SubImage announced it has raised $4.2 million in seed funding to accelerate development of its open-core cloud security graph platform, expand customer pilots, and grow its engineering team. FundersClub, Y Combinator, Phosphor Capital, and Transpose Platform participated in the round.
Based in San Francisco, the company was founded by Alex Chantavy and Kunaal Sikka, who previously worked in security roles across government, enterprises, and hypergrowth organizations. Their experience at the National Security Agency, Microsoft’s Red Team, and Lyft helped shape the graph-first approach to cloud visibility and remediation that defines SubImage’s platform.
The founders had previously contributed to Lyft’s open-source Cartography project, which helped influence the emergence of graph-based security tools across the industry. SubImage aims to build on that foundation by automating context gathering, connecting infrastructure signals with organizational realities, and turning visibility into actionable remediation steps for security teams.
SubImage’s platform focuses on correlating infrastructure and event data to determine ownership, prioritizing issues based on exploitability and organizational risk, and remaining open-core so users can extend coverage without being locked into closed ecosystems. The company positions itself as an open-core alternative to major proprietary cloud security platforms, emphasizing transparency, extensibility, and real-time understanding of attack paths.
The company’s backers emphasized SubImage’s potential to help enterprises better map cloud assets, identify misconfigurations, and address vulnerabilities with greater clarity and speed. With the new funding, SubImage plans to deepen automation, broaden extensibility across cloud and device environments, and strengthen its ability to surface and explain high-risk issues for customers.
KEY QUOTES:
“The most important tool was our internal cloud knowledge graph because it showed us a map of the easiest attack paths.”
“One of the most effective ways to defend an environment is to see it the same way an attacker would.”
“This makes it clear what to fix first and why, especially when teams don’t have the resources to fix everything at once.”
“Organizations need to know what assets they have and how they’re configured, because getting that wrong means getting hacked. Most tools stop at visibility or bury data behind closed schemas. We’re building an open, extensible system that not only shows what’s wrong, but explains why it matters and how to fix it.”
Alex Chantavy, Co-Founder
“Our foundation is Cartography, which many companies already trust. We are an open-core alternative to Wiz. We’ve kept it open so teams can extend coverage to anything they rely on. It also means users aren’t locked out of understanding how their own security graph works. That openness builds confidence, especially during incidents that need real-time response and can’t wait on vendor support.”
Kunaal Sikka, Co-Founder
“We are thrilled to support the team behind Cartography that is bringing automation and intelligence to mapping infrastructure with an open-core approach. SubImage will be critical for companies that need to map all of their assets in their cloud environment and end-user devices, and we’re excited to help them grow their team and surface, prioritize, and address vulnerabilities for their customers.”
Alex Mittal, FundersClub
