Last month, we published our thesis on Agents for Security, arguing that AI agents would reshape some of today’s largest categories (and incumbents) in cybersecurity. We identified vulnerability management as particularly ripe for disruption: Organizations face hundreds of thousands of critical vulnerabilities but can only remediate a fraction, while the window between disclosure and exploitation has collapsed from weeks to mere hours. Traditional scanners generate overwhelming alerts without the intelligence to prioritize what matters, leaving even well-defended enterprises dangerously exposed.
The convergence of these forces—incumbents struggling against AI-powered threats and AI agents now capable of autonomous security operations—creates a rare opening for category-defining companies. Today, we’re thrilled to announce that Menlo Ventures is leading Zafran’s $60M Series C, with continued participation from Sequoia Capital and Cyberstarts.
Why Detection Alone Isn’t Enough
Every Fortune 500 company that suffered a major breach in recent years had best-in-class security suites already installed. The problem wasn’t detection—it was the inability to understand which vulnerabilities truly threaten their environment and fix them before attackers strike.
Traditional vulnerability scanners generate thousands of “critical” alerts based on generic CVSS scores, treating a vulnerability on an internet-facing server the same as one protected behind six layers of security controls. Security teams drown in false positives while genuinely exploitable threats slip through. This challenge compounds as vulnerability volumes explode, exploitation windows collapse, and the cybersecurity workforce gap surpasses four million professionals. Human-speed security operations can no longer defend against machine-speed attacks.
Enter Zafran
Zafran’s platform reimagines vulnerability management as an intelligent system that understands actual exploitability and takes autonomous action, consolidating what has historically been fragmented across dozens of point solutions.
Zafran’s core innovation is analyzing whether deployed defenses like EDRs, firewalls, and cloud security platforms already mitigate identified threats. This contextual approach cuts through the noise that plagues traditional scanners, allowing security teams to focus on vulnerabilities that genuinely matter.But superior prioritization is just the foundation. This September, Zafran launched agentic remediation capabilities that can assess impact, analyze dependencies, and coordinate deployment across infrastructure. By first establishing trust through accurate threat intelligence, Zafran creates the foundation for AI agents to eventually automate fixes. This could transform the company from a software platform into a replacement for expensive vulnerability management services, positioning it to eventually displace the legacy tools it currently integrates with while addressing a market that represents over $10 billion in annual spend across fragmented incumbents.
Right Team, Right Time
Building AI agents that can autonomously remediate vulnerabilities requires deep understanding of how attackers actually operate. Co-Founder & CEO Sanaz Yashar spent years in the Israeli intelligence service and led threat intelligence at Mandiant; Co-Founder & CTO Ben Seri discovered BlueBorne, a vulnerability affecting billions of devices, as VP of Research at Armis; and Co-Founder & CPO Snir Havdala graduated from Israel’s elite Talpiot program before eventually leading security research for Israeli Military Intelligence.
What separates great security companies from good ones is the ability to earn trust with enterprises on their most critical systems, then expand from insights to autonomous action. We’ve been impressed by Zafran’s ability to do exactly that: proving value through superior threat intelligence before introducing agents that can fix vulnerabilities autonomously.
Looking Ahead
The vulnerability management market has been long overdue for change. Legacy vendors built for human-scale operations cannot keep pace with AI-powered threats or deliver the autonomous remediation that enterprises desperately need. As agentic capabilities mature, Zafran is positioned to consolidate a massive, fragmented market and establish the new standard for how organizations defend against modern attacks.
We’re excited to partner with Sanaz, Ben, Snir, and the entire Zafran team as they build what vulnerability management should have been all along: intelligent, automated, and built for the era of AI.
Rama is a partner at Menlo Ventures, focused on investments in cybersecurity, AI, and cloud infrastructure. He is passionate about partnering with founders to build the next generation of cybersecurity, infrastructure, and observability companies for the new AI stack. Rama joined Menlo after 15 years at Norwest Venture Partners, where…
Venky is a partner at Menlo Ventures focused on investments in both the consumer and enterprise sectors. He currently serves on the boards of Abnormal Security, Aisera, Appdome, Aurascape, BitSight, ConverzAI, MealPal, Obsidian, Sonrai Security, and Unravel Data. Prior to joining Menlo, he was a managing partner at Globespan Capital…
As an investor at Menlo Ventures, Sam focuses on SaaS, AI/ML, and cloud infrastructure opportunities. She is passionate about supporting strong founders with a vision to transform an industry. Sam joined Menlo from the Boston Consulting Group, where she was a core member of the firm’s Principal Investors and Private…
