SaiFlow

Cybersecurity Dual-Use Technology Priority Signal Founded 2022

Last updated: Jul 13, 2026

SaiFlow is an Israeli cybersecurity company that builds energy-context-aware, AI-native runtime protection for distributed energy resources and EV charging networks, fusing power and network telemetry to detect and respond to cyber and operational attacks on grid-edge infrastructure.

Visit Website

Company Overview

**Product and the concrete problem it solves.** SaiFlow addresses a fast-widening and under-defended attack surface: the millions of internet-connected, grid-edge energy assets — EV chargers, rooftop and utility solar inverters, wind turbines, battery energy storage systems (BESS), smart meters, substations, and microgrid controllers — that together form the "distributed energy resources" (DER) layer now being bolted onto power grids. These devices were designed for uptime and interoperability, not adversarial resilience, and they speak energy-specific protocols (OCPP, OCPI, IEEE 2030.5, OpenADR, DNP3, IEC 61850) that conventional IT and even generic OT security tools do not natively understand. As DER penetration rises, an attacker who can manipulate a large enough aggregation of these devices can cause more than a data breach: they can disrupt charging networks, steal energy, trip protection systems, or — in aggregate — destabilize grid frequency and voltage. SaiFlow's platform is purpose-built to see, understand, and defend this layer, positioning itself under the tagline "Securing Energy, Enabling Life" as runtime cybersecurity for the energy transition rather than a repackaged enterprise-security product.

**Core technology and how it actually works.** SaiFlow's differentiator is the fusion of *energy telemetry* with *network telemetry* into a single detection and response engine. The platform delivers three linked capabilities: (1) **contextual AI threat detection** that correlates power-side data (load, charging sessions, generation, protocol commands) with network behavior to flag anomalies that are invisible to a purely IT- or packet-oriented tool; (2) **energy IoT asset visibility**, an observability layer that discovers and inventories every distributed asset, its firmware and vulnerabilities, and its protocol conversations to build behavioral baselines; and (3) **automated zero-trust response**, which enforces energy-context-aware policies through integrated network security controls. Because the correlation engine is trained on the semantics of energy protocols and grid operations, it can distinguish a legitimate demand-response event or charging surge from a coordinated manipulation. SaiFlow has also published original vulnerability research — most notably a class of attacks in the widely deployed OCPP 1.6J standard, where the protocol's mishandling of multiple concurrent charge-point connections combined with weak authentication lets an attacker hijack a charger's identifier and launch a denial-of-service against electric-vehicle supply equipment — demonstrating genuine domain depth rather than generic anomaly scoring.

**Market, customers, and go-to-market.** SaiFlow sells into a structurally expanding market driven by electrification, EV-charging build-out, and grid decentralization. Its buyers are the operators of distributed energy infrastructure: charge-point operators (CPOs) and e-mobility service providers (eMSPs), utilities and distribution operators, solar/storage developers, microgrid and BESS operators, and the energy-management platforms that aggregate them. The go-to-market is heavily partner-leveraged: SaiFlow announced a technology partnership with **Check Point Software** integrating its energy-context risk assessment with Check Point's Quantum IoT Protect, and a parallel partnership with **Palo Alto Networks**, in each case delivering an end-to-end solution tuned to energy protocols such as OCPP, OCPI, and IEEE 2030.5. Riding established security channels lets a small company reach large infrastructure operators far faster than a direct-only motion, and aligns SaiFlow with the two vendors most likely to be already present in a utility or enterprise network.

**Traction, funding, and third-party validation.** SaiFlow is early-stage but has accumulated credible external validation. Public databases report roughly $4.75M raised, with a November 2024 round associated with Essentia Venture Capital and Next Gear Ventures; the company has also been selected into notable programs including the AWS & CrowdStrike Cybersecurity Accelerator and a Next Gear cyber accelerator cohort, and is listed among Israel's energy-tech ecosystem players by Startup Nation Central. The Check Point and Palo Alto partnerships are the strongest third-party signals — both imply technical vetting by tier-one security vendors — and SaiFlow's coordinated-disclosure vulnerability research earned independent coverage in outlets such as SecurityWeek, which reinforces the team's technical credibility with the broader security community. The countervailing point is that disclosed capital is modest, revenue and named paying customers are not documented in open sources, and the platform is competing for budget in a crowded OT/IoT-security field.

