StoneMill Ventures

Todyl, Inc. is a cybersecurity company based in Brooklyn, New York, that provides comprehensive security solutions tailored for distributed offices, very small businesses, and advanced networks. Founded in 2015, Todyl develops a unified security platform that integrates various security functions, including Secure Access Service Edge (SASE), Security Information and Event Management (SIEM), and Governance, Risk, and Compliance (GRC). This cloud-native platform facilitates secure communication among multiple offices, remote employees, data centers, and cloud services. The Todyl Security Platform offers features such as secure routing, firewall management, cloud VPN, intrusion detection, content filtering, and AI-driven threat analysis. By streamlining security operations, Todyl aims to reduce the complexity and costs associated with traditional cybersecurity approaches, empowering businesses to effectively protect, detect, and respond to cyber threats.

LimaCharlie is a developer of a security infrastructure platform that focuses on managing cloud security through a Security Infrastructure as a Service (SIaaS) model. The company's platform offers a comprehensive suite of endpoint-driven information security tools, telemetry storage, and a complete incident response pipeline. It also features a hunting platform and a range of pre-made services, allowing businesses to customize their own detection and response rules. By delivering these security solutions on-demand and at scale, LimaCharlie significantly reduces costs and operational efforts for organizations, enabling them to effectively run Managed Security Service Providers (MSSP) or Security Operations Centers (SOC). Additionally, LimaCharlie provides APIs that empower users to build and monetize their own security products.

Aim Security is a company that focuses on delivering comprehensive security solutions tailored for enterprises utilizing generative artificial intelligence (AI). The company's platform addresses the distinct security challenges associated with AI, such as data exposure, supply chain vulnerabilities, and malicious outputs. By providing guidance for secure AI adoption, Aim Security equips security leaders with the tools necessary to enhance business productivity while maintaining robust protections. The platform establishes essential guardrails and safeguards, allowing organizations to maximize the benefits of generative AI technology while ensuring enterprise-grade security for both internal operations and production applications.

Fixify Ltd develops Fixify, a SaaS-based field service scheduling solution for small and medium businesses. It offers order management, planning, scheduling, monitoring features, and mobile app integration with Salesforce and Microsoft Dynamics.

Spera is an identity security posture management platform that focuses on providing proactive protection against identity-driven attacks for enterprises. The platform enhances the capabilities of identity teams by detecting, prioritizing, and remediating potential breaches. Spera delivers risk visibility and context, utilizing automation to continuously identify risks within an organization’s identity framework. Additionally, it offers comprehensive reporting on the security landscape, providing actionable insights that enable clients to improve their security measures based on user correlations, identity analytics, and usage patterns.

Rewst is a Robotic Process Automation (RPA) platform specifically designed for Managed Service Providers (MSPs). The company focuses on offering low-code and no-code solutions to facilitate task automation, particularly for smaller MSPs. By integrating with various tools such as customer relationship management (CRM) systems, ticketing systems, and accounting software, Rewst enables businesses to enhance operational efficiency. The platform allows users to track performance and identify improvement areas, ultimately helping organizations save costs and streamline processes.

Valence Security is a software company delivering a SaaS security platform that helps security teams identify and remediate risks across enterprise applications. The platform provides discovery of SaaS usage and configurations, identity and data risk, and hazards from SaaS-to-SaaS integration, along with comprehensive security posture management and threat detection. It supports automated risk remediation and identity threat detection and response, with a remediation-by-choice approach that combines manual remediation, automated workflows, and business-user collaboration to scale risk reduction. The solution also addresses GenAI risks, helping organizations securely adopt SaaS by reducing misconfigurations, improving compliance, and enabling proactive risk management across cloud-based software environments.

Tidal Cyber is a cybersecurity company that offers a threat-led, threat-informed defense platform designed to shift protection from reactive vulnerability management to proactive, adversary-behavior-centric security. The platform maps adversary tactics, techniques, and procedures to measure and improve the effectiveness of a security stack, providing validated insights into how defenses perform within products and roadmaps. It helps enterprise teams prioritize defenses, eliminate redundant mitigations, and optimize security operations and investments, enabling organizations to define, measure, and enhance their defense capabilities in the face of real-world threat behavior.

