As AI-assisted coding accelerates development velocity by orders of magnitude, security teams face an expanding crisis: they can manually review only 10-15% of planned work before release, leaving 85% to chance. This gap creates a dangerous paradox where development runs at machine speed while security crawls through an assembly line process, dependent on scarce expertise that simply doesn’t scale. The industry suffers from a 4.8 million cybersecurity professional shortage globally, with product security teams operating at ratios as low as one security engineer for every 100 developers. Prime Security addresses this imbalance with the first Agentic Security Architect, autonomous AI agents that conduct security design reviews at the planning stage rather than after code is written. By embedding directly into engineering workflows and analyzing all development tasks before a single line of code appears, Prime delivers 100% coverage of planned work while reducing manual effort by more than 60% and accelerating risk resolution by up to 30x. The company works with PayPal, Qualtrics, Bumble, ThoughtSpot, and Redis Labs, helping development teams exceeding 200 engineers identify and address design flaws in under 20 minutes rather than days.
AlleyWatch sat down with Prime Security CEO and Cofounder Michael Nov to learn more about the business, its future plans, recent funding round that brings the company’s total funding to $26M, and much, much more…
Who were your investors and how much did you raise?
We raised a $20M Series A in a round led by Scale Venture Partners, with participation from Foundation Capital and Flybridge Ventures.
Tell us about the product or service that Prime Security offers.
Let me share a few facts about the problem we are solving first. Fixing a security vulnerability in production costs 100x more than addressing it during design, yet most organizations still struggle to shift security left. Additionally, the industry is facing a massive talent shortage of 4.8 million cybersecurity professionals globally and for every 100 developers, there’s typically only one security expert. As a result, security teams are overwhelmed, unable to manually review every application. It’s not surprising that only about 10% of organizations believe their threat modeling meaningfully covers 90% or more of their applications, meaning most software isn’t reviewed. This combination of soaring costs, scarce expertise, and incomplete coverage is exactly the gap we are building Prime security to close.
We are developing a new era of Product Security, where AI agents bring security into the design stage of every software project and feature. Our flagship product, the Agentic Security Architect, autonomously conducts security design reviews and proactively identifies design flaws across development work. By embedding directly into engineering workflows, Prime enables organizations to accelerate reviews, cut manual effort and cost by more than 60%, and achieve nearly full coverage across planned development tasks.
What inspired the start of Prime Security?
When my cofounders and I started Prime almost two years ago, our hypothesis was that security isn’t keeping up with development. Despite the many tools, day-to-day security engineering and architecture work still felt manual, fragmented, and slow.
We experienced this problem first-hand. Dima’s previous security teams at PayPal were always playing catch-up, while Matan, Danny, and I were delaying releases at Own because of last-minute security requirements.
Today, this problem is significantly worse. Something that we didn’t expect was just how fast development itself would evolve. Everyone has become an engineer. AI-powered coding tools have exploded. Velocity has gone through the roof, and the bottleneck for security has grown by 5×.
How is Prime Security different?
We are building a new category of security software by bringing automation to a critical moment in the product development life cycle: the design-stage. In the past, most security teams have been focused on threat modeling once products were built but recently there is a growing movement towards “preemptive security”. We are calling this new market: Design-stage Risk Management.
What market does Prime Security target and how big is it?
We are targeting Enterprise Software companies that have over 150 developers. Teams of this size will usually have a Product Security function however they are typically handicapped by an imbalanced ratio between software and security engineers. Some sources put that ratio at 100:1, which is pretty alarming, and means that, on average, companies only perform security reviews for 15-20% of the software they develop. That is where Prime’s Agentic Security Architect comes in.
What’s your business model?
We are a B2B Enterprise SaaS software company that sells directly to product and application security professionals. These teams roll up to the Chief Information Security Officer in most organizations.
How are you preparing for a potential economic slowdown?
We don’t have plans to change how we operate. Our Agentic Security Architect delivers cost savings and efficiency to our clients, making us mission-critical rather than a discretionary expense. Additionally, a slowdown often accelerates digital transformation so we view this as an opportunity to capture market share by proving the value of Prime Security’s solutions.
What was the funding process like?
We are very fortunate to have some very experienced and esteemed investors leading our Seed round, therefore we were able to lean on them for guidance when raising a Series A. In addition, we have had some big wins this year that have helped establish real confidence in our product market fit leading into the fundraising. For example, we partnered with PayPal, Qualtrics and Bumble, among others, and we won first place at BlackHat USA’s Startup Spotlight Competition.
What are the biggest challenges that you faced while raising capital?
We prioritized finding an investor whose mandate and experience aligned with our long-term vision and who understands both the technology and the path to scale. We avoided purely capital-driven offers, instead focusing on the quality of the partnership and the value-add they bring in terms of strategic guidance and network access. We were ultimately successful in finding that ideal fit with Scale Venture Partners. Not only do they have deep domain expertise and operational support, but I know that they will push myself and the team to ensure Prime reaches its next phase of growth.
What factors about your business led your investors to write the check?
First and foremost, they believe in our team. When evaluating the deal they saw a world-class team that constantly delivers customer value quickly, demonstrating the ability to stay at the forefront of a competitive and fast moving market. They also recognize the growing opportunity, which is driven by faster software development and the corresponding loss of security control. They see that Prime’s platform is providing the leverage that security teams need to solve this imbalance.
What are the milestones you plan to achieve in the next six months?
We are working to create a new category within product security called Design-stage Risk Management and, of course, to position Prime as the market leader. We’ll be continuing to expand the features and capabilities of the platform with specific emphasis on built in flexibility. And finally, we will be growing the team across all functions to support our accelerating growth.
Where do you see the company going now over the near term?
Our mission is to ensure that all enterprises have the tools they need to accelerate their business with risk aware decisions. That starts by giving them the platform they need to solve security issues at the design-stage, before any code is written.
What advice can you offer companies in New York that do not have a fresh injection of capital in the bank?
I recommend prioritizing cash flow and profitability by cutting discretionary spending where possible and aggressively focusing on customer acquisition. Also focus on expanding your business model by looking for ways to extract more value from your current customer base. And on the funding side, New York State and City offer various resources, such as loan and grant programs, that are designed to support companies without traditional VC backing.
