Citigroup’s VC arm invests in API security startup Traceable

Share via:


In 2017, Jyoti Bansal co-founded San Francisco-based security company Traceable alongside Sanjay Nagaraj, a former investor. With Traceable, Bansal — who previously co-launched app performance management startup AppDynamics, acquired by Cisco in 2017 — sought to build a platform to protect customers’ APIs from cyberattacks.

Attacks on APIs — the sets of protocols that establish how platforms, apps and services communicate — are on the rise. API attacks affected nearly one quarter of organizations every week in the first month of 2024, a 20% increase from the same period a year ago, according to cybersecurity firm Check Point.

API attacks take many forms, including attempting to make an API unavailable by overwhelming it with traffic, bypassing authentication methods, and exposing sensitive data transferred via a vendor’s APIs.

“There’s a lack of recognition of the criticality of API security,” Bansal told TechCrunch in an interview, “as well as ignorance of the ever-growing attack surface in APIs and a resistance to embrace API security due to entrenched investments in security solutions that don’t address the API security problem directly.”

To Bansal’s point, more and more businesses are tapping APIs in part thanks to the generative AI boom, but in the process unwittingly exposing themselves to attacks. Per one recent study, the number of APIs used by companies increased by over 200% between July 2022 and July 2023. Gartner, meanwhile, predicts that more than 80% of enterprises will have used generative AI APIs or deployed generative AI-enabled apps by 2026.

What Traceable does to try to shield these APIs is applies AI to analyze usage data to learn normal API behavior and spot activity that deviates from the baseline. Traceable’s software, which runs on-premises or in a fully managed cloud, can discover and catalog existing and new APIs including undocumented and “orphaned” (i.e. deprecated) APIs in real time, according to Bansal.

Traceable

Image Credits: Traceable

“In order to detect modern threat scenarios, Traceable trained in-house models by fine-tuning open source large language base models with labeled attack data,” Bansal explained. “Our platform provides tools for API discovery, testing, protection and threat hunting workflows for IT teams.”

The API security solutions market is quickly becoming crowded, with vendors such as Noname Security, 42Crunch, Vorlon, Salt Security, Cequence, Ghost Security, Pynt, Akamai, Escape and F5 all vying for customers. According to Research and Markets, the segment could grow at a compound annual growth rate of 31.5% from 2023 to 2030, buoyed by the increasing threats in cybersecurity and the demand for more secure APIs.

But Bansal claims that Traceable is holding its own, analyzing around 500 billion API calls a month for ~50 customers and projecting revenue to double this year. Most of Traceable’s clients are in the enterprise, but Bansal says the company’s investigating piloting with governments.

“Traceable is building a long-term sustainable company, which from a financial perspective means that we have a very healthy margin profile that continues to improve as our revenue grows,” he said. “We’re not profitable today by choice, as we’re investing into the business responsibly … Our focus is on strategic investments maximizing return, not simply spending.”

To that end, Traceable today announced that it raised $30 million in a strategic investment from a group of backers that included Citi Ventures (Citigroup’s corporate venture arm) IVP, Geodesic Capital, Sorenson Capital and Unusual Ventures. Valuing Traceable at $500 million post-money and bringing Traceable’s total raised to $110 million, the new cash will be put toward product development, scaling up Traceable’s platform and customer engineering teams and building out the company’s partnership program, Bansal said.

Traceable has ~180 staffers currently. Bansal expects headcount to reach 230 by year-end 2024, as the the bulk of the new investment goes to hiring.

“Traceable wasn’t fundraising, as we still had substantial cash runway prior to this investment,” Bansal said, adding that Traceable secured a “sizeable” line of credit in addition to the new funds, “but we received significant inbound demand from investors. With the combination of the strategic alignment with Citi Ventures and the attractive terms of the investment, we decided to take a smaller investment now to accelerate our product and go-to-market initiatives before thinking about a more substantial fundraise.”



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Citigroup’s VC arm invests in API security startup Traceable


In 2017, Jyoti Bansal co-founded San Francisco-based security company Traceable alongside Sanjay Nagaraj, a former investor. With Traceable, Bansal — who previously co-launched app performance management startup AppDynamics, acquired by Cisco in 2017 — sought to build a platform to protect customers’ APIs from cyberattacks.

