Spectral has left stealth mode and announced $6.2M in funding for their developer-first code security scanner. The Tel Aviv-based DevSecOps startup, founded by Dotan Nahum, Lior Reuven, Uri Shamay and Idan Didi, uses the first hybrid engine that combines hundreds of detectors with AI in order to find, prioritize and block costly coding mistakes. The seed round was led by Amiti and MizMaa.
When a company's code isn't secure, their data isn't secure. Exposing internal API keys or committing passwords and other sensitive access credentials to repositories and cloud providers, can give bad actors unauthorized access to codebase and developer assets, and from there, quickly lead to severe security breaches.
Spectral's recent data shows that 35% of organizations that have a strong open-source posture had at least one public leak. In addition, close to 50% of the leaks are due to bad security originating from personal employee accounts and shadow accounts on cloud services like GitHub, Dockerhub, npm, and others.
With increasing demand to produce more, better quality software in less time, a tiny mistake by an ambitious R&D team can have a disproportionate impact on the business, costing a company millions in fines, lost revenue and reputation. IBM estimates that even small security breaches cost US companies an average of $8.2M.