ARMO
Last updated: May 6, 2026
ARMO provides runtime threat detection and cloud application detection and response (CADR) for Kubernetes and containerized workloads, combining eBPF-based behavioral analysis, agentless posture scanning, and open-source distribution via the CNCF-incubating Kubescape project.
Visit WebsiteCompany Overview
ARMO addresses a fundamental gap in cloud-native security: the lack of runtime visibility and response for containerized and Kubernetes workloads. The company's core platform combines three technology vectors: (1) behavioral runtime threat detection using eBPF sensors to detect anomalous activity within running containers and Kubernetes pods without injecting agents; (2) agentless cloud posture and misconfiguration scanning across clusters, registries, and cloud infrastructure; and (3) runtime context for vulnerability prioritization, allowing security teams to determine which CVEs are actually reachable and exploitable within running applications rather than treating all disclosed vulnerabilities equally.
The company is best known for Kubescape, an open-source Kubernetes security scanning and compliance framework that has achieved significant adoption as a CNCF incubating project. The project boasts over 11,000 GitHub stars, 40,000 deployment sites, and 15 million scans per month globally, indicating broad developer community adoption and enterprise deployment traction. This open-source footprint serves as a strategic moat and customer acquisition channel for ARMO's commercial platform, which layers on runtime threat detection, agentless behavioral monitoring, and enterprise remediation workflows.
ARMO's technology roadmap emphasizes a fully explainable and traceable security architecture spanning the entire cloud technology stack—from registries and CI/CD pipelines through cluster configuration to runtime behavior. Key strategic positioning includes zero-day protection through behavioral anomaly detection, CVE-noise reduction via runtime reachability analysis claiming 90%+ reduction in CVE-related work, cloud attack surface reduction through agentless scanning, and on-premises deployment for sovereign or air-gapped environments with full data control. The company supports compliance frameworks including NIST, NSA-CISA, and MITRE ATT&CK.
The company achieved a $45 million Series C funding round in July 2025, bringing cumulative disclosed funding to approximately $185 million. It maintains dual headquarters in Tel Aviv, Israel (R&D center) and Houston, Texas (go-to-market and commercial operations). Customer roster includes major enterprises spanning telecom (Nokia, Ericsson, Verizon), infrastructure (Broadcom, Dell), software (Mimecast, GitPod), and financial services (GoodRx, Under Armour), along with government-adjacent and critical infrastructure organizations, suggesting credible enterprise and defense-relevant traction.
Dual-use relevance is substantial: cloud-native runtime security and container workload protection are directly applicable to both commercial DevSecOps and defense software factories, national mission systems hosted in cloud environments, and government agencies requiring continuous workload monitoring and anomaly detection. The technology is equally relevant to commercial SaaS infrastructure hardening and to defense mission systems undergoing cloud modernization.
Dual-Use Assessment
Cloud-native runtime security and container workload protection are inherently dual-use. Commercial DevSecOps teams use eBPF-based behavioral monitoring to detect zero-days and runtime anomalies in production applications; defense and government mission systems use identical technology to detect intrusions and malicious behavior in mission-critical containerized applications running in cloud environments. Runtime reachability analysis and vulnerability contextualization reduce alert fatigue for both commercial enterprises and defense organizations. Agentless scanning is particularly valuable for government and defense scenarios requiring data sovereignty and air-gap compatibility. The technology directly addresses Department of Defense cloud security requirements and aligns with NSA-CISA cloud security guidance.
Strategic Fit Assessment
Priority signal means this entry may be worth researching within the Claw & Talon thesis. It does not mean investable, suitable, endorsed, available, or likely to produce returns.
ARMO represents a credible growth-stage strategic-screening signal combining established open-source distribution (11K+ stars, 40K deployments, 15M scans/month), material enterprise traction across Fortune 500 and government-adjacent customers, substantial late-stage capital validation ($185M cumulative), and clear product-market fit in the high-growth cloud-native security market. The company has progressed from Series C to sustained commercial execution with evidence of enterprise adoption and customer expansion. Open-source moat and community-driven customer acquisition reduce traditional SaaS CAC friction. Technology leadership in behavioral runtime detection and vulnerability contextualization positions the company to defend against commoditization as CNAPP and runtime security markets consolidate. The startup exemplifies Israeli deep-tech innovation in cybersecurity with clear defense and national-security adjacency, making it strategically aligned for dual-use diligence thesis.
