The cost of cybercrime has been growing at an alarming rate of 15% per year, projected to reach $10.5 trillion by 2025. To cope with the challenges that this poses, organizations are turning to a growing range of AI-powered tools to supplement their existing security software and the work of their security teams. Today, a startup called Cymulate — which has built a platform to help those teams automatically and continuously stress test their networks against potential attacks with simulations, and provide guidance on how to improve their systems to ward off real attacks — is announcing a significant round of growth funding after seeing strong demand for its tools.

The startup — founded in Tel Aviv, with a second base in New York — has raised $70 million, a Series D that it will be using to continue expanding globally and investing in expanding its technology (both organically and potentially through acquisitions).

Today, Cymulate’s platform covers both on-premise and cloud networks, providing breach and attack simulations for endpoints, email and web gateways and more; automated “red teaming”; and a “purple teaming” facility to create and launch different security breach scenarios for organizations that lack the resources to dedicate people to a live red team — in all, a “holistic” solution for companies looking to make sure they are getting the most out of the network security architecture that they already have in place, in the worlds of Eyal Wachsman, Cymulate’s CEO.

“We are providing our customers with a different approach for how to do cybersecurity and get insights [on]  all the products already implemented in a network,” he said in an interview. The resulting platform has found particular traction in the current market climate. Although companies continue to invest in their security architecture, security teams are also feeling the market squeeze, which is impacting IT budgets, and sometimes headcount in an industry that was already facing a shortage of expertise. (Cymulate cites figures from the U.S. National Institute of Standards and Technology that estimate a shortfall of 2.72 million security professionals in the workforce globally.)

The idea with Cymulate is that it’s built something that helps organizations get the most out of what they already have. “And at the end, we provide our customers the ability to prioritize where they need to invest, in terms of closing gaps in their environment,” Wachsman said.

The round is being led by One Peak, with Susquehanna Growth Equity (SGE), Vertex Ventures Israel, Vertex Growth and strategic backer Dell Technologies Capital also participating. (All five also backed Cymulate in its $45 million Series C last year.) Relatively speaking, this is a big round for Cymulate, doubling its total raised to $141 million, and while the startup is not disclosing its valuation, I understand from sources that it is around the $500 million mark.

Wachsman noted that the funding is coming on the heels of a big year for the startup (the irony being that the constantly escalating issue of cybersecurity and growing threat landscape spells good news for companies built to combat that). Revenues have doubled, although it’s not disclosing any numbers today, and the company is now at over 200 employees and works with some 500 paying customers across the enterprise and mid-market, including NTT, Telit, and Euronext, up from 300 customers a year ago.

Wachsman, who co-founded the company with Avihai Ben-Yossef and Eyal Gruner, said he first thought of the idea of building a platform to continuously test an organization’s threat posture in 2016, after years of working in cybersecurity consulting for other companies. He found that no matter how much effort his customers and outside consultants put into architecting security solutions annually or semi-annually, those gains were potentially lost each time a malicious hacker made an unexpected move.

“If the bad guys decided to penetrate the organization, they could, so we needed to find a different approach,” he said. He looked to AI and machine learning for the solution, a complement to everything already in the organization, to build “a machine that allows you to test your security controls and security posture, continuously and on demand, and to get the results immediately… one step before the hackers.”

Last year, Wachsman described Cymulate’s approach to me as “the largest cybersecurity consulting firm without consultants,” but in reality the company does have its own large in-house team of cybersecurity researchers, white-hat hackers who are trying to find new holes — new bugs, zero days and other vulnerabilities — to develop the intelligence that powers Cymulate’s platform.

These insights are then combined with other assets, for example the MITRE ATT&CK framework, a knowledge base of threats, tactics and techniques used by a number of other cybersecurity services, including others building continuous validation services that compete with Cymulate. (Competitors include the likes of FireEye, Palo Alto Networks, Randori, AttackIQ and many more.)

Cymulate’s work comes in the form of network maps that detail a company’s threat profile, with technical recommendations for remediation and mitigations, as well as an executive summary that can be presented to financial teams and management who might be auditing security spend. It also has built tools for running security checks when integrating any services or IT with third parties, for instance in the event of an M&A process or when working in a supply chain.

Today the company focuses on network security, which is big enough in itself but also leaves the door open for Cymulate to acquire companies in other areas like application security — or to build that for itself. “This is something on our roadmap,” said Wachsman.

If potential M&A leads to more fundraising for Cymulate, it helps that the startup is in one of the handful of categories that are going to continue to see a lot of attention from investors.

“Cybersecurity is clearly an area that we think will benefit from the current macroeconomic environment, versus maybe some of the more capital-intensive businesses like consumer internet or food delivery,” said David Klein, a managing partner at One Peak. Within that, he added, “The best companies [are those] that are mission critical for their customers… Those will continue to attract very good multiples.”

Bitwarden, an open-source password manager for enterprises and consumers, has raised $100 million in a round of funding led by PSG, with participation form Battery Ventures.

