Runtime Ventures

Today we’re excited to announce our investment in Prequel.dev! As applications grow larger and more complex, gaining true visibility into how they perform and identifying why things break has become a monumental challenge. Lack of visibility can mean bugs, performance issues, and even security vulnerabilities slipping through the cracks. This is where observability and cybersecurity converge. Prequel is redefining software reliability with a platform that turns community-driven knowledge into actionable insights. By capturing failure knowledge from GitHub, Discord, and post-mortems, Prequel creates an extensible library of detectors for open-source bugs, misconfigurations, and more. Welcome to the Runtime Ventures family, Prequel!

Big news, today we’re excited to announce our investment in System Two Security! SOC teams everywhere are drowning in detection chaos, trying to keep up with a flood of alerts and ever-evolving threats. System Two is flipping the script. They’ve built a platform that uses GenAI to simplify and supercharge how SOCs handle detection engineering and threat hunting. The result? Teams can move 10x faster when finding and stopping adversaries. Whether it’s automating threat detection, managing the lifecycle of detections, or translating and sharing attack patterns, System Two is empowering SOCs to stay ahead of the game. Welcome to the Runtime Ventures family, System Two Security!

Today we're excited to announce our pre-seed investment in SplxAI, a team at the forefront of automated AI pentesting. Their flagship product, Probe, discovers hard to find vulnerabilities and provides real-time insights to keep AI apps safe from evolving threats that typical testing measures often miss. SplxAI tackles the unique security headaches that come with GenAI apps, like stopping prompt injections, preventing sensitive data leaks, and making sure companies stay compliant with emerging regulations. Probe integrates seamlessly into the development process, helping Trust and Safety teams spot and fix vulnerabilities before they become problems. The GenAI security market has emerged because more companies are jumping on AI tech, but they’re struggling to keep up with the security side of things. While 93% of organizations are using GenAI tools, only a small fraction are really prepared for the risks that come with them, like cyber threats and compliance issues. This gap is why tools like SplxAI’s Probe are so crucial — they step in where traditional security falls short, offering a proactive approach to keeping AI safe and sound. Welcome to the Runtime Ventures family SplxAI!

We’re thrilled to share that our very own general partner, Michael Sutton, was recently recognized as one of the top 100 early-stage investors in 2024 by Business Insider! At Runtime Ventures, we’re laser-focused on early-stage investments in cybersecurity, and Michael’s recognition is a testament to our thesis. Check out the full list here: https://lnkd.in/gcCnTM5P #VentureCapital #SeedStage #Cybersecurity

Today we're also excited to announce our seed investment in Dodgeball, the industry's first anti-fraud orchestration platform. Dodgeball is an anti-fraud orchestration platform that deploys and integrates all of the third-party fraud solutions that a company has purchased and created: fraud engines, identity intelligence, KYC, MFA, identity verification, cases and investigations. Built for Trust and Safety teams who don’t have the engineering resources to build custom anti-fraud processes that work for them, Dodgeball orchestrates both the technology and human elements of their end-to-end operations. With a no-code engine that puts control of fraud tool integrations and policy definition directly in the hands of an internal team, Dodgeball offers a single pane of glass to investigate and manage visitor risk across the entire transaction journey. Welcome to the portfolio, Dodgeball!  

Today we're excited to announce that Runtime Ventures has led a $3m seed investment in StepSecurity, a company at the forefront of protecting CI/CD pipelines and infrastructure. Compromised workflows, dependencies and build tools can steal source code/credentials, tamper with source code and build artifacts during the build (e.g. the recent XZ utils incident, Codecov breach, Solarwinds attack, ua-parser-js attack and Cloudflare cdnjs security incident). Over 3,000 open-source projects, including those from the Cybersecurity and Infrastructure Security Agency (CISA), Google, Microsoft, Datadog, Kubernetes, Node, and Ruby, use StepSecurity to harden their CI/CD pipelines. While StepSecurity has first focused on fortifying security for users of GitHub Actions, they are also planning to expand coverage to more CI/CD providers (i.e. Gitlab CI, Harness, and Azure DevOps). Welcome to the portfolio, StepSecurity!

Today we're excited to announce our seed investment in Miggo Security! Miggo is the first Application Detection and Response platform, providing the visibility, response and understanding that organizations need to prevent application breaches.  Traditional Appsec methods like code-scanning and vulnerability management are no longer enough. To understand true application risk, focus must be spent on grasping real-time interactions, access controls and usage patterns elements that only reveal themselves in run-time. Welcome to the portfolio, Miggo!