dope.security

The Scene

Right now, somewhere, a security tool is making your traffic fly the long way

A laptop in a coffee shop opens a website. Before that page loads, the request is supposed to be checked for threats. In the old way of doing things, that check happens in a datacenter the security vendor owns - which might be a few hundred miles away, or a few thousand. The traffic flies out to the datacenter, gets inspected, and flies back. Every request. All day.

dope.security looked at that arrangement and asked the obvious question that somehow no one was asking out loud: why is the inspection happening over there, when the device is right here? Its answer is a Secure Web Gateway that runs on the endpoint itself. The company calls it "fly-direct," and the airline metaphor is the entire pitch. No layover. No stopover datacenter. The security travels with you.

Today the company is roughly 40 people split between Mountain View, California and Cork, Ireland, selling to enterprises and the managed service providers who run security for them. It is not the biggest name in its market. It is, by design, the most opinionated.

The Problem They Saw

The cloud proxy solved a problem - and quietly created a new one

For years, the Secure Web Gateway was a box in the corner of the office. Then everyone moved to the cloud, and the box moved with them - except now it lived in the vendor's cloud, and your traffic had to go visit it. When everyone worked in one building, the detour was tolerable. When everyone scattered to kitchens and hotel rooms during the pandemic, the detour got expensive in the currency that users actually notice: speed.

Slow gateways. Mysterious outages. Pages that hang while the traffic is off touring a datacenter somewhere. These are not exotic complaints; they are the daily texture of using a cloud proxy. And there is a quieter cost, too. To inspect encrypted traffic, the vendor's cloud has to decrypt it. Which means your data is being unwrapped in a building you don't control.

The Founder's Bet

A man who helped build the old gateway decided to unbuild it

Kunal Agarwal founded dope.security in 2021. His resume is the joke and the credibility at once: he led Secure Web Gateway products at Symantec and worked at Forcepoint - meaning he helped build the very category he is now trying to disrupt. People who leave incumbents to start competitors usually carry a grudge. Agarwal seems to carry a blueprint.

The bet was specific. Take the inspection that vendors insisted had to live in the cloud - SSL inspection, URL filtering, cloud-app controls - and prove it could run on the endpoint without melting the laptop or losing the central control that IT teams need. Keep the cloud, but demote it to what it's actually good at: managing policy and crunching analytics. Everything that touches live traffic happens on the device.

That last part - design - is the tell. Security software is famously hostile to look at, as if difficulty were proof of seriousness. dope.security treats the interface as a feature. It is the kind of thing investors notice when they're trying to explain why a 40-person company is taking on giants.

The Product

One agent, doing the work where the work actually happens

The flagship is dope.swg: a fly-direct proxy that runs as an agent on the device. It handles SSL inspection, URL filtering, cloud-app controls, and blocking of things like personal email and shadow IT - all locally. Policy is set in the cloud and pushed down in real time; analytics flow back up. The traffic itself never takes the detour. The company says this can deliver up to a 4x performance improvement over cloud-proxy gateways, and the architecture means a vendor cloud outage doesn't take your internet down with it.

From there the line grew teeth. CASB Neural, launched in 2024, is a cloud access security broker that uses deep learning to actually read exposed data rather than guess at it from patterns. DOPAMINE DLP, in 2025, brought the same idea to the endpoint: data loss prevention that understands content instead of matching regular expressions, so it can tell the difference between a recipe and a customer record. A dope.vpn pairing the on-device proxy with LLM-powered inspection has been teased as next.

The arithmetic that gets a meeting: a per-device price you can do in your head, and a performance claim you can feel the first time a page loads without the layover.

The Proof

A small company in a market that is getting very large

The Secure Web Gateway market was worth roughly $9 billion at the end of 2022 and is projected to reach about $24 billion by 2028. That is the room dope.security is betting it can grow into. Its early evidence: managed service providers - the ruthlessly practical buyers who run security for many clients at once - have moved from Cisco Umbrella and Zscaler to dope.security, citing ease of use. In a category where "ease of use" is rarely the headline, that is the headline.

The money agreed. The 2022 seed round ($4M) came from Boldstart Ventures, with Preface alongside. The 2023 Series A ($16M) was led by GV - Google's venture arm - bringing the total to roughly $20M and seating GV's Sangeen Zeb on the board next to Boldstart's Ed Sim and longtime security executive Steven Schoenfeld. In 2025 the company opened a Global Partner Program with names like Optiv, GuidePoint, and Clarium, the move of a startup deciding it would rather arm a channel than knock on every door itself.

The Mission

Make security fast, private, and - the heretical part - pleasant

Strip away the branding and the thesis is sober: security shouldn't tax performance, shouldn't require handing your decrypted traffic to a third party, and shouldn't be judged solely on how much it protects while ignoring how much it annoys. dope.security argues those tradeoffs were never laws of physics. They were just the architecture everyone inherited.

The shadow-AI feature from 2025 is the mission in miniature. Rather than ban ChatGPT outright - the blunt instrument - the gateway can block the consumer version while allowing the sanctioned enterprise one. It's a small thing that signals a bigger posture: control without theatrics.

Why It Matters Tomorrow

The detour gets harder to justify every year

Work is permanently distributed. AI tools are spreading faster than policies can be written for them. Encrypted traffic keeps climbing toward all of it. Each of those trends makes the cloud-proxy layover look more like a relic - more latency to pay, more data to expose, more shadow tools to catch. dope.security is wagering that the on-device model isn't a clever alternative but the eventual default, the way streaming was once a curiosity and then simply how television worked.

It is still a 40-person company facing incumbents with thousands. The bet is not yet won. But the question it keeps asking - why the layover? - has the awkward quality of being hard to answer well.

That's the whole product, really. Not a faster layover. No layover.