Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. More information
Even as the software world has moved toward simplified user interfaces and applications, the security work behind the scenes has only become more complex – especially for mid-to-large enterprises that rely on software to run their operations.
While many companies have tried to embrace the “security by design” approach – that is, thinking about the security implications of every new update, build, product or system change – the truth is that even for experienced and well-educated people can be very difficult. -staffed infosec teams to understand their entire system and the implications of making changes, even necessary ones like updating firewalls and security.
But First security thinks it has the solution: The Israeli-founded startup today announces the beta version of its AI-powered system that monitors your enterprise’s entire network and proactively flags risks for you, suggesting changes and actions for you to implement, as well as sorting them into tangible buckets of what you need to do: ‘analyze’, ‘monitor’ or ‘intervene’. This helps security teams prioritize their work at a glance.
The company also announced that it has raised $6 million in seed funding, led by Foundation Capital with participation from Flybridge Capital Partners and prominent angel investors.
Michael Nov, CEO and co-founder of Prime Security, pointed out that delays and delays due to late-stage security interventions are a widespread problem in software-dependent industries.
“I discovered very early on that product speed is completely dependent on product safety,” he told VentureBeat in a video call earlier this week. “I can’t move an inch without protection, and the challenge I kept running into was developers saying, ‘I’m stuck in security.’ Security was always seen as the bad guy.”
Addressing security at the design stage
Prime Security’s recently unveiled product integrates security rails into the design phase of the Software Development Life Cycle (SDLC).
By using artificial intelligence – specifically tuned versions of proprietary models available through a major cloud provider, trained on synthetic data specifically generated by Prime to account for common and less common enterprise security needs – the platform helps teams improve security detect, prioritize and mitigate risks before coding even begins.
This proactive approach allows organizations to integrate security best practices into their software products from the start, reducing the chance of vulnerabilities later in the development process. Nov knows firsthand the problems that come with trying to stay safe and on deadline.
“We started Prime because I missed a deadline for a very large enterprise customer due to security issues,” said Nov. “I realized that the problem started in the design phase, when security was not proactively addressed.”
The product, now available in private beta, helps remove these roadblocks by eliminating friction between security and engineering teams.
The AI-powered platform integrates with tools like Jira and Confluence, analyzing tasks in real-time and providing developers with immediate security recommendations.
“We flag tasks that pose risks and proactively provide security assessments. Engineers don’t have to wait in time at security; they get recommendations directly in Jira,” Nov added.
Start-up financing to stimulate growth
Prime Security’s $6 million seed round will be used to expand its research and development efforts and grow its sales and engineering teams.
The company operates from offices in New York and Tel Aviv and plans to use the new funding to further enhance its AI-powered platform and support business growth.
The funding round was led by Foundation Capital, with participation from Flybridge Capital Partners and a group of influential angel investors, including Sam Gutmann, co-founder and CEO of Own Company; Adrian Kunzle, CTO of the company; Assaf Keren, CSO of Qualtrics; Dimitri Sirota, co-founder and CEO of Bigid; Michael Callahan, board member at Datadog; and Omer Schneider, co-founder and CEO of CyberX. This experienced group will play a key role in determining Prime Security’s strategic direction.
Main features of the product
Prime Security’s platform focuses on several critical security areas:
- Security gaps in the product architecture: Detecting issues such as authorization errors, unencrypted sensitive data, expired sessions, and improper role-based access controls.
- Security violations in the design phase: Identifying risks such as unapproved external entities, unrestricted network access and misassigned administrative tasks.
- Audit and Compliance Violations: Addressing issues such as unauthorized transfers of personally identifiable information (PII), incomplete security policies, and insufficient audit trails.
The product helps organizations take proactive measures, something Nov highlighted as critical to modern security practices. ‘Why do you pay bug bounties? Because you have problems in your software that are found by others. I’m telling you, be proactive about it. Solve it from the beginning and resolve it efficiently,” he said.
Using a combination of traditional and modern AI technologies, the platform interprets complex, unstructured data from Jira tickets and Confluence documents and makes recommendations based on the specific risks and context.
“What we do is automate a completely manual consultation process. The planning phase, where security must intervene, consists of all unstructured data: JIRA tickets, Confluence documents. We use Gen AI to provide consistent, scalable recommendations,” explains Nov.
The interface is designed to be intuitive and usable, as evidenced by the platform’s workflow. Users can track security tasks, view recommendations, and address compliance issues in real time.
Differentiation and competition
Nov also touched on how Prime Security differentiates itself from other players in the space, including established companies like Apiiro, Remy Security, Snyk and ShiftLeft. Prime’s key differentiator, according to Nov, is its ability to not only provide risk identification, but also actionable recommendations that close the loop. “Security teams are tired of receiving millions of alerts; they want solutions, not just problems. That is where we distinguish ourselves,” he explains.
While companies like Snyk partner with design-phase security consulting services, Nov points out that their solutions often focus on the code phase rather than the design phase, leaving a gap in early risk detection. “This is just confirmation that the problem is big. For example, Snyk worked with Deloitte to provide consulting services up to the design stage, but they don’t currently have a product for it. They are shifting to the left, to the code, and when the code is there, there is a wide variety of tools available,” Nov said.
Prime also plans to join broader industry initiatives. “We absolutely intend to sign the Secure by Design pledge as soon as we emerge from stealth,” Nov said, referring to the initiative led by the US Cybersecurity and Infrastructure Security Agency (CISA).
Nov emphasized that Prime’s focus on the design phase of development allows it to offer more comprehensive solutions compared to competitors. “We know both Apiiro and Remy. Apiiro’s solution is relatively light: it is one of the solutions they offer, but not the end-to-end focus of it. Remy focuses mainly on identifying risks, but they do not recommend closing the loop,” he added.
Industry response and market potential
The importance of embedding security into the design phase of software development is increasingly recognized, especially as regulators emphasize the principles of secure-by-design. Standards from organizations such as NIST and ISO advocate building security controls into the early stages of product development, a shift that aligns with Prime Security’s approach.
However, scaling security efforts in large organizations has long been a challenge. “There is one security person for every 150 developers. It is not scalable and this friction happens all the time,” Nov noted. “Our customers continue to tell us that the biggest benefits are avoiding late remediation and the ability to scale their security teams without adding staff.”
By automating security interventions at the design stage, Prime Security gives companies the ability to detect risks early, minimizing the need for expensive and time-consuming remediation measures later. “Security must be scalable before you write code. That is our starting point. You should deploy security before the code is written, and not after,” emphasizes Nov.
Assaf Keren, Chief Security Officer of Qualtrics, highlighted the value of Prime’s solution, particularly its ability to multiply the productivity of security teams. “In today’s rapidly evolving digital landscape, balancing development efficiency with robust security has never been more crucial,” he says.
Looking ahead
With the support of its investors and a clear market need for early-stage security solutions, Prime Security is poised to make a significant impact in the field of product security. Sid Trivedi, a partner at Foundation Capital, highlighted the company’s potential to disrupt traditional security approaches by bringing advanced AI to the forefront of product design. “Prime introduces a new opportunity for security teams to leverage modern AI infrastructure with an impressive vision for the future of product security,” said Trivedi.
Prime Security’s product is now available in private beta and the company is actively working to expand its features and capabilities as it looks to help more organizations address security issues at the earliest stages of software development.
Source link