**Founders and team background.** SaiFlow was founded in 2022 by **Ron Tiberg-Shachar** (CEO), **Or Shwartz**, and **Dor Shmaryahu**, with the small-team profile (public figures cite roughly 11–50 employees) typical of an early cyber startup. The founding thesis — that securing the energy edge requires people who understand both cybersecurity and power-system operations — is reflected in the product's protocol-native design and its published OCPP research. The principal gaps in the public record are the depth of the go-to-market and energy-OT engineering bench, the founders' full prior track records, and the precise current headcount, all of which warrant direct verification in diligence.

**Competitive dynamics.** SaiFlow competes along a spectrum from broad OT/ICS security incumbents to niche energy-security specialists. (1) Horizontal OT/IoT-security platforms such as **Claroty**, **Nozomi Networks**, and **Dragos** cover industrial environments broadly and have far greater scale, but are not purpose-built around DER and EV-charging protocols. (2) Energy-and-OT specialists like Israel's own **Astoria Cyber** (renewable-plant cyber bundled with energy-management and trading/optimization) overlap on renewable-plant security but pursue a different, more integrated operations posture. (3) Adjacent grid- and asset-monitoring players (e.g., IoT energy-monitoring vendors) touch the same assets without the security depth. SaiFlow's edge is fourfold: (i) energy-plus-network telemetry fusion rather than network-only detection; (ii) native fluency in EV and DER protocols; (iii) original, disclosed vulnerability research that builds trust and product signal; and (iv) distribution through Check Point and Palo Alto. The risk is that a well-funded horizontal incumbent extends into DER and EV coverage before SaiFlow reaches escape velocity.

**Defense, security, and resilience dual-use relevance.** The dual-use case is real but should be framed honestly as critical-infrastructure resilience and homeland security rather than kinetic defense. Power grids and their fast-growing DER/EV edge are prime targets in modern conflict and gray-zone operations: attacks on Ukraine's grid and repeated warnings about pre-positioning in Western utility networks make grid cyber-defense a national-security priority, and large aggregations of hijackable grid-edge devices are precisely the kind of distributed weapon an adversary could weaponize to destabilize a grid. SaiFlow's protocol-aware detection and automated response directly harden this surface, with clear applicability to energy resilience for utilities, military installations and base microgrids, and allied critical-infrastructure operators. The calibrated view: the commercial thesis (protecting CPOs, utilities, and DER operators) is the fielded reality, while the defense/homeland-security relevance is a credible adjacency — energy security is a recognized strategic domain — rather than a documented set of military contracts.

**Growth stage, trajectory, and key diligence risks.** SaiFlow is an early-stage company with a differentiated product, a domain-credible team, and strong channel partners, but modest disclosed funding and thin public evidence of scaled revenue. Its trajectory depends on converting the Check Point and Palo Alto partnerships and accelerator relationships into repeatable, referenceable deployments before better-capitalized OT-security incumbents close the DER/EV gap. Key diligence risks: (1) **capitalization** — ~$4.75M disclosed is light for a category that rewards scale and long enterprise sales cycles; (2) **competitive encroachment** — Claroty/Nozomi/Dragos and energy-OT specialists could extend coverage; (3) **commercial proof** — named paying customers, ARR, and retention are not documented publicly; (4) **channel dependence** — heavy reliance on partner ecosystems concentrates go-to-market risk; (5) **standards/regulatory timing** — demand is partly gated by evolving EV-charging and DER security mandates; and (6) **team-scale opacity** — current headcount, bench depth, and founder track records need direct confirmation. The bull case is a protocol-native leader for the electrified grid edge with tier-one distribution; the bear case is a strong niche product that is out-scaled before the DER-security market fully materializes.

