Mid-Stride in the Cloud Security War
Here is the thing most companies don't think about until it's too late: Google does not automatically back up your Google Workspace data. Microsoft does not automatically back up your Microsoft 365 data. That gap - the one between "we're in the cloud so we're fine" and "our data is actually recoverable" - is the gap Dmitry Dontov has spent eight years filling.
Dontov co-founded Spin.AI in 2017 with Helen Yevtushenko. The company started as SpinBackup, a name that said exactly what it did. It's now called Spin.AI, a rebrand that signals where the company has moved: from backup utility to AI-powered SaaS security platform, from a single use case to an integrated suite covering backup, ransomware detection, browser security, and SaaS Security Posture Management.
The platform is called SpinOne. It backs up your cloud data three times per day. When ransomware hits, the recovery SLA is two hours. Most security tools promise prevention. Dontov built something that also promises recovery - with a clock on it.
"Cyber resilience isn't just about prevention - it's about your ability to recover when prevention fails."- Dmitry Dontov, CEO, Spin.AI
From Moldova to the Cloud Security Front Lines
Dontov's career didn't start in Silicon Valley. It started in Moldova, in 1999, as Managing Director of DosarInfo SRL. Over the following fifteen years, he ran Optimum-web, a software development company in Eastern Europe, and co-founded Bridge Moldova. He accumulated experience in enterprise software and team management long before cloud applications existed in their current form.
The move toward cybersecurity was deliberate. Dontov pursued a Master's degree in Cybernetics and Economy at the Academy of Economic Science - a discipline that sits at the intersection of systems theory, information processing, and economics. He later completed business administration coursework at Stanford, bridging his technical foundation with Silicon Valley operating principles.
CAREER BRIEF: 20+ years in tech. Two patents. One company that grew from a backup tool into a platform protecting DHL, Domino's, and Vimeo from the kind of data disasters that make the news for the wrong reasons.
Before Palo Alto, there was Eastern Europe. Before SpinOne, there was SpinBackup. The arc makes sense in retrospect.
The Threat He Keeps Talking About
Dontov writes regularly for Dark Reading, one of the most-read cybersecurity publications in the industry. His columns focus on specific, unglamorous threats: ransomware's actual impact on SaaS environments, the compliance gap in Microsoft 365 deployments, how shadow IT creates exposure that traditional security tools don't see.
Shadow IT in SaaS is a recurring theme. The problem: employees add third-party apps to their Google Workspace or Microsoft 365 environments without IT knowledge. Each app is a potential data exfiltration path, a compliance violation, or an attack vector. Most enterprise security stacks weren't built to see these connections - let alone act on them automatically.
"Shadow IT in SaaS is one of the biggest unaddressed risks in enterprise security today."- Dmitry Dontov, Dark Reading
SpinSPM - Spin.AI's SaaS Security Posture Management module - addresses exactly this. It maps third-party app integrations, scores them for risk, and gives security teams visibility they didn't have before. In Q4 2023, Forrester Research named it a Strong Performer in the SSPM category - early validation from an analyst firm that doesn't hand those designations out casually.
The SpinOne Platform
The product has grown considerably from the original backup focus. SpinOne now covers four distinct capability areas, each targeting a different way that enterprise SaaS data gets compromised:
BACKUP & DISASTER RECOVERY
3x daily backups for Google Workspace, Microsoft 365, Salesforce, and Slack. Point-in-time restore with 2-hour ransomware recovery SLA.
RANSOMWARE DETECTION
AI-driven anomaly detection identifies ransomware behavior in cloud environments and triggers automated response before damage spreads.
SSPM - SpinSPM
SaaS Security Posture Management. Maps third-party app integrations, assesses risk, enforces cloud security policies. Forrester Wave Strong Performer.
BROWSER SECURITY - SpinCRX
Enterprise browser security targeting malicious extensions. Scans, vets, and manages Chrome extensions across the org with AI-based risk scoring.
SpinCRX deserves particular attention. Browser extensions are an attack vector that most enterprise security teams treat as low-priority - small, hidden, often installed by individual employees without IT awareness. Dontov recognized early that malicious browser extensions represent a legitimate threat, capable of injecting malware, exfiltrating credentials, and bypassing perimeter defenses entirely.
