Bastille reads the air in your building.

Somewhere in a Fortune 100 tower, a phone that shouldn't exist just lit up.

It is on the 14th floor, in a conference room that is supposed to be quiet. It is not on the corporate Wi-Fi. It is not on the guest network. It is not on anything the IT team can see. And yet a sensor on the ceiling - small, passive, listening to the cellular band - knows it is there, knows roughly where it is sitting, and has already pushed an alert into the security team's console.

That sensor belongs to Bastille. The company's entire reason for being fits in that one moment: there is a whole layer of the world - the wireless airspace - that your firewall, your Zero Trust rollout, and your shiny XDR platform simply cannot perceive. Bastille's job is to perceive it for you, and then to tell you which signals are normal and which one is the problem.

Today Bastille sells to the kind of organizations that lose sleep over exactly this: Fortune 100 enterprises, financial institutions, data center operators, and the U.S. government and intelligence community. In January 2024 it raised a $44 million Series C led by Growth Equity at Goldman Sachs Asset Management - a firm that also happens to be a customer. The product has a name that sounds like a fortress because that is roughly the pitch.

Everyone spent two decades securing the wire. Nobody was guarding the air.

Security has a comforting habit of defending the things it can already see. Endpoints get agents. Networks get monitoring. Cloud gets posture management. It is all very tidy. The catch is that the modern enterprise is soaked in radio - cellular, Bluetooth, BLE, Wi-Fi, Zigbee, and an expanding zoo of Internet of Things gadgets - and almost none of that traffic ever touches the corporate network where the defenders are watching.

So you get the awkward scenarios. A contractor's hotspot bridging a secure facility to the open internet. A rogue cellular device sitting inside a SCIF where phones are explicitly forbidden. A wireless keyboard quietly broadcasting every keystroke in the clear. An IoT sensor with firmware nobody has patched since the day it shipped. Each one is invisible to the stack that cost millions to assemble.

The uncomfortable part is that the attackers figured this out first. The radio spectrum is a quiet, unmonitored hallway running through every building, and it stays quiet precisely because no one is standing in it. Bastille's founders looked at that hallway and decided someone ought to.

Two people who actually knew what radio sounded like.

Bastille was founded in 2014 by Chris Risley and Bob Baxley. Risley was the operator - more than two decades in software, a string of venture-backed companies behind him, including Defense.Net, which he sold to F5 Networks. Baxley was the signal-processing brain, with the kind of RF and communications depth that lets you treat the electromagnetic spectrum as something you can read rather than something you merely tolerate.

The bet was specific and, at the time, slightly mad: that you could take software-defined radio - cheap, flexible receivers that can tune across enormous swaths of spectrum - point it at a building, and use machine learning to turn the resulting wall of noise into a live inventory of every wireless device inside. Not just the ones politely announcing themselves on Wi-Fi. All of them. Including the cell phone in the corner, located by its cellular emissions alone.

Investors who understood the spectrum got it early. Bessemer Venture Partners wrote the first check around 2015 and has come back every round since. Comcast joined along the way. The thesis never really changed; it just got more obviously correct as wireless devices multiplied.

Sense it. Identify it. Locate it. Repeat, continuously.

The Wireless Airspace Cybersecurity Platform is the core. Sensor arrays - the software-defined radios - sit in a facility and passively listen across cellular, Bluetooth, BLE, and Wi-Fi. Machine learning models do the hard part: separating the dishwasher-dull background of approved devices from the one signal that warrants a human's attention. Then the platform localizes that device, often down to the room, and feeds the alert into the existing security operations stack.

Around that core sits a family of deployments for different threat models:

The numbers, the names, and the flaws they found in your keyboard.

Proof comes in three flavors here. First, growth: the company says it tripled annual recurring revenue in 2023 and expected to more than double it again the following year, the sort of curve that makes a Goldman Sachs growth fund lead a round - and the kind of conviction that follows a firm becoming a customer before it becomes an investor.

Second, the customers. Fortune 100 enterprises, financial institutions, high-tech firms, and government and intelligence agencies run Bastille in the places where an unauthorized signal is not an inconvenience but a genuine incident. Oracle has spoken publicly about working with Bastille on the security of its cloud infrastructure.

Third - and most fun - the research. The Bastille Research team, with Marc Newlin, published MouseJack and KeySniffer in 2016. MouseJack showed that the majority of non-Bluetooth wireless mice and keyboards could be hijacked from up to 100 meters away with about $15 of hardware. KeySniffer found that eight of twelve tested keyboard makers shipped products transmitting keystrokes with no encryption at all. Both landed in the global press, and both were a vivid demonstration of the exact blind spot the company sells against.

Make the airspace as defensible as the network.

Strip away the patents and the sensor hardware and the mission is almost stubbornly simple: the wireless spectrum inside a sensitive building should be monitored, mapped, and defensible - exactly like the corporate network already is. Zero Trust drew a perimeter around identity and devices on the wire. Bastille wants to extend that same discipline to everything broadcasting in the air around it.

It is a mission with a deadline, in a sense, because the device count only goes one direction. Every new sensor, badge reader, wearable, and connected gadget widens the airspace that nobody else is watching. Bastille's argument is that visibility into that layer stops being a luxury and starts being table stakes - and the customers in regulated, high-stakes environments are the first to agree.

The hallway nobody guards keeps getting more crowded.

Wireless is no longer a convenience layered on top of the real network. For a growing class of attacks, it is the network - the path in, the path out, and the path that leaves no trace on any system the defenders monitor. As 5G, private cellular, and IoT push deeper into corporate and government facilities, the unwatched spectrum becomes the most attractive route precisely because it is unwatched.

Bastille's wager is that the security teams who win the next decade will be the ones who can finally answer a question they currently cannot: what is broadcasting in my building right now, and which of it shouldn't be? It is not a glamorous question. It is just one that, until recently, had no good answer.

So return to that 14th-floor conference room. The phone that shouldn't exist is still there. The difference is that now it does not sit in silence for an afternoon, harvesting whatever it can. A passive sensor heard it the moment it powered on, placed it on a map, and handed the security team a name, a location, and a head start. The air in the building is no longer an open hallway. Someone is finally standing in it.

See it explained and demonstrated.