In 2017, Jyoti Bansal co-founded San Francisco-based security company Traceable alongside Sanjay Nagaraj, a former investor. With Traceable, Bansal — who previously co-launched app performance management startup AppDynamics, acquired by Cisco in 2017 — sought to construct a platform to guard customers’ APIs from cyberattacks.
Attacks on APIs — the sets of protocols that establish how platforms, apps and services communicate — are on the rise. API attacks affected nearly one quarter of organizations every week in the primary month of 2024, a 20% increase from the identical period a 12 months ago, according to cybersecurity firm Check Point.
API attacks take many forms, including attempting to make an API unavailable by overwhelming it with traffic, bypassing authentication methods, and exposing sensitive data transferred via a vendor’s APIs.
“There’s an absence of recognition of the criticality of API security,” Bansal told TechCrunch in an interview, “in addition to ignorance of the ever-growing attack surface in APIs and a resistance to embrace API security as a consequence of entrenched investments in security solutions that don’t address the API security problem directly.”
To Bansal’s point, an increasing number of businesses are tapping APIs partially due to the generative AI boom, but in the method unwittingly exposing themselves to attacks. Per one recent study, the variety of APIs utilized by corporations increased by over 200% between July 2022 and July 2023. Gartner, meanwhile, predicts that greater than 80% of enterprises may have used generative AI APIs or deployed generative AI-enabled apps by 2026.
What Traceable does to attempt to shield these APIs is applies AI to research usage data to learn normal API behavior and spot activity that deviates from the baseline. Traceable’s software, which runs on-premises or in a totally managed cloud, can discover and catalog existing and latest APIs including undocumented and “orphaned” (i.e. deprecated) APIs in real time, in line with Bansal.
“With the intention to detect modern threat scenarios, Traceable trained in-house models by fine-tuning open source large language base models with labeled attack data,” Bansal explained. “Our platform provides tools for API discovery, testing, protection and threat hunting workflows for IT teams.”
The API security solutions market is quickly becoming crowded, with vendors equivalent to Noname Security, 42Crunch, Vorlon, Salt Security, Cequence, Ghost Security, Pynt, Akamai, Escape and F5 all vying for patrons. According to Research and Markets, the segment could grow at a compound annual growth rate of 31.5% from 2023 to 2030, buoyed by the increasing threats in cybersecurity and the demand for safer APIs.
But Bansal claims that Traceable is holding its own, analyzing around 500 billion API calls a month for ~50 customers and projecting revenue to double this 12 months. Most of Traceable’s clients are within the enterprise, but Bansal says the corporate’s investigating piloting with governments.
“Traceable is constructing a long-term sustainable company, which from a financial perspective implies that now we have a really healthy margin profile that continues to enhance as our revenue grows,” he said. “We’re not profitable today by selection, as we’re investing into the business responsibly … Our focus is on strategic investments maximizing return, not simply spending.”
To that end, Traceable today announced that it raised $30 million in a strategic investment from a bunch of backers that included Citi Ventures (Citigroup’s corporate enterprise arm) IVP, Geodesic Capital, Sorenson Capital and Unusual Ventures. Valuing Traceable at $500 million post-money and bringing Traceable’s total raised to $110 million, the brand new money can be put toward product development, scaling up Traceable’s platform and customer engineering teams and constructing out the corporate’s partnership program, Bansal said.
Traceable has ~180 staffers currently. Bansal expects headcount to achieve 230 by year-end 2024, because the the majority of the brand new investment goes to hiring.
“Traceable wasn’t fundraising, as we still had substantial money runway prior to this investment,” Bansal said, adding that Traceable secured a “sizeable” line of credit along with the brand new funds, “but we received significant inbound demand from investors. With the mixture of the strategic alignment with Citi Ventures and the attractive terms of the investment, we decided to take a smaller investment now to speed up our product and go-to-market initiatives before fascinated about a more substantial fundraise.”