Latest news with #Horizon3ai
Forbes
6 days ago
- Business
- Forbes
Horizon3.ai And The NSA Sound Alarm On Supply Chain Cyber Threats
Black Hat 2025, more affectionately known by those who perennially attend the event as 'Hacker Summer Camp' is taking place this week in Las Vegas. It is filled with insightful presentations and training, but one joint keynote from and the NSA is drawing attention not just for the pairing, but for the message: cybersecurity strategies must evolve—fast. The focus isn't on hypothetical threats. It's on something both sides say is happening now: attackers exploiting weaknesses not in primary targets, but in the long tail of their supply chains. Snehal Antani, CEO of and a former DoD tech executive, brings first-hand perspective to the conversation. In an exclusive interview ahead of the event, he described how AI is changing the speed and scale of attacks—and why security validation must catch up. 'The bad guys are inventing similar capabilities,' Antani said. 'The speed of attack is only getting faster.' The Growing Threat to the Defense Industrial Base The keynote centers on a growing risk to national defense: the vulnerability of smaller defense contractors and suppliers. Nation-state actors are no longer just targeting large enterprises or government systems directly. Instead, they're looking for the easiest point of entry—which is often a small design firm, subcontractor or third-party IT provider. Antani shared an example where Horizon3's autonomous pen-testing platform uncovered sensitive CAD files for Nimitz-class aircraft carriers within five minutes of running a simulation at a small ship design firm. 'They didn't have to go after the Pentagon,' he said. 'They got the full design—including nuclear submarine specs—from a supplier.' This approach is consistent with how modern cyber-espionage works. As Richard Stiennon, chief research analyst at IT-Harvest, explains, 'When a spy agency picks a new target, the first tool they reach for is exploits against the target's software infrastructure. Reconnaissance is not about enumerating the target's attack surface; it is all about enumerating the target's supplier base.' And it's not just a defense-sector issue. Scott Crawford, research director for information security at 451 Research, part of S&P Global Market Intelligence, notes the same pattern across many industries. 'It's no secret that attackers have targeted smaller organizations that make for attractive targets. From healthcare clinics to local agencies, adversaries have found many of these to be more constrained when it comes to security expertise and investment—but in possession regardless of valuable assets, sensitive information or functionality.' Crawford added, 'In the realm of suppliers to critical industries, this issue is amplified by the dependence of those industries on extensive supply chains. Many suppliers in verticals from aerospace and defense to automotive and well beyond depend on networks of thousands of suppliers. Utilities may consist of heavily internetworked facilities in larger grids. When governments step in to step up cybersecurity in these realms, they are recognizing critical societal dependencies that can have an impact well beyond the scale of any one supplier.' That's the backdrop for the NSA's participation. Bailey Bickley, who leads the agency's Cybersecurity Collaboration Center, will join Antani onstage to discuss how the NSA is working directly with small and mid-size suppliers to raise their baseline defenses—not just enforce compliance. This carrot-and-stick approach complements frameworks like CMMC. 'The carrot raises the ceiling of security, and the stick raises the floor,' Antani said. The Role of AI in Offensive Security The core of approach lies in automated adversary emulation. Instead of waiting for an attack or relying on static controls, organizations can simulate real-world threats across their environments. These autonomous pen tests run continuously, surfacing exploitable issues before an attacker can. Scale is key. 'I run more pen tests a day than Big Four consulting firms run in a year,' Antani noted. 'That gives us a telemetry advantage—five billion unique events a month.' With that data, builds what Antani calls a 'graph of understanding' about an environment, then uses large language models to generate attack scenarios. The company emphasizes cost-effective AI, blending LLMs with custom architectures to avoid the high token costs that make many AI startups economically unviable. 'The problem with most AI companies today is they spend more on token costs than they do the revenue they're collecting,' he said. 'They're actually all gross margins negative.' By contrast, Antani says meets the 'Rule of 40,' a metric that combines growth and profitability, and one Wall Street uses to evaluate sustainable software businesses. A Rare Public-Private Alignment The NSA rarely shares a keynote stage with a private startup. Their collaboration with reflects a broader trend: traditional agencies working with newer, faster-moving companies to solve complex challenges that span both sectors. Antani, who helped lead AI initiatives in the U.S. military, sees public-private collaboration as essential—especially as the threat surface expands. What happens to a small defense contractor in Ohio can have ripple effects across military readiness, critical infrastructure and even civilian technology supply chains. 'A lot of those defense industrial base suppliers also supply for companies like GM,' he noted. 'The network effect here is huge.' From Pen Tests to FixOps is also using Black Hat to introduce a new integration: wrapping its autonomous pen testing with Model Context Protocol servers. These systems let users query security issues in plain language—no need for complex dashboards or cross-tool coordination. Antani calls the result 'FixOps,' short for fix operations—a closed-loop process for identifying and remediating security issues with automation. 'The end user doesn't have to care about all the technical nuances anymore,' he said. 'MCP completely simplifies the workflow of remediation.' Looking Ahead The keynote is a signal that assumptions about how security should be measured—and how defense is prioritized—are shifting. As AI accelerates the pace of cyberattacks, static controls and annual audits won't be enough. The defense industrial base is only as strong as its weakest supplier. If organizations want to be resilient, they'll need to validate their defenses continuously—and extend that mindset beyond their own perimeter. Whether or not every organization embraces the model is proposing, the core message rings true: in a world of persistent, fast-moving threats, visibility is no longer optional. If you happen to be in Las Vegas for 'Hacker Summer Camp' this week, you can check out the and NSA joint keynote on Wednesday, August 6 at 12:50pm local time in Oceanside A on Level 2 at Mandalay Bay.
