Investing in Myrror Security and The Future of Application Security

By Ilia Shnaidman, vice president, Blumberg Capital

Today, we are excited to announce our investment in Myrror Security, a pioneer in application security for organizations using open-source packages. There was a 740% increase in OSS (Open Source Software) supply chain attacks in 2022, and this trend is only expected to continue. Myrror Security’s solution is the first of its kind to address this growing threat by detecting unknown risks that lead to SDLC breaches via malicious packages.

Myrror Security was founded by Yoad Fekete and Roman Kublin, cybersecurity veterans with a deep understanding of the challenges and opportunities in the application security market. Fekete and Kublin met while serving in the Israeli intelligence unit and went on to multiple cybersecurity roles at companies including RSA, Kaymera, and Microsoft. Zohar Alon, a cybersecurity veteran who sold Dome9 to Check Point and is an angel investor in dozens of companies, joins them as chairman.

             Co-founders Roman Kublin and Yoad Fekete

Myrror Security’s mission is to secure enterprises’ SDLC (Software Development Life Cycle) process amid a growing wave of software supply chain attacks exploiting open-source dependencies and CI/CD pipelines. The company’s AI-backed binary-to-source analysis technology detects unknown threats, such as malicious packages, within the entire software supply chain in both closed and open-source software components, empowering customers to prioritize and mitigate actual threats.

Myrror Security’s platform includes a Breach Detection solution that harnesses a unique, AI-enhanced binary-to-source analysis process that reverse engineers binary artifacts, which can then be compared to the original source code. When a discrepancy is found between the two versions, users receive alerts in real-time, preventing the compromised package from ever reaching the software. 

The company’s Code-Aware SCA (Software Composition Analysis) determines whether a vulnerable function is used in the code, helping security teams prioritize reachable vulnerabilities, and cutting down 80% of the alerts they’re facing daily.

Myrror Security’s solution is unique in its ability to run parallel with existing application security solutions and prioritize alerts. This helps organizations integrate Myrror Security into their existing security stack without disruption and focus on the most critical threats.

We are proud to partner with Myrror Security, as well as co-investor Entree Capital, on its mission to revolutionize application security. We believe Myrror Security has the team and technology to lead the industry toward end-to-end software integrity. We look forward to the exciting journey ahead and welcome the team to our portfolio of companies transforming cybersecurity.

Learn more about Myrror Security in today’s announcement covered by Calcalist or at https://myrror.security/.