A Security
Last updated: Jul 14, 2026
A Security is an Israeli-founded cybersecurity company that deploys autonomous offensive and defensive AI agents to continuously discover, chain, and validate real-world attack paths across an enterprise — then drive remediation at the source — with the explicit mission of out-pacing 'weaponized AI' attackers before they can exploit those paths.
Visit WebsiteCompany Overview
**Product and the concrete problem it solves.** A Security emerged from stealth on 8 June 2026 with a single, sharply framed thesis: the attacker's economics have inverted. Where breaching a large enterprise once required scarce, expensive human red-team talent working in periodic engagements, AI-enabled adversaries can now search for weaknesses, chain them together, and automate large parts of an intrusion far faster and cheaper than any human team. A Security's answer is an autonomous platform that runs the full offensive lifecycle continuously — it maps an environment, finds vulnerabilities, and, crucially, chains them into the actual multi-step exploit paths an attacker would traverse, then validates that those paths are truly exploitable and helps eliminate them. The concrete problem it attacks is the gap between "you have 40,000 vulnerabilities" (the output of most scanners and posture tools) and "here are the three chained paths that actually lead an intruder to your crown-jewel data, proven exploitable, and here is how to cut them." CEO Yossi Torati's framing is blunt: the company claims to be "the only platform built to beat weaponized AI at its own game."
**Core technology and how it actually works.** The platform is built around paired **offensive and defensive AI agents**. Offensive agents operate with contextual awareness of the environment, continuously stress-testing domains and services under **scoped execution with full audit trails** — a design choice meant to make autonomous adversarial testing safe enough to run against production rather than only in isolated labs. Rather than stopping at isolated vulnerability identification, the offensive agents discover cross-domain exploit paths and prove exploitability, distinguishing a theoretical CVE from a live, reachable attack chain. Defensive agents then close the loop: once a path is validated, the system initiates remediation at the source and adjusts compensating controls so the same chain cannot be re-walked. The intended effect is a continuous, self-driving "purple team" — red and blue working in one loop — that compresses the discover-validate-fix cycle from quarterly engagements into an always-on process. The technical bet is that agentic automation is the only way to keep pace with attackers who are themselves becoming agentic; the calibration risk is that autonomous offensive tooling must be extraordinarily well-bounded to avoid causing the very disruption it is meant to prevent.
**Market, customers, and go-to-market.** A Security targets **large organizations in finance, healthcare, critical infrastructure, and technology** — precisely the sectors where a validated breach path carries regulatory, safety, and national-security consequences. Its go-to-market leans on design partners and named references that lend early credibility beyond a press release: PTC's CISO Matt Hart and Beazley Security's Chief Product and Technology Officer Francisco Donoso are cited as endorsing voices, and the company has described a case in which an organization warned by the FBI about a Russian cyber campaign used A Security to identify the relevant attack path and help prevent exploitation. The product sits in the fast-consolidating "autonomous security validation / exposure management" category, where buyers are shifting budget from periodic manual penetration tests and static vulnerability scores toward continuous, exploitability-driven validation. The natural GTM motion is land-and-expand into CISO organizations that already run vulnerability-management and breach-and-attack-simulation programs and are frustrated by alert volume decoupled from real risk.
**Traction, funding, and third-party validation.** A Security is unusually well-capitalized for a company just out of stealth: it has raised a total of **$37 million across two rounds** — a **$5M seed led by Cyberstarts** followed by a **$32M Series A co-led by Cyberstarts and Lightspeed Venture Partners** — with a striking angel roster that reads as a founder-to-founder vote of confidence from the top of the Israeli cyber ecosystem: **Assaf Rappaport (CEO of Wiz), Yotam Segev (CEO of Cyera), and Merav Bahat (founder of Dazz)**, alongside Cerca Partners. Cyberstarts and Lightspeed are among the most successful backers of the last decade of Israeli security exits, and their conviction — together with named enterprise design partners in PTC and Beazley Security — constitutes the strongest available third-party validation for a company that has not yet published customer counts, revenue, or independent benchmark results. The absence of disclosed hard metrics (headcount, ARR, number of paying customers) is the appropriate calibration point: the signals here are pedigree and backing, not yet proven scale.
