As the world of software has moved toward simplified user interfaces and applications, the safety work behind the scenes has grow to be increasingly complex – especially for medium to large firms that depend on software to run their operations.
Although many firms have tried to take the “security by design” approach – staffing infosec teams to grasp their entire system and the impact of each change, even needed changes like updating firewalls and protection measures.
But First-class security believes it has the answer: The Israeli-founded startup today broadcasts the beta version of its AI-powered system that monitors your organization's entire network and stack and proactively displays risks, suggested changes and actionable actions, in addition to sorting for you break them down into tangible categories of what it is best to do: “analyze,” “monitor,” or “intervene.” This helps security teams prioritize their work at a look.
The company also announced that it has raised $6 million in seed funding led by Foundation Capital with participation from Flybridge Capital Partners and distinguished angel investors.
Michael Nov, CEO and co-founder of Prime Security, noted that delays and slowdowns attributable to late-stage security intrusions are a typical problem in software-dependent industries.
“I came upon very early on that product speed is totally depending on product security,” he said in a video call interview with VentureBeat earlier this week. “Without protection, I can't move an inch, and the challenge I kept running into was the developers saying, 'I'm stuck in security.' Security has all the time been seen because the villain.”
Consideration of security within the design phase
Prime Security's newly introduced product integrates security guardrails into the design phase of the Software Development Life Cycle (SDLC).
By using artificial intelligence – specifically fine-tuned versions of proprietary models available through a serious cloud provider and trained on synthetic data specifically generated by Prime to handle common and fewer common enterprise security needs – the platform helps Help teams discover, prioritize, and mitigate security risks before coding even begins.
This proactive approach allows firms to include best security practices into their software products from the beginning, reducing the likelihood of vulnerabilities later in the event process. Nov knows firsthand the struggles of staying secure and meeting deadlines.
“We began Prime because I missed a deadline for a really large enterprise customer attributable to security issues,” said Nov. “I spotted the issue began within the design phase when security was not addressed proactively.”
The product, now available in private beta, helps address these barriers by eliminating friction between security and engineering teams.
The AI-driven platform integrates with tools like Jira and Confluence, analyzes tasks in real-time and provides developers with easy security recommendations.
“We flag tasks that pose risks and proactively perform security checks. Engineers don't must wait for time in the case of safety measures; You get recommendations directly in Jira,” Nov added.
Seed financing to advertise growth
Prime Security's $6 million seed round shall be used to expand its research and development efforts and grow its sales and engineering teams.
The company has offices in New York and Tel Aviv and plans to make use of the brand new funding to further improve its AI-driven platform and support business growth.
The funding round was led by Foundation Capital, with participation from Flybridge Capital Partners and a bunch of influential angel investors including Sam Gutmann, co-founder and CEO of Own Company; Adrian Kunzle, CTO of Own Company; Assaf Keren, CSO of Qualtrics; Dimitri Sirota, co-founder and CEO of Bigid; Michael Callahan, board member at Datadog; and Omer Schneider, co-founder and CEO of CyberX. This experienced group will play a key role within the strategic direction of Prime Security.
Key features of the product
Prime Security's platform focuses on several critical security areas:
- Security vulnerabilities in product architecture: Identify issues equivalent to authorization failures, unencrypted sensitive data, expired sessions, and improper role-based access control.
- Security violations within the design phase: Identify risks equivalent to unauthorized external entities, unrestricted network access, and misassigned management tasks.
- Audit and compliance violations: Addressing concerns equivalent to unauthorized transfers of personally identifiable information (PII), incomplete security policies, and inadequate audit trails.
The product helps firms take proactive measures, which Nov highlighted as critical to modern security practices. “Why do you pay error bonuses? Because you’ve gotten problems in your software which might be found by others. I'm telling you: be proactive. Solve it at the start and solve it efficiently,” he said.
Leveraging a mixture of traditional and modern AI technologies, the platform interprets complex, unstructured data from Jira tickets and Confluence documents and makes recommendations based on specific risks and context.
“We automate a totally manual advisory process. In the planning phase, where security has to intervene, it only concerns unstructured data – JIRA tickets, Confluence documents. We use Gen AI to offer consistent, scalable recommendations,” explained Nov.
The interface is designed to be intuitive and actionable, as demonstrated by the platform's workflow. Users can track security tasks, review recommendations, and resolve compliance issues in real time.
Differentiation and competition
Nov also touched on how Prime Security stands out from other players within the space, including established firms like Apiiro, Remy Security, Snyk and ShiftLeft. Prime's key differentiator, based on Nov, is its ability to offer not only risk detection but in addition actionable recommendations that close the loop. “Security teams are bored with receiving 1,000,000 alerts – they need solutions, not only problems. “That’s where we differentiate ourselves,” he explained.
While firms like Snyk work with design-stage security consulting services, Nov identified that their solutions often deal with the code phase fairly than the design phase, leaving a spot in early risk detection. “This is just confirmation that the issue is big. For example, Snyk has partnered with Deloitte to supply consulting services for the design phase, but currently doesn’t have a product for this. They shift left to the code, and when the code is there, quite a lot of tools can be found,” Nov said.
Prime also intends to affix broader industry initiatives. “We fully intend to sign the Secure by Design Pledge once we aren’t any longer hidden,” Nov said, referring to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) initiative.
Nov emphasized that Prime's deal with the design phase of development allows it to supply more comprehensive solutions in comparison with competitors. “We know each Apiiro and Remy. Apiiro's solution is comparatively lightweight – it’s one in all the solutions they provide, but not their end-to-end focus. Remy focuses totally on identifying risks but doesn’t offer a advice to shut the loop,” he added.
Industry response and market potential
The importance of embedding security into the design phase of software development is increasingly recognized, particularly as regulators place emphasis on secure-by-design principles. Standards from organizations equivalent to NIST and ISO advocate integrating security controls early in product development, a shift that aligns with Prime Security's approach.
However, scaling security efforts in large organizations has long been a challenge. “There is one security person for each 150 developers. “It’s not scalable and that friction all the time happens,” noted Nov. “Our customers consistently tell us that the largest advantages are stopping late fixes and with the ability to scale their security teams without additional staff.”
By automating security interventions on the design stage, Prime Security provides organizations with the flexibility to discover risks early, minimizing the necessity for costly and time-consuming remediation later. “Security must be scalable before you write code. That is our premise. “You need to offer security before code is written, not after,” Nov emphasized.
Assaf Keren, Chief Security Officer of Qualtrics, highlighted the worth of the Prime solution, particularly its ability to multiply the productivity of security teams. “In today’s rapidly evolving digital landscape, balancing development efficiency with robust security has never been more essential,” he said.
Looking ahead
With the support of its investors and a transparent market need for early-stage security solutions, Prime Security is poised to make a big impact within the product security space. Sid Trivedi, partner at Foundation Capital, highlighted the corporate's potential to disrupt traditional approaches to security by bringing advanced AI to the forefront of product design. “Prime offers security teams a brand new technique to leverage modern AI infrastructure with a strong vision for the long run of product security,” said Trivedi.
Prime Security's product is now available in private beta and the corporate is actively working to expand its features and capabilities to assist more firms address security challenges within the earliest stages of software development.
