For enterprises, being able to study data unlocks much more than new ways to make money. The modern enterprise tech stack is mind-bogglingly complex — it employs dozens of tools that work together and break things in uniquely different ways, which is why being able to analyze data streams lets companies understand when, where, and why things break.
But security teams can’t wait until something’s broken to fix it. To use a metaphor: an alarm that hasn’t gone off for a while cannot be trusted to be working. And the modern security stack is so dense with tools that a small change in one tool could have unpredictable downstream effects that may compromise detection and response capabilities.
Fig Security, a startup by veterans of Israel’s cyber and data intelligence units 8200 and Mamram, claims to help security teams deal with that by monitoring the security stack to see if their rules, mitigation tools, and detection and response capabilities are functioning or skewed off course by changes. The startup just came out of stealth with $38 million in seed and Series A funding, TechCrunch has exclusively learned.
In a nutshell, the startup’s tech traces data flows in the security stack, from the origin at sources through data pipelines and data lakes to security orchestration and automation response platforms, and then alerts security teams when changes at any point affect detection or response capabilities. The platform also allows companies to simulate how new fixes, patches, or changes could affect their system before they’re deployed.
“Instead of looking at the data and tracing it forward and seeing where it ends up, we look at your detections because that is the thing that you need to work,” Fig’s CEO and co-founder, Gal Shafir (pictured above, center), explained to TechCrunch. “Detection or response is the single source of truth, and then we back-trace the health and what needs to happen on the data in order for it to trigger the detection when something happens. And then we alert [the security team] if something has an inconsistency in real time.”
Shafir said Fig does this by sampling a company’s data as it flows through different tools in the infrastructure and understanding how it changes through the pipeline. This lets the company create a “data lineage” that can be used to find out how any upstream changes could break security tools downstream in real time.
A screenshot of fig’s platform. Image Credits: Fig Security
The startup says it connects with data links and Security Information and Event Management (SIEM) systems to do all of this, which lets its tech be used with security tools and environments of all sorts.
Techcrunch event
San Francisco, CA
|
October 13-15, 2026
Fig’s launch comes as enterprises evolve in real time, especially with C-suites being pressured to find out how AI-powered tools can help save costs, reduce human errors, and improve efficiency. But the influx of so many tools has made the modern security team’s life even harder. What kind of defenses should a CISO prioritize? What’s the right security posture to take as hackers use AI to mount increasingly sophisticated attacks?
Shafir, who led Google Cloud Security’s global architecture team before starting Fig, says he saw this uncertainty firsthand when meeting with customers while pitching Google’s AI products.
“All of the CISOs, regardless of the team size or the security budget or the company size, were saying, ‘Wait, I understand that AI is really cool, but I don’t know if I trust my detections right now, how can I trust the AI that tells me that everything is fine tomorrow if I don’t trust the data underneath it?’”
That led Shafir and his co-founders, Nir Loya Dahan (CPO), and Roy Haimof (CTO) to the realization that they could solve security teams’ issue with understanding what’s happening on the ground.
“That was the moment that we said, okay, there’s a big problem that people understand that exists, but there is no solution because there’s so many vendors and complex infrastructure, almost by nature. That was the moment for us to stop what we did and quit and go to build Fig,” Shafir said.
Shafir says since launching 8 months ago, Fig now has large enterprise customers in the “low double-digits,” and expects that number to grow to 50 to 100 by the end of the year.
The startup will use the fresh cash to expand in North America and triple its headcount across engineering and go-to-market functions.
Investors in the funding rounds include Team8 and Ten Eleven Ventures, as well as security professionals including Doug Merritt (former CEO of Splunk), Rene Bonvanie (former CMO of Palo Alto Networks), and the founders of Demisto and Siemplify.
