Two AI-driven cybersecurity startups have announced fresh funding rounds as enterprises grapple with the growing risks created by artificial intelligence adoption across SaaS platforms and software development pipelines.
Reco Raises $30 Million to Secure AI in SaaS Ecosystems
Reco has secured $30 million in a new funding round led by Zeev Ventures, with participation from Insight Partners, Boldstart Ventures, Angular Ventures, Workday Ventures, TIAA Ventures, S Ventures and Quadrille Capital.
The investment comes less than 10 months after Reco’s previous raise and brings the company’s total funding to $85 million. The proceeds will be used to expand engineering, product and go-to-market teams as demand grows.
Reco presents itself as a “dedicated AI SaaS security platform,” built to meet what it describes as a structural shift in how enterprises consume artificial intelligence. Increasingly, AI is delivered through SaaS applications — whether as standalone tools, embedded assistants or autonomous agents operating inside business systems. These AI agents often function like users, with their own identities and permissions.
That architecture introduces new security and governance challenges. Reco’s platform deploys its own AI agents to continuously discover and monitor SaaS environments, offering real-time visibility into applications, user behavior, access controls and AI-driven activities.
The company says it helps security teams map application usage, trace how data moves across interconnected systems, and identify misconfigurations or risky access patterns. Its integrations include major SaaS and AI platforms such as Salesforce, ChatGPT and Microsoft Copilot.
“In the enterprise, AI is being consumed through SaaS, whether it’s AI applications, agents embedded in existing platforms, or AI-powered integrations connecting business systems,” said Ofer Klein, CEO and co-founder of Reco. “Organizations recognize that to adopt AI safely and at scale, they need visibility and control across their entire SaaS ecosystem — not only the core SaaS applications.”
The funding reflects investor confidence that SaaS-based AI adoption will continue accelerating — and that enterprises will require new tooling to manage associated risks, from data leakage to unauthorized AI-driven automation.
Zast.AI Raises $6 Million to Eliminate False Positives in Code Security
In a separate announcement, Seattle-based Zast.AI said it raised $6 million in a pre-Series A round led by Hillhouse Capital.
Founded in 2024, Zast.AI focuses on application security by using AI agents to identify and validate software vulnerabilities before reporting them to security teams. The company’s central claim is that only verified vulnerabilities should be surfaced, eliminating the false positives that often overwhelm developers and security analysts.
Zast.AI relies on what it calls an automated proof-of-concept (PoC) generation and validation architecture. Its system conducts deep semantic code analysis, automatically generates exploit PoCs and executes them in controlled environments to confirm whether a vulnerability is real.
By validating flaws before alerting customers, the startup says it can reduce alert fatigue and allow teams to concentrate on genuine risks.
The platform is designed to detect both complex semantic-level vulnerabilities — such as insecure direct object references (IDOR), privilege escalation and business logic flaws — as well as more traditional syntax-based issues like SQL injection.
To date, Zast.AI reports identifying 127 vulnerabilities across widely used software components including Microsoft Azure SDK, Apache Struts XWork, Koa and WordPress. The company says all of its findings were assigned CVEs, contributing to improvements in the broader open-source ecosystem.
“We believe only verified vulnerabilities are worth reporting,” said Geng Yang, co-founder and CEO of Zast.AI. “Our vision is to build an end-to-end AI-driven security platform, enabling every development team to obtain the highest quality security assurance at the lowest cost.”
AI Expands the Cybersecurity Battlefield
Together, the two funding rounds highlight how AI is reshaping both the attack surface and the defensive toolkit in cybersecurity.
While Reco focuses on securing AI-enabled SaaS environments and monitoring autonomous agents operating across enterprise systems, Zast.AI targets the application layer by embedding AI directly into vulnerability discovery and validation workflows.
The broader trend reflects mounting pressure on security teams to manage growing complexity. Whether addressing the risks posed by AI-powered SaaS integrations or filtering noisy vulnerability scans across massive code bases, startups are betting that AI-driven automation will be central to the next generation of cybersecurity.
With their newly raised capital, Reco and Zast.AI are positioning themselves in distinct yet complementary segments of the AI security landscape — one protecting enterprise SaaS ecosystems, the other securing the underlying software code that powers them.
