Founding Story: A Cyberattack That Exposed a Broken Process
A single unpatched vulnerability, left unresolved in a security backlog for weeks, provided Iranian threat actors with an open door into a targeted organization. That incident became the founding catalyst for Onit Security, a Tel Aviv-based cybersecurity startup that has officially stepped out of stealth mode with $11 million in seed funding.
The case underscores a challenge that security teams across the globe consistently face: vulnerability backlogs are not merely an operational inconvenience — they are an active attack surface. When remediation queues grow faster than teams can address them, the window of exposure widens, and adversaries take notice.
The Vulnerability Backlog Problem
Modern enterprises routinely generate thousands of vulnerability alerts. Security teams, stretched thin and often under-resourced, are forced to triage and prioritize — but many vulnerabilities never get resolved in time. This backlog problem is well-documented and remains one of the most persistent challenges in enterprise cybersecurity:
- Vulnerability dwell times can stretch from days to months before remediation.
- Prioritization frameworks often fail to account for real-world exploitability and business context.
- Cross-team coordination between security and engineering slows patch deployment cycles.
- Alert fatigue causes high-severity issues to be buried under low-signal noise.
The Iranian cyberattack that inspired Onit Security's founding is a stark reminder that threat actors actively scan for and exploit exactly these gaps — known vulnerabilities that defenders simply haven't gotten around to fixing.
Onit Security's Approach
Onit Security is positioning itself to bring structure and automation to the vulnerability remediation lifecycle, targeting the organizational and workflow breakdowns that allow backlogs to accumulate in the first place. While specific product details remain limited at this stage of launch, the company's founding narrative points to a focus on helping security teams cut through backlog paralysis and accelerate time-to-remediation.
The $11 million seed round provides the startup with the capital to build out its platform and expand its team as it moves from stealth into the competitive vulnerability management market.
Strategic Context
The launch of Onit Security arrives amid sustained pressure from nation-state actors — particularly Iranian cyber groups — who have demonstrated consistent capability in exploiting known, unpatched vulnerabilities in targeted campaigns against Israeli and Western organizations. The intersection of geopolitical threat actors and systemic security process failures makes vulnerability backlog management an increasingly strategic concern, not just a technical one.