In 2017, Jyoti Bansal, who previously co-founded AppDynamics, which was acquired by Cisco in 2017, co-founded Traceable alongside Sanjay Nagaraj, a former investor. Traceable is a San Francisco-based security company that sought to build a platform to protect customers’ APIs from cyberattacks. Attacks on APIs, the sets of protocols that establish how platforms, apps, and services communicate, are on the rise. According to cybersecurity firm Check Point, API attacks affected nearly one quarter of organizations every week in the first month of 2024, a 20% increase from the same period a year ago. API attacks take many forms, including attempting to make an API unavailable by overwhelming it with traffic, bypassing authentication methods, and exposing sensitive data transferred via a vendor’s APIs. “There’s a lack of recognition of the criticality of API security,” Bansal told TechCrunch in an interview, “as well as ignorance of the ever-growing attack surface in APIs and a resistance to embrace API security due to entrenched investments in security solutions that don’t address the API security problem directly.” More and more businesses are tapping APIs in part thanks to the generative AI boom, but in the process, unwittingly exposing themselves to attacks. Per one recent study, the number of APIs used by companies increased by over 200% between July 2022 and July 2023. Gartner predicts that more than 80% of enterprises will have used generative AI APIs or deployed generative AI-enabled apps by 2026. Traceable applies AI to analyze usage data to learn normal API behavior and spot activity that deviates from the baseline. Traceable’s software, which runs on-premises or in a fully managed cloud, can discover and catalog existing and new APIs, including undocumented and “orphaned” (i.e., deprecated) APIs in real time, according to Bansal. “In order to detect modern threat scenarios, Traceable trained in-house models by fine-tuning open source large language base models with labeled attack data,” Bansal explained. “Our platform provides tools for API discovery, testing, protection, and threat hunting workflows for IT teams.” The API security solutions market is quickly becoming crowded, with vendors such as Noname Security, 42Crunch, Vorlon, Salt Security, Cequence, Ghost Security, Pynt, Akamai, Escape, and F5 all vying for customers. According to Research and Markets, the segment could grow at a compound annual growth rate of 31.5% from 2023 to 2030, buoyed by the increasing threats in cybersecurity and the demand for more secure APIs. Bansal claims that Traceable is holding its own, analyzing around 500 billion API calls a month for ~50 customers and projecting revenue to double this year. Most of Traceable’s clients are in the enterprise, but Bansal says the company’s investigating piloting with governments. “Traceable is building a long-term sustainable company, which from a financial perspective means that we have a very healthy margin profile that continues to improve as our revenue grows,” he said. “We’re not profitable today by choice, as we’re investing into the business responsibly … Our focus is on strategic investments maximizing return, not simply spending.” Traceable has ~180 staffers currently. Bansal expects headcount to reach 230 by year-end 2024 as the bulk of the new investment goes to hiring. “Traceable wasn’t fundraising, as we still had substantial cash runway prior to this investment,” Bansal said, adding that Traceable secured a “sizeable” line of credit in addition to the new funds, “but we received significant inbound demand from investors. With the combination of the strategic alignment with Citi Ventures and the attractive terms of the investment, we decided to take a smaller investment now to accelerate our product and go-to-market initiatives before thinking about a more substantial fundraise.”
Traceable Raises $30M to Protect APIs from Cyberattacks
