There’s something quietly unsettling about how fast today’s threats take shape. The attackers aren’t waiting for midnight, or for someone to misconfigure a firewall, or for a careless click. They’re building their infrastructure in the open, assembling phishing kits, spinning up command-and-control servers, registering domains at scale, and now, with AI, they can automate that prep work in minutes. By the time an enterprise “detects” anything, the game is already halfway over. That’s the starting point for Malanta, which officially came out of stealth today with $10 million in seed funding and a premise that feels both obvious and overdue: don’t respond to attacks — stop them before they’re built.
The company calls this new class of adversaries “AI.Attackers,” and honestly, yes, that tracks. The offensive side of cybersecurity has always been faster and more inventive than the defensive side. AI just widened that gap. Malanta’s platform collects what it calls Indicators of Pre-Attack — IoPA — the subtle fingerprints of adversary infrastructure being assembled. New domains created for phishing campaigns. Underground tooling being configured. C2 servers that haven’t yet been pointed at a target but are clearly being prepared. They’re looking at the scaffolding, not the intrusion. That early visibility is the advantage, because once malware is running inside the environment, you’re already playing cleanup.
The founding team isn’t new to this. They spent more than seven years together at CyberArk, building and scaling security products with deep hands-on experience in both offensive operations and enterprise defense. There’s a kind of lived frustration baked into the product vision: security teams are drowning in feeds, alerts, dashboards, and post-incident reports, and everyone is still judged by MTTD and MTTR — how fast you realize you’ve already lost something and how quickly you mop the floor afterward. Malanta wants to move the scoreboard entirely.
The platform onboards frighteningly fast. Within minutes, it maps a company’s digital footprint, then correlates it with adversary build-out signals across the internet. It ranks where the next hit is likely to occur and which exposed asset is most at risk of being weaponized. It’s not another blinking dashboard. It’s a pre-attack disruption layer — a phrase that probably sounded like buzzwords on a whiteboard once but now lands with weight. It’s the difference between knowing something bad happened and quietly snapping the enemy’s scaffolding before they arrive.
The real-world validation is already there. Through collaboration with the Israel National Cyber Directorate, Malanta’s IoPA signals helped identify and dismantle live adversary infrastructure targeting hundreds of Israeli organizations. There’s something grounding about that — not just theory, not just telemetry, but defense that actually reshaped an outcome.
Funding came from Cardumen Capital and TGV, alongside notable cybersecurity veterans including CyberArk founder Udi Mokady. The company is already deployed in financial services, technology, software, and government environments. The new capital goes toward expanding engineering, broadening data sources, deepening integrations, and extending pre-attack visibility further back into the threat build-up timeline.
The security industry has been promising “shift-left” for years, but it mostly meant earlier scanning or faster alerts. Malanta is shifting left in a truer sense — stepping into the attacker’s staging area and cutting the wires before the strike. Prevention, not reaction. The sort of thing that sounds impossible until someone actually does it.
It’s a rare moment where the narrative feels refreshingly simple: if attackers can prepare earlier and faster with AI, defenders should too.
Leave a Reply