Prime Security, the company behind what it calls the first Agentic Security Architect, has closed a $20M Series A round led by Scale Venture Partners, with participation from Foundation Capital, Flybridge Ventures, and Ofir Ehrlich, CEO and founder of Eon. The funding lands at a moment when software development is accelerating faster than most security teams can realistically keep up with, and Prime is clearly positioning itself not as another point solution, but as a rethink of where and how product security actually belongs. The capital will go toward expanding go-to-market efforts and accelerating development of Prime’s Agentic Product Security Platform, a growing suite of autonomous AI agents designed to monitor, assess, and guide security decisions across the entire development lifecycle, starting earlier than most teams ever manage today.
Modern engineering moves at machine speed, especially with AI-assisted coding now embedded into everyday workflows, while security processes often remain slow, manual, and dependent on a small pool of specialized expertise. That imbalance creates a widening gap: only a fraction of planned work ever gets a proper design-stage security review, and the rest ships with fingers crossed. Prime’s core idea is to automate what has traditionally been artisanal, labor-intensive security work, turning design reviews into a continuous, intelligent process that scales alongside engineering output instead of becoming a bottleneck. It’s a subtle but important shift, less about reacting to vulnerabilities after code exists and more about shaping safer systems before those problems are baked in.
Scale Venture Partners’ Ariel Tseitlin framed this as a long-standing technical problem that Prime is finally making tractable, pointing to the team’s background in building and scaling real-world security programs at companies like PayPal and Own. That lived experience shows up in the product focus. Prime’s flagship offering, the Agentic Security Architect, autonomously conducts security design reviews and proactively flags design flaws across development work, embedding directly into engineering workflows rather than sitting off to the side as an external gate. According to the company, customers are seeing dramatic improvements: design-stage risks resolved up to 30 times faster, nearly full coverage of planned work compared to the typical 10–15% achieved manually, and material reductions in both time and cost spent on security reviews. Those numbers are ambitious, sure, but they speak to a very real pain point many large engineering organizations quietly accept as unsolvable.
Prime’s co-founder and CEO Michael Nov describes the company’s mission as building security that scales with engineering instead of slowing it down, which feels like a line every security startup wants to own but few can credibly deliver on. Still, early traction suggests something is clicking. After beginning commercialization earlier this year, Prime won the Black Hat 2025 Startup Spotlight and is already working with dozens of customers, including PayPal, Qualtrics, Bumble, ThoughtSpot, and Redis Labs, typically in environments with hundreds of engineers where manual security review simply does not scale. PayPal’s CISO Shaun Khalfan highlighted the value of continuous, autonomous design-stage reviews as a way to gain adaptive visibility across complex engineering ecosystems, helping teams identify risks earlier and move faster without sacrificing trust.
What’s interesting here isn’t just the funding headline, but the broader signal it sends about where product security is heading. By providing continuous, automated assessment of all planned work, Prime aims to free security teams from endless review queues and let them focus on higher-level architectural decisions, while still ensuring comprehensive coverage of every feature and change flowing through the pipeline. If agentic systems can genuinely shoulder that load without becoming noisy or disconnected from how engineers actually work, this approach could mark a meaningful shift in how security is practiced, not as a late-stage checkpoint, but as a design-time collaborator quietly operating in the background.
Leave a Reply