Ballistic Ventures

Veza is the data security platform that helps users use and share their data safely. It makes it easy to understand, manage, and control who can and should take what action on what data. It organizes authorization metadata across identity providers, data systems, cloud service providers, and applications, all to address the toughest data security challenges of the modern era. The company is funded by top-tier investors including Accel, Bain Capital, Ballistic Ventures, Blackstone, GV, Norwest Venture Partners, and True Ventures.

GetReal Labs is a company dedicated to protecting organizations from the dangers associated with the malicious use of altered and synthetic information. Currently operating in stealth mode, the firm focuses on developing innovative solutions to address the growing risks posed by misinformation and data manipulation in various sectors. Through its efforts, GetReal Labs aims to enhance the integrity of information and safeguard businesses against potential threats.

SpecterOps is a cybersecurity company focused on helping enterprises defend against advanced attacks through a variety of products, services, and training solutions. The company specializes in program development, offering assessment services and operational support that aim to enhance the security posture of organizations. SpecterOps provides training on advanced adversary tactics, techniques, and procedures, equipping students with the knowledge needed to effectively counter threats. Additionally, the company is involved in initiatives that foster industry improvement, promoting a safer environment for critical assets and data across organizations and communities.

Concentric AI, founded in 2018 and headquartered in San Jose, California, specializes in a Semantic Intelligence solution that addresses data risk challenges for enterprises. Its platform utilizes deep learning technology to analyze the content and context of sensitive documents stored both in the cloud and on-premises. By scanning various types of documents, including those containing personally identifiable information (PII), confidential data, and financial statements, the platform identifies potential risks and highlights critical concerns that require immediate attention. This approach allows organizations to discover, monitor, and protect their sensitive data without needing prior knowledge of high-value content or placing the burden on end-users, ultimately simplifying deployment and accelerating time to value.

Aembit is a platform focused on Workload Identity and Access Management, catering to the needs of DevSecOps teams by automating secure access for workloads. It serves as a single identity broker across various environments, including clouds, SaaS, and data centers, thereby simplifying the lifecycle of workload access. The platform enables organizations to manage, enforce, and audit access between federated workloads, allowing for secure and seamless connections to essential services like APIs, databases, and cloud resources. By streamlining application development and delivery, Aembit empowers enterprises to define access policies, issue necessary credentials, and log interactions between systems, enhancing overall security and efficiency.

WitnessAI is dedicated to creating a security platform that provides essential governance and security controls for enterprises adopting artificial intelligence. The platform enhances visibility and privacy regarding AI activities, allowing businesses to leverage the benefits of generative AI while maintaining control over their data and ensuring security. By focusing on making AI safe and productive, WitnessAI helps organizations innovate without compromising on privacy or governance.

Nudge Security is a cybersecurity startup securing modern organizations through the power of the modern workforce.

Alethea is a technology company helping the Fortune 500, private companies and nonprofits protect themselves from harms stemming from disinformation. Leveraging its multi-channel machine learning platform, Artemis, Alethea detects disinformation narratives across the internet, enabling customers to proactively defend against this pervasive threat. With Artemis-powered early detection, Alethea customers can protect their reputations, key assets, physical safety and market value. The company was founded in 2019 and is woman owned.

CodeZero provides an innovative platform aimed at enhancing microservices development within complex cloud environments. As cloud infrastructures have expanded, the challenges of managing numerous services have grown significantly, leading to increased misconfiguration errors and higher costs for identifying production issues. CodeZero's Teamspaces offers a solution by allowing developers to interact seamlessly with both cloud services and local environments. This intelligent cloud environment presents the entire cluster as a single machine, enabling real-time traffic management without requiring extensive cloud infrastructure knowledge. By facilitating collaboration and issue diagnosis in live production settings, CodeZero's platform aims to simplify development processes while prioritizing security and efficiency.

Reach Security specializes in developing security software that streamlines security operations for organizations. The company's platform centralizes and automates various security tools, allowing security leaders and operators to effectively measure, manage, and enhance the value of their security investments. Reach Security provides tailored control recommendations and supporting materials based on specific threat profiles, which helps organizations prioritize security controls and gain visibility into potential threats. By automating security tasks and centralizing security data management, Reach Security enables customers to gain valuable insights and improve their overall security posture.

ArmorCode is a cybersecurity company based in Palo Alto, California, founded in 2020. It provides an AppSecOps platform aimed at simplifying application security and reducing application exposure and risk. The platform offers comprehensive features for application security posture, vulnerability and compliance management, and DevSecOps automation. By integrating with the broader security ecosystem, ArmorCode's solution helps organizations de-duplicate, correlate, and orchestrate security findings, ultimately enhancing their protection against third-party attacks. The company aims to deliver significant improvements in application security efficiency, achieving a tenfold increase in AppSec force multiplier impact for various prominent enterprises.

