Artificial intelligence-driven application programming interface security startup Neosec launched out of stealth mode today with an announcement that it has raised $20.7 million in new funding.

The Series A round included True Ventures, New Era Capital Partners, TLV, SixThirty and individuals such as Mark Anderson, Gary Fish, Mickey Boodaei and Rakesh Loonkar.

Co-founded in 2020 by Ziv Sivan and Giora Engel, Neosec builds from previous experiences in developing precision security behavioral analytics. Engel was a co-founder of behavioral attack detection firm LightCyber Ltd., acquired for $105 million by Palo Alto Networks Inc. in 2017. Mark Anderson, former president of Palo Alto Networks, is also the founding investor and chairman of the Neosec board.

Neosec pitches itself as taking a different approach from today’s traditional application security tools that rely on protecting a perimeter using signature-based methodologies. Instead, Neosec brings established techniques from Extended Detection and Response security products, including precise behavioral analytics, to reveal threats and business abuse hiding inside APIs.

The company argues that as APIs now represent a substantial portion of an organization’s traffic, their rapid adoption has made them a conduit for misuse, manipulation, theft and attack. Neosec believes that most enterprises underestimate the risk because they lack a comprehensive inventory of APIs and are unaware of the scale of unknown shadow APIs. They also have no way to assess what is being done within an API.

Neosec’s service recognizes bad behavior in APIs. That can include partners abusing invoicing APIs or producing fake orders, attackers scrapping data from investor APIs, regulated data being access by unauthorized parties, or even money being diverted to criminals by an API accessed by a compromised partner.

The company’s data analytics approach discovers all APIs involved with an organization based on existing logs without installing any sensors. The platform establishes and constantly maintains a complete inventory of APIs in use and even generates missing documentation for previously unknown ones. The platform audits the risk posture of all discovered APIs and identifies those transferring sensitive data.

“One of the greatest challenges facing cybersecurity is the severe lack of logical visibility and behavioral assessment of APIs,” said Engel. “Existing technologies were not created to address the incredible exposure organizations now have through their APIs.”

Image: Neosec