Raven.io provides a runtime application security platform that protects cloud-native applications by analyzing code behavior in real time to detect and block unknown attacks and supply-chain exploits without requiring instrumentation. Pulse 2.0 interviewed Raven.io co-founder and CEO Roi Abitboul to learn more.
Roi Abitboul’s Background
What is your background, and what led you to launch Raven.io? Abitboul said:
“I spent eight years in the IDF’s Ofek 324 elite intelligence unit, which is where I first developed a deep understanding of how sophisticated attackers operate. Not theoretically, but operationally. That experience shaped how I think about security problems: start from the attacker’s perspective, then work backward to what defenders actually need.”
“After the military, I co-founded Javelin Networks, which focused on Active Directory security at a time when most of the industry was not paying attention to identity-based attacks. We built something that worked, Symantec agreed, and we went through an acquisition.”
“But even then, I kept coming back to the same frustration: defenders are always a step behind because the tools they rely on are built around known threats.”
“That frustration is what led to Raven. As applications became more complex, more dynamic, and more dependent on third-party code, I kept seeing the same blind spot. Security teams had visibility everywhere around the application, but almost none inside it. The application itself was a black box. And attackers knew it.”
“Raven was built to fix that. To give defenders the same kind of inside view that attackers have been exploiting for years. After a decade in this industry, I am convinced that runtime visibility is not just a better approach; it is essential. In a world where AI has made Common Vulnerability Exposures (CVE) scanning tools obsolete, it is the only approach that makes sense.”
Problem Being Solved
What problem were you determined to solve when you started the company? Abitboul shared:
“The problem I kept coming back to was simple to describe but surprisingly hard to solve: defenders cannot protect what they cannot see.”
“For years, the security industry has invested heavily in tools that monitor everything around the application. Network traffic, system processes, endpoint behavior. But the application itself, the thing actually running your business logic, processing your transactions, handling your customer data, remained essentially opaque. A black box that security tools would observe from the outside and make educated guesses about.”
“That is a fundamental problem, not a tooling gap. Because the most damaging attacks do not happen at the perimeter. They happen inside the application, in the execution chain, in the behavior of dependencies you trusted implicitly because they came from a reputable source.”
“I watched this pattern repeat across the industry. Organizations with mature security programs, real investment, and serious teams were still getting breached through vectors that no perimeter tool would ever catch. And the response was always the same: add another layer outside the application. Monitor more signals. Correlate more alerts.”
“We went in the opposite direction. If the problem is that the application is a black box, the answer is to see inside it. And others have tried to do that, but the approaches that existed required code injection or instrumentation that introduced performance degradation that production teams would never accept.”
“So the visibility never made it to where it mattered most. Raven achieves that visibility without instrumentation, without code injection, and without any performance degradation. You get a clear view inside the running application without touching it. That is the problem Raven was built to solve, and honestly, given how fast AI is accelerating attacker capabilities now, I think we were building toward this moment without fully realizing how urgent it would become.”
Core Product
What is Raven.io’s core product, and what key features set it apart? Abitboul explained:
“Raven.io’s core product is runtime exploit prevention, stopping exploits from executing in real time, before damage is done.”
“What sets Raven apart comes down to two things:
- CVE-agnostic protection. Raven prevents exploits regardless of whether a CVE exists. Rather than matching against known signatures, Raven monitors application behavior at runtime, meaning zero-days, CVE-less exploits, and novel attack techniques are stopped on behavior alone, not by waiting for a patch or a published vulnerability.
- Best-in-class performance. Raven delivers this protection with minimal impact to application performance, making it viable for production environments where other runtime security tools have historically been a non-starter.”
Differentiation From Traditional Cybersecurity Platforms
How does Raven.io’s approach differ from traditional cybersecurity platforms? Abitboul affirmed:
“Traditional security platforms guard the perimeter. They watch network traffic and OS processes, but the application itself is a black box. Raven operates within the running application, with full visibility into what’s actually executing at runtime. That means Raven catches threats that look completely normal from the outside but are anomalous where it matters: within the application itself.”
Biggest Security Gaps Being Seen Today
What are the biggest security gaps you’re seeing today as AI adoption accelerates? Abitboul pointed out:
“AI has collapsed the economics of offensive security in a way that breaks every assumption on which traditional defense was built on. The old model assumed defenders had a window between disclosure and exploitation. That window is gone. Anthropic’s Mythos model showed us that AI can accelerate every step of the exploit lifecycle, from vulnerability discovery to weaponization to deployment, faster than any patch cycle can keep up with. The orgs still betting on CVE-based prioritization and reactive patching are essentially planning to be late to every fight. The only viable response is shifting to runtime detection, catching the exploit in execution rather than racing to close the door before it opens.”
