Announcing our Series A
Today, we're announcing our $12 million Series A led by Madrona. This funding represents more than capital—it validates our solution to what I call the 'last mile problem' in application security.
Here's a scenario every security professional will recognize: Your team demos an impressive application security tool that catches sophisticated attacks in real-time. The vendor shows graphs of threats blocked, attacks prevented, and response times measured in seconds. Everyone nods approvingly. Then someone asks the inevitable question: "Can we set it to auto-block in production?"
The room goes quiet. Suddenly, that same impressive tool gets relegated to "monitor mode indefinitely" because nobody trusts it enough to actually stop attacks automatically.
I've watched this exact scenario play out dozens of times during my years as a security product leader at EdgeCast, Verizon, Signal Sciences, and Fastly. At Impart, we've finally solved what I call the 'last mile problem' in application security. With today's $12 million Series A announcement led by Madrona, here’s how we're making automatic threat blocking a reality.
What Actually Is an Application Detection and Response Engineering Platform?
When I look back at my career in security, the majority of tools operate as black boxes for security teams. They rely on threat research and canned detections to generate findings, which may or may not be relevant to real-world customer applications. We refer to this as the vulnerability industrial complex, which is essentially an ecosystem that generates endless alerts without context or confidence.
The brutal reality is that most security teams I speak with enable a few generic rules but can't implement anything beyond that due to the high cost of tuning, maintenance, and ongoing management.
This is where Impart takes a fundamentally different approach. Instead of delivering another black box, we built an Application Detection and Response (ADR) Engineering Platform that puts security teams in control. The "engineering" piece is crucial. We provide the tools, frameworks, and confidence teams need to build, test, and deploy security logic that actually works for their specific applications.
How do we solve the last mile problem? Our platform helps you understand your application’s normal behavior, lets you build and test rules with surgical precision using our testing framework, and gives you the confidence to auto-block because you know exactly what you're protecting and why. No more monitoring mode indefinitely.
While Impart started in the WAF and API security space, working with our customers revealed this problem isn't unique to web application firewalls. It's critical for anything that operates in runtime production environments. That insight led us to expand our vision beyond traditional security categories to create the first true ADR Engineering Platform.
Why WebAssembly Changed Everything
The breakthrough came when our engineering team started experimenting with WebAssembly for rule execution. Initially, we were drawn to WASM for its performance benefits. Ahead-of-time compilation means our security rules execute with near-native speed, even under heavy traffic loads. The portability was also attractive, as our customers deploy across a wide range of environments, from edge locations to multi-cloud environments.
But the real game-changer was isolation. WASM creates secure sandboxes where our AI agents can test their hypotheses against real traffic patterns without any possibility of affecting production systems. Think of it as giving AI a perfect replica of your production environment where it can make mistakes, learn from them, and iterate rapidly, all while your actual infrastructure remains completely untouched.
While WASM adoption is still emerging in enterprise environments, we found that customers who had experimented with it immediately understood its potential. For most others, the learning curve was minimal since they could see the clear performance and security benefits without needing to master the underlying technology.
Lessons from Production Deployments
The early results have been eye-opening, though not always in ways we expected. Our AI has now deployed over 2,400 custom security rules across customer environments, reducing average deployment time from 18 days to 45 minutes while maintaining 99.97% uptime.
But the most surprising insight came from watching how customer behavior changed once they trusted autonomous blocking. One enterprise customer told us their security team went from spending 60% of their time triaging false positive alerts to focusing on strategic security initiatives and threat hunting. Another customer noted that their mean time to containment for new attack patterns dropped from days to minutes, fundamentally changing how they thought about incident response.
The real validation came from watching how quickly we could respond to newly published CVEs. When a critical vulnerability gets disclosed, traditional security teams typically need days to understand the attack vectors, develop detection rules, test them against their applications, and coordinate deployment. With Impart, customers can have protection deployed within hours of a CVE publication. Our AI analyzes vulnerability details, generates detection logic, validates it against their specific application patterns, and deploys protection automatically.
What struck me wasn't just the speed. It was watching customers' confidence grow as they realized their defenses could evolve faster than attacks.
Why Madrona Was the Right Partner
When Karan Mehandru and the Madrona team started their diligence process, they did more than just evaluate our technology. They spoke directly with CISOs across many portfolio (and non-portfolio) companies to understand the operational challenges we were solving. That level of validation from investors who really understand enterprise infrastructure gave us confidence that we were solving the right problem the right way. More importantly, Madrona understands that this isn't just about building better application security tools. They see the broader implications of proving that AI can be trusted with mission-critical operations when you design safety and reliability from the ground up.
Having Karan's go-to-market expertise on our side will be invaluable as we expand our sales and marketing efforts and continue strengthening the platform that has resonated so strongly with the market. This partnership is all about aligning with partners who understand our vision and can help us scale effectively. With Madrona's track record and Karan's deep GTM knowledge, we're positioned to accelerate our growth while staying true to what has made our platform successful.
The Honest Challenges We're Still Solving
Building truly autonomous application security is more than a technical challenge. It’s a trust-building exercise that requires perfect execution over months, not weeks. Our biggest surprise has been the extent of customer education required. Even when the technology works perfectly, security teams need time to internalize that "autonomous" doesn't mean "unpredictable."
We've also learned that different industries have vastly different risk tolerances. What works for a SaaS company doesn't necessarily work for a hospital or bank. This insight is shaping our approach to market expansion and product development.
The Bigger Picture
Every security product leader I know has built features that customers loved in demos but never fully deployed in production. The gap between impressive technology and enterprise trust has defined our industry for decades.
What excites me most about reaching this milestone isn't just the funding or the early customer traction—it's proving that the last mile problem in application security is solvable. When you can guarantee that AI won't break production while demonstrably improving security outcomes, everything changes.
We're not just building the security platform I always wished existed during my time as a product leader. We're proving that AI can be trusted with the application security operations that keep businesses running.
Jonathan DiVincenzo is CEO and co-founder of Impart Security. Before founding Impart, he was a security product leader at EdgeCast, Verizon, Signal Sciences, and Fastly, where he led product teams focused on application security and web performance.