The company built on a plain, slightly uncomfortable idea: attackers can see every asset you expose to the internet, and most enterprises cannot. CyCognito hands the defenders the attacker's map.
A navy square, a white "C," one orange block cut clean out of it - the logo of a company whose whole job is finding the piece of your network you didn't know was missing.
The Story
Here is a fact that keeps chief information security officers awake: the asset most likely to get you breached is one you don't know you own. A marketing microsite spun up for a campaign in 2019. A test server a contractor forgot to decommission. A subsidiary in another country running its own web stack. Attackers don't care which of your assets are on the official inventory. They scan the entire internet, find the weak one, and walk in through it. CyCognito is a company organized entirely around that fact.
Founded in 2017 and headquartered in Palo Alto, CyCognito sells what the industry now calls external exposure management - or, in the older phrasing, attack surface management. The product does three things in a loop: it discovers all of an organization's internet-facing assets (including the unknown and unmanaged ones), it tests those assets the way an attacker would probe them, and it ranks what it finds so a security team knows what to fix first. The interesting part is what it does not require. No agents to install. No integration project. No configuration. CyCognito looks at your organization from the outside, because that is exactly where an attacker stands.
The founders came to this honestly. CEO Rob Gurzeev was CTO of the product department of Israel's Unit 8200, the elite military intelligence corps, and ran offensive security for both intelligence agencies and the private sector before flipping to defense. CTO Dima Potekhin is a self-taught engineer who started coding at nine, holds patents in internet-scale infrastructure, and received the Israel Defense Prize. The premise of the company is essentially their old day job, pointed in the opposite direction: do the reconnaissance an attacker would do, but deliver the results to the target instead of exploiting them.
By The Numbers
Meaningful cyber defense starts with protecting your external digital footprint.
- CyCognito, on its founding premiseHow It Works
The platform runs continuously, mimicking an attacker's reconnaissance rather than waiting for a scheduled scan. The loop is the product.
Map every internet-facing asset - cloud, web, APIs, subsidiaries - including shadow IT nobody remembers deploying.
Figure out which assets actually belong to you and who inside the org owns each one.
Simulate attacker probing across live assets to surface exploitable weaknesses without disrupting operations.
Rank risks by real-world exploitability and business impact so teams fix the right thing first.
Products
Continuously discovers, maps and attributes all internet-facing assets across cloud, web and subsidiaries - with no agents and no configuration required.
Simulates attacker reconnaissance and testing across live assets to surface exploitable vulnerabilities without impacting business operations.
Ranks discovered risks by exploitability and business impact, so security teams remediate what genuinely matters instead of chasing noise.
Why It Exists
For a long time, enterprise security had a tidy mental model: there was an inside and an outside, and a firewall in between. Then cloud happened. Then APIs multiplied. Then every acquisition brought its own sprawl of servers, and every marketing team learned to spin up sites without asking IT. The neat border dissolved into thousands of internet-facing assets scattered across providers and geographies - and the security team's inventory stopped matching reality.
CyCognito's market is precisely that gap between the inventory you think you have and the footprint you actually expose. It is a market that got created by convenience: every shortcut that made shipping software faster also made the attack surface bigger and harder to see. The company's answer is not to slow anyone down but to restore the seeing - to give defenders the same complete, outside-in view an attacker assembles for free.
Who Uses It
CyCognito sells to large enterprises with complex, distributed digital footprints - the organizations that have the most assets to lose track of. That spans financial services, manufacturing, healthcare, retail, hospitality and the public sector. Around its Series C, the company reported roughly 400% year-over-year revenue growth and tripled its Fortune 500 customer count.
The Money
The December 2021 Series C was led by The Westly Group, with Thomvest Ventures and The Heritage Group joining. Earlier backers Accel, Lightspeed Venture Partners, Sorenson Ventures and UpWest all returned. Total raised sits at roughly $153-163M.
Timeline
Rob Gurzeev and Dima Potekhin start the company to apply an attacker's view to enterprise defense.
Sorenson Ventures leads the seed, backing the early attack-surface platform.
The ASM platform ships and lands early enterprise customers, with Accel and Lightspeed on board.
The Westly Group leads a $100M round amid ~400% revenue growth and 3x Fortune 500 customer expansion.
Named a Leader in the GigaOm Radar for ASM; ships automation, RBAC Teams and cloud features while adding partners like Wiz and Armis.
The Ecosystem
Through 2025, CyCognito deepened a set of cloud-security, managed-security and exposure-testing alliances across the US, EU and APAC - pushing exposure data into the wider security stack rather than sitting apart from it.
Integrating external exposure findings with cloud risk context.
Exposure and asset-intelligence collaboration.
Security-control testing and exposure validation.
Questions
It runs an external exposure management platform that discovers an organization's internet-facing assets, tests them for vulnerabilities, and prioritizes the risks that matter most - mapping the attack surface the way an attacker would.
Founded in 2017 by Rob Gurzeev (CEO) and Dima Potekhin (CTO), both veterans of Israeli military intelligence, including the elite Unit 8200.
Roughly $153-163M across multiple rounds, headlined by a $100M Series C in December 2021 at an $800M valuation, led by The Westly Group.
Large global enterprises including Tesco, Colgate-Palmolive, Panasonic, Hitachi, Ströer, Storebrand, Bertelsmann and Wipro, across financial services, manufacturing, healthcare, retail and public sector.
Traditional scanners test assets you already know about. CyCognito starts from the outside with no agents or configuration, discovers unknown and shadow-IT assets first, then tests and prioritizes them - closer to how an attacker actually operates.