Zafran Security raised $60M led by Menlo—total $130M for AI agents fixing vulns autonomously. ARR 3x, Exposure Graph vs threats unpacked.

Zafran Security Raised $60M: AI-Powered Shield Against Cyber Vulnerabilities

Zafran Security raised $60M in a blockbuster Series C round led by Menlo Ventures, with Sequoia Capital, Cyberstarts, PSP Growth, Vintage Investment Partners, and Knollwood Investment piling in—this just two years after their last raise, as ARR tripled and valuation doubled to reflect exploding demand for smart vuln management. Tel Aviv-born Zafran’s platform crunches data from your existing security stack—think CrowdStrike, Qualys, Tenable—normalizing messy telemetry into actionable insights, nuking duplicates, and spitting fix-it playbooks that actually work. Launching alongside the cash: Agentic Exposure Management, AI agents that hunt zero-days in SBOMs, auto-mitigate till patches drop, and ping the right dev without hours of Slack roulette.

In a world drowning in vuln alerts (Gartner says 50% of breaches stem from unpatched flaws), Zafran’s graph maps exposures to your controls—like firewalls or WAFs—revealing what’s truly exploitable. “Vuln management burns analyst hours on triage; AI agents automate that,” Menlo’s Rama Sekhar nailed it. Their tech scans SBOMs for zero-day risks, crafts temp shields (e.g., runtime blocks), IDs owners via Git/AD, and risk-scores flaws—prioritizing a public DB zero-day over a firewalled toy. Early adopters like Fortune 500s rave: “Zafran’s bubble wrap—patches what matters without downtime.” ARR growth? 3x since Series B, customers cut MTTR from days to hours.

Agentic Exposure Management is the star: AI agents triage, assign, verify fixes (e.g., “patch OS, reboot server, test”). No more alert fatigue—Zafran claims 80% noise reduction. Integrates natively with SIEMs, scanners, clouds (AWS/Azure/GCP), even Kubernetes. Pricing? Usage-based, starting enterprise tiers at $50k/year. Backers see massive TAM: $50B vuln market, exploding with AI supply-chain attacks (Log4j 2.0 vibes). CEO praises: “We attack from hacker POV, proving controls work.” Roadmap? Global expansion, more agents for cloud-native threats.

Zafran Security raised $60M timing’s perfect—post-CrowdStrike outage, Log4Shell scars. Rivals like Wiz ($10B val) chase acquisitions; Zafran bets agentic AI for organic edge. Customers quote: “ROI on tools skyrockets; gaps exposed, decisions data-driven.” Challenges? Scale to SMBs, dodge hype. But with Sequoia’s stamp, they’re enterprise catnip amid 2025’s AI-threat surge (deepfakes, prompt jails).

This funding cements Zafran as vuln management’s next-gen guardrail—AI doesn’t replace sec ops, it supercharges ’em. Excited for real-world zero-day tests; if they deliver, breaches drop. Cyber pros, this one’s bookmark-worthy.