National Post
10-06-2025
- Business
- National Post
Horizon3.ai Raises $100M to Cement Leadership in Autonomous Security
Article content SAN FRANCISCO — the company behind the NodeZero® Autonomous Security Platform, today announced a $100 million Series D funding round led by NEA, with participation from SignalFire, Craft Ventures and 9Yards Capital. As part of the investment, Lila Tretikov, Partner and Head of AI Strategy at NEA and former Deputy CTO of Microsoft, will join the Board of Directors. Article content 'Over the past four years, we've proven that using AI to hack companies isn't science fiction—it's real, and it's delivering measurable results at scale. There are now over 3,000 organizations using NodeZero globally to conduct penetration tests. We're sustaining 100%+ year-over-year ARR growth, and we are now Rule of 40-positive, which means we're not just growing—we're growing efficiently,' said Snehal Antani, CEO and Co-founder of 'This raise marks the next chapter in our mission to lead the Autonomous Security category.' Article content 'Security teams are tired of chasing CVEs, false positives, and compliance checkboxes. They want to find and fix what actually matters, verify it's resolved, and go home early,' said Antani. 'The hardest part of the job as a CIO is deciding what not to fix. The second hardest part is proving to the board that your security initiatives are meaningfully reducing risk. NodeZero plays a critical role in reducing your threat exposure over time.' Article content Targeting an $80B Total Addressable Market: Autonomous Security Article content The cybersecurity market is undergoing a generational shift. NodeZero successfully compromised a bank in 4 minutes with no humans required, far faster than the reaction time of the bank's security team and their best-in-class tools. Similarly, adversaries are leveraging AI to exponentially increase the sophistication, complexity, speed and scale of attacks. The thesis is simple: the future of cyber will be algorithms fighting algorithms—at machine speed—with humans by exception. This requires a fundamental rebuild of every part of the cybersecurity stack. And to do so effectively, you need a deep understanding of how attackers operate—and an AI system that can use offensive insights to drive defensive improvements. is leading this shift. Article content ' has already realized what others are just beginning to imagine. NodeZero is a fully autonomous security system operating in live production environments—executing real attacks, uncovering real risk, and delivering real results,' said Antani. Article content Powered by reinforcement learning, graph reasoning, and AI, NodeZero doesn't simulate adversaries—it thinks and acts like one. Each cyber attack against production systems executed by NodeZero collects training data used to improve its algorithms, creating a compounding data advantage that no other platform can match. This is the foundation for the next era of cybersecurity, where AI doesn't just find risk, but continuously improves defenses. isn't chasing the future—it's building it. Article content With this funding, Horizon3 is accelerating across three strategic fronts: Article content Scale through partners – Doubling down on its partner ecosystem to meet growing demand across the Americas, EMEA, and APAC. Product innovation – Expanding into web application pentesting, vulnerability management, and precision defense, where NodeZero can remediate findings and tune defensive tools. Winning the federal market – Scaling its success with the Defense Industrial Base through the NSA's Continuous Autonomous Pentesting (CAPT) program, accelerating FedRAMP High usage, and expanding into Secret and Top Secret workloads to help secure the nation's most mission-critical systems. Article content 'What drew us to is the clarity of their mission and the speed at which they're executing it,' said Aaron Jacobson, Partner at NEA. 'They are defining a new security category—autonomous security—and are already the go-to solution for red and blue teams alike. We're thrilled to lead this round and support the company's next phase of growth.' Article content 'Snehal and the team are tackling one of the biggest problems in cybersecurity: automating both sides to ensure maximum defensibility against automated and AI-driven attacks,' said Lila Tretikov, Partner and Head of AI Strategy at NEA. 'Their customers love NodeZero, and the team has proven to operate with excellence at scale, which is why is transforming how security is done. I'm excited to join the board and help shape this next chapter.' Article content The impact is immediate and measurable. In one recent pentest, NodeZero gained access to sensitive US aircraft carrier design data through a third-party supplier. No humans were involved in the pentest. The platform autonomously compromised the network, gained access to sensitive data, and then guided defenders on exactly what to fix to prevent a breach. Article content 'My old boss used to say, 'don't tell me we're secure, show me, then show me again tomorrow, and again next week, because our environment is always changing and the enemy always has a vote,'' said Antani. Article content Article content Article content Article content Article content Contacts Article content Media Contact: Article content Article content Ed Kraft Article content Article content Article content
TechCrunch
28-05-2025
- Business
- TechCrunch
Security startup Horizon3.ai is raising $100M in new round