**Founders and team background.** The founding team is the core of the diligence case. **Yossi Torati (CEO)** brings roughly two decades in enterprise cybersecurity, including about seven years in the Israeli Navy in computing and cyber roles and, most recently, service as Director of Enterprise Security at incident-response leader **Sygnia** — giving him a defender's-eye view of how real breaches unfold. Co-founders **Omer Gull (CPO)** and **Yuval Itzchakov (CTO)** are veterans of **IDF Unit 8200** and held senior roles at **Check Point Software** and the security-analytics company **Hunters** — a background that pairs elite offensive-signals heritage with commercial detection-and-response product experience. This blend — an operator-defender CEO plus two offense-steeped product/engineering leaders — is well matched to a product that must credibly automate both attack and defense. The principal team gap visible from public sources is go-to-market scale: enterprise security-validation sales are long and reference-driven, and the company's revenue leadership and customer-success bench are not yet documented.
**Competitive dynamics.** A Security enters one of the most crowded and best-funded corners of security. It competes with (1) **Pentera** (Israeli automated security validation / autonomous penetration testing, publicly the category leader); (2) **XM Cyber** (Israeli attack-path management and exposure analytics); (3) **Cymulate** (Israeli breach-and-attack-simulation and exposure validation); (4) **Horizon3.ai** (US, NodeZero autonomous pentesting); (5) a wave of AI-native pentest-agent entrants such as **XBOW, Terra Security, and Xint**; and (6) the incumbent alternative of **human red teams and consultancies** (Mandiant, Sygnia, and boutique offensive shops). A Security's claimed edge is threefold: (i) a **single autonomous loop that both attacks and remediates** rather than only reporting findings; (ii) an explicit design against **AI-enabled attackers**, betting the category is being redefined by agentic offense; and (iii) **safe scoped execution with audit trails** aimed at winning the trust needed to run continuously in production. Whether these amount to a durable moat versus a well-funded incumbent like Pentera — which already has customers, benchmarks, and channel — is the central competitive question, and it is unresolved.
**Defense, security, and resilience dual-use relevance.** The dual-use relevance is real but should be framed as adjacency plus capability, not as a fielded military system. Two threads make it credible. First, **critical-infrastructure protection**: A Security explicitly targets energy, utilities, healthcare, and other operators whose compromise is a national-resilience event, and its FBI/Russian-campaign case study places it squarely in the threat-informed-defense space that governments care about. Second, **the offensive-security capability itself is inherently dual-use**: autonomous, agentic red-teaming that discovers and chains exploit paths is exactly the kind of capability that national cyber commands, defense primes, and allied CERTs use for both hardening and operations. The founders' IDF Unit 8200 and Israeli-Navy provenance reinforces the pipeline between commercial and national-security cyber. The honest calibration: this is a commercial enterprise product sold to CISOs, and any defense or government use is a plausible extension rather than a disclosed, contracted reality as of mid-2026.
**Growth stage, trajectory, and key diligence risks.** A Security is best read as an **early-stage, top-tier-backed cyber venture with an unusually strong pedigree and an unusually unproven track record** — a classic Israeli-security "pedigree seed/Series A" profile. The bull case: an offense-native founding team, marquee investors (Cyberstarts, Lightspeed) and angels (Wiz, Cyera, Dazz founders), a genuinely timely thesis (agentic defense against agentic offense), and named enterprise design partners. The bear case should dominate diligence: (1) **crowded, well-funded market** where Pentera, XM Cyber, Cymulate, and Horizon3.ai already hold ground; (2) **no disclosed hard metrics** — customers, revenue, retention, or independent efficacy benchmarks — so the product's real-world exploit-validation quality is unverified; (3) **autonomous-offense safety risk** — a platform that actively exploits production systems carries operational and liability exposure that must be flawlessly bounded; (4) **thesis risk** — "weaponized AI" is a compelling narrative but partly aspirational, and buyers may not yet budget for it as a distinct category; and (5) **execution/GTM risk** — converting elite technical founders into an enterprise sales machine is non-trivial. Progression to a "mid" stage would require disclosed paying customers, independent validation of exploit-path accuracy, and evidence of net-new displacement of incumbent validation tools.
Dual-Use Assessment
A Security's dual-use relevance is credible as adjacency-plus-capability rather than as a fielded military system, and should be read with calibration. (1) Critical-infrastructure protection: the company explicitly targets energy, utilities, healthcare, finance, and technology operators whose compromise constitutes a national-resilience event, and it cites a case in which an organization warned by the FBI about a Russian cyber campaign used the platform to identify and help close the relevant attack path — placing it in the threat-informed-defense space governments prioritize. (2) The offensive-security capability is inherently dual-use: autonomous, agentic red-teaming that discovers and chains real exploit paths is precisely the kind of capability national cyber commands, defense primes, and allied CERTs use for both hardening and operations, and the founders' IDF Unit 8200 and Israeli-Navy provenance reinforces the commercial-to-national-security pipeline. (3) The 'weaponized AI' framing addresses the strategic reality that AI-enabled attackers can automate intrusion at machine speed — a resilience concern for both enterprises and states. Calibration: this is a commercial enterprise product sold to CISOs; any defense, intelligence, or government use is a plausible extension, not a disclosed, contracted reality as of mid-2026.
