QIZ Security
Last updated: Jul 13, 2026
QIZ Security is an Israeli-founded cybersecurity company building a cryptographic posture management platform that discovers, prioritizes, and remediates an enterprise's cryptography so organizations can migrate to quantum-safe encryption ahead of NIST and government post-quantum deadlines.
Visit WebsiteCompany Overview
**Product and problem.** QIZ Security addresses one of the most widely deployed yet least managed security controls in the modern enterprise: cryptography itself. The company's own framing is that "cryptography is everywhere, but in most organizations it is not centrally governed," and that most security teams cannot answer basic questions about where encryption lives, which algorithms protect which systems, whether certificates and cipher suites are current, or how exposed they are to future decryption. QIZ's platform — marketed under the tagline "From Cryptography Chaos to Quantum Resilience" — is a cryptographic posture management (CPM) system that continuously inventories cryptographic assets across cloud, on-premises, hybrid, and data-in-motion/at-rest environments, then correlates raw findings with business context so teams can distinguish a handful of critical exposures from thousands of low-priority ones. The concrete problem it solves is the looming, forced migration from today's public-key cryptography (RSA, ECC) to the post-quantum algorithms standardized by NIST, a transition that is impossible to execute safely without first knowing what cryptography an organization actually runs.
**Core technology and how it works.** QIZ organizes its product around four functions — Discover, Prioritize, Remediate, and Govern. Discovery maps cryptographic assets against policy to surface weak, obsolete, or non-compliant usage (deprecated protocols, inadequate cipher suites, expiring certificates, hard-coded keys); prioritization ranks exposures by context, business impact, and remediation effort; remediation supplies step-by-step mitigation and migration plans; and governance sustains cryptographic resilience across the organization over time. Technically, the platform is described as API-first, using integrations rather than agents or probes, and it applies knowledge-graph technology to model organizational context — relationships among applications, business systems, keys, and the encryption that ties them together — so that an isolated finding can be understood as part of a larger risk chain. Compliance enforcement is mapped to frameworks such as NIST's post-quantum standards and the NSA's CNSA 2.0 suite. This architecture is meant to replace one-time protocol scans with continuous visibility and action across "every layer where encryption is used," which is the practical prerequisite for crypto-agility — the ability to swap algorithms as standards evolve.
**Market, customers, and go-to-market.** QIZ is selling into a market that regulators and standards bodies have effectively created a deadline for. NIST finalized its first post-quantum encryption standards in August 2024; U.S. federal guidance deprecates classical public-key cryptography by 2030 and disallows it by 2035; and Executive Order 14412 (June 2026) requires federal agencies to migrate high-value systems to post-quantum cryptography by the end of 2030. Parallel obligations in Europe and finance — DORA, NIS2, and the Cyber Resilience Act — push large enterprises in the same direction. QIZ targets enterprises with large cryptographic estates, federal agencies and their contractors, and heavily regulated sectors including financial services, telecommunications, healthcare, and critical infrastructure. Its go-to-market leans on partnerships and marketplaces: the company has announced a crypto-agility collaboration with Google Cloud (with availability on Google Cloud Marketplace) and a partnership with SafeLogic for end-to-end PQC discovery and remediation, and it lists strategic relationships spanning major cloud, security, and advisory ecosystems. The company reports it is already working with some of the world's largest brands, though it has not publicly named individual customers.
**Traction, funding, and third-party validation.** QIZ emerged publicly in July 2026 with a $17 million seed round co-led by Bessemer Venture Partners and Merlin Ventures, with participation from Evolution Equity Partners, Qbeat Ventures, Singtel Innov8, and Qino Cyber Capital. The syndicate is a meaningful validation signal: Bessemer is backing founder Ben Volkow for the fourth time, Evolution and Merlin are specialist cybersecurity investors, and Singtel Innov8 brings a strategic telecom lens to a market where carriers face acute cryptographic migration burdens. Public company-profile data indicates a team in the 11-50 employee range. Beyond capital, the third-party validation comes from the timing thesis multiple sophisticated investors share — that cryptography is the "next unmanaged security surface," analogous to how cloud posture (CSPM) and application security posture management became categories once the underlying estate grew too complex to track manually.
