Onit Security raises $11M to fix vulnerability backlogs after Iranian cyberattack exposed a broken security system

A single missed vulnerability can sit quietly in a backlog for weeks. That’s all it takes. In one case, it gave attackers an open door.

That moment is what led to the creation of Onit Security.

The Tel Aviv-based cybersecurity startup is stepping out of stealth mode with $11 million in seed funding, backed by Hetz Ventures, Brightmind Partners, and a group of angel investors. The company was born out of a breach that hit co-founder Ofer Amitai’s previous startup. Iranian state-sponsored hackers exploited a known vulnerability that had been buried in a growing queue of unresolved issues. It wasn’t hidden. It just wasn’t fixed in time.

That experience exposed a deeper problem inside modern security teams. The issue isn’t finding vulnerabilities. It’s what happens after they’re found.

Security tools generate alerts at scale. Teams are left sorting through thousands of them, trying to figure out what matters, who owns the affected systems, and how to fix each issue. That process can take weeks. Attackers don’t wait that long.

Industry data paints a clear picture. It takes an average of 32 days to remediate vulnerabilities. Nearly half remain unresolved after a year. At the same time, the number of tracked vulnerabilities continues to climb, with projections indicating more than 1 million CVEs by 2030. The gap between detection and action keeps widening.

Onit Security is trying to close that gap.

After a breach exposed a massive security gap, Israeli cybersecurity startup Onit Security raises $11M in funding to fix it

Instead of adding another layer of alerts, the company focuses on what happens next. Its platform uses AI agents to prioritize exposures based on business context, identify ownership across fragmented systems, and carry out remediation steps without the usual back-and-forth between teams. Once a security team defines how a specific type of issue should be handled, the system applies that decision across similar cases going forward.

The goal is simple: shrink the backlog rather than watch it grow.

“Vulnerability management has been broken for 30 years. Security teams are weighed down by countless alerts, while attackers exploit the smallest window of inaction,” said Elad Ben Meir, CEO and Co-founder of Onit Security. “Combining a deep understanding of business context alongside the agility to rapidly respond to and remediate emerging threats, Onit brings a potent mix of intelligence with speed, currently unmatched. We are automating remediation at pace, at scale, and future-proofing enterprises as they grow and as the cyber landscape around them evolves.”

Investors see the same bottleneck.

“Exposure management has been a fundamentally challenging problem for decades. The industry has become great at telling you what’s wrong, but nobody tells you how to fix it. We’ve seen the evolution from legacy scanners to Risk-Based Vulnerability Management and beyond, and remediation has always been where progress stalls. Onit Security changes that equation,” said Gur Talpaz, General Partner at Brightmind Partners and former SVP Corp Dev at CrowdStrike.

“Its agentic architecture lets defenders respond at the speed of attackers, turning millions of unmanaged exposures into a problem that actually gets smaller over time. We like hard problems, and we like really talented teams to solve them. Onit is the company to finally close the gap between detection and resolution.”

The founding team brings a track record of building and exiting cybersecurity companies. Amitai previously co-founded SCADAfence, which was acquired by Honeywell. The team has ties to Portnox and For-Each, both of which were acquired. That history helps explain why Onit is already working with Fortune 1000 companies and reporting mean time-to-remediation reductions of up to 87%.

The pitch is straightforward. Security teams don’t need more alerts. They need fewer unresolved problems.

Onit Security is betting that automation at the remediation layer—not just detection—will be the shift that finally changes how organizations handle exposure management. The new funding will go toward product development and expansion into additional industries, as the company seeks to prove that fixing vulnerabilities at scale can be faster than attackers can exploit them.