Attacks on APIs — the sets of protocols that establish how platforms, apps and services communicate — are on the rise. API attacks affected nearly one quarter of organizations every week in the first month of 2024, a 20% increase from the same period a year ago, according to cybersecurity firm Check Point.

API attacks take many forms, including attempting to make an API unavailable by overwhelming it with traffic, bypassing authentication methods, and exposing sensitive data transferred via a vendor’s APIs.

“There’s a lack of recognition of the criticality of API security,” Bansal told TechCrunch in an interview, “as well as ignorance of the ever-growing attack surface in APIs and a resistance to embrace API security due to entrenched investments in security solutions that don’t address the API security problem directly.”

To Bansal’s point, more and more businesses are tapping APIs in part thanks to the generative AI boom, but in the process unwittingly exposing themselves to attacks. Per one recent study, the number of APIs used by companies increased by over 200% between July 2022 and July 2023. Gartner, meanwhile, predicts that more than 80% of enterprises will have used generative AI APIs or deployed generative AI-enabled apps by 2026.

What Traceable does to try to shield these APIs is applies AI to analyze usage data to learn normal API behavior and spot activity that deviates from the baseline. Traceable’s software, which runs on-premises or in a fully managed cloud, can discover and catalog existing and new APIs including undocumented and “orphaned” (i.e. deprecated) APIs in real time, according to Bansal.

Traceable

Image Credits: Traceable

“In order to detect modern threat scenarios, Traceable trained in-house models by fine-tuning open source large language base models with labeled attack data,” Bansal explained. “Our platform provides tools for API discovery, testing, protection and threat hunting workflows for IT teams.”

The API security solutions market is quickly becoming crowded, with vendors such as Noname Security, 42Crunch, Vorlon, Salt Security, Cequence, Ghost Security, Pynt, Akamai, Escape and F5 all vying for customers. According to Research and Markets, the segment could grow at a compound annual growth rate of 31.5% from 2023 to 2030, buoyed by the increasing threats in cybersecurity and the demand for more secure APIs.

But Bansal claims that Traceable is holding its own, analyzing around 500 billion API calls a month for ~50 customers and projecting revenue to double this year. Most of Traceable’s clients are in the enterprise, but Bansal says the company’s investigating piloting with governments.

“Traceable is building a long-term sustainable company, which from a financial perspective means that we have a very healthy margin profile that continues to improve as our revenue grows,” he said. “We’re not profitable today by choice, as we’re investing into the business responsibly … Our focus is on strategic investments maximizing return, not simply spending.”

To that end, Traceable today announced that it raised $30 million in a strategic investment from a group of backers that included Citi Ventures (Citigroup’s corporate venture arm) IVP, Geodesic Capital, Sorenson Capital and Unusual Ventures. Valuing Traceable at $500 million post-money and bringing Traceable’s total raised to $110 million, the new cash will be put toward product development, scaling up Traceable’s platform and customer engineering teams and building out the company’s partnership program, Bansal said.

Traceable has ~180 staffers currently. Bansal expects headcount to reach 230 by year-end 2024, as the the bulk of the new investment goes to hiring.

“Traceable wasn’t fundraising, as we still had substantial cash runway prior to this investment,” Bansal said, adding that Traceable secured a “sizeable” line of credit in addition to the new funds, “but we received significant inbound demand from investors. With the combination of the strategic alignment with Citi Ventures and the attractive terms of the investment, we decided to take a smaller investment now to accelerate our product and go-to-market initiatives before thinking about a more substantial fundraise.”



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Jio, Tata Submit Bids To Offer AI Compute

SUMMARY Other bidders included Sify Digital, Yotta, CloudThat Technologies,...

ThredUp fashion marketplace offloads its European business, Remix

Fashion resale marketplace ThredUp has divested its European...

Swiggy Not Focusing On Entering New Cities For Food...

Foodtech major Swiggy is focusing on deepening its...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!