Zafran Security, dealing in AI-driven Threat Exposure Management, has raised $60 million in a Series C round led by Menlo Ventures, with continued backing from Sequoia Capital and Cyberstarts, along with new participation from PSP Growth, Vintage Investment Partners, and Knollwood Investment.
With the launch of its Agentic Exposure Management platform, Zafran is now positioned to deliver a full end-to-end workflow, from asset inventory and vulnerability detection to risk evaluation and autonomous remediation.
This round takes the company’s total investment to $130 million. The fresh capital will speed product innovation and global expansion as Zafran continues its mission to limit the exploitation of vulnerabilities, anywhere.
Due to quick acceptance across several industries, including manufacturing, healthcare, technology, and financial services, Zafran has more than tripled its annual recurring revenue (ARR) and twice its valuation since its last fundraising round.
The startup now serves numerous Fortune 500 enterprises, with customers adopting Zafran to automate the tedious work of identifying what is genuinely vulnerable and decreasing remediation timeframes from weeks to hours.
An unprecedented level of exploitation has been hastened by the rise of AI-powered attacks. In Q1 2025, 30% of known exploitable vulnerabilities (KEVs) were weaponized within a single day of public disclosure. Security teams continue to be plagued by redundant findings, tedious patch cycles, and siloed tools while attackers use AI to automate exploitation.
“We must not allow attackers to claim the AI advantage,”
said Sanaz Yashar, CEO and Co-Founder of Zafran Security.
“This investment propels our AI innovation forward, building a new model for exposure management through autonomous agents that empowers defenders to fight back.”
With this release, Zafran has launched Agentic Exposure Management, an end-to-end solution driven by the company’s AI-native Exposure Graph. Agentic Exposure Management delivers scalable, autonomous agents that find, enrich with risk context, and act against the exposures most likely to lead to an incident.
By connecting vulnerabilities with deep mapping to compensating controls, agents can analyze the true exploitability of an exposure. These risk insights are then translated into evidence-based action by agents, who independently identify asset ownership, evaluate the impact of patches, and implement automatic repairs and mitigations with human-in-the-loop safeguards.
“Vulnerability management burns massive analyst hours on repetitive triage and manual patching, the kind of service-oriented work that AI agents excel at automating,”
said Rama Sekhar, Partner at Menlo Ventures.
“Zafran’s growth proves that enterprises recognize the difference between legacy tools with AI features bolted on and platforms rebuilt around autonomous AI from the ground up. This is what AI-native security looks like.”
“In seconds, agentic AI can reveal what teams previously only suspected: the biggest risks to the business, why they matter, and which actions will truly move the needle,”
said Steve Lodin, Vice President of InfoSec at Sallie Mae.
“As AI-powered exploits accelerate, having tools that deliver insights this quickly is essential to staying ahead of emerging threats.”