Dual-Use Assessment

Military & Commercial Applications

SaiFlow's dual-use relevance is genuine but is best framed as critical-infrastructure resilience and homeland security rather than kinetic defense. (1) Power grids and their fast-growing distributed-energy and EV-charging edge are recognized targets in modern conflict and gray-zone operations — the attacks on Ukraine's grid and repeated warnings about adversary pre-positioning in Western utility networks make grid cyber-defense a national-security priority. (2) Large aggregations of internet-connected, hijackable grid-edge devices (chargers, inverters, BESS, microgrid controllers) are precisely the kind of distributed attack surface an adversary could weaponize to destabilize grid frequency and voltage; SaiFlow's protocol-aware detection and automated zero-trust response directly harden this surface. (3) The same platform has clear applicability to energy resilience for military installations and base microgrids and for allied critical-infrastructure operators, alongside its commercial utility, CPO, and DER-operator customers. (4) SaiFlow's original OCPP vulnerability research demonstrates that the DER/EV layer is genuinely exploitable, underscoring the defensive value. Calibration: the commercial thesis (protecting CPOs, utilities, and DER operators) is the fielded reality; the defense/homeland-security relevance is a credible strategic adjacency rather than a documented set of military contracts.

Strategic Fit Assessment

Research priority signal

Priority signal means this entry may be worth researching within the Claw & Talon thesis. It does not mean investable, suitable, endorsed, available, or likely to produce returns.

SaiFlow is an early-stage, category-focused critical-infrastructure cybersecurity play with a defensible technical wedge and strong channel validation, tempered by modest capital and unproven scale. (1) Differentiated technology: fusing energy/power telemetry with network telemetry to defend DER and EV-charging assets is a genuinely distinct approach versus network-only OT/IoT tools, and native fluency in energy protocols (OCPP, OCPI, IEEE 2030.5, DNP3, IEC 61850) is a real moat. (2) Credibility signals: technology partnerships with Check Point (Quantum IoT Protect) and Palo Alto Networks imply tier-one vetting and distribution, and selection into the AWS & CrowdStrike and Next Gear cyber accelerators adds external validation. (3) Domain proof: SaiFlow's original, independently covered OCPP 1.6J vulnerability research demonstrates real expertise and generates product signal. (4) Structural tailwinds: electrification, EV build-out, DER penetration, and tightening grid-security mandates expand the attack surface SaiFlow defends. (5) Strategic fit: energy security and critical-infrastructure resilience are core to the dual-use thesis. Counterweights: disclosed funding (~$4.75M) is light for a category that rewards scale and long enterprise sales cycles; named paying customers, revenue, and retention are not documented publicly; well-funded horizontal incumbents (Claroty, Nozomi, Dragos) could extend into DER/EV; go-to-market is heavily partner-dependent; and current headcount and founder track records need direct confirmation. This is a priority-signal assessment of strategic fit and technical credibility, not an investment recommendation.

Strategic Value to U.S.-Israel Alliance

SaiFlow's strategic value sits at the intersection of the energy transition and critical-infrastructure defense. (1) Enabling layer: as grids decentralize, the DER/EV edge becomes both indispensable and dangerously exposed, and a protocol-native security layer for that edge can embed across utilities, CPOs, and energy platforms rather than serve a single product. (2) Resilience relevance: securing large aggregations of grid-edge devices directly counters a recognized national-security threat — coordinated cyber manipulation of distributed assets to destabilize the grid — making the technology relevant to homeland security, energy resilience, and base/microgrid protection. (3) Sovereignty and standards: energy-protocol expertise and disclosed vulnerability research position SaiFlow to influence and harden the standards (OCPP, IEEE 2030.5) that will govern electrified infrastructure. (4) Ecosystem leverage: Check Point and Palo Alto partnerships give a small company reach into large operators and align it with entrenched security stacks. (5) Market timing: electrification and tightening EV/DER security mandates create durable demand. The ultimate strategic weight depends on SaiFlow converting partnerships and research credibility into scaled, referenceable deployments before larger OT-security incumbents close the DER/EV coverage gap.

