Astelia raises with $35M to help security teams pinpoint real threats with agentic AI

Security teams are drowning in alerts. Every day brings another wave of vulnerabilities, many of which never turn into real-world risk. Astelia thinks the problem isn’t visibility. It’s a signal.

The New York–based cybersecurity startup announced $35 million in combined seed and Series A funding led by Index Ventures and Team8, with participation from Holly Ventures. The company says it is already working with dozens of customers, including Fortune 500 organizations, as it pushes a new approach to exposure management built on agentic AI.

The timing reflects mounting pressure inside security operations. Organizations now face an average of 135 new vulnerabilities per day, up 40 percent year over year. At the same time, attackers are moving faster, with a quarter of successful breaches happening within 24 hours of disclosure. That leaves defenders racing through massive backlogs with limited clarity about what actually matters.

Astelia’s pitch is straightforward: most vulnerabilities don’t deserve equal attention. The platform maps each customer’s real environment, then uses autonomous AI agents trained by veteran offensive researchers to analyze which weaknesses are actually reachable and exploitable. The goal is to replace volume-driven patching with evidence-based prioritization.

Cybersecurity startup Astelia launches with $35M after platform shrinks 3 million vulnerabilities to just 30 real risks

In early deployments, the company claims the system reduced the number of detected vulnerabilities from nearly 3 million to roughly 30 that posed a genuine risk. Instead of pushing blanket patching campaigns, Astelia produces environment-specific remediation plans meant to reduce exposure without disrupting production systems.

“When you’ve spent years on both the offensive and defensive sides, you learn pretty quickly that most of the vulnerabilities defenders worry about are irrelevant to how attacks actually work,” said Alon Noy, CEO and co-founder of Astelia. “We built Astelia because seeing that gap from both sides made it clear the industry was optimizing for the wrong problem. Security teams need to see their environment the way an attacker does, not the way a scanner does.”

The founding team brings deep experience in offensive security. Noy previously led Israel’s National Red Team, the group responsible for stress-testing the country’s critical infrastructure, working closely with U.S. Cyber Command. Co-founders Nadav Ostrovsky and Roy Rajwan held senior roles in Israeli intelligence and the National Red Team, where they focused on adversary behavior and real-world attack paths.

Investors are betting that a shift in perspective will resonate with enterprise buyers. Juriaan Duizendstraal, partner at Index Ventures, framed the market shift in practical terms. “As AI reshapes both attacker capabilities and defensive expectations, the strategic imperative for enterprises is to move from assumed risk to provable exposure,” he said. “Solutions that show where organizations are actually exposed enable CISOs to align cybersecurity with business priorities, reduce wasted effort, and turn vulnerability management from a reactive scramble into a preemptive defense.”

Team8 managing partner Amir Zilberstein pointed to the founders’ background as the key differentiator. “What convinced us about Astelia was the team and the worldview they bring,” he said. “Their background gives them a rare, end-to-end understanding of how security failures actually emerge inside real environments – not in theory. That perspective is embedded in the product itself. Astelia cuts through vulnerability noise by grounding decisions in real exposure, and we believe this team is redefining how enterprises operationalize security.”

The fresh capital will fund the expansion of Astelia’s AI analysis engine, new technology partnerships, and broader go-to-market efforts. The company is betting that enterprises are ready to move beyond vulnerability counts and risk scores and instead focus on proof of exploitability.

If that bet holds, exposure management may start to look less like alert triage and more like threat validation. For security teams buried under thousands of daily findings, that shift can’t come soon enough.

Astelia Founders (Credit: Astelia)