**Founders and team background.** QIZ's founding team is unusually credentialed for a seed-stage company. CEO Ben Volkow is a serial founder whose prior companies include Otonomo, a connected-car data platform that went public in 2021, and Traffix Systems, acquired by F5 Networks — both Bessemer-backed. Co-founder and CTO Lenny Ridel previously co-founded Traffix with Volkow, giving the pair a long, proven working history in networking and enterprise infrastructure. The third co-founder, Dr. Itan Barmes, serving as chief strategy/security officer, built and led Deloitte's global quantum cyber readiness practice for roughly six years, advising many of the world's largest organizations on quantum-safe strategy — domain depth that is genuinely scarce in the post-quantum field. This combination of repeat enterprise-software operating experience plus deep subject-matter authority in quantum-safe migration is the team's central asset and the primary reason a crowded category entrant can command a large seed.
**Competitive dynamics.** Cryptographic posture and post-quantum readiness is an increasingly contested category. QIZ competes with (1) SandboxAQ, a well-funded Alphabet spinout with a cryptography-management and PQC product; (2) PQShield, which focuses on post-quantum cryptographic IP, libraries, and hardware; (3) QuSecure, which offers a post-quantum overlay and orchestration layer; (4) InfoSec Global (AgileSec) and Keyfactor, which come from cryptographic discovery and PKI/certificate lifecycle management respectively; and (5) incumbents such as IBM, Cisco, and DigiCert extending crypto-discovery into their platforms. QIZ's differentiation rests on: (i) a posture-management framing (Discover/Prioritize/Remediate/Govern) that mirrors the CSPM playbook enterprises already understand; (ii) a knowledge-graph, business-context prioritization engine intended to cut alert noise; (iii) an agentless, API-first deployment model; and (iv) founder credibility that accelerates enterprise trust and channel partnerships. The risk is that larger platform vendors bundle "good enough" crypto discovery, compressing standalone demand.
**Defense, security, and resilience dual-use relevance.** Post-quantum cryptographic migration sits squarely at the intersection of commercial cybersecurity and national-security resilience, which gives QIZ genuine — though adjacency-based rather than weapons-specific — dual-use relevance. The "harvest now, decrypt later" threat, in which adversaries capture encrypted traffic today to decrypt once cryptographically relevant quantum computers exist, is precisely why defense ministries, intelligence agencies, and critical-infrastructure operators are among the earliest movers on PQC. QIZ's mapping to CNSA 2.0 (the NSA's commercial national security algorithm suite) and to federal migration mandates positions its tooling for government and defense-contractor use, and its target verticals — telecom, energy, finance, healthcare — are exactly the critical-infrastructure sectors allied governments prioritize for cryptographic hardening. The calibrated caveat is that QIZ sells enterprise governance software, not a fielded defense capability; its strategic value is enabling resilient migration of the encryption underpinning both civilian and defense systems, not delivering a battlefield or offensive function.
**Growth stage, trajectory, and diligence risks.** QIZ is an early-stage company: seed funded, publicly launched in 2026, with a small team and an emerging category. Its trajectory depends on converting regulatory tailwinds and partnerships into named enterprise logos and recurring revenue before larger competitors and platform incumbents crowd the space. Key diligence risks include: (1) **category compression** — cloud and security platforms may absorb crypto discovery as a feature; (2) **long enterprise sales cycles** — PQC migration is board-level but budget timing is uneven and deadlines (2030/2035) are distant enough to permit procrastination; (3) **competition from better-capitalized rivals** such as SandboxAQ; (4) **execution/scaling risk** typical of seed-stage teams building a technical platform across heterogeneous environments; (5) **dependence on partnerships** (Google Cloud, SafeLogic) whose priorities may shift; and (6) **unverified traction** — customer claims are not yet publicly substantiated. Offsetting these is a rare combination of proven founders, specialist quantum-readiness expertise, a top-tier investor syndicate, and a market whose demand is being manufactured by regulation rather than left to discretionary adoption.
Dual-Use Assessment
QIZ Security's cryptographic posture management and post-quantum migration platform has strong, adjacency-based dual-use relevance rather than a weapons-specific capability. On the commercial axis, it helps enterprises inventory and govern encryption and meet regulatory mandates (NIST PQC, DORA, NIS2, Cyber Resilience Act). On the defense and national-security axis, post-quantum migration is a first-order resilience priority: the 'harvest now, decrypt later' threat means adversaries can capture encrypted communications today to decrypt once quantum computers mature, making crypto discovery and agility essential for defense ministries, intelligence agencies, and critical-infrastructure operators. QIZ's explicit mapping to the NSA's CNSA 2.0 suite and U.S. federal migration mandates (Executive Order 14412) positions its tooling for government and defense-contractor use, and its target verticals — telecom, energy, finance, healthcare — are the critical-infrastructure sectors allied governments prioritize. The calibrated limitation: QIZ sells enterprise governance software that enables resilient cryptographic migration for both civilian and defense systems; it is not itself a fielded military system, and its dual-use value is infrastructure resilience, not offensive or kinetic capability.
