Why We Invested in Horizon3.ai

We’re excited to share that Craft Ventures led the $40M Series C in Horizon3.ai. We’re joined by existing investor SignalFire. This investment is a testament to the significant market opportunity, the quality of the team, and the strength of NodeZero, Horizon3.ai’s autonomous penetration testing platform.

Organizations have been moving towards continuous attack surface management and automated pen testing over the last few years. The need for these solutions was apparent to CISOs as attack surfaces were expanding and as the demand for pen tests far outweighed the supply of trained pen testers. Horizon3.ai’s world-class product and research teams are building a highly scalable platform that brings all of these capabilities and more into one place to power an integrated, dynamic, and continuous security approach.

Snehal Antani, CEO and co-founder of Horizon3.ai is the former CTO of Joint Special Operations Command (JSOC), former CTO of Splunk (NASDAQ: SPLK), and former CIO of GE Capital. He and his team — a group of former U.S. Special Ops cyber operators, startup engineers, and cybersecurity practitioners — are uniquely positioned to solve this market problem. As co-founder Tony Pillitiere noted, “we’ve been in the shoes of our customers and users, and that’s a huge advantage for us as we build out NodeZero.”

“Being a CISO has never been tougher,” said Snehal. “Enterprises must now deal with securing their on-prem infrastructure, multiple clouds, hundreds of SaaS services, and IoT assets. Attackers have their eyes on increasingly critical infrastructure like satellites, connected vehicles, fighter jets, and industrial control systems. What’s more, attackers don’t have to hack in using “zero-days” like you see in the movies. Often, they are able to log in using easily guessable or breached employee passwords. Customers turn to us to discover their exploitable attack paths, help fix their riskiest issues, and verify that their fixes worked before they fall into the crosshairs of attackers.”

At its core, Horizon3.ai is a data company, developing proprietary “cyber terrain maps” that allow it to create and deliver ground-breaking security products. The market has responded with great enthusiasm to the company’s autonomous pen testing solution, but they are just getting started.

With every pen test NodeZero executes, Horizon3.ai’s understanding grows regarding how an attacker can chain together harvested credentials, misconfigurations, dangerous product defaults, and exploitable vulnerabilities to compromise a system. After speaking with enterprises, managed service partners, and resellers, it was clear that NodeZero was driving better protection through more frequent testing as well as significant cost savings versus human-led tests. That value proposition drove close to 5x annual recurring revenue growth last year.

Early in our diligence process, we asked Bil Hamer, five-time CISO and operating partner at Craft Ventures, to test drive NodeZero. In just a few minutes, he was able to launch NodeZero and get a pen test on his network. He put the call out to multiple CISOs and practitioners in his network and they validated what we thought: NodeZero delivers full automation of the entire pen testing workflow, with strong usability and immediate value.

Horizon3.ai has already delivered on an extremely powerful autonomous penetration testing product. What they are building now has the potential to disrupt markets that represent billions in end-user software spend. Continuous security management is the next evolution in cybersecurity. As organizations move towards this continuous approach to understanding, identifying, assessing, and minimizing their vulnerabilities, the Horizon3.ai team is the partner that will help them succeed.