Strategic Value to U.S.-Israel Alliance
ARMO strengthens allied security posture by enabling continuous, explainable runtime protection of containerized mission systems and cloud-native infrastructure. As defense and government agencies accelerate cloud adoption and container deployment, runtime threat detection without agent injection becomes increasingly critical for maintaining operational security and compliance in shared cloud environments. The technology is directly applicable to defending distributed mission applications, improving incident response in zero-trust architectures, and reducing dwell time for sophisticated adversaries. Strong Israeli innovation heritage in cybersecurity, combined with demonstrated U.S. market traction and defense-relevant customer engagement, positions ARMO as a strategic asset for allied defense and intelligence technology modernization. Mature funding and commercial traction reduce execution risk for defense adoption and integration.
Key Technologies
- eBPF-based behavioral runtime threat detection
- Agentless cloud posture and misconfiguration scanning
- Runtime vulnerability reachability analysis and contextualization
- CNCF-incubating Kubescape security scanning framework
- Container registry scanning and image analysis
- Automated policy enforcement and remediation workflows
Use Cases & Applications
- Runtime anomaly detection and zero-day protection in containerized production environments
- CVE-noise reduction through runtime reachability analysis (claim: 90%+ reduction)
- Kubernetes cluster security posture management and compliance (NIST, NSA-CISA, MITRE ATT&CK)
- CI/CD security integration for container image and artifact scanning
- Multi-cloud and hybrid cloud workload visibility and threat hunting
- Air-gapped and on-premises deployment for sovereign/defense cloud missions
- Reducing exploitable attack surface across container registries and runtime
Sources and verification
This profile is based on public-source research, Claw & Talon curation, and editorial judgment. Inclusion does not imply endorsement, partnership, investment, or a recommendation to transact. Readers should still confirm current status, customers, funding, and product claims before relying on this profile.
Public sources
The links below are visible public references used for source discipline around company identity, status, funding, customer, acquisition, public-company, or other material claims where available.
- Official website Primary public reference for company identity, positioning, and current web presence.
- Profile update timestamp Last updated in the Claw & Talon database on May 6, 2026.
Investor Lens
What this entry is
Private startup
Why it may matter
ARMO may matter as a Cybersecurity entry with not currently an investable standalone company for Israeli technology research.
How an independent investor should read this
Not currently an investable standalone company. Read this profile as a starting point for independent verification, not as a recommendation or suitability assessment.
Evidence to verify
- Verify current status
- Verify traction
- Verify cap table/funding
- Verify technical claims
- Verify regulatory/export-control issues
- Verify customer concentration
Main investor questions
- Is the company currently active, independently financeable, and raising or not raising on terms you can verify?
- What customer, revenue, product, and technical evidence supports the company story?
- What valuation, cap table, rights, and follow-on assumptions would govern any private exposure?
- Does the dual-use claim map to actual commercial and government/defense/resilience buyer evidence?
- What evidence would change the thesis or show that the profile is stale?
What not to infer
- Inclusion does not imply endorsement.
- Inclusion does not imply allocation availability or current fundraising.
- Scores do not indicate investment suitability or expected returns.
- Strategic importance does not automatically imply venture return potential.
Diligence questions
- What evidence verifies ARMO's current customer traction, deployment status, and revenue concentration?
- Which technical claims are independently demonstrable today, and which remain roadmap or pilot-stage assertions?
- Where does the product create real defense, intelligence, critical-infrastructure, or emergency-response value beyond ordinary commercial adoption?
- How does the platform integrate into existing SOC, cloud, identity, or compliance workflows without adding operational burden?
- What would disconfirm the priority signal: weak customer references, thin technical differentiation, poor capital efficiency, or limited allied-market access?
Related sector
See the Cybersecurity sector page for market context, related subcategories, and other Israeli companies in this part of the database.
Related companies
Need a diligence readout?
Use the profile and related checklists as a starting point. If the decision needs more context, request a company screen, founder-call prep, diligence memo, or sector readout.