Led by Menlo Ventures, with participation Sequoia Capital, and Cyberstarts, Zafran is doubling its valuation since the last round to advance the mission of stopping vulnerability exploitation everywhere
NEW YORK CITY, NY / ACCESS Newswire / December 2, 2025 / Zafran Security, the pioneer in AI-native Threat Exposure Management, today announced a $60 million Series C funding round led by Menlo Ventures, with participation from existing investors Sequoia Capital and Cyberstarts, in addition to PSP Growth and Vintage Investment Partners. By launching Agentic Exposure Management, Zafran is now poised to complete the entire end-to-end lifecycle across asset inventory, vulnerability detection, risk assessment, and autonomous remediation workflows.
Since their last funding round, Zafran has doubled its valuation and more than tripled its annual recurring revenue (ARR), driven by rapid adoption across sectors including healthcare, technology, financial services, and manufacturing. The company now serves multiple Fortune 500 enterprises, with customers using Zafran to automate the manual work of assessing what is truly exploitable and reducing remediation times from weeks to hours.
The emergence of AI-powered attacks has accelerated exploitation at an unprecedented scale. In Q1 2025, 30% of known exploited vulnerabilities (KEVs) were weaponized within a single day of public disclosure. As attackers automate exploitation using AI, security teams remain burdened by duplicate findings, manual patch cycles, and siloed tools.
"We must not allow attackers to claim the AI advantage," said Sanaz Yashar, CEO and Co-Founder of Zafran Security. "This investment propels our AI innovation forward, building a new model for exposure management through autonomous agents that empowers defenders to fight back."
With this announcement, Zafran has launched Agentic Exposure Management, a capability powered by the company's AI-native Exposure Graph. Agentic Exposure Management brings scalable, autonomous agents that discover, prioritize, and take action against the exposures most likely to lead to an incident. By connecting vulnerabilities with deep mapping to compensating controls, agents are able to assess the true exploitability of an exposure. Agents then turn these risk insights into evidence-driven action, autonomously discovering asset ownership, assessing patch impact, and deploying automated fixes and mitigations with human-in-the-loop guardrails.
"Vulnerability management burns massive analyst hours on repetitive triage and manual patching, the kind of service-oriented work that AI agents excel at automating", said Rama Sekhar, Partner at Menlo Ventures. "Zafran's growth proves that enterprises recognise the difference between legacy tools with AI features bolted on and platforms rebuilt around autonomous AI from the ground up. This is what AI-native security looks like."
"In seconds, agentic AI can reveal what teams previously only suspected: the biggest risks to the business, why they matter, and which actions will truly move the needle," said Steve Lodin, Vice President of InfoSec at Sallie Mae. "As AI-powered exploits accelerate, having tools that deliver insights this quickly is essential to staying ahead of emerging threats."
About Zafran Security
Zafran Security is the first AI-native end-to-end Threat Exposure Management platform to help security teams stop vulnerability exploitation everywhere. Zafran uses your existing security tools to prove that 90% of critical vulnerabilities are not exploitable, then quickly remediates and mitigates the 10% that are most likely to cause an incident. Backed by Menlo Ventures, Sequoia Capital, and Cyberstarts, Zafran is redefining how enterprises stay ahead of AI-driven threats.
Contact:
Yuval Porat
Media Consultant
Yuval@tellny.com
SOURCE: Zafran
View the original press release on ACCESS Newswire