SpecterOps is a cybersecurity company focused on helping enterprises defend against advanced attacks through a variety of products, services, and training solutions. The company specializes in program development, offering assessment services and operational support that aim to enhance the security posture of organizations. SpecterOps provides training on advanced adversary tactics, techniques, and procedures, equipping students with the knowledge needed to effectively counter threats. Additionally, the company is involved in initiatives that foster industry improvement, promoting a safer environment for critical assets and data across organizations and communities.

AuthMind is an identity security firm focused on identifying and mitigating hidden identity risks through advanced access neural network technologies. Its platform provides a comprehensive solution for identity and cybersecurity teams, offering real-time identity security posture management and identity threat detection and response services. By addressing critical vulnerabilities such as blind spots, security gaps in identity infrastructure, and human errors in configurations, AuthMind enables enterprises to effectively combat identity-based attacks and enhance their overall security posture.

Coro provides modern cybersecurity that unifies comprehensive protection into a single platform. Coro empowers organizations to defend against malware, ransomware, phishing, data leakage, insider threats and bots across devices, users, and cloud applications. More than 5,000 businesses depend on Coro for holistic security protection, unrivaled ease of use, and unmatched affordability. Coro’s modern cybersecurity platform automatically detects and remediates the many security threats that today's distributed businesses face, without IT teams having to worry, investigate, or fix issues themselves.

Abnormal Security Corporation specializes in cloud-based email security solutions for Microsoft Office 365 and G Suite, aiming to protect organizations from targeted email attacks. Founded in 2018 and based in San Francisco, the company employs a data science approach to enhance its email protection capabilities. Its platform offers a range of services, including inbound email protection, detection of email account compromises, and responses to various threats. Abnormal Security addresses issues such as credential phishing, internal phishing, impersonation of employees and executives, vendor account compromise, as well as invoice and payment fraud. The company serves diverse sectors, including financial services, healthcare, and utilities, providing comprehensive solutions to safeguard against email-related risks that can lead to significant financial and reputational damage.

Cado Security Ltd is a London-based company that specializes in developing a cloud-native digital forensics platform aimed at enhancing incident response capabilities for enterprises. Founded in 2020, Cado Security's platform, Cado Response, allows security teams to conduct forensic analysis across various environments, including cloud, container, and on-premise systems. The platform is designed to provide detailed insights at high speed, enabling organizations to effectively investigate and respond to cyber incidents while minimizing financial and legal risks associated with security breaches. By automating analysis and securing evidence, Cado Security empowers organizations to adapt to the evolving landscape of cybersecurity challenges.

Aembit is a platform focused on Workload Identity and Access Management, catering to the needs of DevSecOps teams by automating secure access for workloads. It serves as a single identity broker across various environments, including clouds, SaaS, and data centers, thereby simplifying the lifecycle of workload access. The platform enables organizations to manage, enforce, and audit access between federated workloads, allowing for secure and seamless connections to essential services like APIs, databases, and cloud resources. By streamlining application development and delivery, Aembit empowers enterprises to define access policies, issue necessary credentials, and log interactions between systems, enhancing overall security and efficiency.

Pangea is a developer of security APIs that offers a comprehensive portfolio of security services tailored for application builders. The company provides a single platform that simplifies the integration of security into cloud and mobile applications. Pangea's services are designed to be globally accessible while maintaining regional intelligence, making them suitable for diverse markets. Available on major cloud platforms such as AWS and GCP, Pangea enables clients—including app developers, SaaS providers, and security operations teams—to efficiently create secure and compliant user experiences. The company aims to make security accessible to all developers, eliminating the need for extensive security expertise.

ArmorCode is a cybersecurity company based in Palo Alto, California, founded in 2020. It provides an AppSecOps platform aimed at simplifying application security and reducing application exposure and risk. The platform offers comprehensive features for application security posture, vulnerability and compliance management, and DevSecOps automation. By integrating with the broader security ecosystem, ArmorCode's solution helps organizations de-duplicate, correlate, and orchestrate security findings, ultimately enhancing their protection against third-party attacks. The company aims to deliver significant improvements in application security efficiency, achieving a tenfold increase in AppSec force multiplier impact for various prominent enterprises.

