In 2019, Jyoti Bansal co-founded San Francisco-based security company Traceable alongside Sanjay Nagaraj. With Traceable, Bansal — who previously co-launched app performance management startup AppDynamics, acquired by Cisco in 2017 — sought to build a platform to protect customers’ APIs from cyberattacks.
Attacks on APIs — the sets of protocols that establish how platforms, apps and services communicate — are on the rise. API attacks affected nearly one-quarter of organizations every week in the first month of 2024, a 20% increase from the same period a year ago, according to cybersecurity firm Check Point.
API attacks take many forms, including attempting to make an API unavailable by overwhelming it with traffic, bypassing authentication methods, and exposing sensitive data transferred via a vendor’s APIs.
“There’s a lack of recognition of the criticality of API security,” Bansal told TechCrunch in an interview, “as well as ignorance of the ever-growing attack surface in APIs and a resistance to embrace API security due to entrenched investments in security solutions that don’t address the API security problem directly.”
To Bansal’s point, more and more businesses are tapping APIs in part thanks to the generative AI boom, but in the process are unwittingly exposing themselves to attacks. Per one recent study, the number of APIs used by companies increased by over 200% between July 2022 and July 2023. Gartner, meanwhile, predicts that more than 80% of enterprises will have used generative AI APIs or deployed generative AI-enabled apps by 2026.
Traceable tries to shield these APIs by applying AI to analyze usage data to learn normal API behavior and spot activity that deviates from the baseline. Traceable’s software, which runs on-premises or in a fully managed cloud, can discover and catalog existing and new APIs, including undocumented and “orphaned” (i.e., deprecated) APIs in real time, according to Bansal.
“In order to detect modern threat scenarios, Traceable trained in-house models by fine-tuning open source large language base models with labeled attack data,” Bansal explained. “Our platform provides tools for API discovery, testing, protection and threat hunting workflows for IT teams.”
The API security solutions market is quickly becoming crowded, with vendors such as Noname Security, 42Crunch, Vorlon, Salt Security, Cequence, Ghost Security, Pynt, Akamai, Escape and F5 all vying for customers. According to Research and Markets, the segment could grow at a compound annual growth rate of 31.5% from 2023 to 2030, buoyed by the increasing threats in cybersecurity and the demand for more secure APIs.
But Bansal claims that Traceable is holding its own, analyzing around 500 billion API calls a month for ~50 customers and projecting revenue to double this year. Most of Traceable’s clients are in the enterprise, but Bansal says the company’s investigating piloting with governments.
“Traceable is building a long-term sustainable company, which from a financial perspective means that we have a very healthy margin profile that continues to improve as our revenue grows,” he said. “We’re not profitable today by choice, as we’re investing into the business responsibly. … Our focus is on strategic investments maximizing return, not simply spending.”
To that end, Traceable today announced that it raised $30 million in a strategic investment from a group of backers that included Citi Ventures (Citigroup’s corporate venture arm), IVP, Geodesic Capital, Sorenson Capital and Unusual Ventures. Valuing Traceable at $500 million post-money and bringing its total raised to $110 million, the new cash will be put toward product development, scaling up Traceable’s platform and customer engineering teams and building out the company’s partnership program, Bansal said.
Traceable currently has ~180 staffers. Bansal expects headcount to reach 230 by year-end 2024, as the bulk of the new investment goes to hiring.
“Traceable wasn’t fundraising, as we still had substantial cash runway prior to this investment,” Bansal said, adding that Traceable secured a “sizable” line of credit in addition to the new funds, “but we received significant inbound demand from investors. With the combination of the strategic alignment with Citi Ventures and the attractive terms of the investment, we decided to take a smaller investment now to accelerate our product and go-to-market initiatives before thinking about a more substantial fundraise.”