Onit Security
Last updated: Jul 14, 2026
Onit Security is a Tel Aviv-based cybersecurity startup building an agentic, 'decision-based' exposure management platform that uses AI agents to prioritize, assign ownership for, and automatically remediate software vulnerabilities across enterprise environments, founded by the serial team behind SCADAfence, Portnox, and For-Each.
Visit WebsiteCompany Overview
**Product and the concrete problem it solves.** Onit Security attacks one of enterprise security's oldest and least-glamorous failures: the vulnerability backlog. Modern security teams are buried under tens of thousands of "exposures" — unpatched software flaws, misconfigurations, and known CVEs — surfaced by scanners that rank them on generic severity scores (CVSS) rather than on what actually matters to a given organization. The result is a queue that never empties. Onit and its cited industry data frame the scale bluntly: mean time-to-remediation runs into the hundreds of days (the company cites an industry average it puts as high as ~243 days, and third-party context of ~32 days average with nearly half of vulnerabilities still unresolved a year later), while attackers need only one deprioritized flaw. Onit's origin story is precisely that failure mode: the company was conceived after Iranian state-sponsored hackers breached a firm previously run by co-founder Ofer Amitai by exploiting a *known* vulnerability that had been buried in the backlog behind thousands of higher-"severity" items. Onit's pitch, captured in CEO Elad Ben-Meir's line that "vulnerability management has been broken for 30 years," is to convert an unmanageable task queue into a small set of durable decisions that software agents then execute continuously. Its tagline — "Security by decision / Decide once. Resolve forever." — encodes the product philosophy.
**Core technology and how it actually works.** Onit describes itself as a **Decision-Based Exposure Management** platform, an agentic layer that automates the full lifecycle "from ingestion and prioritization to remediation execution." Mechanically, the platform runs several coordinated functions: (1) *decision surfacing* — collapsing thousands of individual exposures into the handful of underlying decisions that actually drive resolution; (2) *impact assessment* — ranking exploitability against the real environment and business context rather than raw CVSS, so a "medium" flaw on an internet-facing crown-jewel asset outranks a "critical" one on an isolated box; (3) *owner assignment* — polling fragmented systems of record (CMDB, ticketing, and communications/collaboration tools) to automatically resolve who actually owns a vulnerable asset, a step that traditionally consumes enormous manual coordination; and (4) *continuous resolution* — turning each human decision into a persistent rule that agents apply automatically to all similar future exposures, so the backlog shrinks over time instead of regenerating. The architecture is explicitly integration-first ("works with your existing stack," no rip-and-replace), sitting on top of an organization's existing scanners, asset inventories, and workflow tools rather than replacing them. The company reports current customers achieving mean-time-to-remediation reductions of "up to 87%," compressing month-long processes to minutes or hours — claims that are vendor-reported and not independently audited, and should be treated as directional.
**Market, customers, and go-to-market.** Onit sells into the fast-growing exposure management / Continuous Threat Exposure Management (CTEM) category, a space Gartner has helped popularize and that overlaps risk-based vulnerability management, attack-surface management, and security automation. Its go-to-market appears to be direct enterprise sales aimed at large, complex organizations where backlog pain and ownership fragmentation are most acute — it says it is already "working with Fortune 1000 customers." Notably, the company's website surfaces outcome statements attributed to security leaders at **Honeywell, Marvell, Dell Technologies, and SAP** — an unusually blue-chip reference set for a company only just out of stealth, and plausibly connected to the founders' prior relationships (Honeywell acquired the founders' previous company, SCADAfence). These should be read as reference/testimonial relationships rather than confirmed at-scale commercial contracts, but they are strong early social proof. The land-and-expand logic is favorable: an integration-first platform that plugs into existing security stacks lowers adoption friction, and a decisions-become-rules model creates compounding switching costs as an organization encodes more of its remediation policy into Onit.
