Aisy emerges from stealth with $2.3M in funding to disrupt vulnerability management using an attacker’s mindset

Security teams are buried under alerts. Dashboards keep filling up. Ticket queues never shrink. Most tools still ask the same question: which vulnerability should be fixed next? Aisy starts somewhere else entirely. It begins with what actually keeps CISOs awake.

The London-based AI startup has launched from stealth with $2.3 million in seed funding to change how vulnerability management works in real environments. The round was backed by Osney Capital, Flying Fish Ventures, and 6 Degrees Capital. Aisy’s pitch is simple. Think like an attacker first. Then decide what matters.

Ex-HackerOne R&D Lead Launches Aisy With $2.3M to Fix Broken Vulnerability Prioritization

Enterprises often carry hundreds of thousands of vulnerability reports. Many teams track them endlessly without clear direction. Industry data shows that only a small share of critical findings warrant urgent action, yet security staff spend long hours sorting, tagging, and escalating issues that never escalate into real incidents. Burnout follows. Risk remains.

“Smart people are burning out sifting through backlogs of unprioritized, low-value vulnerabilities, while the real critical pathways go unprotected,” said founder and CEO Shlomie Liberow. “I spent years working alongside the best hackers in the world and collaborating with internal security teams to untangle the messiest threats in global enterprises. That’s why I built Aisy to flip the security model on its head.”

Liberow brings deep credibility to the problem. He is a self-taught hacker with no formal education who later became Head of Hacker R&D at HackerOne. That background shapes how Aisy sees security. Attackers do not think in tickets. They think in paths. They chain misconfigurations, weak credentials, and exposed services until something breaks.

Aisy’s platform models that same behavior. It first maps an organization from the outside, using reconnaissance techniques familiar to bug bounty hunters. External assets, routes, and services are grouped into logical infrastructure segments. That external view is then connected with internal vulnerability data to surface the attack chains that matter most.

Instead of closing issues one by one, Aisy looks for shared causes. A single configuration change can eliminate thousands of tickets at once. Security teams spend less time reacting and more time reducing real exposure.

“Companies are facing an explosion in their attack surface while security teams are overwhelmed with data,” said Vanessa Pegueros, venture partner at Flying Fish Ventures. “Aisy’s attacker-driven approach transforms vulnerability management from reactive triage into proactive risk reduction.”

Osney Capital sees the same gap. “Aisy applies context in a way that previous generations of vulnerability management tools couldn’t with its threat model-led approach,” said partner Adam Cragg. He pointed to the platform’s ability to remove entire groups of vulnerabilities rather than pushing teams deeper into backlog management.

Advisers and angel investors from DeepMind, Cisco, HP, and Trail of Bits are backing the company. The funding will support product development and hiring across machine learning and security research as Aisy works with early enterprise customers.

Aisy is not positioning itself as another layer bolted onto scanners. Its ambition is larger. The company wants to become a system of record for exposure management, grounded in real attacker behavior rather than theoretical risk scores.

Starting today, organizations can sign up to receive a complimentary Boundary Map. The report groups external assets and attack routes into clear infrastructure segments, offering a preview of how Aisy evaluates risk before prioritization ever begins.

For security teams exhausted by endless ticket queues, the message is direct. Stop counting vulnerabilities. Start closing paths.