a cybersecurity startup that provides tools like autonomous penetration testing, is seeking to raise $100 million in a new funding round and has locked down at least $73 million, the company revealed in an SEC filing this week. NEA led the round, according to two people familiar with the deal. One person said that the startup is believed to be valued upward of $750 million, although TechCrunch couldn't verify whether that valuation is pre- or post-money. Another person believes the company did (or will) sell the whole $100 million, and added that the company is generating about $30 million in annual recurring revenue. Neither Horizon, nor NEA responded to TechCrunch's requests for comment. With this deal, becomes NEA's second major cybersecurity startup investment in less than a month, following Veza's $108 million funding round at an $800 million valuation announced in April. In August 2023, raised $40 million in a Series C round led by Craft Ventures with participation from SignalFire. That round brought the startup's total fundraising to $78.5 million and was aimed to expand its R&D, channel presence, and team of engineers, co-founder CEO Snehal Antani told TechCrunch at the time. Founded in 2019, comprises a team of former U.S. Special Operations cyber operators, entrepreneurs, and cybersecurity experts. Before launching the startup, Antani served as CTO at Splunk and led teams within the U.S. Military's Joint Special Operations Command. With all things AI being deployed across the tech world, AI-powered automated attacks are also on the rise. The San Francisco-based startup helps protect against such attacks with its autonomous threat detection tools. Earlier this month, received FedRAMP authorization, enabling it to sell its wares to federal agencies. It also announced in February that it saw 101% year-on-year revenue growth and exceeding 150% of its Q4 pipeline targets, without sharing specific numbers.
National Post
15-05-2025
- Business
- National Post
Horizon3.ai Gains FedRAMP High Authorization, Delivering on Its Commitment to Secure the Public Sector
Article content SAN FRANCISCO — the global leader in offensive security, today announced it has gained Federal Risk and Authorization Management Program (FedRAMP®) High Authorization, unlocking the ability to support even the most security-sensitive federal missions. This milestone fulfills previously announced commitment to bring proof-based security to government agencies operating at the highest levels of compliance and risk exposure. Article content Article content newly authorized platform, NodeZero Federal™, is now available to federal agencies under the FedRAMP High baseline. Built upon the proven commercial version of the NodeZero® Offensive Security Platform, NodeZero Federal™ is designed specifically to meet the heightened security and compliance demands of government environments. With this authorization in place, becomes the first and only cybersecurity vendor authorized to deliver continuous, autonomous pentesting within this strict regulatory framework. Article content 'We built NodeZero to help defenders find and fix vulnerabilities before attackers exploit them—and with the FedRAMP High authorization, we're now able to proactively secure critical federal systems,' said Snehal Antani, CEO and Co-founder of 'Our roots are in National Security, and with cyber warfare evolving at an unprecedented pace, we're committed to improving the cyber resilience of the nation's digital infrastructure, with support for Secret and Top Secret systems as our next major focus areas.' Article content This authorization builds on success with Federal partners, such as the NSA Cybersecurity Collaboration Center (CCC) program. As part of CCC, powers the NSA's Continuous Autonomous Penetration Testing (CAPT) program, where Defense Industrial Base (DIB) suppliers use NodeZero to act as nation-state-level adversaries, identify and prioritize real attack paths, and continuously validate their defenses. Article content 'With our FedRAMP High authorization, critical suppliers and federal agencies can verify and improve their cybersecurity posture, ensuring that limited resources are focused on fixing problems that truly matter,' said Matt Hartley, CRO at 'These agencies can find, fix, and verify the remediation of CISA Known Exploitable Vulnerabilities (KEV) at scale, ensure their security operations center is effectively detecting and stifling attacks, and that security tools are tuned correctly. Offense drives defense, and no one knows this better than our US Federal customers.' Article content NodeZero Federal helps agencies streamline compliance with key cybersecurity mandates, including NIST SP 800-53—the foundational control framework behind FedRAMP—as well as evolving OMB policies and Executive Orders that require Zero Trust architecture, Cybersecurity Maturity Model Certification (CMMC) 2.0 for supply chain assurance, and participation in Continuous Diagnostics and Mitigation (CDM) programs. Article content The NodeZero® Offensive Security Platform by drives continuous exposure management across production infrastructure. With NodeZero, customers overcome barriers of limited security talent and infrequent, expensive penetration testing. They stay ahead of a rapidly-evolving threat landscape with autonomous pentesting, emerging threat intelligence, threat detection, and unified data and reporting. Founded in 2019 by former industry leaders and U.S. National Security veterans, solves diverse use cases across all industries. Article content Article content Article content Article content Contacts Article content Article content Article content
