BREAKING Lema AI exits stealth with $24M to reinvent third-party risk SERIES A $17.5M led by Team8, with Salesforce Ventures PROFILE Eddie Dovzhik: from Unit 8200 to the enterprise supply chain QUOTE "You can be fully compliant and still be completely exposed" SPEED Lema claims a vendor risk read in under five minutes BREAKING Lema AI exits stealth with $24M to reinvent third-party risk SERIES A $17.5M led by Team8, with Salesforce Ventures PROFILE Eddie Dovzhik: from Unit 8200 to the enterprise supply chain QUOTE "You can be fully compliant and still be completely exposed" SPEED Lema claims a vendor risk read in under five minutes
The Profile · Cybersecurity

Eddie Dovzhik

He runs Lema AI, a company betting that third-party risk should be handled like a security problem, not a form to fill out. After Unit 8200 and Noname Security, he is trying to turn compliance auditors into risk engineers.

Co-Founder & CEO, Lema AI New York / Tel Aviv Forbes Technology Council
Eddie Dovzhik, co-founder and CEO of Lema AI
$24M
Total raised
2023
Lema founded
3
8200 co-founders
<5 min
Vendor risk read

Eddie Dovzhik spends his days on a problem most people never see until it goes wrong: the security of the companies you depend on but do not control. As co-founder and CEO of Lema AI, he is building software meant to look at a vendor the way an attacker would, and to keep looking long after the contract is signed. The company came out of stealth in early 2026 with $24 million in funding and a blunt pitch. The way enterprises check their suppliers, he argues, is broken.

Lema AI calls its product an "Agentic Risk Engineer." In plain terms, it is an AI system trained to investigate rather than to read. Traditional third-party risk management, or TPRM, leans on questionnaires: a vendor is asked whether it encrypts data, whether it patches quickly, whether it has the right certifications. The vendor answers, a team files the responses, and everyone moves on. Dovzhik's view is that this process measures paperwork, not exposure. Lema's platform instead analyzes vendor artifacts, gathers publicly available intelligence, and watches the interface between a company and its suppliers, mapping the paths an attacker could actually take.

"We founded Lema because third-party risk needs to be treated like a security problem, not a compliance checklist."Eddie Dovzhik, Co-Founder & CEO

The thesis: compliant is not the same as safe

The line Dovzhik returns to is simple and a little uncomfortable for the industry he is selling into: "You can be fully compliant and still be completely exposed." It is the founding observation behind Lema. A vendor can pass every audit, hold every certificate, and answer every question correctly, and still be the door through which an attacker walks in. Compliance is a snapshot taken on a good day. Risk moves continuously as vendors gain new access, change permissions, and touch new data.

That gap is what Lema is built to close. The company describes its methodology as adversarial by design. Rather than asking a supplier whether it is secure, the system tries to verify the answer technically, borrowing the instincts of a red team. It is a direct expression of where Dovzhik and his co-founders come from. All three served in Unit 8200, the Israeli military's signals intelligence unit and one of the most productive founder pipelines in the security industry. Dovzhik reached the rank of Major there, and the offensive tradecraft learned in that world now points inward, at the defensive problem of protecting the enterprise supply chain.

From Noname to a company of his own

Before Lema, Dovzhik built products inside other people's companies. He was a Senior Product Manager at Transmit Security, then moved to Noname Security, an API security company where he rose from Senior Product Manager to Director of Product Management. Noname was later acquired by Akamai, one of the notable exits in the API security wave. His co-founder and CTO Tomer Roizman was there with him in product and research roles, and the two had first met years earlier in uniform.

In 2023 the pair joined with Omer Yehudai, the third member of the 8200 trio and now Lema's Chief Product Officer, to start the company. The split of responsibilities is conventional for a security startup with deep technical founders: Dovzhik on strategy and the market, Roizman on engineering, Yehudai on product. What is less conventional is the throughline connecting all three back to the same military unit and, for two of them, the same prior startup.

"The industry is relying on manual assessments that miss the real-time business context and impact third parties have on the organization."Eddie Dovzhik on why TPRM needs rebuilding

The raise and the backers

Lema's $24 million comes in two parts: a roughly $6.5 million seed round led by F2 Venture Capital, and a $17.5 million Series A led by Team8, the Israeli venture group and company-builder known for backing security founders. Salesforce Ventures joined the round. Team8 framed its investment around a shift "from checklists to continuous assurance," which is essentially Dovzhik's argument restated in investor language. By the time it emerged from stealth, the company said it had already reached customers across financial services, healthcare, and Fortune 500 companies.

The funding is meant to push two things at once: research and development on the AI agent itself, and a go-to-market team to sell it. The company operates across two hubs, with much of its engineering in Israel and its commercial motion anchored in New York. It is a small team by design, and Dovzhik's public description of himself leans into that builder identity. On his profile he calls himself a "multi-disciplinary builder" who takes "chaos to clarity," and, with a wink, a "ProFounder."

What he is really trying to change

Strip away the funding numbers and the product language and Dovzhik's ambition is a category change. He wants the job title on the other end of a vendor assessment to stop being "compliance auditor" and start being "risk engineer." One reviews documents; the other investigates systems. Lema's own tagline, "Think Outside The Checkbox," is a compact version of the same idea. If the bet is right, the annual questionnaire gives way to something closer to continuous monitoring, and the person running it spends less time collecting answers and more time hunting for the exposure those answers hide.

Whether the market moves that fast is the open question. Questionnaires persist partly because regulators and auditors expect them, and habits in enterprise security change slowly. But the timing works in Dovzhik's favor. Supply chain breaches keep landing in the headlines, agentic AI has made autonomous investigation newly plausible, and buyers are increasingly skeptical that a filled-out form tells them anything real. Lema is one of several companies chasing that opening. Its distinguishing claim is the attacker's mindset baked in from the founding team on down, and a leader who spent his early career finding the weaknesses everyone else was politely asking about.

For now, Eddie Dovzhik is doing what early-stage founders do: hiring, selling, and repeating the thesis until it sticks. The message does not change much from telling to telling. Being compliant is not the same as being safe, and he has built a company to prove it.

In His Words

"We founded Lema because third-party risk needs to be treated like a security problem, not a compliance checklist."

"You can be fully compliant and still be completely exposed."

"The industry is relying on manual assessments that miss the real-time business context and impact third parties have on the organization."

"Multi-disciplinary builder. Chaos-to-clarity. ProFounder."

Quick Reads

8200

All three Lema co-founders met in Israel's elite Unit 8200. Dovzhik served there as a Major.

2x

He and CTO Tomer Roizman reunited at Noname Security before starting Lema together.

5 min

Lema's platform claims it can read a new vendor's real risk in under five minutes.

"Checkbox"

The company motto is "Think Outside The Checkbox," a jab at questionnaire-driven compliance.

2 hubs

Engineering leans on Israel; the go-to-market team is anchored in New York.

Akamai

His former employer Noname Security was acquired by Akamai in the API-security wave.