applications are riddled with inherited security debt. Echo, an Israeli startup, is announcing a $35 million in Series A funding today (bringing its to-date total to $50 million in funding) to fix this by fundamentally reimagining how cloud infrastructure is built. The round was led by N47, with participation from Notable Capital, Hyperwise Ventures, and SentinelOne. But the real story isn't the capital -- it's the company's ambitious goal to replace the chaotic open-source supply chain with a managed, "secure-by-design" operating system. The Hidden Operating System of the Cloud To understand why Echo matters, you first have to understand the invisible foundation of the modern internet: container base images. Think of a "container" like a shipping box for software. It holds the application code (what the developers write) and everything that code needs to run (the "base image"). For a non-technical audience, the best way to understand a base image is to compare it to a brand-new laptop. When you buy a computer, it comes with an Operating System (OS) like Windows or macOS pre-installed to handle the basics -- talking to the hard drive, connecting to Wi-Fi, and running programs. Without it, the computer is useless. In the cloud, the base image is that Operating System. Whether a company like Netflix or Uber is building a simple web app or a complex network of autonomous AI agents, they rely on these pre-built layers (like Alpine, Python, or Node.js) to define the underlying runtimes and dependencies. Here is where the risk begins. Unlike Windows or macOS, which are maintained by tech giants, most base images are open-source and created by communities of volunteers. Because they are designed to be useful to everyone, they are often packed with "bloat" -- hundreds of extra tools and settings that most companies don't actually need. Eylam Milner, Echo's CTO, uses a stark analogy to explain why this is dangerous: "Taking software just from the open source world, it's like taking a computer found on the sidewalk and plugging it into your [network]." Traditionally, companies try to fix this by downloading the image, scanning it for bugs, and attempting to "patch" the holes. But it is a losing battle. Echo's research indicates that official Docker images often contain over 1,000 known vulnerabilities (CVEs) the moment they are downloaded. For enterprise security teams, this creates an impossible game of "whac-a-mole," inheriting infrastructure debt before their engineers write a single line of code. The "Enterprise Linux" Moment for AI For Eilon Elhadad, Echo's co-founder and CEO, the industry is repeating history. "Exactly what's happened in the past... everybody run with Linux, and then they move to Enterprise Linux," Elhadad told VentureBeat. Just as Red Hat professionalized open-source Linux for the corporate world, Echo aims to be the "enterprise AI native OS" -- a hardened, curated foundation for the AI era. "We see ourselves in the AI native era, the foundation of everything," says Elhadad. The Tech: A "Software Compilation Factory" Echo is not a scanning tool. It does not look for vulnerabilities after the fact. Instead, it operates as a "software compilation factory" that rebuilds images from scratch. According to Milner, Echo's approach to eliminating vulnerabilities relies on a rigorous, two-step engineering process for every workload: The result is a "drop-in replacement." A developer simply changes one line in their Dockerfile to point to Echo's registry. The application runs identically, but the underlying OS layer is mathematically cleaner and free of known CVEs. AI Defending Against AI The need for this level of hygiene is being driven by the "AI vs. AI" security arms race. Bad actors are increasingly using AI to compress exploit windows from weeks down to days. Simultaneously, "coding agents" -- AI tools that autonomously write software -- are becoming the number one generators of code, often statistically selecting outdated or vulnerable libraries from open source. To counter this, Echo has built a proprietary infrastructure of AI agents that autonomously manage vulnerability research. * Continuous Monitoring: Echo's agents monitor the 4,000+ new CVEs added to the National Vulnerability Database (NVD) monthly. * Unstructured Research: Beyond official databases, these agents scour unstructured sources like GitHub comments and developer forums to identify patches before they are widely published. * Self-Healing: When a vulnerability is confirmed, the agents identify affected images, apply the fix, run compatibility tests, and generate a pull request for human review. This automation allows Echo's engineering team to maintain over 600 secure images -- a scale that would traditionally require hundreds of security researchers. Why It Matters to the CISO For technical decision-makers, Echo represents a shift from "mean time to remediation" to "zero vulnerabilities by default." Dan Garcia, CISO of EDB, noted in a press release that the platform "saves at least 235 developer hours per release" by eliminating the need for engineers to investigate false positives or patch base images manually. Echo is already securing production workloads for major enterprises like UiPath, EDB, and Varonis. As enterprises move from containers to agentic workflows, the ability to trust the underlying infrastructure -- without managing it -- may be the defining characteristic of the next generation of DevSecOps. Pricing for Echo's solution is not publicly listed, but the company says on its website it prices "based on image consumption, to ensure it scales with how you actually build and ship software."