Alethea is a technology company helping the Fortune 500, private companies and nonprofits protect themselves from harms stemming from disinformation. Leveraging its multi-channel machine learning platform, Artemis, Alethea detects disinformation narratives across the internet, enabling customers to proactively defend against this pervasive threat. With Artemis-powered early detection, Alethea customers can protect their reputations, key assets, physical safety and market value. The company was founded in 2019 and is woman owned.

Perygee is a developer of an automation platform that focuses on enhancing device functionality and cybersecurity for enterprises. The platform integrates all asset information and engages security stakeholders to protect critical assets while automating operational technology security workflows. Perygee combines device-specific edge monitoring with user-friendly, no-code data modeling and automation tools. This approach enables businesses to achieve a comprehensive cybersecurity solution that balances robust security measures with an intuitive user experience. By automating full enterprise workflows, Perygee aims to save time and improve operational visibility for its clients.

Stairwell, Inc., founded in 2019 and headquartered in Mountain View, California, specializes in cybersecurity solutions through its Software as a Service (SaaS) platform. The company focuses on Automated Threat Detection and Response, providing tools that enable security teams to identify and address potential threats efficiently. By treating all files as suspicious and preserving them as evidence, Stairwell accelerates threat analysis, allowing organizations to quickly assess their security status in response to emerging threats. Its technology incorporates artificial intelligence and machine learning to deliver automated reports that indicate whether an organization has been compromised and, if so, outlines the details of the incident. This innovative approach enhances the capabilities of security personnel, streamlining the processes of threat evaluation and response. Stairwell has garnered recognition for its innovative contributions to the cybersecurity landscape, supported by prominent investors and partners.

Open Raven, Inc. is a data security company that specializes in data protection by developing a platform aimed at assessing and managing data risk for enterprises. Founded in 2019 and based in Los Angeles, California, the company helps organizations identify and secure sensitive data stored across cloud environments and corporate networks. Its platform provides visibility and control to prevent data breaches, locating assets and highlighting exposed data and shadow accounts. Open Raven's solution addresses the limitations of existing tools by effectively managing data security posture, ensuring that security teams can locate and protect sensitive information within vast data environments. The platform also offers pre-built connectors and an open-source model for easier integration and extensibility, thus enabling businesses to maintain compliance and safeguard their data effectively.

Talon Cyber Security specializes in providing cybersecurity solutions tailored for the distributed workforce, addressing emerging threats associated with hybrid work environments. Its innovative technology enhances security controls to accommodate the growing reliance on cloud services and remote operations. Talon Cyber Security offers a unique secure browser that delivers enterprise-grade protection across both managed and unmanaged devices, independent of location, device type, or operating system. This approach not only fortifies cybersecurity but also promotes productivity and flexibility for businesses navigating the complexities of modern work arrangements.

Pangea is a developer of security APIs that offers a comprehensive portfolio of security services tailored for application builders. The company provides a single platform that simplifies the integration of security into cloud and mobile applications. Pangea's services are designed to be globally accessible while maintaining regional intelligence, making them suitable for diverse markets. Available on major cloud platforms such as AWS and GCP, Pangea enables clients—including app developers, SaaS providers, and security operations teams—to efficiently create secure and compliant user experiences. The company aims to make security accessible to all developers, eliminating the need for extensive security expertise.

Concentric AI, founded in 2018 and headquartered in San Jose, California, specializes in a Semantic Intelligence solution that addresses data risk challenges for enterprises. Its platform utilizes deep learning technology to analyze the content and context of sensitive documents stored both in the cloud and on-premises. By scanning various types of documents, including those containing personally identifiable information (PII), confidential data, and financial statements, the platform identifies potential risks and highlights critical concerns that require immediate attention. This approach allows organizations to discover, monitor, and protect their sensitive data without needing prior knowledge of high-value content or placing the burden on end-users, ultimately simplifying deployment and accelerating time to value.

Phylum specializes in cybersecurity solutions aimed at protecting applications within the open-source ecosystem and the software development tools associated with it. The company employs an automated analysis engine that promptly scans third-party code upon its publication, allowing it to vet software packages, identify potential risks, inform users, and prevent attacks. Phylum offers a comprehensive database of open-source software supply chain risks, which can be integrated throughout the development lifecycle and customized to fit an organization’s infrastructure and application security program maturity. The team consists of experienced security researchers and developers with extensive backgrounds in both the U.S. Intelligence Community and commercial sectors. Phylum has received recognition for its innovative approach, winning awards such as the Black Hat 2022 Innovation Spotlight Competition and being named one of Inc. Magazine’s Best Workplaces for 2023.

Nudge Security is a cybersecurity startup securing modern organizations through the power of the modern workforce.