Raising $21.5M - and Who's Betting on This
The funding history tracks the company's maturation. The $16M Series A in August 2022, led by Blueprint Equity with participation from Santa Barbara Venture Partners and Blu Venture Investors, gave Spin.AI the capital to scale its sales motion and expand the platform. The round was advised by Vista Point Advisors.
Then in March 2026, K1 Investment Management came in. K1 is one of the largest investors in small-cap AI-powered software - it has backed over 275 companies since inception, with previous security investments including Axcient, Checkmarx, IRONSCALES, Pentera, and SecureAuth. When K1 backs a security company, it's not a coincidence. Total funding now stands at $21.5M.
Who's Already a Customer
Domino's. DHL. Vimeo. These aren't proof-of-concept deployments. They're the companies whose cloud data - and whose customers' cloud data - depends on SpinOne running correctly, three times per day, in the background, without being noticed.
1,500+ organizations across 100+ countries. 2 million+ users protected. The platform runs quiet. That's the point.
The Browser Extension Nobody Thinks About
One of the more counterintuitive positions Dontov has staked out is the browser extension risk story. Every enterprise has deployed endpoint detection and response. Many have zero-trust architectures. Most have ignored the Chrome extensions their employees installed three years ago and never removed.
SpinCRX addresses this. It uses AI-based risk scoring to assess extensions for malicious behavior, data exfiltration capabilities, and permission overreach. It removes malicious extensions automatically. It provides visibility into what's installed across the entire organization - something that, before this product existed, most enterprise security teams simply didn't have.
On Cyber Defense Radio (May 2024), Dontov walked through the specific mechanics of why cloud-first security postures still leave organizations exposed: the assumption that SaaS data is automatically protected by the provider, the blind spots created by third-party app integrations, and why the 2-hour recovery SLA matters more than most prevention metrics. Worth a listen for anyone running cloud-first infrastructure.
The Pattern: Build, Patent, Educate
Dontov holds two cybersecurity patents. That's unusual for a CEO whose daily work is increasingly go-to-market strategy, investor relations, and team building. It signals that his involvement in the technical architecture isn't purely ceremonial - he came up through technical roles, and the patents represent real intellectual contributions to how the security problems Spin.AI solves actually get solved.
He's also a member of the Forbes Business Council and the Young Entrepreneur Council, two networks that give him access to peer feedback from operators working in similarly high-velocity growth environments. His writing for Dark Reading serves a different purpose: it positions him and Spin.AI as a credible technical voice in a market crowded with vendors making identical claims about AI and security.
2023 BIG Award for Business Winner
Small Business Executive of the Year 2023
Forrester Wave Strong Performer - SSPM Q4 2023
Forbes Best Startup Employer - 3 consecutive years
The Career Arc
There's a line from Managing Director in Moldova in 1999 to K1-backed CEO in Palo Alto in 2026. It's not a straight line. It runs through Eastern European software shops, a co-founded NGO, Stanford courses taken while building a startup, and a rebranding exercise that changed the company's name without changing what it fundamentally does: make sure that when something goes wrong in your cloud environment, you can get back to normal before the incident makes it into a post-mortem.
The bet Dontov made in 2017 - that enterprises would eventually understand they needed specific, dedicated SaaS security tools rather than relying on native provider protections - has aged well. The category now has a Forrester Wave. K1 is investing. DHL is a customer. And somewhere right now, SpinOne is running its third backup of the day.
- 1993-98 Master's in Cybernetics and Economy, Academy of Economic Science
- 1999-03 Managing Director, DosarInfo SRL, Moldova
- 2003-14 CEO, Optimum-web - software development, Eastern Europe
- 2008-12 Co-founded Bridge Moldova
- 2017 Co-founded Spin.AI (SpinBackup) with Helen Yevtushenko, Palo Alto
- 2018-19 Business Administration and Cloud Computing coursework, Stanford University
- 2022 $16M Series A led by Blueprint Equity; Forbes Business Council membership
- 2023 BIG Award for Business; Small Business Executive of the Year; Forrester Wave Strong Performer (SSPM)
- 2024 Cyber Defense Radio feature; continued Dark Reading column on SaaS security threats
- 2026 K1 Investment Management round closes; Forbes Best Startup Employer list, third consecutive year