Opus Security is a developer of a cloud security orchestration and remediation platform that automates the identification and resolution of security findings. The company offers a comprehensive solution that integrates with existing cloud and security tools, allowing organizations to gain visibility and manage their security risks effectively. By connecting relevant stakeholders and streamlining response and remediation processes, Opus Security enables businesses to quickly address security vulnerabilities using established and easily deployable methodologies.

Binarly is a global firmware and software supply chain security company founded in 2021 and based in Los Angeles. Its flagship Binarly Transparency Platform is an enterprise-class, AI-powered solution used by device manufacturers, original equipment manufacturers and product security teams to identify known and unknown vulnerabilities, misconfigurations and signs of malicious code implantation. The platform performs in-depth firmware introspection using proprietary machine learning and code analysis techniques to detect threats that originate below the operating system. Validated remediation playbooks help reduce the cost and time to respond to security exposures, supporting protection for businesses, critical infrastructure and consumers worldwide.

Founded in 2017, GreyNoise Intelligence specializes in cybersecurity by developing a platform that collects, analyzes, and labels data on Internet-wide scanners. Its service helps organizations identify suspicious network activity and prioritize threat analysis efficiently.

LimaCharlie is a developer of a security infrastructure platform that focuses on managing cloud security through a Security Infrastructure as a Service (SIaaS) model. The company's platform offers a comprehensive suite of endpoint-driven information security tools, telemetry storage, and a complete incident response pipeline. It also features a hunting platform and a range of pre-made services, allowing businesses to customize their own detection and response rules. By delivering these security solutions on-demand and at scale, LimaCharlie significantly reduces costs and operational efforts for organizations, enabling them to effectively run Managed Security Service Providers (MSSP) or Security Operations Centers (SOC). Additionally, LimaCharlie provides APIs that empower users to build and monetize their own security products.

Todyl, Inc. is a cybersecurity company based in Brooklyn, New York, that provides comprehensive security solutions tailored for distributed offices, very small businesses, and advanced networks. Founded in 2015, Todyl develops a unified security platform that integrates various security functions, including Secure Access Service Edge (SASE), Security Information and Event Management (SIEM), and Governance, Risk, and Compliance (GRC). This cloud-native platform facilitates secure communication among multiple offices, remote employees, data centers, and cloud services. The Todyl Security Platform offers features such as secure routing, firewall management, cloud VPN, intrusion detection, content filtering, and AI-driven threat analysis. By streamlining security operations, Todyl aims to reduce the complexity and costs associated with traditional cybersecurity approaches, empowering businesses to effectively protect, detect, and respond to cyber threats.

Fleet is an open-source platform for IT and endpoint security teams with lots of computers (macOS, Windows, Linux, ChromeOS, OT, data centers). The company is dedicated to making IT more accessible with an open API for every endpoint, while maintaining privacy, transparency, and trust through open-source software. Organizations like Fastly and Gusto use Fleet for device management, device health ("zero trust"), posture assessment, endpoint operations, and more.

Gradient specializes in providing software solutions designed to streamline operations for Managed Service Providers (MSPs). Their platform integrates with nine Professional Services Automation (PSA) platforms, enabling seamless billing reconciliation and centralized alert monitoring. This helps MSPs enhance their service efficiency, saving time and resources.

Oxeye Security specializes in cloud-native application security testing solutions tailored to address the complexities of modern software architectures. Its platform offers a comprehensive approach to identifying and mitigating code vulnerabilities in applications, services, APIs, and open-source libraries. By utilizing advanced vulnerable-flow tracing technology, Oxeye enables development and security teams to enhance their security posture while streamlining development processes. The platform integrates seamlessly into existing environments, requiring only a simple deployment without altering the codebase. This facilitates a shift-left security strategy, allowing organizations to detect and resolve vulnerabilities early in the development cycle, thereby minimizing risks and accelerating time to market.