**Traction, funding, and third-party validation.** Onit emerged from stealth in March 2026 with an **$11 million seed round announced March 24-25, 2026**, led by **Hetz Ventures and Brightmind Partners** with participation from prominent (unnamed) angel investors; Onit appears in Hetz Ventures' portfolio, corroborating the lead. Brightmind's Gur Talpaz publicly framed the thesis — enabling defenders to "respond at the speed of attackers, turning millions of unmanaged exposures into a problem that actually gets smaller over time." The most substantive third-party validation, however, is the founding team's track record rather than the round size: this is a group with three prior acquisitions to its name. The combination of a hot category, a proven team, name-brand early references, and tier-one Israeli/global seed investors is a credible early signal, though it remains a pre-Series-A company with no disclosed revenue, ARR, or headcount, and a product only recently in the market.
**Founders and team background.** Onit's differentiator is heavily a team story. **Elad Ben-Meir (CEO)** was previously CEO of **SCADAfence**, an OT/ICS critical-infrastructure cybersecurity company acquired by **Honeywell** in 2023. **Ofer Amitai (CPO)** founded **Portnox**, a network access control (NAC) company later sold to private equity, and it was a breach of a company he ran that seeded Onit's thesis. **Tom Winter (CTO)** is tied to **For-Each**, acquired by **Autodesk**. Collectively the founders are described as serial entrepreneurs with three exits across OT security, network access control, and developer tooling — a rare combination of enterprise-security domain depth, prior scaling experience, and a lived, first-person understanding of exactly the failure their product targets. That pedigree materially de-risks execution and go-to-market relative to a first-time team, and helps explain the blue-chip early reference logos.
**Competitive dynamics.** Exposure management is crowded and contested. (1) Onit competes against established **risk-based vulnerability management / CTEM** vendors such as **Tenable** (which acquired Ermetic), **Qualys**, and **Rapid7** — incumbents with large installed bases but heritage in scanning and scoring rather than autonomous remediation. (2) It competes with **exposure/attack-surface consolidators** like **XM Cyber** (Israeli, Schwarz-owned) and **Cymulate**, and with **Wiz**-style cloud-security platforms increasingly moving into prioritized remediation. (3) A wave of **agentic-AI security automation** startups (e.g., companies applying LLM agents to SOC and remediation workflows) is converging on the same "let agents do the toil" thesis, so Onit's agentic angle is differentiated today but unlikely to stay uniquely so. Onit's plausible edges are: (i) a genuinely different framing — *decisions* as the unit of work rather than tickets or alerts; (ii) automatic ownership resolution across fragmented CMDB/ticketing/comms systems, a painful and under-served step; (iii) an integration-first posture that eases displacement of nothing and augmentation of everything; and (iv) a founding team with credibility to win enterprise trust quickly. The countervailing risk is that incumbents with distribution can bolt on "agentic remediation" and compress Onit's window.
**Defense, security, and resilience dual-use relevance.** Onit's dual-use relevance should be stated with calibration: it is a commercial enterprise-cybersecurity company, not a defense contractor, but its mission sits squarely on the national-resilience axis. The catalytic event was a nation-state (Iranian) attack exploiting an unremediated known vulnerability — the exact attack pattern that repeatedly compromises critical infrastructure, government, and defense-industrial-base networks. Reducing mean time-to-remediation and automatically closing exploited-vulnerability windows is directly relevant to hardening the operators of energy, water, manufacturing, and defense-adjacent enterprises against exactly the adversaries Israel and its allies face. The founders' OT/ICS heritage (SCADAfence, acquired by Honeywell) reinforces the critical-infrastructure adjacency, and NAC/exposure heritage (Portnox) reinforces the enterprise-hardening angle. The honest calibration: this is resilience-enabling commercial cybersecurity with clear relevance to critical-infrastructure and government defense, not a fielded military capability or a disclosed defense contract; its dual-use weight scales with any future adoption by infrastructure operators, government, and defense-industrial customers rather than resting on a fielded system today.
