Breaking $12M Series A closed June 2025 - Madrona leads Karan Mehandru joins the board ADR Engineering Platform goes GA Customer list: FanDuel, Chipotle, Fanatics, Policygenius SOC 2 Type II certified Founders shipped Signal Sciences before this Runtime Defense Agents now generally available MCP Protection ships for the agentic era Breaking $12M Series A closed June 2025 - Madrona leads Karan Mehandru joins the board ADR Engineering Platform goes GA Customer list: FanDuel, Chipotle, Fanatics, Policygenius SOC 2 Type II certified Founders shipped Signal Sciences before this Runtime Defense Agents now generally available MCP Protection ships for the agentic era
Profile · Cybersecurity · San Francisco

Impart Security

The runtime defense team you deploy, not the one you hire. A 27-person company that promises to stop AI, API, and web attacks before a human reads the alert.

Founded2020
HQSan Francisco
StageSeries A · $12M
Team27 people
Impart Security brand mark

Caption: Castro Street, 4:47 a.m. The lights at 584 are off. Somewhere in the cloud, a defense agent just answered a request the on-call engineer will never have to read.

Dispatch · San Francisco · 2026

A WAF that stopped being polite.

It's a Tuesday in June and a financial services firm in lower Manhattan is being probed - politely at first, then less so - by an agentic crawler that figured out the rate limiter by 3 a.m. The security team is not awake. They don't need to be. Inside the production traffic, a small piece of software signed by a 27-person company on Castro Street is making decisions in milliseconds: this request, no; that one, yes; this pattern, throttle and log. By the time the SOC slack channel pings at 7:14 a.m., the incident is a footnote and a graph.

That small piece of software is Impart Security. It is, by stated category, a WAF. By practical category, an engineering team you deploy rather than hire. By accidental category, a quiet rebuttal to the idea that more dashboards make anyone safer.

"At AI speed, runtime is the only source of truth." — Impart Security, on its own platform page

By the Numbers

A small bet, placed precisely.

$19.8MTotal Raised
$12MSeries A (Jun 2025)
27Employees
2020Founded
9+Named Enterprise Logos
SOC 2Type II Certified

The People

Three veterans, one sequel.

Jonathan DiVincenzo, Marc Harrison, and Brian Joe did this once before. Their last company, Signal Sciences, was a WAF that engineers actually liked. Fastly bought it in 2020 for around three quarters of a billion dollars. Most founders would have taken the year off. They took the year to start over - this time aiming at the layer above HTTP, the one where AI agents now live.

Jonathan DiVincenzo

CEO & Co-founder

Signal Sciences alum. Runs the customer side and the press conferences. Based in San Francisco.

Marc Harrison

Co-founder

Long career in CDN and WAF engineering before Impart.

Brian Joe

Co-founder

Product and platform veteran from the Signal Sciences era.

The Platform

One engine. Seven jobs.

Most security vendors sell you a thing and then sell you another thing to operate it. Impart's pitch is the opposite: one runtime, several modules, no acronym tax. Here is what runs inside it.

Runtime Defense Agents
GA · Core
WAF
GA
API Security
GA
Application Detection & Response
GA · 2025
LLM Protection
Live
Agent Protection
Live
MCP Protection
New

Impart doesn't replace your security team. It gives them a colleague who never sleeps, never escalates, and never asks for a Slack channel.

What CISOs Actually Spend Their Time On

The alert-fatigue problem.

Impart's argument for existing, illustrated below. The exact percentages vary by survey; the shape of the bar chart does not. Detection has been solved. Response has not.

// Approximate distribution of SOC engineer hours

Triage
~62%
Tuning rules
~22%
Real response
~11%
Strategy
~5%

Source: industry estimates, approximate. Impart's pitch is to collapse the top bar into the bottom two.

Who's Already Running It

A logo wall that reads like a Sunday afternoon.

Gambling, burritos, sports merch, mortgages, insurance. Impart's customers don't share a vertical; they share a problem - too much API traffic, too few engineers, too little tolerance for downtime.

FanDuelChipotleFanaticsNew American Funding PolicygeniusZinniaThe Black TuxmParticleDeception Logic

Recent Movements

What changed in the last twelve months.

June 2025$12M Series A led by Madrona Ventures; CRV and 8-Bit Capital follow on. Karan Mehandru joins the board. Application Detection and Response Engineering Platform reaches general availability.
November 2024Available in major cloud marketplaces - the integration on-ramp the enterprise segment quietly insists on.
September 2024Ships Rule Tracing - a debug-by-flashlight feature for runtime policy engineers.
July 2022Closes $6M Seed round led by CRV. Quietly builds the next two years.

The Twist

A security vendor that ships code.

Most security platforms ask the customer to author rules in a YAML-shaped trench. Impart inverts the contract: the customer hires the platform, and the platform writes - and owns - the runtime policy. The phrase the company uses internally is "engineering platform." The phrase the customers use is "we got our Tuesdays back."

Unified, not stitched

WAF, API security, CADR, and LLM protection in one runtime - not four contracts and a Slack bridge.

Inline, not adjacent

Detection and response happen in the request path, in milliseconds, deterministically.

Built by operators

The team has shipped the previous generation of WAF. They know which abstractions cost sleep.

Agent-aware

MCP protection and LLM guardrails ship today, not when "the AI agenda" finally lands on the roadmap.

What People Can Actually Do With It

A short list of verbs.

Block prompt injection at the model boundary. Discover the API endpoints your last team forgot to document. Quarantine an agent that started behaving like a brute-force script. Replace seven dashboards with one. Sleep through low-severity traffic anomalies and trust the policy to handle them. Send your CISO an actual graph instead of a Jira backlog.

The Money

Who's funding the experiment.

Madrona Ventures

Led the $12M Series A in June 2025. Managing Director Karan Mehandru on the board.

CRV

Led the 2022 Seed. Re-upped at the A.

8-Bit Capital

Seed and A investor.

Haystack, O'Reilly AlphaTech

Early backers at the Seed stage.

4:47 a.m., still.

The lights at 584 are still off. The agentic crawler from Tuesday morning has long since lost interest. Inside the cloud, a defense agent signed by a small company on a quiet block has filed a graph, throttled a pattern, and gone back to listening. Somewhere in lower Manhattan, an on-call engineer is sleeping. That is the change. That is also, more or less, the entire pitch.

Share this profile

Twitter / X LinkedIn Facebook Instagram