Vulnerability-free container image startup Echo Software raises $35M - SiliconANGLE

Vulnerability-free container image startup Echo Software raises $35M Echo Software Ltd., a startup that's using artificial intelligence agents to secure container images at the base layer, said today it has raised $35 million in an early-stage funding, just four months after closing on its $15 million seed raise. The Series A round was led by N47 and saw participation from Notable Capital, Hyperwise Ventures and SentinelOne. It brings its total amount raised to more than $50 million. The startup is looking to fix problems with container images, which it says are among the most insecure components of modern software today. These days, almost all cloud-based applications are built on container base images - essentially, prebuilt operating systems that define the app's runtimes and dependencies. Containers have become the building blocks of modern software because they provide a consistent and portable environment for applications, enabling them to run reliably across different platforms without change, meaning they can be deployed more rapidly in any environment. They also make it easier for developers to manage dependencies and improve application scalability. They rule the software world, but they also come with significant security risks. In fact, Echo's own research shows that some of the world's most widely used official Docker images, such as Python, Go, Ruby and Node.js, each contain more than 1,000 common exposures and vulnerabilities or CVEs. Echo co-founder and Chief Technology Officer Eylam Milner (pictured, right) said the company's research shows that more than 90% of container vulnerabilities stem from the original base image layer rather than the application code. This is problematic, he added, because most enterprises simply grab prebuilt container images and build directly atop of them when creating new software. "Large organizations with thousands of cloud services inherit millions of security issues before their engineers write a single line of code," he said. The startup's solution is to rebuild everything from scratch using AI agents to remove all of those vulnerabilities and exploits. It offers access to a growing library of CVE-free container base images that have been reconstructed using only the most essential components, reducing the attack surface considerably while ensuring they still function as before. In this way, Echo's hardened container images serve as drop-in replacements for standard Docker images, and they couldn't be easier to install. All developers have to do is change a single line in their application's Docker file to swap out a potentially vulnerable Docker image for a cleaner Echo version. Of course, Echo understands that even these "clean" container images may be affected by new vulnerabilities found in their most essential components. Fortunately, its AI agents work to maintain them around the clock, so the moment a new vulnerability is discovered and entered into the CVE database, they'll autonomously research the discovery and identify any images it might affect. Then they either find or develop their own fixes from unstructured sources, such as GitHub comments, forums and research blogs. Once the fix is ready, Echo's agents will apply a patch, run comprehensive compatibility tests and create a pull request so the fix can be reviewed by a human. Echo co-founder and Chief Executive Eilon Elhadad (left) said this AI-first approach enables the company to maintain a library of more than 600 secure container images, despite only having a team of 35. Without AI agents, he believes, the company would need to hire hundreds of security researchers. "Our time-to-value is instant, with customers immediately seeing their vulnerability count drop to zero when moving to Echo images," he said. "Security teams love us because we make them look like heroes overnight, and developers love us because they can stop wasting time fixing vulnerabilities in infrastructure they didn't even create." Elhadad and Milner are veterans of the Israeli Defense Force's elite Unit 8200 cybersecurity team, and they have a solid track record in the security industry. They previously founded the software supply chain firm Argon Ltd., which was acquired by Aqua Security Software Ltd. in December 2021 just one year after it launched. Echo says its secure container images have already been widely deployed by a number of major enterprises, including the database firm EnterpriseDB Corp., the data analytics startup Varonis Systems Ltd. and the publicly traded robotic process automation giant UiPath Inc. EDB Chief Information Security Officer Dan Garcia said Echo saves his company about 235 developer hours for each software release it puts out, while reducing the number of critical vulnerabilities it has to deal with. N47 General Partner Moshe Zilberstein said he's investing in Echo because he thinks AI-generated software is soon going to make manual vulnerability management obsolete. "AI agents now write more code than humans, while bad actors are using AI to compress exploit windows from weeks down to just hours," he said. "Echo is building the first operating system that's immune to vulnerabilities by design."