legit Security
Legit Security has raised $77M to secure modern software development with ASPM and AI code security tools, including VibeGuard.
Legit Security is a cybersecurity company focused on helping enterprises identify, prioritize, and remediate risk across the software development lifecycle. Founded in Sept. 2020 by Roni Fuchs, Liav Caspi, and Lior Barak, the company operates from Boston, Massachusetts, with major R&D operations in Tel Aviv, Israel. Legit Security operates in the rapidly growing Application Security Posture Management (ASPM) category, helping organizations understand risk across development environments, source repositories, CI/CD pipelines, cloud infrastructure, and software supply chains.
The company has raised $77M across Seed, Series A, and Series B funding rounds. Investors include Cyberstarts, Bessemer Venture Partners, TCV, and CRV. Enterprise customers include Google, NYSE, Kraft Heinz, Takeda Pharmaceuticals, Netskope, and Chipotle. Legit Security matters because software development is undergoing a structural shift as AI-generated code moves from experiment to production reality, creating security challenges that traditional tools were never designed to address.
About Legit Security
Most cybersecurity startups begin with a threat. Legit Security began with a workflow. The founders saw software development changing faster than security teams could adapt. Development pipelines were expanding, open-source dependencies were multiplying, cloud-native architectures were creating new layers of complexity, and AI accelerated every trend simultaneously. That combination created a problem many enterprises recognize immediately: security tools operating in isolation, generating alerts without context and findings without prioritization.
Legit Security was built to address that visibility gap. The company's ASPM platform connects data across the software development lifecycle, helping organizations understand where risks originate, how they connect, and which issues deserve attention first. The platform sits at the intersection of application security, software supply chain security, cloud security, and AI governance, categories that are increasingly converging inside large enterprises.
Why Legit Security Matters Right Now
Cybersecurity often moves in cycles. Attackers find a weakness, defenders build a tool, and eventually both sides move on to the next battleground. AI is creating an entirely new battlefield. The conversation around AI coding tools frequently focuses on productivity. Engineering teams can generate code faster, prototype faster, and ship features faster, but security teams now have to understand software that may have been partially written by models, agents, or automated workflows.
Legit Security's launch of VibeGuard in Nov. 2025 reflects a growing recognition that AI-assisted development requires new security controls. The platform is designed to help organizations monitor AI-generated code, identify vulnerabilities earlier, and provide visibility into AI usage throughout development environments. Gartner later recognized VibeGuard as a Sample Vendor for mitigating risks associated with agentic coding tools, validating a category that is still taking shape. The broader signal is difficult to ignore: security spending is increasingly shifting from isolated scanning tools toward platforms capable of providing context across complex development ecosystems.
The Problem Legit Security Is Solving
Software security once followed a relatively straightforward sequence. Developers wrote code, security teams reviewed code, and production environments ran code. That sequence no longer exists in many organizations. Modern software development involves repositories, CI/CD systems, cloud infrastructure, APIs, containers, third-party dependencies, automation frameworks, and AI-powered coding assistants. Every layer introduces new opportunities for risk.
Legit Security's 2025 State of Application Risk Report illustrates the scale of the challenge. The company found that 100% of organizations assessed had high or critical risks in development environments and exposed secrets in code, while 89% experienced pipeline misconfiguration issues. Those findings reveal something larger than individual vulnerabilities. The software factory itself has become a security perimeter, and organizations increasingly need visibility into how software is built, not just how it behaves after deployment. That shift is one of the primary forces driving adoption of ASPM platforms across enterprise cybersecurity programs.
Market Context
Application Security Posture Management has emerged as one of the most closely watched categories in enterprise cybersecurity. Gartner formally recognized ASPM because security teams increasingly needed a way to connect fragmented application security data into a single operational view. Legit Security is not alone in pursuing this opportunity. Companies such as Ox Security, Apiiro, Endor Labs, and ArmorCode are also addressing different aspects of application security visibility, software supply chain security, and risk prioritization. The presence of multiple well-funded competitors is often one of the strongest indicators that a category has moved beyond experimentation and into enterprise adoption.
