Security Startups funded by Y Combinator (YC) in the San Francisco Bay Area 2024

Sift is the leader in Digital Trust & Safety, empowering digital disruptors to Fortune 500 companies to unlock new revenue without risk. Sift dynamically prevents fraud and abuse through industry-leading technology and expertise, an unrivaled global data network of 70 billion events per month, and a commitment to long-term customer partnerships. Global brands such as DoorDash, Twitter, and Wayfair rely on Sift to gain a competitive advantage in their markets.

Instantly stop automated and human-originated account takeovers, fake accounts, and any behavior that violates your platform policies.

AmberBox is the most advanced indoor gunshot detection and response system used in the US today. AmberBox automates emergency processes to significantly reduce response time and remove human error. AmberBox detectors utilise a patented gunshot detection algorithm to respond immediately following a firearm discharge. With tri-factor authentication (percussion, audio and infrared), detectors are able to instantly determine a firearm signature with a near-zero false alarm rate. Upon activation, detectors alert first responders through our reporting network, and can integrate with other security systems, such as cameras, access control systems and mass notification to initiate.

Ambient.ai is a computer vision intelligence company transforming enterprise security operations to prevent security incidents before they happen. The Ambient.ai platform applies AI and computer vision intelligence to existing sensor and camera infrastructure to deliver continuous physical security monitoring and automate the immediate dispatch of human resources. Ambient.ai is the first platform that goes beyond basic motion detection and image recognition to achieve near-human perception with automated situational context. With physical security incidents on the rise and physical security organizations left under-resourced, Ambient.ai’s computer intelligence platform comes at a time of critical need, which is why the company has raised over $50 million from venture capital investors led by a16z. Today, large enterprises, schools and organizations – including many of the largest US tech companies and other Fortune 500 companies – use Ambient.ai to secure property, people, and assets from the most harrowing physical security threats. The company was founded in 2017 by experts in artificial intelligence from Stanford who previously built iconic products at Apple, Google, Microsoft and Dropbox. We are backed by Andreessen Horowitz (a16z), SV Angel, Y Combinator, and visionary angels like Jyoti Bansal, Mark Leslie and Elad Gil.

Apozy is a browser defense platform powered by "Native Browser Isolation" technology. It neutralizes phishing, malware, and impersonation attacks in real-time by sandboxing dangerous websites at the time of click. This creates a safe "read-only" environment for browsing, even if the original website is malicious. Businesses use Apozy Airlock to protect their employees from online threats and prevent data breaches.

Upfort is a leading platform for cyber security and insurance that provides holistic protection from evolving cyber threats. Founded in 2017 to expand global access to cyber resilience, Upfort makes cyber risk easy to manage and simple to insure. Upfort delivers turnkey security proven to proactively mitigate risk and comprehensive cyber insurance from leading insurers. With proprietary data and intelligent automation, Upfort’s AI anticipates risk and streamlines mitigation for hassle-free underwriting. Insurers, brokers, and risk advisors partner with Upfort to offer clients resilience and peace of mind against cyber threats.

Quantstamp has protected billions in digital assets from hackers on our mission to secure web3. As a global team of security professionals, we have honed our technology and expertise through hundreds of audits and gained the trust of our clients to keep their innovative products safe. In addition to providing an array of security services, we facilitate the growth and longevity of the web3 space through strategic investments and acting as a trusted advisor to help projects scale. Quantstamp is honored to have worked with some of the top projects in the industry including Aave, Compound, Maker, OpenSea, Polygon and many more. As the leading blockchain security company in this emerging industry, we are always looking for team members that love taking initiative and solving challenging problems. Join the team and help us secure the future of web3.

Anjuna makes hardware-grade application and data protection simple, fast and enterprise-ready. Anjuna software enables IT to “lift and shift” applications and data into the hardware-encrypted confines of a secure enclave, protecting them from malicious software, insiders, and bad actors. Available from every major chip, cloud, and system vendor, secure enclaves are the data security gold standard. Unlike point memory-only enclave solutions that require expensive and complicated software rewrites, Anjuna enables enterprises to achieve managed enterprise-class enclave protection that span memory, storage, networks, and clouds in minutes--without recoding. Anjuna is based in Palo Alto, California.