Founded initially back in 2015, Santa Barbara, California-based Bitwarden operates in a space that includes well-known incumbents including 1Password, which recently hit a $6.8 billion valuation off the back of a $620 million fundraise, and Lastpass, which was recently spun out as an independent company again two years after landing in the hands of private equity firms.

In a nutshell, Bitwarden and its ilk make it easier for people to generate secure passwords automatically, and store all their unique passwords and sensitive information such as credit card data in a secure digital vault, saving them from reusing the same insecure password across all their online accounts.

Bitwarden’s big differentiator, of course, lies in the fact that it’s built atop an open-source codebase, which for super security-conscious individuals and businesses is a good thing — they can fully inspect the inner-workings of the platform. Moreover, people can contribute back to the codebase and expedite development of new features.

On top of a basic free service, Bitwarden ships a bunch of paid-for premium features and services, including advanced enterprise features like single sign-on (SSO) integrations and identity management.

Bitwarden

It’s worth noting that today’s “minority growth investment” represents Bitwarden’s first substantial external funding in its seven year history, though we’re told that it did raise a small undisclosed series A round back in 2019. Its latest cash injection is indicative of how the world has changed in the intervening years. The rise of remote work, with people increasingly meshing personal and work accounts on the same devices, means the same password is used across different services. And such poor password and credential hygiene puts businesses at great risk.

Additionally, growing competition and investments in the management space means that Bitwarden can’t rest on its laurels — it needs to expand, and that is what its funds will be used for. Indeed, Bitwarden has confirmed plans to extend its offering into several aligned security and privacy verticals, including secrets management — something that 1Password expanded into last year via its SecretHub acquisition.

“The timing of the investment is ideal, as we expand into opportunities in developer secrets, passwordless technologies, and authentication,” Bitwarden CEO Michael Crandell noted in a press release. “Most importantly, we aim to continue to serve all Bitwarden users for the long haul.”

Backed by investors including the Bill and Melinda Gates Foundation and CDC Group, Cropin is set on digitizing the agricultural industry. Today, the company announced the launch of Cropin Cloud, a cloud platform with integrated apps. Founded in 2010, Cropin’s other products are live in 92 countries, it is partnered with over 250 B2B customers and has digitized 26 million acres of farmland. It claims the world’s largest crop knowledge graph of more than 500 crops and 10,000 crop varieties.

Krishna Kumar, the founder and CEO of Cropin, told TechCrunch that Cropin Cloud was developed because the agriculture industry does not have access to a “unified, coherent platform that can enable and help build a wide variety of solutions,” even as it faces disruptions caused by climate change, geo-political tensions, food supply chain disruptions and a growing global population.

“The global ag ecosystem is gigantic in depth and breadth, but strangely, the tools to capture and share data coherently are sorely missing,” he added.

Cropin Cloud can be used by agribusinesses of all sizes. It has three sub-platforms that allow farmers and other stakeholders in the food value chain to access tools for earth observation, remote sensing and data and machine learning to help them better manage crops and harvests.

The first sub-platform is Cropin Apps, which covers a wide range of uses cases: global farming operations management, food safety measures, supply chain visibility, predictability and risk management, tracing food from the farm to table, research and development and production management. It also helps farmers track deforestation and carbon emissions.

Cropin Data Hub, meanwhile, gathers data from different sources for analysis, including on-field farm management apps, IoT devices, drones, remote sensing satellites and weather reports. And finally, Cropin Intelligence uses the company’s 22 contextual deep-learning and AI models to help agribusinesses with data points like crop detection, crop stage identification, yield estimates, irrigation scheduling, pest and disease prediction, nitrogen uptake and harvest date estimation.

Some examples of how Cropin’s technology has been utilized include Unilever’s work with coconut farmers who used the company’s SmartFarm Plus app to record information about how mature trees were, issues they were facing and productivity levels. The app then used that data to provide location-specific advice, like how much coconut sugar farmers were likely to produce.

Cropin also provided insights about the weather, crop management, pest and disease forecasts, nutrient management and soil and water management practices to the World Bank and Government of India in a project that spanned 244 villages, 30,000 farm plots and 77 crop varieties. Cropin says this resulted in a 30% average increase in yield and productivity, with nearly 37% increase in farm revenue.

Since its launch 12 years ago, Cropin has raised a total of $33 million. In addition the Bill and Melinda Gates Foundation’s Strategic Investment Fund and CDC Group, its other investors include ABC World Asia, Chiratae Ventures, Ankur Capital, Beenext and Kris Gopalakrishnan’s family office. Kumar said Cropin is now in the process of fundraising for its Series D round, and aims to raise investments in the range of $50 million to $75 million in the next six months.

Headquartered in Bangalore, Cropin has subsidiaries in the United States, Singapore and the Netherlands. Earlier this year, co-founder and COO Kunal Prasad relocated to the Netherlands to oversee European operations. Kumar says Cropin’s committed annual recurring revenue is $15 million to $25 million and that the company has grown 2.5x over the past few years, and expects to see similar growth this year. “With the launch of Cropin Cloud, we expect 2023 will be a game changer for Cropin in terms of revenue growth,” Kumar said.