Valence Security is a software company delivering a SaaS security platform that helps security teams identify and remediate risks across enterprise applications. The platform provides discovery of SaaS usage and configurations, identity and data risk, and hazards from SaaS-to-SaaS integration, along with comprehensive security posture management and threat detection. It supports automated risk remediation and identity threat detection and response, with a remediation-by-choice approach that combines manual remediation, automated workflows, and business-user collaboration to scale risk reduction. The solution also addresses GenAI risks, helping organizations securely adopt SaaS by reducing misconfigurations, improving compliance, and enabling proactive risk management across cloud-based software environments.

VISO Trust is a San Francisco-based company founded in 2016 that specializes in vendor security due diligence. The company has developed a platform that provides comprehensive and actionable information regarding vendor security risks. This platform enables decision-makers to conduct informed risk assessments and make sound security choices by streamlining the vendor review process. By delivering reliable data, VISO Trust assists enterprises in managing third-party security risks effectively and transparently, ultimately enhancing their overall cybersecurity posture.

Grip Security offers a SaaS Security Control Plane (SSCP) solution that provides comprehensive visibility across an enterprise's entire SaaS portfolio. It accurately identifies known and unknown applications, users, and interactions within minutes, enabling businesses to modernize their security architecture and embrace a business-led IT strategy securely.

RunZero provides an asset inventory and network visibility platform for modern enterprises. The platform identifies and manages information technology networks, discovering both managed and unmanaged devices across cloud, mobile, and remote environments. It is powered by a research-driven fingerprinting model and combines active scanning, passive discovery, and integrations to deliver actionable insights and comprehensive visibility of assets connected to networks and cloud environments.

Build.Security Ltd. offers an authorization policy management platform aimed at helping developers integrate authorization controls directly into their applications. Founded in 2020 and headquartered in Sunnyvale, California, with an additional office in Tel Aviv, Israel, the company provides a solution that allows for fine-grained access controls and decoupled logic. Its platform enables seamless deployment, ecosystem integrations, and code extensibility, allowing developers to explore various policy strategies and monitor their effects in real-time. This approach supports the generation and management of authorization controls across enterprise applications at scale, facilitating safer and more efficient application development.

Founded in 2017, GreyNoise Intelligence specializes in cybersecurity by developing a platform that collects, analyzes, and labels data on Internet-wide scanners. Its service helps organizations identify suspicious network activity and prioritize threat analysis efficiently.

SecureCircle LLC is a cybersecurity company founded in 2015 and based in Santa Clara, California. It specializes in eliminating insider threats through a data-centric access control platform that provides persistent security for sensitive information. SecureCircle's offerings include its unique DASB solution, which encompasses access control, continuous protection, and visibility services. The company implements a SaaS-based approach that extends Zero Trust security to data on endpoints, ensuring that data remains secure during transit, at rest, and in use. By utilizing transparent file encryption technology, SecureCircle enables organizations to effectively share, protect, and manage sensitive files and intellectual property while maintaining visibility and control over unstructured data. This proactive methodology aims to mitigate risks associated with data breaches and insider threats, allowing end users to operate without disruption.

Todyl, Inc. is a cybersecurity company based in Brooklyn, New York, that provides comprehensive security solutions tailored for distributed offices, very small businesses, and advanced networks. Founded in 2015, Todyl develops a unified security platform that integrates various security functions, including Secure Access Service Edge (SASE), Security Information and Event Management (SIEM), and Governance, Risk, and Compliance (GRC). This cloud-native platform facilitates secure communication among multiple offices, remote employees, data centers, and cloud services. The Todyl Security Platform offers features such as secure routing, firewall management, cloud VPN, intrusion detection, content filtering, and AI-driven threat analysis. By streamlining security operations, Todyl aims to reduce the complexity and costs associated with traditional cybersecurity approaches, empowering businesses to effectively protect, detect, and respond to cyber threats.