At TRM, we're on a mission to build trust in digital assets, because the promise of crypto is too valuable to be impeded by bad actors. We provide a blockchain intelligence platform to law enforcement, financial institutions, and crypto firms to assist in the detection and prevention of cryptocurrency fraud and financial crime. Our vision is to build a company that can sustainably deliver on our mission for decades to come, enabling consumers to transact safely and securely on the blockchain. Join our mission ➔ www.trmlabs.com/careers

Canix is building the first generation of modern software for the burgeoning cannabis industry. We help our customers overcome daunting compliance regulation, sell more product, and optimize their day to day operations—from cultivation, to processing, to distribution. Recent winner of TechCrunch Disrupt 2020, find out more at TechCrunch and canix.com.

We analyze thousands of video streams to find and track people without facial recognition. Our tech is available as an API and has multiple use cases. Unique people counting, forensic people search, falsa alarm filtering and many more.

QueryPie, a trusted data governance platform based in San Mateo, California, was founded in 2017 to centralize data access and privacy control across the enterprise in a single platform, transforming a liability into an opportunity while promoting data security and compliance. Data governance is the foundation of data. To summarize, data governance enables businesses to use data to make better business decisions and, as a result, improve financial performance. Companies do this by implementing consistent policies, procedures, and processes across their enterprise, including Data Infrastructure, Analytics, and Intelligence. QueryPie is the simplest way for businesses to maximize the value of their data assets while complying with privacy regulations such as GDPR, CCPA, and PCI-DSS, as well as legal reporting requirements. With our headquarters in San Mateo, we also have a solid team of product developers and database experts in Korea.

SuperTokens is building open source authentication (as an alternative to Auth0, Firebase and AWS Cognito). Add secure, hassle free authentication to your app in 1 day. We enable startups to launch quicker and focus on their core product offering 1. We're easier to implement as we take a modular approach - making it possible to pick only the features you need for your use case. This means you need not worry about complications associated with other features (eg: SSO and OAuth if you don’t need it) and this in turn makes it easier to implement and manage SuperTokens. 2. Developer's can own and manage their user's data. 3. SuperTokens can be run on your premise for free and also has a generous hosted tier for those who dont want to manage it themselves. SuperTokens is being used by hundreds of developers across the globe.

Swif.ai is a modern AI-powered unified endpoint management platform. It simplifies device security and compliance for all devices across Windows, macOS, and Linux systems. This allows for easy policy deployment and control in minutes. With autopilot enrollment, managing and enrolling new devices is made simpler. Furthermore, Swif automatically collects and sends asset inventory and compliance data to compliance automation platforms like Vanta, Drata, and other tools for continuous compliance and auditing.

Trust Center Platform SafeBase Trust Center enables Security teams to proactively share and automate access to security, compliance, and privacy information/ complete security questionnaires.

Spear phishing simulation & security awareness training powered by AI.

Tarsal is a data pipeline custom built for security teams. As security data grows 25% year over year, security teams desperately need access to best-in-class data infrastructure. Tarsal bridges the gap between the modern data stack and security teams, pioneering the modern security data stack.

- Create an Inventory of all your API Endpoints. - Proactively test your APIs before they go into production. - Detect API attacks in real time.

Keyri helps companies implement simple, secure anti-fraud and authentication solutions to delight users and keep bad actors off their platform. Keyri's mobile application and browser fingerprinting suite ties user identities to trusted devices, preventing fraudulent activity such as account opening, account takeovers, bot attacks, and referral/promo abuse. Keyri is able to establish an immutable device fingerprint for every device, alerting companies of any suspicious devices during sign up, log in, or subsequent authentication events. Keyri also offers a passwordless authentication suite that leverages Passkeys, WebAuthn, and QR codes to enable biometric authentication on all platforms and devices, providing a seamless user experience, strengthening multi-factor account security, and reducing reliance on other tedious and unsecure authentication methods.

We help DevOps teams to improve the security of their Cloud infrastructure. Our solution value increases for companies using multi-cloud (like GCP, Azure, AWS) or have multi-accounts (like Dev, Test, Prod)

Telivy helps small and medium businesses purchase the best cyber insurance coverage. Our proprietary ML-based risk platform assesses insurability gaps, offers remediation plans and brokers insurance quotes from A+ rated carriers.

Optery is automated opt out software, and we serve individuals, families and businesses. With Optery, you can remove yourself from hundreds of data brokers that are posting and selling your home address, phone number, email and other private information on the internet. Optery was awarded"Editors' Choice" by PCMag.com as the most outstanding product in its category in 2022, 2023, and 2024, and was a winner in Fast Company's Next Big Things in Tech for Security and Privacy in 2023. Optery prevents phishing and social engineering, identity theft and fraud, online stalking and harassment, doxxing, and prevents people's private information from showing up in Google search results. Anyone can create a free account to receive a personalized Exposure Report with live screenshots summarizing where your information is being posted and sold online. Optery then provides free tools for self-service removals, or you can upgrade to a paid plan, and Optery will remove the profiles for you. Optery for Business serves enterprises removing personal information from the internet for their employees and executives, and offers an API enabling application developers to embed data broker scanning and removal technology into their applications.

