Prime Security emerged from stealth with an AI-powered solution that lets security teams build guardrails into the software design phase to detect, prioritize and mitigate security and compliance risks before development starts. Available in private beta, the Prime design-stage security solution removes the friction between security and engineering teams by applying AI to understand product intentions and to provide clear security guidelines to all stakeholders – making their products “Secure by Design”.
The company also announced today that it has secured $6 million in seed funding led by Foundation Capital with participation from Flybridge Capital Partners and prominent angel investors including Sam Gutmann, co-founder & CEO, Own Company; Adrian Kunzle, CTO, Own Company (ex. CTO JPM); Assaf Keren, CSO, Qualtrics (ex. CISO PayPal); Dimitri Sirota, co-founder & CEO, Bigid; Michael Callahan, Board Member, Datadog; and Omer Schneider, co-founder & CEO of CyberX (acq. by Microsoft). Prime will use the funds to accelerate R&D and expand their sales and engineering teams across their Tel-Aviv and New York offices.
“Our customers, from mid-market to enterprise, recognize the need for a new design-stage security approach that reduces product cyber risk and accelerates business,” said Prime co-founder & CEO Michael Nov. “Traditionally, design-stage security has been handled manually, but recent AI advancements make our approach scalable. Security teams can now gain early and full visibility into development risks, scaling assessments tenfold without adding staff while maintaining compliance. We see our product as the first step toward comprehensive, preventative, security across applications and infrastructure.”
Introducing Security Guardrails for the Design Stage of the SDLC
As the amount of security incidents continues to grow, security requirements need to be incorporated in all stages of product development, especially during the design stage. More and more regulations and frameworks acknowledge and incorporate this into their guidance. For example, NIST and ISO standards advocate for embedding security controls early in development, while the Cloud Security Alliance (CSA) promotes “data protection by design and default” as a key practice. This shift towards “secure by design” principles highlights the need for proactive security measures, aligning with Prime Security’s mission to help organizations address risks early and meet these emerging regulatory demands.
“Organizations today must take a holistic approach to security throughout the entire product lifecycle. However, recent IDC research found that only 36% of organizations’ adopting DevSecOps incorporate security into the design phase,” said Katie Norton, Research Manager, DevSecOps and Software Supply Chain Security at IDC. “Prime’s use of AI to identify security risks in engineering tasks before development begins can help organizations scale secure by design principles, improve their overall security posture, and increase collaboration between security and development teams.”
Prime integrates with tools such as Jira and Confluence to proactively identify security risks at their inception, provide deep contextualization for every identified risk, and deliver customized security requirements to mitigate identified risks. Behind the scenes, the Prime context-risk engine, built on modern and traditional AI tooling, does the heavy lifting. This unique approach allows customers to see initial value within a few hours of deployment. The context and the provided requirements continue to improve in quality as customers integrate Prime with additional security tools.
The Prime design-stage security solution helps security engineering teams identify and mitigate design-phase risks and violations across multiple key areas including Security Gaps in Product Architecture such as errors in authorization logic, unencrypted sensitive data, expired sessions, and improper role-based access control; Design Stage Security Violations that can include lack of incident reporting, unapproved external entities, unrestricted network access, and administrative tasks assigned to low-privileged accounts; and, Audit and Compliance Violations like exporting sensitive data, incomplete security policies, insufficient audit trails, and unauthorized PII transfers.
“In today’s rapidly evolving digital landscape, balancing development efficiency with robust security has never been more critical,” said Assaf Keren, CSO, Qualtrics. “By leveraging AI to automate security design reviews, we’re not just shifting left – we’re multiplying the productivity of our security teams and enhancing the experience of engineers across the organization. This approach is key to maintaining both agility and security in modern enterprises.”
“Nearly 50% of application deployment tasks administered by IT have been automated. But in this changing landscape, product security automation has largely fallen behind. Prime introduces a new opportunity for security teams to leverage modern AI infrastructure with an impressive vision for the future of product security, and a compelling wedge at the software design phase,” said Sid Trivedi, Partner at Foundation Capital. “Prime brings together a truly special founding team across US and Israel with each founder bringing individual strengths across go-to-market, product, and engineering. We look forward to partnering with them as the company disrupts the traditional product security space.”
SOURCE: BusinessWire