Lightspeed Funds Will Support Defenses Against Continuous, Machine-Led Exploitation
A startup founded by an ex-Sygnia leader raised $37 million to prepare for a future in which attacks are conducted by machines rather than people.
See Also: AI Impersonation Is the New Arms Race-Is Your Workforce Ready?
The funding from Lightspeed Ventures Partners and Cyberstarts will help New York-based A Security take on machine-driven adversaries capable of operating continuously and evaluating massive amounts of information simultaneously, said co-founder and CEO Yossi Torati. Future attackers will be able to automate discovery, exploitation and attack-path analysis at a scale that humans can’t match.
“We are now at an accelerating phase of frontier models becoming better in cybersecurity,” Torati told ISMG. “We believe that this is the time to help organizations protect themselves against the usage of frontier models at the hands of threat actors.”
A Security, founded in January 2025, emerged from stealth this week and has been led since its inception by Torati, who spent nearly seven years as an officer in the Israeli Navy and nearly six years at Israeli cyber consulting firm Sygnia, culminating in a role leading enterprise security (see: Anthropic Unveils Claude Fable 5, Keeps Mythos Restricted).
Identifying Attack Paths That Lead to Business Impact
AI-assisted coding tools allow development teams to release software faster than ever before, but Torati said security teams often can’t review or secure the resulting code at the same pace. Organizations are rapidly deploying artificial intelligence agents and AI-powered applications because of business pressure to innovate, meaning teams must secure technologies that are fundamentally different from traditional software.
“We’re focusing on the vectors of web, AI application and APIs, and networks as we build the capabilities toward addressing both the ability to provide the autonomous remediation we provide today and helping organizations close the loop with our solution,” Torati said. “But the goal in our road map is to build the autonomous remediation company.”
AI interfaces are heavily dependent on natural language, meaning that rather than exploiting a technical flaw in code, attackers can manipulate an AI system’s reasoning process via prompts and interactions. Just as attackers manipulate people into taking actions they shouldn’t take, attackers can manipulate AI agents into violating policies, exposing information or performing unauthorized actions, Torati said.
“There is more manipulation of an agent, similar to how we did social engineering to humans,” Torati said. “This is social engineering to agentic capabilities. Organizations are under huge pressure by the business to deliver these capabilities and to adapt to the new expectations of the market, but security teams now need to secure that new interface.”
A Security’s technology evaluates the relationships between environments and identifies realistic attack paths that could lead to business impact, analyzing traditional vulnerabilities, zero-day vulnerabilities and misconfigurations. According to Torati, organizations need a unified view of these risks because attackers increasingly operate across multiple attack surfaces rather than targeting systems in isolation.
“A solution that helps organizations protect themselves against weaponized AI needs to see all vectors and chain vulnerabilities between weaknesses and between vectors,” Torati said. “It should not be an isolated product, and it should not be evaluated differently. We need to have one place when we see all vectors.”
Weaponized AI Will Make Autonomous Remediation a Must
AI systems can evaluate context, understand relationships between systems and discover more complex attack paths that resemble the work of experienced human red teamers, Torati said. Agents can retain and analyze far more context than humans, making them particularly effective at identifying business logic flaws and sophisticated attack chains that may otherwise remain hidden, according to Torati.
“The ability to look at the chaining of documented vulnerabilities, undocumented vulnerabilities and also misconfigurations – and the chaining between all those vectors – provides the outcome, which is finding real attack paths that have business impact,” Torati said. “This is what we provide.”
Torati expects the industry to move toward systems that can automatically make configuration changes, apply compensating controls and reduce risk without waiting for manual approval, he said. Firms may initially be hesitant to grant this level of autonomy to security systems, but businesses will eventually face a choice between allowing AI-driven attacks to succeed or permitting automated defensive actions.
“Once weaponized AI will be prevalent and will be out there in a way that you cannot avoid it, you won’t be able to respond by just patching,” Torati said. “You cannot outpace weaponized AI by patching. If you have a zero-day or vulnerability that you didn’t patch yet, you need to find other compensating controls to prevent malicious agents from exploiting those.”
Future attackers will operate too quickly for patch management alone to provide sufficient protection, Torati said. Rather than assuming every issue can be fixed before it is exploited, Torati believes security teams must develop the ability to rapidly apply compensating controls and defensive measures that reduce risk while remediation efforts are underway.
“This funding has one purpose in life: to help those CISOs that now facing a generational risk to be able to solve that,” Torati said. “The only purpose for this funding to help organizations fight the risk of weaponized AI.”
Click Here For The Original Source.