Firezone connects your workforce to the computing resources they need, wherever they are, securely. Unlike traditional VPNs, Firezone uses a least-privileged approach to access control known as Zero Trust Access. Connect your identity provider and define granular policies in minutes, then rejoice in the IT support requests you won't receive due to our lightweight, WireGuard-powered clients which work great on all platforms.

Wolfia helps companies fill security questionnaires and RFPs 10x faster using generative AI. We do this by building a knowledge base using your existing policies and previously answered questionnaires with AI.

Matano is a modern SIEM, built for cloud-first security teams. It replaces traditional SIEM databases like Splunk or Elastic with a cybersecurity platform built on top of a cost-effective Security Data Lake.

Find and fix business logic vulnerabilities in your applications in CI/CD before production — powered by Escape’s industry-leading API security intelligence.

ClickFacts is a Malware Software Solutions company for buyers and sellers of online media. Its automated plug and play malware discovery solution tests online ads (SWFs & 3rd Party Ad Tags) and web pages within websites to ensure they do not distribute malware onto users’ computers (which can lead to identity theft). Its moderation software solution monitors websites to ensure the ads running on them are free of inappropriate content (e.g., nudity, racism), and its Ad Buddy product provides to advertisers real-time continuous monitoring and a complete history of where their ads have run. ClickFacts Inc. was founded in 2005 by Mikhail Ledvich, Mikhail Gurevich, and Greg Gurevich in Boston Mass, with initial funding by YCombinator. It is now based in San Francisco, California.

Smyte stops spam, scams, harassment and credit card fraud for marketplaces and social networks. We automatically classify your website and mobile app's event data and stop bad actors at scale.

Cyberfend offers a robust security solution to protect your web and mobile applications from sophisticated attacks and fraudulent activity. Cyberfend's solution detects account take-over, payment fraud and the use of stolen credentials. All of these problems are relevant to every consumer facing web and mobile product/service. Cyberfend’s solution uses a new security paradigm – human cognitive science coupled with advanced machine learning. The result is a robust detection system with near zero false positives and false negatives. Today Cyberfend protects nearly a billion login and payment transactions every month for many large e-commerce, web and payment customers. Cyberfend's product is at the intersection of almost every single cutting edge technology today : a) Our core product employs heavy machine learning b) On the backed, our product is cloud based and deals with enormous scale (customers are directing significant portions of their traffic to us) c) On the front end we need to deal with both web and mobile (IOS, SDK) challenges.Please visit us at: www.cyberfend.com. Cyberfend is backed by Y Combinator, SV Angel and A Capital. Cyberfend was acquired by Akamai Technologies in December 2016.

Foxpass increases your organization's server and network security by ensuring employee accounts have access only to what they need. Our cloud-hosted LDAP and RADIUS systems help you bring best-practices to your infrastructure. And they're backed by your existing Google Apps accounts.

Developer-oriented security platform, helping small and large companies protect their software from malicious activityDeveloper-oriented security platform, helping small and large companies protect their software from malicious activity

Sqreen is the application security platform for the modern enterprise. More than 800 organizations trust Sqreen to protect, observe and test their applications, APIs and microservices. As opposed to pattern-based approaches, Sqreen analyses in-app execution in real time to deliver more robust security without compromising performance.

As organizations around the world continue to rapidly adopt SaaS applications as the way they run their businesses, many are left without a way to manage the security of those same applications. Corporate IT and security teams are left asking questions like: - How will I know if someone shares a sensitive Google Doc publicly? - What if one of our employees doesn't have two-factor authentication enabled in Zoom? - Will I know when a new user is added to Slack? - What happens if our Salesforce minimum password setting isn't strong enough? With Vectrix's easy-to-use SaaS security scanning, organizations everywhere can quickly identify security issues and risks like these across their entire suite of SaaS apps, including Google Workspace, Microsoft 365, Slack, Zoom, GitHub, and more. When new issues arise, IT and security teams can be alerted in real-time so that further action can be taken right away. Founded by former security professionals from Autodesk, Vimeo, and PlanGrid, Vectrix is committed to providing teams of all sizes an efficient and reliable way to stay secure in the public cloud. Get started at https://www.vectrix.io