Attila Security, Inc. specializes in developing security solutions for networks and data access across virtual and cloud applications. Founded in 2018 and based in Columbia, Maryland, the company offers a range of products including the GoSilent Cube, a portable enterprise-grade firewall and virtual private network, GoSilent Global, which provides secure data access through dual Internet protocol obfuscation, and GoSilent Server, designed for accessing data center applications and cloud services. Attila's technology aims to protect various devices, such as servers, desktops, laptops, smartphones, and IoT devices, from cyber threats, addressing the significant economic impact of cybercrime. The company serves both government entities and enterprises, ensuring that sensitive data remains secure as it is accessed by employees across different platforms.

DeepSig Inc. is an innovative company based in Arlington, Virginia, specializing in artificial intelligence-based machine learning software for wireless technologies, including 5G and the Internet of Things (IoT). Founded in 2016, DeepSig focuses on transforming wireless communications by utilizing deep learning to enhance system performance, efficiency, and security in complex environments. Its product offerings include OmniSIG sensor software, which serves as a radio frequency sensing application, and the OmniSIG SDK, a comprehensive tool suite that allows customers to curate RF datasets and train advanced deep learning models for custom applications. Additionally, the company provides OmniPHY communications and OmniPHY-5G, which are designed to optimize radio access network capabilities. By leveraging machine learning to create optimized models from data, DeepSig enables clients to customize and enhance wireless systems effectively.

Feroot is a cybersecurity company offering a client-side security platform designed to protect web applications from data leakage and privacy violations. The platform focuses on securing the client-side JavaScript and the data assets processed in the user's browser, providing an all-in-one client-side risk management solution. It enables monitoring and automated protection of sensitive data such as credentials and other data assets, with real-time alerts, asset discovery, security access analysis, and forensic capabilities. The solution supports privacy compliance by facilitating fulfillment of privacy rights and enforcing data-use restrictions downstream to enterprise systems and third-party applications. It helps prevent data loss and misconfiguration-driven risks by detecting client-side threats and coordinating protection workflows across the software stack. The company serves organizations seeking to reduce exposure from third-party integrations and client-side vulnerabilities in web applications.

Cybrary Inc. is a leading provider of online training services focused on information technology and cybersecurity, catering to a diverse audience that includes beginners, experienced professionals, and families. Founded in 2015 and based in College Park, Maryland, Cybrary offers a comprehensive range of courses in systems and network administration, project management, and various cybersecurity disciplines, such as ethical hacking, penetration testing, and malware analysis. The platform features instructional content, interactive labs, exam study guides, and enterprise training solutions, enabling organizations to enhance their employees' skills. Additionally, Cybrary collaborates with a community of instructors, industry experts, and cybersecurity firms to deliver relevant and high-quality learning materials. Its offerings include a "Teams" product for managing corporate training and providing practical challenges and skill assessments. Cybrary aims to serve unserved and underserved populations, helping individuals gain the necessary skills to enter or advance in the cybersecurity field.

Vulcan Cyber Ltd. is a cybersecurity company that operates a vulnerability remediation platform designed to manage and reduce organizational cyber risk. Founded in 2018 and based in Tel Aviv-Yafo, Israel, with an additional office in San Francisco, California, the company offers a software-as-a-service (SaaS) solution that integrates and automates existing security tools and processes. This platform allows security teams to gain valuable insights and take necessary actions to continuously eliminate exposed vulnerabilities within their production systems. By supporting the entire cybersecurity lifecycle across various environments, Vulcan Cyber enhances risk management processes, enabling organizations to prioritize and orchestrate their cybersecurity efforts effectively.

TrueFort specializes in real-time application and cloud workload protection. Founded in 2015, the company offers solutions such as application-first security, out-of-box analytics for applications, and bring-your-own-agent capabilities. Its flagship product, Fortress, employs advanced behavioral analysis and automation to enhance security across diverse environments.

