Feb 10, 2022

Salt Security Raises $140 Million Series D Round Led by CapitalG at $1.4 Billion Valuation

Investment cements Salt Security as the leader in API security and supercharges its growth to drive global innovation in API security

PALO ALTO, Calif. – February 10, 2022 – Salt Security, the leading API security company, today announced that it raised $140 million in Series D funding, led by CapitalG, Alphabet’s independent growth fund, with participation from all existing investors. The latest investment brings the valuation of Salt Security to $1.4 billion, bolstering its leadership position in the API security market with the most funding, highest valuation, most customers, and deepest penetration among Fortune and Global 500 enterprises. Salt Security will use the additional capital to expand R&D investment, fuel sales and marketing, and more rapidly grow its international operations to address the growing number of cyber threats targeting APIs.

The investment by CapitalG, less than eight months after Salt Security raised its $70 million Series C round, comes as demand for API security surges, with businesses needing to protect the APIs driving their digital transformation, application mobilization, and other IT modernization initiatives. This round brings the company’s total funding to $271 million, with $210 million raised in the last 12 months.

“Our investment in Salt Security comes at a time of critical importance for the wider business community. APIs are essential to enabling business innovation, but security risks are multiplying at an unprecedented scope and scale. Salt took an innovative, best-in-class approach to building its API security platform leveraging cloud-scale big data, allowing it to effectively detect and stop attacks in the wild while not compromising on strong shift left capabilities,” said James Luo, Partner at CapitalG and Salt Security board member. “Salt Security has a proven record of success as the leading solution in the market, and our conversations with customers made it clear that Salt is providing them with market-leading protection and the fastest time to value. We look forward to partnering with the team at Salt Security to help it catapult into the next tier of market penetration and success.”

All the investors who have backed Salt Security in previous rounds also participated in this raise, including Sequoia Capital, Y Combinator, Tenaya Capital, S Capital VC, Advent International, Alkeon Capital, and DFJ Growth.

"YC Continuity invests only in the very best, category-defining YC companies. Salt Security is one of those companies," said Ali Rowghani, managing director, YC Continuity. "Like fellow YCC companies Stripe in payments and DoorDash in food delivery, Salt will become an iconic security company. Five years ago, the Salt founders had the vision to create this critical category, and they have led it ever since by creating the most secure and robust solution in the industry. The company's innovation and dominance led us to double down on our investment."

In the past year, Salt added a number of leading financial services, insurance, pharmaceutical, eCommerce/retail, and digital services companies to its customer ranks. Recent new customers include Takeda Pharmaceuticals, bp Launchpad (the digital innovation and scale up unit of bp), Markel, Icatu Seguros, Apiture, and Berkshire Bank. In the same period, Salt Security drove:

  • 500% growth in revenue
  • 300% growth in its customer base
  • 250% growth in its employee count
  • 900% growth in signed customers among Fortune 500 and Global 500 companies

Executive and global expansion

Following the Salt Security Series C round in May 2021, the company expanded quickly, hiring several key industry leaders and launching global operations in EMEA and LATAM. Salt also made public the findings and analysis of its security research division, Salt Labs, so Salt can now educate the broader industry on the latest API threats by publishing vulnerability research and other community reports from the industry’s only API-focused security research team.

Salt also hired several executives across a range of functional areas, including:

  • Kfir Lippmann, CFO, who led finances at Monday.com from its early days when it had 40 employees through to its IPO
  • Yaniv Balmas, VP of Research, who is heading up Salt Labs after leading cyber research at Check Point Software Technologies for eight years
  • Jon Peppler, VP of worldwide channels, who led channel initiatives at Bitglass, Menlo Security, and Proofpoint
  • Nico Wagemans, Sales Director for EMEA, who held sales leadership positions at Nutanix and Cohesity
  • Daniela Costa, Sales Director for LATAM, who held sales leadership roles at Arcserve and CA Technologies

Broader API security market trends

In December 2021, Gartner® reviewed its earlier predictions about API attacks, commenting, “On Target: 2017 Prediction — By 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications…. As 2022 approaches, this prediction could arguably be counted as “missed” — but only because we underestimated the steep rise in attacks on APIs.” 1

The proliferation of APIs to support digital transformation, application mobilization, and other IT modernization initiatives, combined with the focus bad actors have put on tapping APIs as an attack vector, have laid bare the reality that traditional tools, such as web application firewalls (WAFs) and API gateways, cannot adequately defend against API attacks and vulnerabilities. In the first half of 2021, malicious API traffic grew more than 340% according to the Salt Security State of API Security Report, Q3 2021. To combat growing threats, the Salt Security API Protection Platform provides a unique approach to API security that leverages its API Context Engine (ACE) Architecture, a cloud-scale big data engine that applies machine learning (ML) and artificial intelligence (AI) to secure APIs. With the industry’s only patent for ML-based API protection, Salt provides its customers with automated and continuous API discovery, detection and prevention of API attacks, and “shift left” capabilities to identify and remediate API vulnerabilities during the build phase.

“APIs provide the foundation for innovation in today’s economy. Our vision for Salt Security has always been to make it safer and easier for companies to innovate by securing APIs in the face of a growing and dynamic attack surface,” said Roey Eliyahu, CEO and co-founder, Salt Security. “We are honored to have CapitalG as our strategic partner as we achieve this vision at global scale and widen our lead in this important industry.”

To learn more about Salt Security or to request a demo, please visit https://content.salt.security/demo.html.

About Salt Security

Salt Security protects the APIs that form the core of every modern application. Its API Protection Platform is the industry’s first patented solution to prevent the next generation of API attacks, using machine learning and AI to automatically and continuously identify and protect APIs. Deployed in minutes, the Salt Security platform learns the granular behavior of a company’s APIs and requires no configuration or customization to pinpoint and block API attackers. Salt Security was founded in 2016 by alumni of the Israeli Defense Forces (IDF) and serial entrepreneur executives in the cybersecurity field and is based in Silicon Valley and Israel. For more information, please visit https://salt.security.

About CapitalG

CapitalG, Alphabet's independent growth fund, invests in remarkable companies transforming the fields of consumer products and services, enterprise tech, cybersecurity, fintech, cryptocurrency and transportation tech. CapitalG partners with growth stage companies in their transition from startup to scale up through hands-on assistance from its in-house growth team and connections to Google's engineering, product, marketing, sales and people operations experts worldwide. More than 2,500 Googlers and Alphabet leaders have already engaged with the companies in which we've invested, including Airbnb, Cloudflare, Collibra, CrowdStrike, DCG, Duolingo, Freshworks, ID.me, Lyft, Orca Security, Robinhood, Stripe, UiPath and Zscaler, among others. Learn more at https://CapitalG.com/.

About Y Combinator

Y Combinator (YC) is a startup accelerator program and investment fund that supports founders at every stage. Since 2005, over 3,500 companies have participated in the accelerator. Today, these companies have an aggregate valuation approaching $1T. YC Continuity (YCC) is a fund that invests in the most elite YC companies from venture stage through IPO. YCC's mission is to help founders transform their fast-moving startups into enduring companies. To date, YCC has invested in about 30 companies including DoorDash, Stripe, Segment, Coinbase, GitLab, and Brex.

  1. Gartner, “Predicts 2022: APIs Demand Improved Security and Management by Shameen Pillai, Jeremy D'Hoinne, John Santoro, Mark O'Neill, Sham Gill, 06 December 2021.” GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Back to News Releases

State of API Security Report Q3 2022

Learn more