**Growth stage, trajectory, and key diligence risks.** Onit reads as an **early-stage** company: founded 2025, out of stealth March 2026, one $11M seed round, a product in initial enterprise deployment, and no disclosed revenue or headcount. Its trajectory is unusually strong for its age because of the founders and early references, but the diligence risks are real. (1) **Execution/category risk** — exposure management and agentic security automation are crowded and fast-moving; incumbents with distribution can converge on the same thesis. (2) **Unverified performance and traction** — the "up to 87% MTTR reduction" and Fortune 1000 / named-logo statements are vendor-reported testimonials, not audited metrics or confirmed at-scale contracts. (3) **Autonomy trust and safety** — auto-executing remediation in production enterprise environments demands very high reliability; a bad automated change can cause outages, and enterprise buyers will gate autonomous action carefully. (4) **Financial opacity** — revenue, burn, ARR, headcount, and cap-table detail beyond the seed are undisclosed. (5) **Founder concentration** — the thesis leans heavily on three principals. Progression toward mid-stage would be evidenced by a priced Series A, disclosed paying-customer counts and retention, independently referenceable deployments, and evidence that autonomous remediation is trusted in production at scale.
Dual-Use Assessment
Onit's dual-use relevance is credible but should be read as resilience-enabling commercial cybersecurity rather than a fielded defense capability. (1) The company's founding catalyst was a nation-state (Iranian state-sponsored) attack that exploited an unremediated known vulnerability — the precise pattern that repeatedly compromises critical infrastructure, government, and defense-industrial-base networks. (2) Automating prioritization, ownership resolution, and remediation of exploited-vulnerability windows directly hardens the enterprises and infrastructure operators that adversaries target, shrinking the exact attack surface used against strategic assets. (3) The founding team's heritage in OT/ICS critical-infrastructure security (SCADAfence, acquired by Honeywell) and network access control (Portnox) reinforces relevance to critical-infrastructure and enterprise hardening. (4) Calibration: this is a commercial enterprise-security product with strong national-resilience adjacency, not a defense contractor with disclosed military contracts or a fielded system; dual-use weight scales with adoption by infrastructure operators, government, and defense-industrial customers, which is plausible but not yet publicly documented at scale.
Strategic Fit Assessment
Priority signal means this entry may be worth researching within the Claw & Talon thesis. It does not mean investable, suitable, endorsed, available, or likely to produce returns.
Onit is an early-stage Israeli cybersecurity play whose appeal rests on an exceptional founding team and a hot category, tempered by very early stage and crowded competition. (1) Proven serial team: founders Elad Ben-Meir (ex-CEO, SCADAfence — acquired by Honeywell), Ofer Amitai (founder, Portnox — sold to PE), and Tom Winter (For-Each — acquired by Autodesk) bring three prior exits, deep enterprise-security domain depth, and a first-person understanding of the exact failure the product targets, materially de-risking execution and enterprise go-to-market. (2) Real, painful problem: vulnerability/exposure backlogs and slow mean-time-to-remediation are a durable, universal enterprise pain in a growing CTEM market. (3) Differentiated framing: 'decision-based' exposure management plus automatic ownership resolution across fragmented systems attacks an under-served step, and an integration-first posture lowers adoption friction. (4) Strong early proof: an $11M seed led by Hetz Ventures and Brightmind Partners, and outcome statements attributed to security leaders at Honeywell, Marvell, Dell Technologies, and SAP. Counterweights that should dominate assessment: (a) crowded, fast-moving competition from Tenable/Qualys/Rapid7, XM Cyber/Cymulate, Wiz, and a wave of agentic-security startups; (b) performance and traction claims (up to 87% MTTR reduction, named logos) are vendor-reported testimonials, not audited metrics or confirmed at-scale contracts; (c) autonomous remediation in production demands very high reliability and enterprise trust; and (d) revenue, ARR, headcount, and post-seed detail are undisclosed. This is a priority-signal assessment of strategic and technical fit, not an investment recommendation.
