Legit Security raises $40M to help enterprises identify app vulnerabilities and deliver software securely

Legit Security, an Israeli cybersecurity startup that provides application security for enterprises, has raised $40 million in a Series B funding round led by CRV, with participation from existing investors Cyberstarts, Bessemer Venture Partners, and TCV. The last round brings Legit total funding since inception to $77 million.

Initially focused on securing software supply chains, Legit has evolved to consolidate vulnerabilities from various sources. It integrates seamlessly with traditional application security tools, providing risk assessments for these vulnerabilities alongside its native findings.

Legit CEO Roni Fuchs said the company will use the fresh capital infusion will be primarily directed toward augmenting sales, marketing, and research and development efforts. Additionally, they will be employed to confront the evolving challenges posed by artificial intelligence (AI) and large language models (LLMs) in the realm of new application development. In addition, this investment will facilitate the expansion of Legit’s workforce, with a targeted increase from the current 78 employees to over 100 by year-end.

Founded in 2020 by CEO Roni Fuchs, along with co-founders Liav Caspi and Lior Barak, Legit offers an enterprise Software as a Service (SaaS) solution designed to safeguard an organization’s software supply chain against potential security threats. The company’s comprehensive approach encompasses the protection of enterprise software supply chains from attacks and extends to the management of application security posture throughout the entire software development lifecycle, spanning from code creation to cloud deployment.

“Today, application security is a diverse industry with dozens of point solutions that have not yet consolidated into broader, more capable platforms. There are enormous opportunities to modernize app security and bring a broader platform to market to address these needs,” Fuchs told TechCrunch in an email.

Prior to launching Legit, Roni Fuchs and his fellow co-founders, Liav Caspi and Lior Barak, collectively served in the cyber warfare division of the Israel Defense Forces (IDF). Subsequent to their military service, this trio of experienced professionals pursued careers in the field of cybersecurity, holding roles at prominent companies such as Microsoft and Checkmarx, a notable firm specializing in application security testing.

Drawing upon their combined experiences in both governmental and private sector roles, Fuchs, Caspi, and Barak have arrived at the conviction that conventional application security scanners have, to a significant extent, fallen short in aiding enterprises to comprehend risk, allocate resources judiciously, and execute effective measures.

In just three years after its inception, Legit now boasts an esteemed clientele that includes renowned companies including Google, the New York Stock Exchange (NYSE), Kraft Heinz, and Takeda Pharmaceuticals.

“Traditional scanners are highly technical, lack broader context, and provide focus on a very narrow section of overall application risk,” Fuchs said. “In addition, securing apps requires cooperation between security, engineering, and DevOps, which is very challenging to operationalize at scale — and requires new solutions to help bridge the gap.”

The news of this funding round coincided with another noteworthy development in the Israeli cybersecurity landscape. Yesterday, another Israeli cybersecurity startup Cato Networks successfully secured $238 million in a late-stage funding round, effectively valuing the company at a substantial $3 billion. In recent years, Israel has asserted its prominence as a leading global player in the realm of cybersecurity.