Skiff operates an end-to-end encrypted document collaboration platform designed to create a private and decentralized workspace. The platform enables teams worldwide to share information securely and privately, facilitating real-time collaboration among colleagues while ensuring complete privacy. Skiff also incorporates decentralized storage, which further enhances security and allows organizations to monitor activity to prevent unintended use. In addition to its focus on document collaboration, Skiff addresses the evolving needs of consumers, publishers, and advertisers in the digital reading space, capitalizing on the transition from print media to digital formats. This includes catering to the growing demand for dedicated e-readers and reading-friendly devices, thereby creating new opportunities in the digital consumption landscape.

Aembit is a platform focused on Workload Identity and Access Management, catering to the needs of DevSecOps teams by automating secure access for workloads. It serves as a single identity broker across various environments, including clouds, SaaS, and data centers, thereby simplifying the lifecycle of workload access. The platform enables organizations to manage, enforce, and audit access between federated workloads, allowing for secure and seamless connections to essential services like APIs, databases, and cloud resources. By streamlining application development and delivery, Aembit empowers enterprises to define access policies, issue necessary credentials, and log interactions between systems, enhancing overall security and efficiency.

Lucidum, Inc. is an asset discovery company based in San Jose, California, founded in 2019. The company operates an online platform that addresses blind spots in cloud, security, and information technology operations. Utilizing patent-pending machine learning technology, Lucidum's platform enables organizations, including Fortune 500 companies, to discover and identify all assets within their environments, including previously unknown devices and services. By providing comprehensive visibility into IT assets, Lucidum supports clients in securing, managing, and transforming their enterprises effectively. The company is supported by investors such as GGV Capital and Silicon Valley CISO Investors.

Netskope, Inc. is a cloud application analytics and policy company that offers a comprehensive software-as-a-service platform aimed at securing data and users across various environments. Its primary offering, Netskope Security Cloud, provides visibility and real-time protection against threats when accessing cloud services, websites, and private applications. The platform employs a unique approach that allows for granular control of cloud application usage, enabling organizations to monitor user activities and secure sensitive information without the need for traditional restrictive measures. Additionally, Netskope operates NewEdge, a global security private cloud network that enhances security without compromising performance. The company also provides a Cloud Access Security Broker (CASB) to manage cloud application use, along with a cloud-based web security solution designed to prevent malware and detect advanced threats. Serving a range of industries, including finance, healthcare, and retail, Netskope focuses on promoting good digital citizenship while supporting organizations in their digital transformation efforts. Founded in 2012 and headquartered in Santa Clara, California, Netskope has data centers across multiple countries to meet global security needs.

Arkose Labs, based in San Francisco, California, develops a cybersecurity platform aimed at preventing online fraud and abuse for various industries, including online marketplaces, travel, banking, social media, ticketing, and gaming. Established in 2015, the company offers solutions to combat issues such as account takeover, fake account abuse, scraping, spam, and gift card fraud. Arkose Labs employs an AI-powered system that combines risk assessments with dynamic threat responses, effectively mitigating attacks while enhancing legitimate user experiences. The platform is recognized for its effectiveness, having received accolades for customer satisfaction and market presence. Additionally, it provides unique warranties against credential stuffing and SMS toll fraud, further demonstrating its commitment to protecting businesses from cybercrime. With a significant portion of its clientele being Fortune 500 companies, Arkose Labs operates offices in major locations, including Brisbane, Australia, and has established a strong reputation in the cybersecurity landscape.

Veza is the data security platform that helps users use and share their data safely. It makes it easy to understand, manage, and control who can and should take what action on what data. It organizes authorization metadata across identity providers, data systems, cloud service providers, and applications, all to address the toughest data security challenges of the modern era. The company is funded by top-tier investors including Accel, Bain Capital, Ballistic Ventures, Blackstone, GV, Norwest Venture Partners, and True Ventures.

BreachRx, Inc. is a company that specializes in incident management through its SaaS-based software platform designed to address data breaches. Founded in 2017 and based in San Francisco, the platform automatically generates alerts for data breaches and provides a comprehensive suite of solutions. These include preparation tools to minimize business risk, such as dynamic playbooks and regulatory compliance, as well as tailored response strategies for privacy incidents that facilitate coordinated responses and task management. Additionally, the platform supports recovery efforts through KPI tracking, reporting, and process improvement. By leveraging an expert library of regulatory best practices, BreachRx enables organizations to enhance their privacy and cybersecurity measures, ultimately helping them to respond and recover more efficiently while mitigating potential costs and reputational damage.