Strategic Value to U.S.-Israel Alliance
Onit's strategic value sits in the enterprise- and infrastructure-hardening layer rather than in a fielded defense product. (1) Resilience-enabling capability: automating the closure of exploited-vulnerability windows directly reduces the attack surface that nation-state adversaries use against critical infrastructure, government, and defense-industrial-base enterprises. (2) Founder heritage in OT/ICS security (SCADAfence/Honeywell) and access control (Portnox) makes critical-infrastructure and enterprise hardening a natural expansion path. (3) Category leverage: exposure management is horizontal, so a successful platform can serve energy, water, manufacturing, defense-adjacent, and government buyers simultaneously. (4) Sovereign/allied relevance: an indigenous Israeli cybersecurity platform contributing to defensive resilience against the same adversaries (e.g., Iranian state-sponsored actors) that catalyzed its founding. Realized strategic weight depends on Onit converting early enterprise references into infrastructure/government/defense-industrial adoption at scale; absent that, its strategic value is strong commercially but remains a national-resilience adjacency rather than a fielded capability.
Key Technologies
- Decision-based exposure management: collapsing thousands of individual exposures into a small set of durable, reusable remediation decisions
- AI/agentic automation of the full exposure lifecycle — ingestion, prioritization, ownership assignment, and remediation execution
- Context-aware exploitability scoring that ranks risk by real environment and business context rather than generic CVSS severity
- Automatic asset-ownership resolution by polling fragmented systems of record (CMDB, ticketing, and communications/collaboration tools)
- Persistent decision-to-rule engine that auto-applies human decisions to all similar future exposures for continuous backlog reduction
- Integration-first architecture that augments an organization's existing security stack with no rip-and-replace
- Autonomous remediation execution that bypasses manual inter-team coordination
Use Cases & Applications
- Reducing enterprise vulnerability/exposure backlogs that scanners generate faster than teams can remediate
- Cutting mean time-to-remediation for known, exploitable CVEs before attackers can weaponize them
- Automatically identifying and routing vulnerabilities to the correct asset owner across fragmented CMDB/ticketing systems
- Prioritizing exposures by real business/environment context instead of generic severity scores
- Continuous, policy-driven remediation in large Fortune 1000-scale enterprise environments
- Hardening critical-infrastructure and defense-adjacent operators against nation-state exploitation of unpatched flaws
- Encoding an organization's remediation policy as reusable decisions to prevent backlog regeneration
- Augmenting existing vulnerability scanners and CTEM tooling with autonomous execution
Sources and verification
This profile is based on public-source research, Claw & Talon curation, and editorial judgment. Inclusion does not imply endorsement, partnership, investment, or a recommendation to transact. Readers should still confirm current status, customers, funding, and product claims before relying on this profile. The editorial policy explains how profiles are researched, where automated drafting is used, and how corrections work.
This record lists 7 public references used for company identity, status, positioning, or material-claim review.
Public sources
The links below are visible public references used for source discipline around company identity, status, funding, customer, acquisition, public-company, or other material claims where available.
- Cyber startup Onit raises $11 million Seed round to tackle vulnerability management (Calcalist CTech, Mar 2026) Israeli tech-media confirmation of Onit Security's $11M seed round, founders Elad Ben-Meir/Ofer Amitai/Tom Winter and their prior acquisitions (SCADAfence, Portnox, For-Each), 2025 founding, the agentic exposure-management product, the Iranian-cyberattack origin, and Fortune 1000 customers.
