Former Spy Raises $60M as Zafran Tackles Surging AI-Driven Cyberattacks with New AI Agents

Former cyber spy raises $60 million to fight AI threats

Sanaz Yashar, the former spy and CEO of Zafran, told CNBC that the funding round comes as a result of the accelerating speed and pace of cyberattacks due to the on-going AI boon. Zafran uses artificial intelligence and automation technology to manage threat exposure. It's "becoming much more severe that it was even a year ago," she said in an exclusive interview. The round brings Zafran's total funding to $130 million since its founding in 2022. Zafran did not disclose the valuation at which it raised, but the startup said it has tripled annual recurring revenue since its last round for $70 million in September 2024. Annual recurring revenue is a term often used to measure income expected on a 12-month basis. The company plans to use the money to hire more people, Yashar said. Menlo Ventures led the funding round, with participation from Sequoia Capital and Cyberstarts, which was an early investor in the startup Wiz that sold to Google for $32 billion in March. Companies are looking for ways to reinvigorate their cybersecurity capabilities as AI reshapes the sophistication and capabilities of cyber criminals. Besides Wiz, Palo Alto Networks in July announced that it acquired identity security provider CyberArk for $25 billion. Yashar and co-founders Ben Seri and Snir Havdala created Zafran following an investigation into a ransomware attack on a hospital in Israel. "The data was there," Yashar told CNBC, adding that cohesive security tools might have prevented the attack. "If the security tools were talking to each other, they could block it." Yashar, who moved to Israel from Tehran at 17, served for 15 years in an elite cybersecurity unit within the Israel Defense Forces known as Unit 8200. She also led major investigations at threat detection firm FireEye and Mandiant, which Google bought in 2022. Many famous cybersecurity companies have originated from Unit 8200 alum, including Palo Alto Networks, Check Point Software and CyberArk. Zafran customers include healthcare, financial services, insurance, technology and Fortune 500 companies, Yashar said.

Zafran Security nabs $60M for its vulnerability management platform - SiliconANGLE

Zafran Security nabs $60M for its vulnerability management platform Fast-growing cybersecurity startup Zafran Security Ltd. today announced that it has raised $60 million in Series C funding. Menlo Ventures led the round with participation from Sequoia Capital, Cyberstarts, PSP Growth, Vintage Investment Partners and Knollwood Investment. The deal comes less than two years after Zafran's previous funding round. According to the company, its annual recurring revenue has more than tripled since that raise while its valuation has doubled. Zafran provides a cybersecurity platform that helps companies find vulnerabilities in their infrastructure. It searches for weak points by analyzing the technical data collected by an organization's other cybersecurity tools. Typically, different tools output the telemetry they gather in different formats. Zafran says that its platform organizes the data into a consistent format and removes duplicate items. The company's platform generates remediation suggestions for the issues that it finds. According to Zafran, the software can not only recommend a fix but also provide pointers on how to implement it. It might, for example, instruct administrators to reset a server after downloading an operating system patch and run tests to ensure that the patch was installed correctly. The company announced its funding round in conjunction with the launch of a new offering called Agentic Exposure Management. According to Zafran, it uses artificial intelligence agents to streamline the vulnerability remediation workflow. When researchers discover a new zero-day exploit, Agentic Exposure Management can check whether it affects a company's applications. The offering checks a program's SBOM, a file that lists its components, to determine if it contains vulnerable code. The software then generates a temporary mitigation that can be used until the application's developer releases a patch. Before administrators can fix a vulnerable workload, they have to find the colleague responsible for maintaining the workload. The task can take several hours in a large organization, which leaves time for hackers to launch cyberattacks. Agentic Exposure Management skips that step by using AI to identify the staffer in charge of a vulnerable system. Fixing urgent issues quickly also requires developers to skip any low-priority vulnerabilities that might be in their queue. A zero-day flaw in a database, for example, may not have to be patched immediately if the database is behind a firewall. Agentic Exposure Management automatically evaluates whether a vulnerability can be exploited by hackers. "Vulnerability management burns massive analyst hours on repetitive triage and manual patching, the kind of service-oriented work that AI agents excel at automating", said Menlo Ventures partner Rama Sekhar.