At Greenfield Partners, we’ve always believed that the best investments emerge from understanding the first principles and ground-truth of an industry. In cybersecurity, where complexity breeds confusion, this mindset has served us well. For years, we’ve sifted through a dense fog of jargon, overlapping solutions, and lofty promises from countless vendors. But we’ve also learned that if you listen carefully—to customers, engineers, and market signals, you start to see patterns of new needs and categories emerging. This was true for Silverfort in Identity, Torq in SOC Automation, Coralogix in Observability, VAST Data in Data infrastructure, and more. It was through this lens that we discovered Oligo Security.
The Spark that Ignited our Journey
In early 2022, a series of trends converged underpinned by big macro tailwinds, prompting us to dedicate the next few years investigating every corner of application security:
- A surge in more applications and OSS: The rapid proliferation of applications, fueled by OSS, became the backbone of modern development, but also its greatest vulnerability.
- Devastating breaches: AppSec and Supply Chain breaches (e.g. Log4shell, OpenSSL, Spring4Shell) continue to persist as some of the most destructive and frequent attack vectors, exposing glaring gaps in existing solutions.
- Overwhelmed developers: "Shift-left" and "defense in depth" strategies, while conceptually sound, had developers inundated with complexity, frustrated by alert fatigue, and skeptical of the tools meant to empower them.
- AI’s growing role in software development and security: The rise of AI-driven, non-deterministic systems signaled profound changes in how software was going to be built, exploited, and protected.
Even within the often-tangled web of cybersecurity, AppSec felt uniquely chaotic, with a big vendor pool overwhelmingly focused on pre-production and build-time security - think SAST, SCA, DAST, Secrets, ASPM, etc. Amid the noise, one question kept coming back to us: why wasn’t there more focus on securing applications in production? It seemed akin to leaving your front door wide open in a neighborhood known for break-ins.
Unpacking the AppSec Puzzle
The software industry has always operated on layers of trust. Developers rely on open-source libraries, frameworks, and cloud-native architectures to move faster and build smarter. But this trust comes with a cost. Open-source components, now foundational to 85%+ of software, can also be the weakest link. Like phishing exploits human trust, vulnerabilities in open-source libraries exploit the implicit trust developers place in them, introducing risks at scale.
As applications have evolved, from monolithic systems to microservices and serverless functions, the attack surface has grown exponentially. Applications are now dynamic ecosystems, but the tools designed to protect them holistically haven’t kept pace. To their credit, AppSec solutions have excelled at build-time or pre-production security (think Snyk for SCA or Checkmarx for SAST). The shift-left movement caught vulnerabilities earlier in the development pipeline, often making it cheaper and quicker to fix. But the reality is that the driver of both business and risk lies in production, where applications operate in the wild.
Historically, creating a robust AppSec platform for production was nearly impossible. High friction meant businesses faced an unavoidable tradeoff between security and performance, and performance, along with stability and business continuity, always won.
While the focus on shift left added some value, when you layer exponentially growing code bases and resulting vulnerabilities, major challenges were introduced:
- Alert overload: Security teams spend approximately 25% of their time addressing false positives.
- Lack of vulnerability context: Shift-left tools struggle to determine whether vulnerabilities are reachable or exploitable, leading to poor alert prioritization.
- Fatigued developers: Instead of empowering developers, the ecosystem inundated them with noise, leaving critical threats unresolved.
- Runtime blind spots: Legacy runtime solutions like RASP offered limited utility, bogged down by complexity and performance trade-offs.
As one CISO put it, “While we’re shifting left, attackers are looking right—right at production.”
Looking ahead, the stakes for AppSec will only intensify. AI-generated code introduces non-deterministic behaviors, and AI-driven attacks adapt faster than traditional patch cycles can manage. Pre-production testing remains crucial but needs to evolve.
Seeing the Signal Through the Noise
From the moment we met Oligo’s founding team, Nadav, Gal, and Avshi, we knew this was a special group of people. Best friends since childhood and veterans of Unit 8200, Israel’s elite cybersecurity unit, the trio embodied the rare trifecta of humility, hunger, and brilliance that we seek in every founder. While their thesis mirrored the conclusions we had drawn in our research, they were miles ahead.
Act I - Focusing on what really matters
Oligo’s breakthrough lies in its runtime-first approach, leveraging eBPF, a lightweight, kernel-level sensor enhanced with their proprietary IP. Put simply, Oligo can observe and analyze application behavior at the function and library level in real time, deep within the application, without degrading performance. By focusing on understanding how applications actually run in production, within minutes of deploying, customers are able to see:
- Precision threat detection: Differentiating between theoretical vulnerabilities and exploitable ones.
- Noise reduction at build time: Reduce pre-production and build-time noise by up to 90%.
Act II - Application Detection and Response (ADR)
Our “wow” moment came when we saw the depth of Oligo’s runtime insights. By understanding how functions and libraries should behave, the platform can detect deviations and block malicious actions with unmatched precision. This is particularly valuable for identifying and neutralizing zero-day threats in real time, an ability that’s historically been out of reach.
Projecting further into an AI-driven future, this type of adaptive, runtime monitoring and mitigation will be indispensable. Oligo’s vision for runtime detection and response may very well become a cornerstone of modern security.
The Journey Ahead
Though Oligo’s story is just beginning, it's been amazing to see how Nadav, Gal, and Avshi have been able to attract incredible talent to their leadership team including:
- Mike O’Malley: Former CMO at CyberArk and NoName Security
- Mic McCully: Former Field CTO at Snyk
- Alberto Rodrigues: Previously CCO at Armis, Symantec, and Broadcom
Establishing a new category requires more than groundbreaking tech; it calls for trust, education, and flawless execution. With their technical expertise, relentless focus on customer pain points, and a superbly assembled team, Oligo stands uniquely positioned to lead.
For us, this investment is about more than just capital. It’s a partnership with brilliant people who are rewriting the rules of application security. We’re thrilled to lead their Series B round, and welcome fellow new investors Red Dot Capital Partners and Strait Capital, alongside existing investors Ballistic Ventures, Lightspeed Venture Partners, TLV Partners, and CCL, and we feel fortunate to be part of their journey.