- Onit Security Raises $11M Seed to Reshape Exposure Management After Bottlenecks Exploited by Iranian State-Sponsored Cyberattack (PR Newswire, Mar 2026) Official press release verifying the $11M seed led by Hetz Ventures and Brightmind Partners, the decision-based/agentic exposure-management platform, the founding team and roles (Ben-Meir CEO, Amitai CPO, Winter CTO), and the Iranian state-sponsored attack that catalyzed the company.
- Onit Security raises $11M to fix vulnerability backlogs after Iranian cyberattack (Tech Startups, 25 Mar 2026) Independent trade coverage detailing how the AI agents prioritize by business context, resolve ownership across fragmented systems, and execute remediation, plus the up-to-87% mean-time-to-remediation reduction, Fortune 1000 customers, and industry backlog statistics.
- Onit Security — Hetz Ventures Portfolio Page Lead investor's portfolio page corroborating Hetz Ventures' investment, the company's official website (onit.security), the founding team and their three prior acquisitions, 2025 founding, $11M seed, and Fortune 1000 deployment with up-to-87% remediation-time reduction.
- Onit Security — Official Website (Agentic Exposure Management) Company site confirming the 'Security by decision / Decide once. Resolve forever.' positioning, the decision-surfacing/impact-assessment/owner-assignment/continuous-resolution capabilities, integration-first ('works with your existing stack') approach, and outcome statements attributed to security leaders at Honeywell, Marvell, Dell Technologies, and SAP.
- Israeli entrepreneurs raise $11 million to fight vulnerabilities exploited by Iranian hackers (Jerusalem Post, Mar 2026) Israeli media corroboration of the $11M raise, the founders (Ofer Amitai, Elad Ben Meir, Tom Winter), and the mission of addressing vulnerabilities exploited by Iranian-sponsored hackers.
- Onit Security Raises $11 Million for Exposure Management Platform (SecurityWeek, Mar 2026) Security-industry trade press corroborating the $11M seed, the exposure-management platform and AI-agent prioritization approach, the founding team's SCADAfence/Portnox/For-Each track record, and the Iranian-attack origin.
- Profile update timestamp Last updated in the Claw & Talon database on Jul 14, 2026.
Investor Lens
What this entry is
Private startup
Why it may matter
Onit Security may matter as a Cybersecurity entry with not currently an investable standalone company for Israeli technology research.
How an independent investor should read this
Not currently an investable standalone company. Read this profile as a starting point for independent verification, not as a recommendation or suitability assessment.
Evidence to verify
- Verify current status
- Verify traction
- Verify cap table/funding
- Verify technical claims
- Verify regulatory/export-control issues
- Verify customer concentration
Main investor questions
- Is the company currently active, independently financeable, and raising or not raising on terms you can verify?
- What customer, revenue, product, and technical evidence supports the company story?
- What valuation, cap table, rights, and follow-on assumptions would govern any private exposure?
- Does the dual-use claim map to actual commercial and government/defense/resilience buyer evidence?
- What evidence would change the thesis or show that the profile is stale?
What not to infer
- Inclusion does not imply endorsement.
- Inclusion does not imply allocation availability or current fundraising.
- Scores do not indicate investment suitability or expected returns.
- Strategic importance does not automatically imply venture return potential.
Diligence questions
- What evidence verifies Onit Security's current customer traction, deployment status, and revenue concentration?
- Which technical claims are independently demonstrable today, and which remain roadmap or pilot-stage assertions?
- Where does the product create real defense, intelligence, critical-infrastructure, or emergency-response value beyond ordinary commercial adoption?
- How does the platform integrate into existing SOC, cloud, identity, or compliance workflows without adding operational burden?
- What would disconfirm the priority signal: weak customer references, thin technical differentiation, poor capital efficiency, or limited allied-market access?
Related sector
See the Cybersecurity sector page for market context, related subcategories, and other Israeli companies in this part of the database.
Related companies
Need a diligence readout?
Use the profile and related checklists as a starting point. If the decision needs more context, request a company screen, founder-call prep, diligence memo, or sector readout.