Astelia Raises $35M To Put Exposure Management On Offense
Astelia, an AI-native cybersecurity platform founded by leaders of Israel's National Red Team, raised $35 million across seed and Series A. The round was led by Index Ventures and Team8, with participation from Holly Ventures. The company is already engaged with dozens of customers, including Fortune 500 organizations.
The timing tracks with what security leaders are seeing: more vulnerabilities, faster exploitation, and teams buried in alerts. Organizations now face an average of 135 new vulnerabilities per day (up 40% year over year). A quarter of successful breaches occur within 24 hours of disclosure, and 78% of CISOs say AI-driven attacks are already affecting their posture. For context on what's being exploited in the wild, many teams monitor the CISA Known Exploited Vulnerabilities catalog and track disclosures via the NIST National Vulnerability Database.
What Astelia Does Differently
Astelia blends deep analysis of a company's actual environment with agentic AI. The platform maps network topology, segmentation, and existing security controls. Its autonomous AI agents, trained by nation-state-level vulnerability researchers, analyze the technical prerequisites needed to exploit each weakness.
By correlating exploitability with real reachability and attack paths, Astelia highlights the small fraction of issues that represent genuine exposure. In some deployments, out of nearly 3 million vulnerabilities, only around 30 were found to be truly exploitable. That reduces noise, focuses remediation, and saves engineering hours.
Instead of defaulting to blanket patching, the product generates environment-specific remediation plans. The goal: cut exposure fast without unnecessary production changes.
Team With Offensive-And-Defensive DNA
CEO and co-founder Alon Noy previously led Israel's National Red Team, which stress-tested critical infrastructure in collaboration with US Cyber Command. Co-founder and CTO Nadav Ostrovsky and co-founder and CPO Roy Rajwan also held key roles in the Israeli intelligence community and the National Red Team, with a focus on real-world attack paths, adversary behavior, and large-scale defensive systems.
Where The New Capital Goes
The company plans to expand AI-driven analysis, scale deployments, deepen technology partnerships, and grow engineering, research, and global go-to-market teams. A core focus is advancing attack-path modeling and helping enterprises shift from volume-based scanning to evidence-driven exposure management grounded in provable reachability, not abstract risk scores.
What Leaders Should Do Now
- Measure exposure, not volume. Move KPIs to mean time to exposure closure, percentage of reachable critical vulnerabilities remediated, and attack-path reduction.
- Ask for proof. Require vendors to show exploit prerequisites, reachability, and attack-path context-not just CVSS scores.
- Patch less, fix more. Prioritize changes that break attack paths (controls, segmentation, configuration) before broad production patches.
- Create a shared exposure map. Align SecOps, IT, and network teams on one view and assign SLAs by business unit and asset criticality.
- Pilot on crown-jewel assets. Track alert reduction, engineering hours saved, and business risk lowered before wider rollout.
- Set guardrails for agentic AI. Define data boundaries, decision logging, and escalation rules to keep autonomy accountable.
Key Quotes
Alon Noy, CEO and Co-Founder of Astelia: "When you've spent years on both the offensive and defensive sides, you learn pretty quickly that most of the vulnerabilities defenders worry about are irrelevant to how attacks actually work. We built Astelia because seeing that gap from both sides made it clear the industry was optimizing for the wrong problem. Security teams need to see their environment the way an attacker does, not the way a scanner does."
Juriaan Duizendstraal, Partner at Index Ventures: "As AI reshapes both attacker capabilities and defensive expectations, the strategic imperative for enterprises is to move from assumed risk to provable exposure. Solutions that show where organizations are actually exposed enable CISOs to align cybersecurity with business priorities, reduce wasted effort, and turn vulnerability management from a reactive scramble into a preemptive defense."
Amir Zilberstein, Managing Partner at Team8: "What convinced us about Astelia was the team and the worldview they bring. Their background gives them a rare, end-to-end understanding of how security failures actually emerge inside real environments - not in theory. That perspective is embedded in the product itself. Astelia cuts through vulnerability noise by grounding decisions in real exposure, and we believe this team is redefining how enterprises operationalize security."
For Executive Readiness
If you're aligning security strategy and governance around evidence-driven exposure, this learning path can help teams operationalize AI responsibly: AI Learning Path for CIOs.
Your membership also unlocks:
