Security teams have spent years being told their cloud visibility problem is the problem. Ron Arbel, CEO and co-founder of Aryon Security, thinks that diagnosis is wrong — or at least incomplete.
When I spoke with Arbel ahead of the company’s $29 million Series A announcement, he made the point directly: most security teams aren’t suffering from a lack of visibility. They’re drowning in what they can already see. Every finding kicks off the same cycle — prioritization, finding owners, setting expectations, remediation, the back-and-forth with engineering — and then the same categories of issues show up again next month. Adding another layer of detection doesn’t break that loop. It adds to it.
“Customers do not need other tools that show more problems,” he told me. “They need a way to stop the right problems before they reach production, while keeping engineering moving.”
Aryon’s Series A was led by Brightmind Partners, with participation from Datadog Ventures, Skinos Ventures, Blumberg Capital, and Viola Ventures. Total funding now stands at $38 million since the company came out of stealth in 2025. Angel investors include George Kurtz, CEO of CrowdStrike; Robert Herjavec; and Yevgeny Dibrov and Nadir Izrael, CEO and CTO of Armis.
Closing the Gate Before Production
Aryon’s platform, as Arbel describes it, enforces security policies before changes reach production rather than scanning for problems afterward. It applies controls across every path a change can take into a cloud environment — Terraform, CLI, console scripts, third parties, emergency fixes, acquisition integrations. The company says that approach eliminates up to 95% of traditional CSPM alerts.
“Shift left” has been an industry mantra for years, and it’s often easier to say than to operationalize. The real friction point is always engineering. Security controls that slow down deployment or create enough friction tend to get bypassed. Arbel acknowledged that directly, describing the goal as making enforcement “practical, not scary” — guardrails that support engineering rather than create another bottleneck. What that looks like in practice across a complex enterprise environment is something paying customers will bear out over time.
The speed argument is harder to dismiss. I mentioned to Arbel a post by Cris Thomas — known in security circles as Space Rogue — about the Palo Alto GlobalProtect vulnerability that was publicly disclosed on May 13 and actively exploited by May 17. Four days from disclosure to observed exploitation. Most enterprise patch processes, even the well-run ones, involve testing in staging environments before broader rollout. That process assumes a window that no longer reliably exists.
“Today, most attacks are getting so fast that even if you have the best testing tool with the best remediation scheme, it doesn’t help,” Arbel said. “Sometimes it takes five minutes when there is a misconfiguration or vulnerability for an attack to be installed. Everything is going to be faster, and the only way to deal with that is to close the gate.”
Who Is Backing It
The round was led by Brightmind Partners, co-founded by Stephen Ward, who served as CISO at The Home Depot and TIAA before moving to the investment side. Former CISOs backing security startups isn’t unusual, but Ward’s involvement signals something specific: a practitioner who’s lived inside the detect-and-remediate cycle and concluded there’s a better model.
Datadog’s participation as a strategic investor is also worth paying attention to. The observability company has been expanding into security, and strategic investments tend to reflect where a company sees its own roadmap going, not just a financial bet. Datadog helping customers understand what’s happening in production and Aryon trying to prevent bad things from reaching production aren’t inherently competitive positions.
Arbel, CTO Ariel Litmanovich, and CPO Yair Ladizhensky are all veterans of Matzov, the IDF’s elite cybersecurity unit, and built Aryon on the back of their work securing Project Nimbus, Israel’s $7.2 billion national cloud infrastructure. The problem they’re selling a solution to is one they encountered while doing the actual work, not one they identified from a market research report.
Beyond Cloud
The Series A funds R&D expansion and go-to-market buildout. Aryon has been selling into mid-to-large enterprises in regulated industries — healthcare, banking, insurance, telecom, shipping, and industrial — since coming out of stealth.
Arbel said the longer-term vision extends the enforcement model to SaaS and identity. He gave a concrete example: customers are already asking why Aryon can prevent misconfigurations in cloud infrastructure but not in Office 365. Identity, specifically, is an area he flagged. It’s a conversation I’ve been having a lot lately with vendors across different product categories — there’s broad agreement that identity is still the front line regardless of what else you’ve deployed, because getting hold of a valid identity lets an attacker bypass most of what’s downstream.
On AI, Arbel pushed back on the generic messaging saturating the security market. “Customers are really tired of generic AI messaging,” he told me. “AI matters only when it changes the workflow or changes the outcome.” His point wasn’t that Aryon uses AI as a feature — it was that AI is what’s accelerating the underlying problem. More automation means more configuration changes flowing into cloud environments at a pace reactive remediation can’t realistically match.
Preventive enforcement is still an emerging category, and Arbel said as much. Large enterprises don’t typically have a budget line for something they’ve never bought before. But he said the traction they’ve built — convincing large organizations in regulated industries to pay for this — suggests the remediation loop is painful enough that people will pay to exit it.