Orca Security is a company that specializes in cloud-native security solutions. Founded in 2019 with headquarters in Tel Aviv, Israel, Orca Security offers a platform that secures both cloud-native applications and legacy systems migrated to the cloud without requiring agents. The platform integrates into the cloud infrastructure layer to assess the security state of all discovered assets, including the cloud control plane, operating system, applications, and business data. It provides visibility into compromised resources, vulnerable software, and misconfigurations using read-only access, ensuring no impact on performance or availability. This approach allows IT security teams to avoid agent deployment and network scanning, streamlining the process of maintaining cloud security and compliance across various platforms such as AWS, Azure, Google Cloud Platform, and Oracle Cloud.

Founded in 2017, GreyNoise Intelligence specializes in cybersecurity by developing a platform that collects, analyzes, and labels data on Internet-wide scanners. Its service helps organizations identify suspicious network activity and prioritize threat analysis efficiently.

NS8 Inc. is a fraud prevention and user experience protection company that offers a comprehensive platform designed to help online businesses minimize risk. Founded in 2016 and headquartered in Las Vegas, Nevada, with additional offices in Miami Beach and Amsterdam, NS8 utilizes machine learning, behavioral analytics, and real-time scoring to provide actionable insights into transaction quality and trustworthiness. Its platform enables users to monitor and analyze potential fraud, detect bot activity, and segment hidden sessions, thereby enhancing understanding of effective traffic sources. The technology allows businesses to automate their fraud management workflows, tailoring them to specific needs, while also providing consumer metrics for personalized content and sales techniques. In October 2020, NS8 filed for reorganization under Chapter 11 in the U.S. Bankruptcy Court for the District of Delaware.

Scytale.io, founded in 2017 by experienced engineers from leading technology companies, focuses on enhancing the security and efficiency of identity-driven, large-scale distributed software systems. The company offers an identity management platform that standardizes and accelerates service authentication across various infrastructures, including cloud, container, and on-premise environments. By addressing the challenges faced by software developers, IT operations managers, and security engineers in a complex enterprise IT landscape, Scytale.io aims to simplify and secure the authentication process, enabling organizations to innovate and operate more effectively. The company's solutions draw from successful practices observed in major internet companies, reflecting a commitment to improving operational speed and security in modern software development.

Scytale.io, founded in 2017 by experienced engineers from leading technology companies, focuses on enhancing the security and efficiency of identity-driven, large-scale distributed software systems. The company offers an identity management platform that standardizes and accelerates service authentication across various infrastructures, including cloud, container, and on-premise environments. By addressing the challenges faced by software developers, IT operations managers, and security engineers in a complex enterprise IT landscape, Scytale.io aims to simplify and secure the authentication process, enabling organizations to innovate and operate more effectively. The company's solutions draw from successful practices observed in major internet companies, reflecting a commitment to improving operational speed and security in modern software development.

RackTop Systems, Inc. develops innovative data center solutions with a focus on data security and storage performance. The company's flagship product, BrickStor, is available in several versions: BrickStor Iron, which serves as an enterprise storage platform; BrickStor Titanium, tailored for private cloud environments; BrickStor zFLASH, which offers flash storage with high performance; and BrickStor SP, a software-defined primary data solution that implements a data-centric Zero Trust model to protect against cyber threats such as ransomware. Other offerings include an object storage platform called OSP, enterprise networking solutions through FlexBox, and virtual desktop infrastructure support with vBox. Additionally, RackTop provides MyRacktop, a secure multi-tenant cloud, and an enterprise backup and recovery appliance. The company also delivers consulting services in data storage optimization and information security to various sectors, including banking, education, and government. Founded in 2010 and headquartered in Fulton, Maryland, RackTop Systems has gained recognition for its innovative approach to cybersecurity and data management.

Huntress is a cybersecurity provider for small and mid-sized businesses and the managed service providers that support them. It offers a managed security platform and a 24/7 Security Operations Center, delivering technology, services, education, and expertise to protect critical assets from cyber threats. The platform combines automated detection with human threat hunting to uncover and stop threats that bypass preventive tools, including ransomware and persistent footholds. Founded in 2015 by former NSA operators, Huntress serves thousands of partners and more than 100,000 organizations, protecting millions of endpoints.