Market Opportunity
How do you define the market opportunity for Raven.io? Abitboul described:
“The market opportunity is being created right now by the convergence of two forces that existing vendors are not positioned to address together.”
“First, the attack surface has fundamentally changed. Applications are no longer monolithic and static. They are dynamic, dependency-heavy, and increasingly AI-generated, making the code running in production harder than ever to fully audit before deployment.”
“Traditional tools were built for a different era.”
“Second, regulatory and compliance pressures are catching up with reality. With frameworks like the EU Cyber Resilience Act and evolving software supply chain requirements, organizations are being asked to prove they know what is running in their applications, not just what they shipped. That is a runtime visibility problem, and most of the market has no good answer for it.”
“The addressable market spans any organization running production applications with real consequences in the event of a breach. But the core is financial institutions and healthcare, where a breach is not just a reputational event. It is an operational catastrophe, a regulatory crisis, and in healthcare’s case, potentially a patient safety issue. These are organizations where the cost of being wrong is existential, and where the pressure to move beyond perimeter security is most acute.”
“The broader opportunity extends to any enterprise that has already invested heavily in perimeter and endpoint security and is realizing those investments have a blind spot: the inside of the application itself.”
“So the opportunity is not just a gap in the product landscape. It is a gap that is widening as AI accelerates attacker capabilities, as software supply chains grow more complex, and as the cost of being reactive keeps going up.”
Differentiation
What differentiates Raven.io from other players in the space? Abitboul affirmed:
“Most security platforms are built around a fundamental assumption: that threats can be identified by matching against known vulnerabilities. Find the CVE, patch it, repeat. Raven is built around the recognition that this assumption is broken.”
“The most dangerous attacks today do not show up in a CVE database such as the National Vulnerability Database. They exploit legitimate code, legitimate dependencies, and legitimate execution paths in ways that look completely normal to any tool watching from the outside. That is the gap Raven was built to close.”
“Where other platforms monitor the perimeter or rely on signature-based detection, Raven operates from inside the running application. We see the execution chain in real time, which means we can detect anomalous behavior even when there is no CVE, no known signature, and no prior indication of compromise. That is not an incremental improvement on what existing tools do. It is a fundamentally different detection model.”
“This matters more now than ever. As Anthropic’s Mythos research made clear, AI has industrialized the exploit pipeline to the point where time to exploit has gone negative. Attackers are moving faster than any patch cycle can match. In that environment, tools built around reactive, CVE-based detection are ineffective and structurally mismatched to the threat.”
“Raven’s differentiation is an architectural bet that runtime visibility is the only sustainable answer to the way attacks are evolving.”
Top Priorities
What are your top priorities for the company over the next 12–18 months? Abitboul revealed:
“Our top priority over the next 12–18 months is to turn Raven from a strong technology company into a clear category leader in runtime application security.”
Long-Term Vision
What is your long-term vision for Raven.io? Abitboul emphasized:
“It’s simple. We want to protect every server in the world from cyber intrusions. We see a world where organizations of any size, from startups to enterprises and public institutions, can deploy infrastructure without needing a team of elite security experts just to stay safe. Today, security is often reactive, fragmented, and overly complex. Raven’s role is to flip that model into something proactive, unified, and automated.”
Advice For Security Leaders
What advice would you give to security leaders navigating AI-driven threats today? Abitboul concluded:
“First, security leaders can no longer rely on reactive detection only and need to rethink long-held assumptions when navigating AI-driven threats. Attackers are increasingly generating novel attack paths, chaining misconfigurations, and exploiting logic flaws that will never show up in a CVE database. If your program is centered on patching known issues, you’re always a step behind.”
“Second, acknowledge that detection alone is no longer enough. AI has dramatically lowered the cost of generating high-volume, highly adaptive attacks, whether through malware, automated phishing, or real-time intrusion attempts that evolve in response to your defenses. In this new environment, a purely detection-and-response model becomes a losing game.”
“Finally, security teams need to embrace automation and intelligence on their side. If attackers are using AI to move faster, defenders have to do the same by deploying systems that can reason, prioritize, and act with minimal human intervention.”