Key Technologies

  • Contextual AI threat detection fusing power/energy telemetry with network telemetry for anomaly detection
  • Energy IoT asset visibility and behavioral baselining across DER, EV chargers, inverters, BESS, and substations
  • Automated zero-trust response with energy-context-aware enforcement policies
  • Native protocol parsing for OCPP, OCPI, IEEE 2030.5, OpenADR, DNP3, and IEC 61850
  • Original vulnerability research on EV-charging protocols (e.g., OCPP 1.6J connection-handling and authentication flaws)
  • Integrations with third-party security platforms (Check Point Quantum IoT Protect, Palo Alto Networks) for enforcement
  • Root-cause analysis correlating cyber events with energy/operational impact and uptime

Use Cases & Applications

  • Securing public and fleet EV-charging networks against DoS, charger hijacking, and energy theft
  • Protecting distributed solar, wind, and battery energy storage assets from cyber manipulation
  • Cyber monitoring and anomaly detection for microgrids and grid-edge substations
  • Giving charge-point operators (CPOs) and e-mobility service providers real-time asset visibility and threat response
  • Hardening utility and distribution-operator DER aggregations against grid-destabilizing attacks
  • Energy resilience for military installations, base microgrids, and critical-facility power
  • Compliance and observability against evolving EV/DER cybersecurity standards and mandates
  • Coordinated-disclosure vulnerability research and hardening of energy-protocol implementations

Sources and verification

This profile is based on public-source research, Claw & Talon curation, and editorial judgment. Inclusion does not imply endorsement, partnership, investment, or a recommendation to transact. Readers should still confirm current status, customers, funding, and product claims before relying on this profile. The editorial policy explains how profiles are researched, where automated drafting is used, and how corrections work.

This record lists 6 public references used for company identity, status, positioning, or material-claim review.

Public sources

The links below are visible public references used for source discipline around company identity, status, funding, customer, acquisition, public-company, or other material claims where available.

Investor Lens

What this entry is

Private startup

Why it may matter

SaiFlow may matter as a Cybersecurity entry with not currently an investable standalone company for Israeli technology research.

How an independent investor should read this

Not currently an investable standalone company. Read this profile as a starting point for independent verification, not as a recommendation or suitability assessment.

Evidence to verify

  • Verify current status
  • Verify traction
  • Verify cap table/funding
  • Verify technical claims
  • Verify regulatory/export-control issues
  • Verify customer concentration

Main investor questions

  • Is the company currently active, independently financeable, and raising or not raising on terms you can verify?
  • What customer, revenue, product, and technical evidence supports the company story?
  • What valuation, cap table, rights, and follow-on assumptions would govern any private exposure?
  • Does the dual-use claim map to actual commercial and government/defense/resilience buyer evidence?
  • What evidence would change the thesis or show that the profile is stale?

What not to infer

  • Inclusion does not imply endorsement.
  • Inclusion does not imply allocation availability or current fundraising.
  • Scores do not indicate investment suitability or expected returns.
  • Strategic importance does not automatically imply venture return potential.

Diligence questions

  • What evidence verifies SaiFlow's current customer traction, deployment status, and revenue concentration?
  • Which technical claims are independently demonstrable today, and which remain roadmap or pilot-stage assertions?
  • Where does the product create real defense, intelligence, critical-infrastructure, or emergency-response value beyond ordinary commercial adoption?
  • How does the platform integrate into existing SOC, cloud, identity, or compliance workflows without adding operational burden?
  • What would disconfirm the priority signal: weak customer references, thin technical differentiation, poor capital efficiency, or limited allied-market access?

Related sector

See the Cybersecurity sector page for market context, related subcategories, and other Israeli companies in this part of the database.

Need a diligence readout?

Use the profile and related checklists as a starting point. If the decision needs more context, request a company screen, founder-call prep, diligence memo, or sector readout.