Zafran Security has secured a $60 million Series C round to advance its AI-native Threat Exposure Management platform and expand globally as enterprises race to counter increasingly automated cyberattacks. The round, led by Menlo Ventures with participation from Sequoia Capital, Cyberstarts, PSP Growth, Vintage Investment Partners, and Knollwood Investment, brings the company’s total funding to $130 million and doubles its valuation since its previous raise.
The new capital will support the rollout of Zafran’s Agentic Exposure Management solution, which automates the end-to-end lifecycle of asset inventory, vulnerability detection, risk assessment, and remediation. The company’s rapid growth has been driven by strong enterprise adoption across healthcare, technology, financial services, and manufacturing, enabling Zafran to more than triple its annual recurring revenue. Multiple Fortune 500 companies now use the platform to reduce remediation timelines from weeks to hours by identifying what is truly exploitable and eliminating the need for extensive manual triage.
The company emphasized the urgency of modernizing exposure management as AI-powered attacks accelerate. In the first quarter of 2025, 30% of known exploited vulnerabilities were weaponized within a single day of public disclosure, heightening pressure on security teams that remain constrained by duplicative findings and traditional patch cycles.
With its newly launched Agentic Exposure Management system, Zafran is introducing autonomous agents that can discover exposures, evaluate exploitability, map compensating controls, determine asset ownership, assess patching impact, and execute automated fixes with guardrails for human oversight. The approach is built on Zafran’s AI-native Exposure Graph, which connects vulnerabilities to real-world risk and actionability.
Investors highlighted the difference between legacy platforms that add AI features and platforms built from inception around autonomous AI. Enterprises are increasingly seeking tools that can transform the service-oriented, repetitive work of vulnerability triage and remediation into efficient automated workflows. Customers similarly pointed to the value of rapid insight generation as organizations confront the rise of AI-enabled exploits.
Zafran, founded in New York, positions itself as the first AI-native, end-to-end Threat Exposure Management platform designed to help enterprises prevent the exploitation of vulnerabilities at scale. The company says its approach allows customers to validate that most critical vulnerabilities pose no real exploitability risk, while quickly addressing the fraction that does.
KEY QUOTES:
“We must not allow attackers to claim the AI advantage. This investment propels our AI innovation forward, building a new model for exposure management through autonomous agents that empowers defenders to fight back.”
Sanaz Yashar, CEO and Co-Founder of Zafran Security
“Vulnerability management burns massive analyst hours on repetitive triage and manual patching, the kind of service-oriented work that AI agents excel at automating. Zafran’s growth proves that enterprises recognise the difference between legacy tools with AI features bolted on and platforms rebuilt around autonomous AI from the ground up. This is what AI-native security looks like.”
Rama Sekhar, Partner at Menlo Ventures
“In seconds, agentic AI can reveal what teams previously only suspected: the biggest risks to the business, why they matter, and which actions will truly move the needle. As AI-powered exploits accelerate, having tools that deliver insights this quickly is essential to staying ahead of emerging threats.”
Steve Lodin, Vice President of InfoSec at Sallie Mae
