Citigroup’s VC arm invests in API security startup Traceable
In 2017, Jyoti Bansal co-founded Traceable, a San Francisco-based cybersecurity company, alongside Sanjay Nagaraj, a former investor. Leveraging his experience from co-launching AppDynamics, an app performance management startup acquired by Cisco in 2017, Bansal aimed to develop a platform dedicated to safeguarding customers’ APIs from cyberattacks.
The frequency of API attacks, which target the protocols governing communication between platforms, apps, and services, has been steadily increasing. According to cybersecurity firm Check Point, nearly one-quarter of organizations experienced API attacks weekly in the first month of 2024, marking a 20% surge from the preceding year.
API attacks manifest in various forms, such as overwhelming APIs with traffic to render them unavailable, bypassing authentication methods, and exposing sensitive data transmitted through vendor APIs.
Bansal highlighted the inadequate recognition of API security’s critical importance, alongside a lack of awareness about the expanding attack surface in APIs and resistance to adopting API security measures due to existing investments in security solutions that do not directly address API security concerns.
Businesses are increasingly incorporating APIs into their operations, partly fueled by the surge in generative AI applications. However, this trend inadvertently exposes them to potential attacks. According to a recent study, companies saw a over 200% increase in API usage between July 2022 and July 2023. Additionally, Gartner predicts that by 2026, more than 80% of enterprises will have utilized generative AI APIs or deployed generative AI-enabled applications.
Traceable aims to mitigate API risks by employing AI to analyze usage data, discern normal API behavior, and identify deviations from the baseline. The company’s software, which operates on-premises or in a fully managed cloud environment, boasts capabilities to identify and categorize both existing and new APIs, including undocumented and deprecated ones, in real-time.
Image Credits: Traceable
“In order to detect modern threat scenarios, Traceable trained in-house models by fine-tuning open source large language base models with labeled attack data,” explained Bansal. “Our platform provides tools for API discovery, testing, protection, and threat hunting workflows for IT teams.”
The API security solutions market is witnessing rapid expansion, with vendors like Noname Security, 42Crunch, Vorlon, Salt Security, Cequence, Ghost Security, Pynt, Akamai, Escape, and F5 competing for customers. Research and Markets forecasts a compound annual growth rate of 31.5% for this segment from 2023 to 2030, driven by escalating cybersecurity threats and the growing demand for secure APIs.
However, Bansal asserts that Traceable is maintaining its competitive edge, analyzing approximately 500 billion API calls monthly for around 50 clients and projecting a doubling of revenue this year. While most of Traceable’s clients are in the enterprise sector, the company is exploring pilot projects with government entities.
“Traceable is committed to building a financially sustainable company, which means we have a healthy margin profile that improves as our revenue grows,” stated Bansal. “We’re intentionally not profitable at present, as we’re investing responsibly into the business…Our focus is on strategic investments to maximize returns, rather than indiscriminate spending.”
To support its growth initiatives, Traceable announced a $30 million strategic investment from backers including Citi Ventures, IVP, Geodesic Capital, Sorenson Capital, and Unusual Ventures. This investment, valuing Traceable at $500 million post-money and bringing its total raised to $110 million, will primarily fund product development, scale-up of the platform and customer engineering teams, and expansion of the partnership program. Traceable currently employs approximately 180 staff, with plans to increase headcount to 230 by the end of 2024, with a significant portion of the new investment allocated for hiring.
“While Traceable wasn’t actively seeking funding, we had substantial cash reserves prior to this investment,” clarified Bansal. He added that Traceable had secured a substantial line of credit in addition to the new funds. However, due to significant inbound demand from investors and the strategic alignment with Citi Ventures, Traceable decided to pursue a smaller investment to accelerate product and go-to-market initiatives before considering a larger fundraising round.