Gadi
Bashvitz

The Unit That Made Him

Before Gadi Bashvitz was explaining application security to enterprise CTOs, he was learning how systems break inside the Israeli Defense Forces' Unit 8200 - the intelligence corps that has quietly produced a disproportionate share of Israel's tech founders. He won't talk in detail about what he did there. He doesn't need to. The instinct it wired in him - look for the gap before anyone else does - runs through everything Bright Security has built.

After the IDF, he moved through STS and Verint, two companies at the serious end of the cyber industry. Then he made a left turn that surprised people who knew him: he founded OLSET in 2012, a travel-tech startup optimizing corporate car service bookings. Not cybersecurity. Not the expected play. But it taught him how to build a product people actually want to use daily - a lesson he'd eventually carry back into AppSec.

When Deem acquired OLSET in late 2016, Bashvitz joined as VP and Group Leader of Car Service. He stayed long enough to learn what large enterprise product management looks like from the inside. Then he went back to his first language: security.

That's a founder's version of intellectual honesty: your product works, your product is impressive, and your product is too dangerous for the market you're trying to serve. Most teams would have pressed forward anyway. Bashvitz and his co-founders pivoted.

From Zero-Day Hunter to Developer's Best Friend

The insight driving the pivot was blunt: over 80% of organizations knowingly ship vulnerable applications to production. Not because they don't care. Because the tools built to catch those vulnerabilities were designed for expert security teams working after the code is already done. By the time a legacy DAST scanner runs, the developer who wrote the bug has moved on to three other things. The feedback loop is broken by design.

Bright Security's answer: build the scanner for the developer, not the security analyst. Make it run in CI/CD pipelines - GitHub Actions, GitLab, Jenkins, CircleCI. Make it fast enough to not break the build process. Make it smart enough to eliminate false positives that cause alert fatigue. And crucially, make it actually fixable: not just a report, but a closed loop where the vulnerability gets found, flagged, fixed, and verified.

The company rebranded from NeuraLegion to Bright Security in March 2022, alongside a $20M Series A led by Evolution Equity Partners. The name was a signal, too. NeuraLegion was a product name built for AI researchers. Bright was a brand built for CTOs who needed to explain AppSec to their board.

Bright STAR: The Autonomous Security Loop

The version of Bright Security that Bashvitz unveiled at RSA Conference 2025 is materially different from what went before. Bright STAR is not another scanner. It's a closed-loop platform: it finds vulnerabilities, triggers the fix, and then validates - with the same dynamic scanner - that the vulnerability is actually gone. No human in the middle for the straightforward cases.

The number customers are reporting is 85% automatic remediation rate. In a space where security teams historically spent weeks manually triaging and filing tickets, that figure reframes the economics of AppSec entirely. Bright also claims more than 95% time savings in the combined find-and-fix cycle.

Bashvitz has been explicit about where the platform is headed: AI-generated code is arriving faster than security teams can review it. The same models that help developers write code ten times faster are creating ten times more surface area for vulnerabilities. Bright's pitch is that autonomous security testing is not optional infrastructure for the AI-native development era - it's table stakes.

The Timeline

• Early career
  IDF Unit 8200 - Israeli military intelligence, learning how networks and systems fail at a level most engineers never see
• Mid-career
  STS & Verint - enterprise cybersecurity roles, building fluency in both the technical and go-to-market sides of the security industry
• 2012
  Founded OLSET - a travel-tech startup focused on corporate car service optimization; demonstrated ability to build user-centric products outside of security
• 2016
  OLSET acquired by Deem; joined as VP & Group Leader of Car Service - enterprise product leadership at scale
• 2018
  Co-founded NeuraLegion with Shoham Cohen, Bar Hofesh, and Art Linkov - beginning with an AI-powered zero-day fuzzer
• 2020
  $4.7M seed round led by DNX Ventures; pivoted from fuzzing to developer-centric DAST platform
• Jan 2022
  Became CEO of NeuraLegion, taking the helm as the company scaled its enterprise push
• Mar 2022
  Rebranded to Bright Security; raised $20M Series A led by Evolution Equity Partners - total funding $24.7M
• Apr 2025
  Unveiled Bright STAR autonomous security testing and remediation platform at RSA Conference 2025
• Jun 2025
  Bright Security won the 2025 Intellyx Digital Innovator Award

What He Actually Believes

Bashvitz moves between technical depth and business narrative with unusual ease - a skill he's been explicit about valuing. He describes his core strength as the ability to "distill the essence from complex concepts and communicate them to customers, the team, and in various speaking events." In practice, that means he can explain fuzzing to a developer, DAST ROI to a CFO, and platform architecture to a CISO, sometimes in the same day.

He's also unsentimental about product-market fit. The decision to walk away from the zero-day fuzzer - a genuinely impressive technical achievement - and rebuild as a developer-focused DAST tool wasn't obvious in 2020. Most founders protect their original vision longer than the market warrants. Bashvitz and his team were willing to read the signal and move.

His personal security hygiene is predictably rigorous: multi-factor authentication on everything, unique passwords managed through a password manager, no exceptions. He doesn't say this to impress people. He says it because he thinks it's what informed people do, and he is frustrated by how few organizations enforce it at scale.

Bashvitz is based in San Rafael, California, about 20 miles north of San Francisco, alongside the Bright Security headquarters. His education spans two continents: a BA from Tel Aviv University and an MBA from NYU Stern School of Business - a combination that maps neatly onto a career built between Israel's security apparatus and the American startup ecosystem.

Five Facts That Explain the Rest

• He started his security career in IDF Unit 8200 - the same unit that produced founders behind Check Point, CyberArk, and dozens of other security companies. The alumni network is real, and so is the training.
• Before AppSec, Bashvitz was building travel-tech. OLSET optimized how companies book executive car service. It was acquired by Deem in 2016 - proof that he knows how to build and exit a company before he got to Bright.
• The original NeuraLegion AI fuzzer was so effective at finding zero-day vulnerabilities that it essentially "created havoc" when deployed. The product worked. The market couldn't handle it. That clarity drove the pivot.
• Bright Security's platform is used by major global banks and leading cybersecurity firms alongside small development teams. The same scanner, different scale - which is either a product design achievement or a sales achievement, and probably both.
• His personal cybersecurity rule: MFA everywhere, unique passwords, password manager. He practices what he pitches. In a field full of companies that ship security tools while ignoring basic hygiene, this is notable.