Prime rethinks enterprise security by design with AI system risk analysis and suggested actions

Even as the world of software has moved toward simplified user interfaces and applications, the security work behind the scenes has only grown more complex — especially for medium-to-large sized enterprises who rely upon software for their operations.

Though many enterprises have sought to embrace the approach of “security by design” — that is, thinking through security ramifications of every new update, build, product, or system change — the truth is, it can be very hard even for experienced and well-staffed infosec teams to understand their entire system and the ramifications of making any change, even necessary ones like updating firewalls and protections.

But Prime Security thinks it has the solution: the Israeli-founded startup is today announcing the beta release of its AI-powered system that monitors your enterprise’s entire network and stack and proactively flags for you risks, suggested changes and actions you can implement, as well as sorting them into tangible buckets of what you should do: “Analyze,” “Monitor” or “Intervene.” This helps security teams prioritize their work at a glance.

The company has also announced that it has raised $6 million in seed funding, led by Foundation Capital with participation from Flybridge Capital Partners and prominent angel investors.

Michael Nov, Prime Security’s CEO and co-founder, pointed out that delays and slowdowns due to late-stage security interventions are a widespread problem across software reliant industries.

“I discovered very early on that product velocity is fully dependent on product security,” he told VentureBeat in a video call interview earlier this week. “I cannot move an inch without protection, and the challenge I kept running into was developers saying, ‘I’m stuck in security.’ Security was always seen as the bad guy.”

Addressing Security at the Design Stage

Prime Security’s newly unveiled product integrates security guardrails into the design phase of the Software Development Life Cycle (SDLC).

By using artificial intelligence — specifically fine-tuned versions of proprietary models available through a major cloud provider, trained on synthetic data specifically generated by Prime to account for common and less common enterprise security needs — the platform helps teams detect, prioritize, and mitigate security risks before coding even begins.

This proactive approach enables organizations to incorporate security best practices into their software products from the outset, reducing the likelihood of vulnerabilities later in the development process. Nov knows the problems of trying to stay secure and on deadline firsthand.

“We started Prime because I missed a deadline for a very large enterprise customer due to security issues,” Nov said. “I realized the problem started in the design phase, where security wasn’t being addressed proactively.”

The product, now available in private beta, helps eliminate these roadblocks by removing friction between security and engineering teams.

The AI-driven platform integrates with tools like Jira and Confluence, analyzing tasks in real time and providing immediate security recommendations to developers.

“We flag tasks that introduce risk and proactively provide security reviews. Engineers don’t have to wait for time with security; they get recommendations directly in Jira,” Nov added.

Seed Funding to Fuel Growth

Prime Security’s $6 million seed round will be used to expand its research and development efforts and grow its sales and engineering teams.

The company operates out of offices in New York and Tel Aviv and plans to use the new funding to further enhance its AI-driven platform and support business growth.

The funding round was led by Foundation Capital, with participation from Flybridge Capital Partners and a group of influential angel investors, including Sam Gutmann, co-founder and CEO of Own Company; Adrian Kunzle, CTO of Own Company; Assaf Keren, CSO of Qualtrics; Dimitri Sirota, co-founder and CEO of Bigid; Michael Callahan, a board member at Datadog; and Omer Schneider, co-founder and CEO of CyberX. This experienced group will play a key role in guiding Prime Security’s strategic direction.

Key Features of the Product

Prime Security’s platform focuses on several critical areas of security:

• Security Gaps in Product Architecture: Detecting issues such as authorization errors, unencrypted sensitive data, expired sessions, and improper role-based access control.
• Design Stage Security Violations: Identifying risks such as unapproved external entities, unrestricted network access, and misassigned administrative tasks.
• Audit and Compliance Violations: Addressing concerns like unauthorized transfers of personally identifiable information (PII), incomplete security policies, and insufficient audit trails.

The product helps organizations take proactive measures, something Nov emphasized as crucial for modern security practices. “Why are you paying out bug bounties? Because you have issues in your software that are found by others. I’m telling you, be proactive about it. Solve it at inception and solve it efficiently,” he said.

By leveraging a combination of traditional and modern AI technologies, the platform interprets complex, unstructured data from Jira tickets and Confluence documents, making recommendations based on the specific risks and context.

“What we do is automate a fully manual, consultative process. The planning stage, where security needs to intervene, is all unstructured data—JIRA tickets, Confluence docs. We use Gen AI to provide consistent, scalable recommendations,” Nov explained.

The interface is designed to be intuitive and actionable, as seen in the platform’s workflow. Users can track security tasks, review recommendations, and address compliance issues in real time.

Differentiation and Competition

Nov also addressed how Prime Security stands apart from other players in the space, including established companies like Apiiro, Remy Security, Snyk, and ShiftLeft. Prime’s primary differentiator, according to Nov, is its ability to provide not only risk identification but also actionable recommendations that close the loop. “Security teams are tired of getting a million alerts—they want solutions, not just problems. That’s where we differentiate ourselves,” he explained.

While companies like Snyk have partnered with consulting services for design-stage security, Nov pointed out that their solutions often focus on the code stage rather than the design phase, which leaves a gap in early risk detection. “This is just validation that the problem is large. Snyk, for example, partnered with Deloitte to provide consulting services to the design stage, but they don’t currently have a product for it. They shift left to the code, and when the code is there, there’s a wide variety of tools available,” Nov said.

Prime also intends to align with broader industry initiatives. “We fully intend to sign the Secure by Design pledge once we’re out of stealth,” Nov mentioned, referring to the initiative led by the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

Nov emphasized that Prime’s focus on the design stage of development allows it to offer more comprehensive solutions compared to competitors. “We’re familiar with both Apiiro and Remy. Apiiro’s solution is relatively lightweight—it’s one of the solutions they offer, but not their focus end-to-end. Remy focuses predominantly on identifying risks, but they don’t provide the recommendation to close the loop,” he added.

Industry Response and Market Potential

The importance of embedding security into the design phase of software development is gaining recognition, particularly as regulatory bodies emphasize secure-by-design principles. Standards from organizations like NIST and ISO advocate for incorporating security controls early in product development, a shift that aligns with Prime Security’s approach.

However, scaling security efforts in large organizations has long been a challenge. “There’s one security person for every 150 developers. It’s unscalable, and this friction always happens,” Nov noted. “Our customers keep telling us that the biggest benefits are preventing late remediation and being able to scale their security teams without adding headcount.”

By automating security interventions at the design stage, Prime Security provides companies with the ability to detect risks early, minimizing the need for costly and time-consuming remediation later on. “Security must be scalable before you write code. That is our premise. You have to deploy security before code is written, not after,” Nov emphasized.

Assaf Keren, Chief Security Officer of Qualtrics, highlighted the value of Prime’s solution, particularly its ability to multiply the productivity of security teams. “In today’s rapidly evolving digital landscape, balancing development efficiency with robust security has never been more critical,” he said.

Looking Ahead

With the support of its investors and a clear market need for early-stage security solutions, Prime Security is poised to make a significant impact in the product security space. Sid Trivedi, a partner at Foundation Capital, highlighted the company’s potential to disrupt traditional security approaches by bringing advanced AI to the forefront of product design. “Prime introduces a new opportunity for security teams to leverage modern AI infrastructure with an impressive vision for the future of product security,” Trivedi said.

Prime Security’s product is now available in private beta, and the company is actively working on expanding its features and capabilities as it seeks to help more organizations address security challenges at the earliest stages of software development.