Strategic Fit Assessment
Priority signal means this entry may be worth researching within the Claw & Talon thesis. It does not mean investable, suitable, endorsed, available, or likely to produce returns.
QIZ Security presents a high-quality seed-stage profile in a regulation-driven category: (1) **Team** — a rare combination of a four-time Bessemer-backed founder (Ben Volkow, whose Otonomo went public in 2021 and whose Traffix Systems was acquired by F5), his long-time co-founder Lenny Ridel, and Dr. Itan Barmes, who led Deloitte's global quantum cyber readiness practice for ~6 years; this pairing of proven enterprise operators with scarce PQC domain expertise is the central thesis. (2) **Market timing** — demand is being manufactured by regulation: NIST finalized PQC standards in 2024, U.S. guidance deprecates classical public-key crypto by 2030 (disallowed 2035), Executive Order 14412 sets a federal 2030 deadline, and DORA/NIS2/CRA push European and financial enterprises in parallel. (3) **Category logic** — cryptographic posture management mirrors the proven CSPM/ASPM playbook, an understandable framing for enterprise buyers. (4) **Validation** — a $17M seed co-led by Bessemer and Merlin with Evolution, Singtel Innov8, and others, plus announced Google Cloud and SafeLogic partnerships. The offsetting risks are real: a crowded field (SandboxAQ, PQShield, QuSecure, InfoSec Global, Keyfactor), potential feature-bundling by platform incumbents, long sales cycles with distant deadlines that permit buyer procrastination, and unverified customer traction. This is a legacy priority-signal assessment, not an investment recommendation.
Strategic Value to U.S.-Israel Alliance
QIZ's strategic value operates on three axes. (1) **Cryptographic resilience of critical infrastructure** — the migration to quantum-safe encryption is a foundational, decade-long transformation for telecom, energy, finance, healthcare, and government; tooling that makes that migration discoverable, prioritized, and governable is enabling infrastructure for the entire allied digital economy. (2) **National-security alignment** — post-quantum readiness is a stated priority of the NSA (CNSA 2.0) and U.S. federal government (EO 14412); the 'harvest now, decrypt later' threat makes crypto-agility a defense and intelligence concern, and Israeli-founded expertise in this domain contributes to allied cyber resilience. (3) **Ecosystem and talent signal** — QIZ reflects the maturation of Israel's cybersecurity ecosystem into deep, standards-driven categories, led by repeat founders with international investor backing and marketplace distribution through hyperscalers. Its strategic importance is as a resilience-and-governance layer beneath both civilian and defense systems rather than as a direct defense supplier, and its long-term value depends on becoming a durable category leader before incumbents commoditize crypto discovery.
Key Technologies
- Continuous cryptographic asset discovery across cloud, on-premises, hybrid, and data in motion/at rest
- Knowledge-graph modeling of organizational and business context for encryption dependencies
- Risk prioritization engine that ranks exposures by business impact and remediation effort
- Agentless, API-first integration architecture (no agents or probes)
- Policy and compliance enforcement mapped to NIST PQC standards and NSA CNSA 2.0
- Post-quantum cryptography migration planning and crypto-agility workflows
- Multi-stakeholder governance tooling for CISOs, compliance teams, and application owners
Use Cases & Applications
- Enterprise cryptographic inventory: discovering all keys, certificates, algorithms, and cipher suites in use
- Post-quantum readiness assessment and phased PQC migration planning ahead of 2030/2035 deadlines
- Compliance reporting against NIST PQC, CNSA 2.0, DORA, NIS2, and the EU Cyber Resilience Act
- Federal-agency and defense-contractor migration under Executive Order 14412
- Certificate and cipher-suite lifecycle governance to eliminate deprecated protocols
- Critical-infrastructure (telecom, energy, healthcare) cryptographic hardening against 'harvest now, decrypt later' threats
- Crypto-agility enablement for cloud workloads via Google Cloud Marketplace deployment
- Board-level cryptographic risk reporting and continuous posture monitoring
Sources and verification
This profile is based on public-source research, Claw & Talon curation, and editorial judgment. Inclusion does not imply endorsement, partnership, investment, or a recommendation to transact. Readers should still confirm current status, customers, funding, and product claims before relying on this profile. The editorial policy explains how profiles are researched, where automated drafting is used, and how corrections work.