Strategic Fit Assessment
Priority signal means this entry may be worth researching within the Claw & Talon thesis. It does not mean investable, suitable, endorsed, available, or likely to produce returns.
A Security is a high-pedigree, high-risk early-stage cybersecurity opportunity whose appeal rests on team and backing more than on proven traction, and it should be assessed as such. (1) Team: an operator-defender CEO (Yossi Torati; ~20 years in cyber, Israeli Navy, Director of Enterprise Security at Sygnia) paired with two IDF Unit 8200 / Check Point / Hunters co-founders (Omer Gull, CPO; Yuval Itzchakov, CTO) is well matched to a product that must credibly automate both attack and defense. (2) Backing: $37M across a $5M Cyberstarts seed and a $32M Series A co-led by Cyberstarts and Lightspeed, with angels Assaf Rappaport (Wiz CEO), Yotam Segev (Cyera CEO), and Merav Bahat (Dazz founder), is an exceptional founder-to-founder validation signal from the top of the Israeli security ecosystem. (3) Thesis: continuous, exploitability-driven, agentic validation is a genuinely timely response to AI-enabled attackers, and named design partners (PTC, Beazley Security) plus an FBI/Russian-campaign case give early real-world grounding. Counterweights that should dominate diligence: (a) a crowded, well-funded market with entrenched leaders (Pentera, XM Cyber, Cymulate, Horizon3.ai); (b) no disclosed customers, revenue, retention, or independent efficacy benchmarks; (c) operational and liability risk inherent to autonomously exploiting production systems; and (d) unproven enterprise GTM. This is a priority-signal assessment of strategic and technical fit, not an investment recommendation.
Strategic Value to U.S.-Israel Alliance
A Security's strategic value concentrates in the cyber-resilience layer that underpins both commercial and national-security systems. (1) Exposure to a bottleneck problem: proving which attack paths are actually exploitable — not merely counting vulnerabilities — is a high-leverage capability that spans every regulated enterprise and critical-infrastructure operator, making it broadly embeddable rather than niche. (2) Dual-use adjacency: autonomous agentic red-teaming is inherently relevant to national cyber commands, defense primes, and allied CERTs, and the founders' Unit 8200 / Israeli-Navy heritage reinforces the pipeline between commercial product and national-security use. (3) Timing: the shift from human-led to AI-led offense is a structural change in the threat landscape; a platform architected from the outset against machine-speed attackers is aligned with where both enterprise and state defenders must go. (4) Ecosystem gravity: backing from Cyberstarts and Lightspeed and angel conviction from the Wiz, Cyera, and Dazz founders positions the company inside the strongest Israeli-security networks for talent, customers, and eventual M&A. The ultimate strategic weight depends on converting pedigree into fielded, benchmarked results — disclosed customers, validated exploit-path accuracy, and displacement of incumbent validation tools; absent that, the value remains promising but latent.
Key Technologies
- Autonomous offensive AI agents that continuously discover vulnerabilities and chain them into real-world, multi-step exploit paths
- Cross-domain attack-path validation that proves exploitability rather than only assigning risk scores
- Defensive AI agents that drive remediation at the source and adjust compensating security controls
- Scoped execution with full audit trails, engineered to run autonomous adversarial testing safely against production environments
- Continuous, contextually aware exposure assessment that replaces periodic manual penetration tests and breach-and-attack simulations
- Agentic 'purple team' automation (unified red/blue loop) explicitly designed to counter AI-enabled, machine-speed attackers
Use Cases & Applications
- Continuous autonomous penetration testing and red-teaming of large enterprise environments
- Validating which vulnerabilities are truly exploitable to prioritize the handful of attack paths that actually reach critical assets
- Pre-empting AI-enabled ('weaponized AI') attackers by discovering and cutting exploit chains before adversaries can walk them
- Protecting critical-infrastructure operators (energy, utilities, healthcare) against nation-state and ransomware campaigns
- Automated remediation orchestration and compensating-control tuning at the source of a validated path
- Security-control validation — testing whether existing defenses actually stop chained, multi-step intrusions
- Threat-informed defense against named nation-state campaigns (e.g., an FBI-warned Russian campaign case)
- Audit-trailed, scoped offensive testing to satisfy governance and compliance requirements for adversarial simulation
Sources and verification
This profile is based on public-source research, Claw & Talon curation, and editorial judgment. Inclusion does not imply endorsement, partnership, investment, or a recommendation to transact. Readers should still confirm current status, customers, funding, and product claims before relying on this profile. The editorial policy explains how profiles are researched, where automated drafting is used, and how corrections work.
