Root Evidence, a cybersecurity startup specializing in evidence-based security, has raised $12.5 million in a seed round. The oversubscribed funding was led by Ballistic Ventures with Grossman Ventures and others. The investment aligns talented cybersecurity leaders behind Root Evidence’s goal of providing solutions that turn digital risk into measurable business results.
Root Evidence’s founders, including Jeremiah Grossman (Chief Executive Officer), Robert “RSnake” Hansen (Chief Technology Officer), Heather Konold (Chief Operations Officer), and Lex Arquette (Chief Product Officer), are a widely recognized team of serial cybersecurity entrepreneurs with decades of experience who have led multiple successful companies.
Grossman co-founded WhiteHat Security, joined SentinelOne as Chief of Security Strategy before its IPO, and co-founded Bit Discovery with this team in 2020, which was acquired by Tenable in 2023. Their innovations have revolutionized cybersecurity sectors, including web app security and attack surface management. Lex Arquette, co-founder of WhiteHat Security and Bit Discovery, built Meta’s (then Facebook) homepage and growth systems that onboarded their first billion users. The team has been startup investors, board members, and advisors, contributing to many successful startups. Now, they focus on vulnerability management.
Many CISOs are frustrated with vulnerability management, overwhelmed by the volume of findings, struggling to cover their attack surface, and hard-pressed to prioritize fixes and justify resources. Only a tiny fraction, under 1% of vulnerabilities, matter, as adversaries exploit only a few to cause harm. Root Evidence aims to change this.
Root Evidence cuts through the noise by enabling security teams to calculate financial risk, focus on vulnerabilities with the greatest impact, and **genuinely reduce breach chances.
The company’s approach is evidence-based security, prioritizing decisions with the strongest risk evidence.
KEY QUOTES:
“We decided the best way for us to move the needle in cybersecurity is by taking on vulnerability management because the old approaches clearly aren’t working. Companies want to be confident that the truly riskiest vulnerabilities are being found and need new ways to demonstrate that what they fix measurably reduces the likelihood of a breach, and translates that impact into actual real dollars and cents.”
Jeremiah Grossman
“Success in vulnerability management is no longer about who can report the most theoretical vulnerabilities, no matter how technically severe. Organizations need proof, with evidence, of which vulnerabilities are known to cause the most damage if left unaddressed, to focus on remediating those first. That’s what Root Evidence does.”
Robert Hansen, CTO of Root Evidence
“The Ballistic partners have years of first-hand experience in vulnerability management, so we know the massive problem of vulnerability overload all too well. The industry is antiquated, and ripe for visionary thinking. Root Evidence’s evidence-based strategy is exactly what’s needed to solve it. This team has done it before, literally changed how the industry approaches security, and now poised to once again push the industry forward. We’re proud to support such an accomplished team.”
Roger Thortnon