Anno.Ai operates a hosted platform designed to facilitate the curation of training data for machine learning operations. The platform enables users to create projects, customize labels, invite team members, and upload data essential for machine learning models and data annotation. By focusing on structuring unstructured data, Anno.Ai aims to develop AI-driven applications and sensors that open new business opportunities. The company is headquartered in Tysons Corner, Virginia.

Lucata Corporation is a technology company that specializes in enhancing memory utilization through its innovative hardware and software solutions. Founded in 2008 and headquartered in New York City, with additional offices in South Bend, Indiana, Lucata develops motherboards, node cards, and memory servers tailored for various applications such as graph analysis, cyber security, data warehousing, machine learning, and risk analysis. Utilizing patented migrating thread technology, Lucata enables organizations to conduct high-performance analytics on extensive databases exceeding one trillion vertices, facilitating deeper insights into complex data relationships. Its solutions are designed for sectors including financial services, healthcare, telecommunications, and government, allowing for real-time analysis and scalable memory architecture without the need for additional software layers. Lucata's architecture supports energy-efficient processing and significant performance enhancements as hardware scales, positioning the company as a key player in the evolving landscape of big data and analytics.

SCYTHE Inc. is a cybersecurity company based in Arlington, Virginia, founded in 2017. It specializes in designing and developing an adversary emulation platform tailored for enterprises and cybersecurity consulting markets. The SCYTHE platform empowers organizations to construct and simulate a variety of adversarial campaigns swiftly, enabling Red, Blue, and Purple teams to assess and validate their security controls effectively. By allowing organizations to continuously evaluate their risk posture and exposure to cyber threats, SCYTHE helps enhance the performance of security teams and ensures that clients can implement appropriate cybersecurity measures and frameworks.

Vulcan Cyber Ltd. is a cybersecurity company that operates a vulnerability remediation platform designed to manage and reduce organizational cyber risk. Founded in 2018 and based in Tel Aviv-Yafo, Israel, with an additional office in San Francisco, California, the company offers a software-as-a-service (SaaS) solution that integrates and automates existing security tools and processes. This platform allows security teams to gain valuable insights and take necessary actions to continuously eliminate exposed vulnerabilities within their production systems. By supporting the entire cybersecurity lifecycle across various environments, Vulcan Cyber enhances risk management processes, enabling organizations to prioritize and orchestrate their cybersecurity efforts effectively.

CYR3CON, established in 2018 and headquartered in Tempe, Arizona, specializes in predictive cybersecurity. The company employs artificial intelligence to anticipate cyber-attacks by monitoring online hacker communities and quantifying potential threats before they materialize, aiming to mitigate numerous cyber incidents. CYR3CON's platform combines human analysis with advanced machine learning to comprehend the evolving threat landscape and identify emerging attacks against enterprises, facilitating proactive cybersecurity measures.

Scytale.io, founded in 2017 by experienced engineers from leading technology companies, focuses on enhancing the security and efficiency of identity-driven, large-scale distributed software systems. The company offers an identity management platform that standardizes and accelerates service authentication across various infrastructures, including cloud, container, and on-premise environments. By addressing the challenges faced by software developers, IT operations managers, and security engineers in a complex enterprise IT landscape, Scytale.io aims to simplify and secure the authentication process, enabling organizations to innovate and operate more effectively. The company's solutions draw from successful practices observed in major internet companies, reflecting a commitment to improving operational speed and security in modern software development.

HighSide is a developer of a unified communications platform that prioritizes privacy through end-to-end encryption and user authentication. Its suite of products is designed to facilitate secure collaboration in a remote work environment, addressing challenges related to productivity and data access. By leveraging a distributed cryptographic key management infrastructure and a zero-trust technology approach, HighSide provides businesses with tools for secure voice, video, text communication, and file sharing. This comprehensive platform not only enhances data security but also mitigates the risks associated with shadow IT and outdated communication methods, ensuring that sensitive information is managed safely and efficiently.