I’m thrilled to share that Push Security has raised our Series B funding. This is a big moment for us — and more importantly, for the future of identity security.
I’m thrilled to share that Push Security has raised our Series B funding. This is a big moment for us — and more importantly, for the future of identity security.
Push was born out of a simple but urgent realization: Identity has become the new battleground in cybersecurity.
As attackers take advantage of the massive changes to enterprise IT and working practices spurred on by the pandemic, we’re seeing the limitations of conventional controls exposed. And as attackers realize this, they’re doubling down on identity exploitation.
That urgency only intensified following the Snowflake breach in the summer of 2024, which put the spotlight on how vulnerable internet-facing identities really are. For many security teams, it was a wake-up call — while for attackers, it was a feeding frenzy.
Attackers aren’t hacking in, they’re logging in
Identity is the new route of least resistance for attackers. They have developed TTPs to bypass traditional controls, evade detection and execute attacks faster than defenders can respond:
Phishing attacks are reliably bypassing preventative controls like MFA, and predominantly email- and network-based detection tools.
Attackers are leveraging compromised credentials at scale to take over accounts on business apps over the internet, fed by (and feeding) a vicious cycle of data breaches.
These attacks aren’t new. Things like phishing are amongst the oldest tricks in the book. But people are waking up to how sophisticated these attacks are becoming — and how much the change in business IT has undermined and exposed traditional controls.
It’s not surprising that attackers are shifting their focus away from the well-defended endpoint and network environments they’ve focused on in the last decade or so to take advantage.
This is the problem my co-founders and I resolved to solve when we started this crazy journey. We’d been on the frontline of this threat evolution throughout our careers, first as ethical hackers tasked with breaking into the most secure companies in the world, and then turning these skills to keeping the bad guys out. We were convinced that this was the way the wind was blowing (even if most of our peers didn’t quite believe us yet!).
Modern problems require modern solutions
If identity is the new perimeter, then the browser is effectively the new Operating System — the place where users are working, and where the apps they’re using to do their jobs are running.
We knew that unlocking the power of the browser was the key to solving identity security. I’m so proud to be able to say that we built the world’s first browser-based identity security platform, and being in the browser has been fundamental to what we’ve been able to achieve.
Immediately, we found the level of accuracy on identity data to be far superior to the alternatives such as API (limited to the apps you know about and impeded by the nuances of APIs) and email (flooded with false positives). By observing identities in real time as users logged into apps, we could build a picture of the entire identity surface — even for unmanaged, previously unknown apps. It was a game changer for us.
Then, we turned our attention to shutting down attacks. We found unique ways to detect, intercept, and block phishing pages in real time, which has seen us detect previously unseen phishing kits the first time they’re used. If you understand how phishing blocklists typically work, you’ll know how much of a game changer this is — no more waiting for a victim to report (or fall victim) before you can take action.
We also harnessed our data to automatically verify where employees are using stolen credentials, finding the needle in the haystack where a compromised credential in millions of lines of an infostealer log matches the real, valid credential your employee is using — on one of hundreds of apps in your estate.
Staying ahead of attackers
Research is at the heart of everything we do at Push — it’s our heritage. That background gives us an edge when it comes to identifying how attackers think, and more importantly, how to stop them. This new funding allows us to invest heavily in staying ahead of those threats, pairing our R&D with our product roadmap to ensure the features we build are prioritized by the impact they’ll have on securing our customers.
Right now, the best place to detect and respond to these attacks is in the browser, the place where work happens and identities are accessed — and where attackers are targeting their victims.
But honestly, if there came a time when this wasn’t the case anymore, we’d follow the attacker to wherever they go next. We’re not here to build shelfware, we’re here to make a real difference for defenders — and make attackers’ lives much harder.
Supporting security teams where they are today
When we started Push, identity threats weren’t yet top of mind for many companies. And understandably, there was a healthy degree of skepticism when we set out to leverage the browser. It was uncharted territory for security professionals.
But I like to think we’ve proven its value — and we’re barely scratching the surface of what’s possible.
With this new funding, we’ll continue to meet that demand with an even more powerful platform, stronger customer support, and deeper integrations that allow security teams to do more, faster. I can’t wait to show you what we’ve got planned next.
Thank you to our investors and customers
We’re incredibly grateful to our Series B lead investor, Redpoint Ventures with participation from Datadog Ventures and B3 Capital – all new investors in this round – and to our returning partners at Decibel and Alphabet’s Google Ventures, along with angel investors who have backed us since the beginning. I truly believe that we have the ultimate combination in partners and advisors who have been at the forefront of scaling transformative technology and cybersecurity companies that will be integral in driving us forward.
A special thank you to Erica Brescia and Jordan Segall at Redpoint — your deep understanding of the security industry, your conviction in team and the problem we’re solving, and your support as we scale mean everything. And to our independent investors Jon Oberheide, Dug Song, Geoff Belknap, Royal Hansen, Haroon Meer, Ollie Whitehouse, and others as well as the teams at Google Ventures, Decibel, and Datadog: thank you for your trust, your insights, and your commitment to building the future of identity security together. We really couldn’t have done it without you.
To our customers: thank you for trusting us. To our team: thank you for building something bold. To our investors: thank you for believing in what’s next.
Looking ahead
We’re focused on speed: faster response to emerging threats, faster product innovation, and faster time to value for the security teams we serve. Our vision has always been to empower people, not just protect them — to guide users toward secure decisions and help security teams operate with clarity and confidence.
This Series B isn’t just fuel for the fire — it’s the start of a whole new chapter. Let’s build something iconic, together. ✌️
To learn more about our mission and technology, follow us on LinkedIn and X.
