Open source software is a cornerstone of the modern internet and software ecosystem. Nearly every piece of software, from consumer applications to business systems, leverages open source components. Open source software allows anyone to inspect, modify, and distribute the source code, which fosters transparency, community, and shared progress that accelerates technological progress around the world. From operating systems like Linux to web servers such as Apache, open source projects power much of the infrastructure behind today’s most critical digital services. Open source technologies embody the collective and creative problem-solving spirit of the internet.
Securing open source software, however, is complicated. Attacks from malevolent actors looking to exploit digital systems’ reliance on open source software are on the rise. In some cases in recent years, these attacks have caused widespread damage and garnered massive media attention. The Equifax breach in 2017 that led to nearly 150M people having sensitive credit-related data accessed by hackers was caused by a vulnerability in a piece of open source software, Apache Struts2.
When vulnerabilities like these are found, open source communities are promptly alerted and react quickly to analyze the issue, develop patches, and release updates, often within hours or days of the initial discovery. However, for organizations operating at scale with extensive digital services that feature numerous open source components, the process of applying patches is complicated. Each patch needs to be tested to ensure it is compatible with the rest of the service’s software stack. Where patches are not compatible, digital services can face disruptions. For companies running globally available web apps like a CRM system, social media site, or fintech service, disruptions can be catastrophic events that degrade brand reputation and cause a loss of customer trust. This risk leads engineers to meticulously test patches before deploying them, requiring a high degree of operational planning that balances speed with risk management.
That balance, between speed and security (patching known vulnerabilities as quickly as possible), and risk management (ensuring no downtime of critical digital services) is challenging to get right, and often leads to friction between security teams and R&D teams responsible for deploying the patches.
Enter Seal Security, which has built the first platform that enables security teams to automate and scale their vulnerability remediation without requiring involvement from R&D. Seal uses large language models to create an automated pipeline of patches that security teams can use and deploy without worrying about whether the update will cause downtime in their service.
Today, Seal’s platform addresses security patches across five programming languages (and growing), enabling 95% of critical vulnerabilities identified in the last five years to be remediated. Seal’s patches offer full compatibility and eliminate the need for teams to rely on public maintainers and test repeatedly before deploying. At the same time, Seal’s patches are all open source, available on GitHub, and are continuously maintained, tested, and verified for production.
We’re excited to be working with Seal Security’s founding team, led by Itamar Sher (CEO), Lev Pachmanov (CTO), and Alon Navon (CPO). The team has extensive experience in security research, engineering, and vulnerability management. Each founder has served in the Israeli Defense Forces, scaled venture-backed startups, and led teams at global technology companies such as PayPal. Seal’s leadership has a deep understanding of the challenges associated with effective vulnerability management, and has developed a uniquely innovative solution. We’ve been amazed at the company’s product velocity and pace of execution.
We’re thrilled to be investing in the $7.4M seed round alongside our friends at Vertex Ventures, the PayPal Alumni Fund, and Cyber Club London.