A startup founded by a former leader at Sygnia has successfully raised $37 million to fortify defenses against a new era of machine-led cyberattacks. The company, named A Security and based in New York, emerged from stealth this week, demonstrating its readiness to combat threats that are increasingly carried out by artificial intelligence rather than human adversaries. The funding was secured from notable backers, Lightspeed Venture Partners and Cyberstarts, signaling strong investor confidence in the company’s mission.
The co-founder and CEO of A Security, Yossi Torati, elaborated on the urgent need for enhanced security measures in the face of evolving machine-driven threats. He noted that future attacks would leverage the capability to continuously operate and analyze vast amounts of data at an unprecedented scale. This level of automation will enable attackers to conduct discovery, exploitation, and attack-path analysis—tasks that human operators are simply unable to perform at comparable speeds or efficiencies.
In an interview with ISMG, Torati stressed the importance of timing, explaining, “We are currently at an accelerating phase of frontier models becoming better in cybersecurity.” He articulated A Security’s goal: to empower organizations to protect themselves against these advanced models when exploited by malicious actors.
Founded in January 2025, A Security has been spearheaded by Torati, who brings extensive experience from his nearly seven-year tenure in the Israeli Navy followed by almost six years at Israeli cyber consulting firm Sygnia. His leadership experience in enterprise security uniquely positions him to understand the overlapping challenges of cybersecurity and business operations.
### Addressing New Attack Vectors
One of the critical challenges faced by organizations is the rapid pace at which software is being developed, facilitated by AI-assisted coding tools. While these tools allow development teams to release updates and new features more quickly, security teams often find it challenging to keep up with the need for vigilant code reviews and robust security protocols. According to Torati, this business pressure compels organizations to deploy AI agents and applications that differ fundamentally from traditional software, necessitating new security protocols.
“We’re focusing on the vectors of web, AI applications, APIs, and networks,” Torati explained. “Our roadmap includes building the capabilities for autonomous remediation.” This goal reflects a broader strategy aimed at securing technologies that increasingly incorporate AI capabilities, which are vulnerable to unique modes of attack.
Torati draws attention to the unique nature of AI interfaces, which are heavily reliant on natural language. Unlike conventional software attacks that exploit technical flaws in code, cybercriminals can manipulate AI systems through prompts and interactions, a technique akin to social engineering. He articulated this emerging threat as “social engineering to agentic capabilities,” emphasizing that security teams must adapt to protect a new interface that has become integral to business operations.
### Comprehensive Risk Assessment
A Security’s technology is designed to assess the relationships among various environments to identify credible attack paths that could jeopardize business operations. It evaluates both traditional and zero-day vulnerabilities, as well as misconfigurations. Torati asserted that organizations require a unified risk assessment view because modern attacks increasingly exploit multiple vulnerabilities and attack surfaces.
“A solution that helps organizations defend against weaponized AI needs to consider all vectors and the chains of vulnerabilities,” Torati emphasized. “It must offer an integrated perspective that reveals how threats can intertwine.”
### The Imperative for Autonomous Remediation
As machine-led attacks proliferate, Torati predicts that the industry will increasingly lean toward systems capable of autonomously adjusting configurations and mitigating risks without waiting for manual interventions. While organizations might initially resist automating such significant decisions, Torati believes they will eventually be compelled to choose between allowing unchecked AI-driven attacks or investing in automated defense systems.
“Once weaponized AI becomes pervasive,” Torati warns, “the ability to respond through patching will be rendered obsolete. Organizations will need to implement compensating controls to thwart potential exploits proactively.”
He stresses the inadequacy of traditional patch management in mitigating the risks posed by rapidly evolving threats. Security teams must pivot towards developing agile, responsive strategies that encompass compensating controls and immediate risk-reduction measures.
“The objective of this funding is singular,” Torati concluded. “It is aimed at assisting Chief Information Security Officers (CISOs) confronting a generational risk, equipping them to address the daunting challenge posed by weaponized AI.” As threats evolve, so too must the strategies for defense, necessitating a paradigm shift in cybersecurity.