I swore I’d never build another company again… And yet, here we are, back in the builder seat 😄. Seems like I’m the only one surprised about it.

Truth be told, it was simply too tempting. AI is rewriting how software gets built and attacked, and with it comes a once-in-a-generation challenge to build entirely new solutions for problems that did not exist a few months ago, much less a few years ago. Contributing to what security means for this new era was simply impossible to resist.

So, today we’re introducing Tolmo. In just a few months, we’ve built a fantastic founding team, we’ve raised $22M from Accel and YCombinator, and we’re working with our first 40 design partners to shape the future of security for production environments.

The team

Our founding team built Sqreen, one of the first companies to bring runtime application security directly into cloud applications. We grew it to 800 customers in production before Datadog acquired it in 2021, where we then spent years building the security business and working with engineering and security teams across thousands of companies.

But the Tolmo seeds were also planted at Datadog. We spent years inside one of the best engineering organizations. We watched runtime observability turn into a superpower for engineering teams. And this clearly left a mark on how we are approaching complex security problems at scale!

The four co-founders are Pierre Betouin, JB Aviat, Vlad de Turckheim, and Arnaud Breton. We are also joined by Matt Suiche and early team members William Beuil, Jimmy Caputo, Mihail Kirov, and Tyler Hayden. Our DNA comes from Apple, Sqreen, Datadog, Snyk. Our team didn’t stumble into security. We’ve all worked in offensive security, from attacking systems together in the best security teams, to breaking into hardware, kernels, cloud infrastructure, cryptographic implementations, and more. Bringing observability, security, and AI together is a passion for us all.

The problem

Our experience made one thing clear: the tools exist, but the gap keeps growing. Development has outrun what security teams can manage with existing tools, and AI generated code has made an already hard problem dramatically harder.

Codebases are growing faster than ever. AI is adding code and changing environments at a rate humans simply can’t keep up with.

On top of that, attackers now find and exploit new vulnerabilities in less than a day while most teams still respond in weeks. Teams are forced to choose between moving fast or operating securely.

At the same time, the line between “engineering” and “production” has completely blurred. Product managers spin up features. Marketing teams push to production environments. Support teams ship automations. Anyone with a prompt can now land code in production in hours.

And the asymmetry between attack and defense has never been more extreme. An attacker needs to land one shot in a million. A defender needs to be right every single time, across millions of lines of code, thousands of services, and a perimeter that keeps mutating under their feet.

The security teams trying to hold the line are understaffed, short on tools, and stuck reacting to whatever scanner screamed loudest this morning. There is so much to be built in our security world to address those new challenges.

Our approach

Tolmo gathers context from across production and connects it into one Production Knowledge Graph. The telemetry already exists, scattered across many different data stores, so we capture it where it already lives, then link the code to its deployments, its production environments, and the third-party solutions around it.

On top of that graph, Tolmo runs a fleet of AI security agents. They work every pull request, deployment, and alert, each reasoning over the full graph so every finding lands with the context of the whole environment, not as an isolated alert.

When something is found, the graph gives Tolmo everything it needs to investigate, then it loads the full context into a coding agent and proposes the fix.

Out of stealth, we’re building in the open!

We raised $22M led by Accel, with Y Combinator participating. We are also fortunate to be joined in our round by industry leading entrepreneurs and operators, including Renaud Deraison, cofounder of Tenable, Olivier Pomel, cofounder and CEO of Datadog, Michael Callahan, founder of Awake Security, Mark Anderson, president of Cloudflare, and Jason Lemkin (SaaStr).

Come build with us

We are working with more than 40 design partners who have deployed Tolmo in production, and we have already surfaced hundreds of critical security findings in real production environments. The first fleet of Pentesting Agents is live with customers today. The rest is rolling out fast.

If you are passionate about security, engineering and AI, and want to share opinions or war stories, or if you are a builder at heart who wants to build with us from the ground up, and help define what security means in this new era, please reach out to me, I would love to talk! (email: first at …).

Pierre