This record lists 6 public references used for company identity, status, positioning, or material-claim review.
Public sources
The links below are visible public references used for source discipline around company identity, status, funding, customer, acquisition, public-company, or other material claims where available.
- QIZ Security Official Website Company homepage: tagline 'From Cryptography Chaos to Quantum Resilience', the Discover/Prioritize/Remediate/Govern product model, knowledge-graph and API-first (agentless) architecture, and stated locations in Delaware, US and Ra'anana, Israel.
- Backing QIZ Security: Cryptographic Posture Management for the Post-Quantum Era (Bessemer Venture Partners) Investor thesis and detail: founder backgrounds (Volkow's Otonomo/Traffix; Ridel; Barmes's Deloitte quantum practice), NIST 2024 standards, CNSA 2.0, Executive Order 14412 2030 deadline, and Google Cloud / SafeLogic partnerships.
- QIZ Security Raises $17 Million for Cryptographic Governance Platform (SecurityWeek) Confirms the $17M seed amount, lead investors Bessemer and Merlin Ventures plus Evolution, Qbeat, Singtel Innov8, Qino Cyber Capital, the agentless/API-based discovery approach, and Israel headquarters.
- QIZ Security Raises $17M Seed to Lead Cyber Readiness for the Post-Quantum Era (PR Newswire) Official funding announcement: seed round, investor syndicate, platform capabilities (discover cryptographic assets, assess quantum risk, manage migration), and founder commentary.
- QIZ Security Raises $17 Million Seed to Lead Cyber Readiness For The Post-Quantum Era (The Quantum Insider) Founder quotes, 11-50 employee range, founders' roles, target verticals (financial services, telecom, healthcare, critical infrastructure), and strategic partnership ecosystem.
- QIZ Security Raises $17M Seed Round for Post-Quantum Readiness Platform (SiliconANGLE) Independent media confirmation of the seed round, post-quantum readiness positioning, and platform description.
- Profile update timestamp Last updated in the Claw & Talon database on Jul 13, 2026.
Investor Lens
What this entry is
Private startup
Why it may matter
QIZ Security may matter as a Cybersecurity entry with not currently an investable standalone company for Israeli technology research.
How an independent investor should read this
Not currently an investable standalone company. Read this profile as a starting point for independent verification, not as a recommendation or suitability assessment.
Evidence to verify
- Verify current status
- Verify traction
- Verify cap table/funding
- Verify technical claims
- Verify regulatory/export-control issues
- Verify customer concentration
Main investor questions
- Is the company currently active, independently financeable, and raising or not raising on terms you can verify?
- What customer, revenue, product, and technical evidence supports the company story?
- What valuation, cap table, rights, and follow-on assumptions would govern any private exposure?
- Does the dual-use claim map to actual commercial and government/defense/resilience buyer evidence?
- What evidence would change the thesis or show that the profile is stale?
What not to infer
- Inclusion does not imply endorsement.
- Inclusion does not imply allocation availability or current fundraising.
- Scores do not indicate investment suitability or expected returns.
- Strategic importance does not automatically imply venture return potential.
Diligence questions
- What evidence verifies QIZ Security's current customer traction, deployment status, and revenue concentration?
- Which technical claims are independently demonstrable today, and which remain roadmap or pilot-stage assertions?
- Where does the product create real defense, intelligence, critical-infrastructure, or emergency-response value beyond ordinary commercial adoption?
- How does the platform integrate into existing SOC, cloud, identity, or compliance workflows without adding operational burden?
- What would disconfirm the priority signal: weak customer references, thin technical differentiation, poor capital efficiency, or limited allied-market access?
Related sector
See the Cybersecurity sector page for market context, related subcategories, and other Israeli companies in this part of the database.
Related companies
Need a diligence readout?
Use the profile and related checklists as a starting point. If the decision needs more context, request a company screen, founder-call prep, diligence memo, or sector readout.