In 2017, Jyoti Bansal co-founded San Francisco-based security firm Traceable with former investor Sanjay Nagaraj. With TraceableBansal — who previously co-launched application performance management startup AppDynamics, which was acquired by Cisco in 2017 — sought to build a platform to protect customers’ APIs from cyberattacks.
Attacks on APIs—the sets of protocols that define how platforms, applications, and services communicate—are on the rise. API attacks affected nearly a quarter of organizations each week in the first month of 2024, up 20% from the same period a year ago; according at cybersecurity firm Check Point.
API attacks take many forms, including attempting to make an API unavailable by overwhelming it with traffic, bypassing authentication methods, and exposing sensitive data transferred through a vendor’s APIs.
“There is a lack of recognition of the criticality of API security,” Bansal told TechCrunch in an interview, “as well as ignorance of the ever-growing API attack surface and resistance to embracing API security due to entrenched investments in security solutions that do not directly address the API security issue.”
According to Bansal, more and more businesses are leveraging APIs thanks in part to the boom in artificial intelligence, but in the process they are unwittingly exposing themselves to attacks. For a recent one studythe number of APIs used by companies increased by over 200% between July 2022 and July 2023. Gartner, meanwhile, predict that over 80% of enterprises will have used AI APIs or developed AI-enabled applications by 2026.
What Traceable does to try to shield these APIs is that it applies artificial intelligence to analyze usage data to learn normal API behavior and trace activity that deviates from the baseline. Traceable’s software, which runs on-premises or in a fully managed cloud, can discover and document existing and new APIs, including undocumented and “orphaned” (i.e. deprecated) APIs in real time, according to Bansal .
“In order to detect modern threat scenarios, Traceable trained internal models by optimizing large language open source models with labeled attack data,” explained Bansal. “Our platform provides tools for API threat discovery, testing, protection and search workflows for IT teams.”
The market for API security solutions is filling up fast, with vendors such as Noname Security, 42Crunch, Vorlon, Salt Security, Cequence, Ghost Security, Pynt, Akamai, Escape and F5 all vying for customers. According for Research and Procurement, the segment could grow at a CAGR of 31.5% from 2023 to 2030, boosted by rising cyber security threats and demand for more secure APIs.
But Bansal claims Traceable is holding its own, analyzing about 500 billion API calls a month for ~50 customers and predicting that revenue will double this year. Most of Traceable’s customers are in business, but Bansal says the company is exploring pilots with governments.
“Traceable is building a long-term sustainable company, which from a financial perspective means we have a very healthy margin profile that continues to improve as our revenue grows,” he said. “We are not profitable today by choice as we invest in the business responsibly… Our focus is on strategic investments that maximize return, not just spending.”
To that end, Traceable announced today that it has raised $30 million in a strategic investment from a group of backers that included Citi Ventures (the corporate venture arm of Citigroup) IVP, Geodesic Capital, Sorenson Capital and Unusual Ventures. Valuing Traceable at $500 million post-money and bringing Traceable’s total to $110 million, the new cash will go toward product development, scaling Traceable’s platform and customer engineering teams, and growing its partnership program company, Bansal said.
Traceable currently has ~180 employees. Bansal expects the number of employees to reach 230 by the end of 2024, with most of the new investment going into hiring.
“Traceable was not a capital raise as we still had significant cash corridor prior to this investment,” Bansal said, adding that Traceable secured a “large” line of credit in addition to the new capital, “but we received significant inbound demand from investors. . With the combination of our strategic alignment with Citi Ventures and the attractive terms of the investment, we decided to make a smaller investment now to accelerate our product and go-to-market initiatives before considering a more substantial fundraise.”