The 5% doctrine.
Neatsun Ziv runs OX Security, an application security company based in New York and Tel Aviv that raised $60 million in Series B funding in May 2025 and now has about $101.5 million in the bank. The pitch, delivered by Ziv in interviews and on stages with a certain amount of practiced weariness, is that of the alerts, tickets, and squiggly red lines a modern engineering organization generates in a typical week, roughly 95% are noise. The remaining 5% is the reason your CISO cannot sleep. OX would like to sell you a platform that separates the two piles.
This is a normal thing for an application security company to say. What is less normal is how Ziv arrived at it. He spent five years, from 2016 to 2021, as VP of Threat Prevention and Intelligence at Check Point, the Israeli cybersecurity company that has been publicly traded since roughly the time most of its current buyers were in grade school. His team, per Check Point's own materials, was among the first responders to NotPetya and SolarWinds, working with Interpol and various national CERTs during the events themselves. This is a small and specific club. Its members tend to leave with strong opinions about which parts of the security stack are broken.
Ziv's opinion, formed sometime around late 2020, was that the CI/CD pipeline had become the single most under-defended piece of infrastructure at most enterprises, and that the industry response, which was to bolt more scanners onto more places, was making the problem worse. In 2021 he left Check Point and, with co-founder Lior Arzi, another Check Point veteran, started OX Security. The company shipped what it calls an end-to-end software supply chain security platform. Sales followed. So did the customers: over 200 enterprises, mostly in finance and technology, including eToro and SoFi. Annual recurring revenue crossed $10 million. Headcount, per OX's own numbers, grew 216% in the six months leading up to the Series B and 1,470% across the prior two years, which is the kind of statistic that means something specific only if you know the denominator.
Five years of other people's worst days.
Before OX, Ziv had already founded and closed a company. Vanadium Security, which he ran as CEO starting in December 2002, does not survive on the public internet in any detailed form; the company is a line on his LinkedIn and a footnote in later interviews. What matters is what came next. Check Point hired him in mid-2016 for a job that, in practical terms, meant being awake when the world's ransomware was awake.
NotPetya, in June 2017, was the loudest of these. SolarWinds, disclosed in December 2020, was the most consequential. Both events, in different ways, exposed the same architectural fact: modern attackers are patient enough to compromise the tools that build the software, not just the software itself. This is the observation OX Security was constructed around. Ziv's public framing, delivered in the Unite.AI interview and elsewhere, is that "every piece of code has a process that builds it and brings it to the cloud, CI/CD," and that reading that process, rather than only reading the code, is the honest way to know what production actually looks like.
He calls the mismatch between attacker speed and enterprise reaction speed the "Corporate Velocity Gap." This is the sort of phrase founders coin when they've watched a lot of Slack threads collapse under their own weight. He is not entirely wrong about it.