Spectral Emerges from Stealth with $6.2 Million in Funding

Spectral, a Tel Aviv-based company, is officially launching its DevSecOps code scanning service and announcing a $6.2 million funding round. The startup’s service is designed to automate code security for development teams. It aims to identify potential vulnerabilities within codebases and logs.

These vulnerabilities can range from exposed API keys and other sensitive credentials to security misconfigurations and the presence of unauthorized, or shadow IT, assets.

A Team Rooted in AI, Monitoring, and Security

The founding team, comprised of four individuals, possesses extensive experience in the development of artificial intelligence, monitoring systems, and security tools.

CEO Dotan Nahum previously served as Chief Architect at both Klarna and Conduit (now known as Como). He also held the position of CTO at Como and HiredScore.

Other team members contributed to building monitoring tools at companies like Elastic and HP, and focused on security initiatives at Akamai.

The Genesis of Spectral

Nahum shared that the concept for Spectral originated during his time with co-founder and COO Idan Didi at Conduit/Como.

“We were responsible for storing certificates for each client to facilitate app submissions to various marketplaces,” Nahum explained. “These certificates are critical for verifying identity and are highly sensitive. Throughout my career, I lacked adequate tools to ensure the secure storage, handling, and detection of this information, preventing potential leaks.”

Addressing a Growing Need for DevSecOps

Driven by this realization, Nahum left his previous role to develop a prototype solution. This initial work even uncovered a security issue at Slack.

As organizations increasingly transition from on-premises software to cloud-based solutions and adopt microservices and DevOps practices, the demand for robust DevSecOps tools continues to rise.

Prioritizing Developer Experience

“Our primary focus is on delivering an exceptional developer experience,” Nahum emphasized. “We approached this from a developer-centric perspective, rather than as a traditional, top-down cybersecurity solution. We aimed to create a tool that is both DevOps-friendly and easy for developers to use.”

Scanning Beyond the Codebase

A distinctive feature of Spectral’s approach is its use of a machine learning model to detect security breaches across multiple programming languages.

Notably, the system also scans public-facing systems. It integrates with popular CI/CD tools such as Travis, Jenkins, CircleCI, Webpack, Gatsby, and Netlify.

Furthermore, Spectral monitors platforms like Slack, npm, maven, and various log providers – areas often overlooked in traditional threat modeling exercises.

Preventing Breaches and Enabling Productivity

“Our solution actively prevents security breaches on a daily basis,” stated Spectral co-founder and COO Idan Didi. “The challenges we address are universally felt by companies developing software. As they embrace approaches ranging from custom code to low-code/no-code solutions, developers gain speed, but also introduce new risks. Spectral empowers developers to be more productive while maintaining a strong security posture.”

Rapid Growth and Customer Adoption

Founded in mid-2020, the company has already grown to a team of approximately 15 employees.

Spectral currently serves a growing number of large, publicly-traded companies as customers.