Two cybersecurity startups focused on managing artificial intelligence risks have announced new funding rounds, underscoring growing investor interest in tools designed to secure AI-driven enterprise environments and software development workflows.
Reco Raises $30 Million to Address AI Risk in SaaS Platforms
Reco said it raised $30 million in a round led by Zeev Ventures, with participation from Insight Partners, Boldstart Ventures, Angular Ventures, Workday Ventures, TIAA Ventures, S Ventures and Quadrille Capital. The latest raise brings the company’s total funding to $85 million.
The funding comes amid accelerating enterprise adoption of AI features embedded within SaaS applications. Rather than deploying standalone AI systems, many organizations are integrating AI assistants, automation agents and analytics tools directly into existing business software — creating new identity, permission and data governance challenges.
Reco’s platform is designed to continuously map SaaS environments, monitor access controls and track how data flows across interconnected applications. The company says its system provides visibility into AI-driven activities and potential misconfigurations that could expose sensitive information.
The platform integrates with widely used enterprise services, including Salesforce, ChatGPT and Microsoft Copilot.
As AI agents increasingly operate with their own credentials inside enterprise systems, security teams are under pressure to extend identity governance and monitoring beyond human users.
Zast.AI Raises $6 Million to Reduce False Positives in Code Security
Seattle-based Zast.AI separately announced a $6 million pre-Series A round led by Hillhouse Capital. Founded in 2024, the startup focuses on automating vulnerability validation in application security testing.
Traditional security scanners often generate large volumes of alerts, many of which are false positives. Zast.AI says its platform uses automated proof-of-concept generation and controlled execution environments to confirm whether a vulnerability can be exploited before reporting it.
The company targets both complex semantic vulnerabilities — such as insecure direct object references and privilege escalation — as well as common injection flaws. It reports identifying vulnerabilities across widely used open-source components, with findings assigned Common Vulnerabilities and Exposures (CVE) identifiers.
AI Security Investment Gains Momentum
Together, the funding rounds reflect a broader shift in cybersecurity spending priorities. As enterprises embed AI into SaaS platforms and development pipelines, security teams must contend with expanded attack surfaces, automated decision-making systems and increasingly dynamic application architectures.
Investors appear to be betting that AI will play a dual role — introducing new risks while simultaneously serving as the primary tool for managing them. Companies that can reduce operational complexity for security teams, whether at the SaaS governance layer or within application code, are drawing sustained capital interest.
