Dux, an agentic exposure management platform designed to keep pace with AI-driven cyberattacks, has emerged from stealth with a $9 million seed financing round led by Redpoint, TLV Partners, and Maple Capital. The company said the round also included participation from cybersecurity executives from CrowdStrike, Okta, and Armis.
Based in Tel Aviv and New York, Dux is positioning its platform as an operating model shift for vulnerability and exposure management—moving organizations away from periodic scans and manual triage toward continuous, automated investigation focused on what is actually exploitable in a specific environment. Rather than producing more findings or another prioritization layer, the company says it identifies exploitable vulnerability paths and helps shut them down before they can be used in an attack.
Dux said it was created to eliminate exposures before they become incidents by determining what attackers can realistically use, whether existing controls block the path, and the fastest route to safety. The company said it is already supporting major U.S. enterprises.
The startup was founded by Or Latovitz (CEO), Amit Nir (CPO), and Nadav Geva (CTO), who the company said are graduates of the IDF’s Talpiot program and previously led large-scale offensive and defensive cybersecurity and AI initiatives for national agencies. Dux said their work earned multiple national innovation awards and included building operational systems deployed at a national scale.
Dux is framing its launch around a widening gap between exploitation speed and enterprise remediation capacity. The company highlighted the growing volume of assets, scanners, and vulnerabilities that security teams must contend with, and argued that AI is accelerating attacker timelines. In that context, Dux says defenders need real-time insight into exploitability and fast mitigation options that aren’t constrained by traditional patch cycles.
The platform aligns with Gartner’s Continuous Threat Exposure Management (CTEM) framework, according to the company, but applies it using “AI-workers” intended to reason like expert analysts at scale. Dux said its agents continuously analyze exploitability across the environment, surface lightweight mitigations—such as control updates or configuration changes—that can reduce risk faster than a full patch, and route targeted remediation to the appropriate owners only when necessary.
The seed funding will be used to expand its R&D team in Tel Aviv, grow its U.S. go-to-market organization, and accelerate development of its agentic capabilities across exploitability analysis, lightweight mitigation, and continuous exposure management.
KEY QUOTES
“Most security tools show you what’s vulnerable. Dux shows you what attackers can actually use — and that’s a game changer.”
Rona Segev, Co-Founder And Managing Partner, TLV Partners
“These attacks don’t wait for patch cycles. Defenders need rapid insight into what’s actually exploitable and the means to reduce those exposures effectively, at the pace modern attacks demand.”
Or Latovitz, Co-Founder And CEO, Dux
“Most scanner findings aren’t exploitable once you account for real context. But discovering that manually takes expert judgment and deep knowledge of the environment. Agentic AI lets teams apply that level of reasoning across every vulnerability and asset, every time.”
Amit Nir, Co-Founder And CPO, Dux
“Attackers are moving faster than ever, and defenders need a platform built for that pace. Dux puts vulnerabilities in the context of their actual threat to a business, and then uses AI agents exactly where speed and precision matter most to resolve them.”
Erica Brescia, Managing Director, Redpoint
“Every time a zero-day drops or a critical vulnerability hits the news, teams need answers fast. Our customers spin up AI-workers to investigate those vulnerabilities across their environment within minutes.”
Nadav Geva, Co-Founder And CTO, Dux