This record lists 6 public references used for company identity, status, positioning, or material-claim review.
Public sources
The links below are visible public references used for source discipline around company identity, status, funding, customer, acquisition, public-company, or other material claims where available.
- A Security Emerges from Stealth with $37M in Funding to Outpace Weaponized AI (GlobeNewswire, 8 Jun 2026) Official announcement verifying the company name (A Security Inc.), the $37M raise, investors (Lightspeed, Cyberstarts, angels Assaf Rappaport and Yotam Segev, Cerca Partners), the offensive/defensive AI-agent product that identifies and validates cross-domain attack paths, target sectors (finance, healthcare, critical infrastructure, technology), and named references PTC (CISO Matt Hart) and Beazley Security.
- A Security raises $37 million backed by Wiz CEO Assaf Rappaport and Cyera CEO Yotam Segev (Calcalist/CTech, Jun 2026) Verifies the round structure ($5M seed led by Cyberstarts + $32M Series A co-led by Cyberstarts and Lightspeed), angels including Merav Bahat (Dazz founder), founders' backgrounds (Torati's Israeli Navy and Sygnia roles; Gull and Itzchakov from Unit 8200, Check Point, Hunters), the 2025 founding, Israeli framing, and the FBI-warned Russian-campaign customer case.
- A Security Raises $37 Million for Autonomous Offensive Security Platform (SecurityWeek, Jun 2026) Independent security-trade coverage verifying the autonomous offensive-security platform mechanics (continuous discovery, exploit-path mapping, scoped execution with audit trails, source remediation), Lightspeed as lead, leadership titles (Torati CEO, Gull CPO, Itzchakov CTO), and the founder quote that the platform is built to beat weaponized AI at its own game.
- Israeli-founded cyber firm A Security emerges from stealth with $37m. to fight weaponized AI (The Jerusalem Post, Jun 2026) Reputable-media confirmation that A Security is Israeli-founded, emerged from stealth with $37M, and is positioned to counter AI-driven ('weaponized AI') cyber threats via autonomous offensive and defensive AI agents.
- A Security raises $37M to hunt attack paths before AI-enabled hackers can exploit them (Ynetnews, Jun 2026) Corroborates the core value proposition — continuously finding and chaining vulnerabilities to validate and eliminate real attack paths before AI-enabled attackers can exploit them — and the stealth emergence with $37M.
- A Security — Official Website Company site establishing the canonical brand and domain (a.security) and the autonomous offensive/defensive AI-agent positioning against weaponized AI.
- Profile update timestamp Last updated in the Claw & Talon database on Jul 14, 2026.
Investor Lens
What this entry is
Private startup
Why it may matter
A Security may matter as a Cybersecurity entry with not currently an investable standalone company for Israeli technology research.
How an independent investor should read this
Not currently an investable standalone company. Read this profile as a starting point for independent verification, not as a recommendation or suitability assessment.
Evidence to verify
- Verify current status
- Verify traction
- Verify cap table/funding
- Verify technical claims
- Verify regulatory/export-control issues
- Verify customer concentration
Main investor questions
- Is the company currently active, independently financeable, and raising or not raising on terms you can verify?
- What customer, revenue, product, and technical evidence supports the company story?
- What valuation, cap table, rights, and follow-on assumptions would govern any private exposure?
- Does the dual-use claim map to actual commercial and government/defense/resilience buyer evidence?
- What evidence would change the thesis or show that the profile is stale?
What not to infer
- Inclusion does not imply endorsement.
- Inclusion does not imply allocation availability or current fundraising.
- Scores do not indicate investment suitability or expected returns.
- Strategic importance does not automatically imply venture return potential.
Diligence questions
- What evidence verifies A Security's current customer traction, deployment status, and revenue concentration?
- Which technical claims are independently demonstrable today, and which remain roadmap or pilot-stage assertions?
- Where does the product create real defense, intelligence, critical-infrastructure, or emergency-response value beyond ordinary commercial adoption?
- How does the platform integrate into existing SOC, cloud, identity, or compliance workflows without adding operational burden?
- What would disconfirm the priority signal: weak customer references, thin technical differentiation, poor capital efficiency, or limited allied-market access?
Related sector
See the Cybersecurity sector page for market context, related subcategories, and other Israeli companies in this part of the database.
Related companies
Need a diligence readout?
Use the profile and related checklists as a starting point. If the decision needs more context, request a company screen, founder-call prep, diligence memo, or sector readout.