A Menlo Park startup is building the map that most enterprise security tools never bothered to draw - one that shows exactly where sensitive data sits, who can reach it, and where it's headed next.
BEDROCK DATA, MENLO PARK, CALIF. — the company's mark, built on a thesis that security starts with knowing where the data is.
Enterprise security has spent two decades building walls around networks, devices and identities. Bedrock Data starts from a different premise: none of that matters if nobody can say, with confidence, where the sensitive data actually is.
The company, founded in Menlo Park, California, builds a data security posture management (DSPM) platform that scans an organization's cloud storage, SaaS applications and AI systems, then classifies what it finds - personal information, secrets, intellectual property - and tracks who can access it and where it moves. It does this without copying the data anywhere else, a detail the company treats as a selling point rather than a footnote.
In November 2025, Bedrock Data closed a $25 million Series A led by Greylock Partners, bringing its total funding to $35 million in under two years. The round arrived alongside a new product, ArgusAI, aimed at a problem that barely existed when the company was founded: knowing which AI models and agents can see which datasets.
Bedrock Data's core product is what it calls a Metadata Lake - a graph that links data and identity across an organization at petabyte scale. It runs continuous scans across cloud storage, SaaS tools and internal systems, then builds a live picture of sensitivity, lineage and access rather than a one-time snapshot.
That distinction matters more than it sounds. Older data classification tools relied on static rules: fixed patterns that flagged a social security number or a credit card string but missed everything that didn't match a predefined shape. Bedrock Data uses AI-based reasoning instead, an approach meant to keep pace with data that changes faster than any rule set can be updated.
The platform's architecture scans data where it sits, using what the company describes as a serverless "outpost" model, and never moves the data itself outside the customer's own environment. For enterprises handling regulated healthcare or financial records, that architectural choice tends to be the difference between a tool that clears a security review and one that never gets deployed at all.
Bedrock Data finds sensitive information across an enterprise's cloud, SaaS and AI systems, classifies it, tracks who can reach it, and flags risk - continuously, and without exporting the data.
A contextual graph linking data and identity across the enterprise. Combines classification, lineage tracking and entitlement analysis at petabyte scale, launched in 2025.
Continuous discovery and classification of PII, secrets and intellectual property across cloud, SaaS and on-premises systems, replacing periodic manual audits.
Launched in late 2025, it builds a "Data Bill of Materials" linking AI models to the datasets they touch, then enforces policy in natural language across data, identity and AI systems.
Bedrock Data's customers sit in industries where a misclassified dataset carries real regulatory and financial consequences: healthcare, financial services, sports data and biotech among them. Named customers include Housecall Pro, Chime, Strive Health, Sportradar, MannKind and SmithRx.
The problem these customers share is less about having too little security tooling and more about having too much of it pointed at the wrong layer. Firewalls, endpoint detection and identity platforms all assume you already know which data is sensitive. Bedrock Data's pitch is that most enterprises don't - not with any confidence - and that gap is where breaches, compliance failures and, increasingly, careless AI deployments originate.
A large company might have data scattered across dozens of cloud buckets, SaaS tools and internal databases, added over years by different teams for different reasons. Nobody owns a complete map of it. When a breach happens, or a regulator asks a question, or an AI model is connected to internal systems, the first question - what data could have been exposed - often has no fast answer. Bedrock Data is built to make that question answerable in minutes rather than weeks.
Pranava Adduri and Ganesha Shanmuganathan founded the company; Bruno Kurtic joined as co-founder shortly after.
Greylock Partners led a $10 million seed round as the company unveiled its data security platform.
Named one of the top ten finalists at RSA Conference's Innovation Sandbox contest.
Co-founder Bruno Kurtic formally took the chief executive title.
The company introduced its Metadata Lake product to strengthen data visibility, DSPM and AI adoption support.
Closed a $25 million Series A led by Greylock Partners, joined by Mangusta Capital, Mantis Venture Capital and Pier 88 Investment Partners.
Introduced its AI governance product alongside three new vice president hires.
Extended DSPM coverage to Atlassian Confluence, mapping SaaS data to AI inference risk.
Bedrock Data sells its platform on a subscription basis, directly to security, data governance and compliance teams, with pricing tied to the volume and scope of data under management. It is an enterprise sale by design: the customers most likely to feel the cost of poor data visibility are the ones with the most data to lose track of.
The team's expertise draws from a specific lineage in Silicon Valley infrastructure - Sumo Logic, Rubrik, Cohesity, AWS, CrowdStrike, Palo Alto Networks and VMware are all represented among its founders and early hires. That background shows up in the product's emphasis on scale: petabyte-level scanning, continuous monitoring rather than periodic audits, and integration points built for security operations centers rather than one-off compliance checklists.
RSA Innovation Sandbox finalist (2024), Fortune Top 50 Cybersecurity Company (2025), SINET16 Innovator.
It builds an AI-native data security posture management (DSPM) platform that discovers, classifies and tracks sensitive data across cloud, SaaS and AI systems, giving enterprises visibility into what data they hold and who can access it.
Bruno Kurtic (CEO, formerly co-founder of Sumo Logic), Pranava Adduri (CTO) and Ganesha Shanmuganathan co-founded the company.
A total of $35 million, including a $10 million seed round in 2024 and a $25 million Series A in November 2025, both led by Greylock Partners.
Enterprises in healthcare, fintech, sports data and biotech, including named customers Housecall Pro, Chime, Strive Health, Sportradar, MannKind and SmithRx.
Its Metadata Lake architecture scans data in place at petabyte scale without copying it out of the customer's environment, and uses AI-based reasoning rather than static rules to keep classification current.