The company's customer roster, including Google, NYSE, Kraft Heinz, Takeda Pharmaceuticals, Netskope, and Chipotle, suggests the problem extends across industries. Whether an enterprise is managing financial infrastructure, healthcare systems, consumer services, or cloud platforms, software development has become central to business operations. Investors appear to share that view. Legit Security has raised $77M, including a $30M Series A led by Bessemer Venture Partners and TCV and a $40M Series B led by CRV, with participation from Cyberstarts, Bessemer Venture Partners, and TCV. At a time when venture capital has become increasingly selective, continued support for application security infrastructure reflects confidence in the category's long-term relevance.
Leadership and Team
Legit Security's leadership team combines backgrounds across cybersecurity, engineering, product development, and operations. CEO Roni Fuchs, CTO Liav Caspi, and COO and GM Israel Lior Barak founded the company in Sept. 2020. The broader executive team includes CMO Dave Howell, VP of Product Yoav Stahl, Head of Engineering Omri Arnon, VP of Human Resources Tamar Nulman, Head of Customer Success Harel Gradus, and Field CTO Yoav Golan.
The founding team shares roots in Israel's Unit 8200, widely considered one of the world's most influential cybersecurity and intelligence training grounds. Over the past decade, Unit 8200 alumni have founded or helped build many of the cybersecurity companies that now shape enterprise security markets globally. That leadership composition reflects a practical reality within cybersecurity startups: building security products requires technical credibility, but scaling those products into large enterprises requires operational discipline, customer alignment, and market execution.
Why Hiring Momentum Matters
Hiring is often treated as a company milestone. In reality, it is frequently a market signal. Legit Security continues to hire for roles including Senior Product Manager and Security Team Analyst Lead. The significance is less about the specific positions and more about what they imply.
Companies expand teams when demand requires additional capacity. Security infrastructure companies frequently hire ahead of customer demand because deployment complexity grows alongside enterprise adoption. Continued investment in product and security talent suggests Legit Security sees increasing demand for application security visibility, software supply chain protection, and AI-related security controls. For operators tracking enterprise software trends, hiring momentum often reveals confidence before revenue figures ever become public.
What This Signals for Cybersecurity
The cybersecurity industry spent years focused on protecting networks, endpoints, and cloud infrastructure. The next major battle may be the software creation process itself. As AI becomes embedded in development workflows, organizations will need security platforms capable of understanding how software is produced, not merely how it performs after deployment.
Legit Security's strategy reflects that transition. The company's focus on ASPM, software supply chain security, and AI-generated code points toward a future where software development environments become first-class security assets rather than secondary considerations. That shift could reshape how enterprises evaluate risk, allocate security budgets, and govern AI-assisted development over the next decade.
Frequently Asked Questions
What is Legit Security?
Legit Security is a cybersecurity company that provides an Application Security Posture Management platform designed to help enterprises identify, prioritize, and remediate risks across software development environments.
What does ASPM mean?
Application Security Posture Management (ASPM) is a cybersecurity category focused on identifying, prioritizing, and managing risk across the software development lifecycle.
What is VibeGuard?
VibeGuard is Legit Security's AI code security platform designed to help organizations monitor and secure AI-generated code and agentic development workflows.
How much funding has Legit Security raised?
Legit Security has raised $77M across Seed, Series A, and Series B funding rounds backed by Cyberstarts, Bessemer Venture Partners, TCV, and CRV.
Who founded Legit Security?
Legit Security was founded by Roni Fuchs, Liav Caspi, and Lior Barak in Sept. 2020.
Which companies use Legit Security?
Publicly referenced customers include Google, NYSE, Kraft Heinz, Takeda Pharmaceuticals, Netskope, and Chipotle.
Why is AI-generated code creating new security challenges?
AI-generated code increases development speed but can introduce vulnerabilities, exposed secrets, insecure dependencies, and governance challenges that require new security controls.
How does Legit Security compare to traditional application security tools?
Traditional tools typically focus on isolated scanning functions. Legit Security's ASPM platform aims to provide visibility, context, and prioritization across the entire software development lifecycle.
