Seals securitya Tel Aviv-based startup founded by a group of former members of Israel’s Unit 8200 intelligence unit, is coming out of stealth today to announce a $7.4 million funding round led by Vertex Ventures Israel, with participation from Crew Capital, the PayPal Alumni Fund and Cyber Club London.
Since the Log4j vulnerability was discovered and the White House released its software supply chain executive order, everyone who builds software knows the importance of keeping the many open source libraries they rely on up to date. But that’s easier said than done, as large enterprises often employ entire teams focused on nothing but keeping their packages up to date. In recent years, we’ve seen a number of security companies that specialize in notifying developers when one of their packages is vulnerable. While this is valuable, the real work is fixing these vulnerabilities, which in most cases simply involves installing an update.
Seal was founded by Itamar Sher (CEO), Lev Pakhmanov (CTO) and Alon Navon (CPO). After their time at Unit 8200, team members worked at various companies, including Cymmetria, Curv, and PayPal. Sher tells me the team joined forces in the summer of 2022.
“For me, it was really about wanting to be a builder,” Sher said. “I spent some time being on the other side: being a researcher, hacking things, breaking things — which is fun in its own way. But I think one of the things I cared about — and really wanted to bring forward — is being more on the maker side.” As an early employee at Cymmetria, he already got a taste of that experience, but now as a founder and CEO, he sees the full spectrum of the startup experience.
Image Credits: Seals security
What makes Seal different is that it actually patches vulnerable packages and doesn’t just update them. While working at PayPal, he realized that there was a lack of tools that could not only discover but also fix security vulnerabilities. He also pointed out that many of today’s tools bombard developers with hundreds of notifications, making it difficult to prioritize which ones to focus on. In the end, these teams spend a lot of their time and energy to keep packages updated (even ones that may not even be used in production). “What we’ve noticed is that for the majority of vulnerabilities that are out there, you can actually take the security patch that reduces the risk and just apply it to the existing versions that developers are already using,” Sher explained.
Seal Security currently integrates with GitHub to push these patches into a company’s CI/CD pipeline. But what is perhaps more important is that Seal creates these patches herself. Much of this process is automated and supported, in part, by using a large language model. These models, Sher explained, are very good at identifying the commit introduced by a particular patch, for example. Indeed, without the models, a solution like Seal Security probably wouldn’t have been scalable just a few years ago.
“Open source components are fundamental to software development, and organizations face significant challenges in managing critical vulnerability libraries. These challenges have a significant impact on business results,” explains Daniel Dines, the co-founder and general partner of Crew Capital (and the co-founder and co-CEO of UiPath). “Stamp Security addresses this market demand with a solution that streamlines security patch management, allowing its customers to efficiently eliminate vulnerabilities.”
