BREAKING Nudge Security raises $22.5M Series A led by Cerberus Ventures MILESTONE Nearly 200 customers onboarded since 2022 launch DISCOVERY 70,000+ unique SaaS apps surfaced for customers AWARD 2026 Cybersecurity Stars - Best AI Governance Platform GROWTH 3x ARR two years running BREAKING Nudge Security raises $22.5M Series A led by Cerberus Ventures MILESTONE Nearly 200 customers onboarded since 2022 launch DISCOVERY 70,000+ unique SaaS apps surfaced for customers AWARD 2026 Cybersecurity Stars - Best AI Governance Platform GROWTH 3x ARR two years running
Company Dossier · Cybersecurity · Austin, Texas

Nudge Security

The company that stopped saying "no" to employees - and started nudging them toward safer choices.

Founded 2021 SaaS & AI Security SSPM Series A · $22.5M ~46 employees
Nudge Security logo
NUDGE SECURITY. The Austin firm's logomark. Co-founders Russell Spitler and Jaime Blasco - the pair behind the Open Threat Exchange - built the platform to govern the "Workforce Edge," where thousands of SaaS and AI decisions happen every day.
$39M
Total funding raised
~200
Customers
70K+
SaaS apps discovered
3x
ARR growth, two years

Securing the apps nobody told IT about

Every day, in every company, employees make small technology decisions. A free trial here. A new AI assistant there. An OAuth "Sign in with Google" click that quietly hands a third party the keys. Multiply that by a workforce, and you get the modern security problem: an attack surface built one well-meaning shortcut at a time.

Nudge Security was built for exactly that gap. Founded in 2021 in Austin, Texas, the company discovers and governs the sprawl of SaaS and AI applications that employees adopt - often without IT's knowledge - and then does something most security tools refuse to do: it treats the workforce as an ally rather than a liability. Instead of blocking apps, it sends a "nudge," a short, contextual message delivered through the browser, Slack, or Teams that guides the employee toward the safer path while letting them keep working.

The idea comes straight out of behavioral science. A nudge, in the academic sense, steers people toward better choices without taking their freedom to choose away. Applied to security, it is a quiet rebuke to a decade of tools that tried to lock everything down and mostly succeeded in teaching employees to route around them. "Nudge Security delivers visibility and governance at the Workforce Edge," the company says of itself - the edge being that messy, decentralized frontier where thousands of technology decisions get made every day, far from any central IT gatekeeper.

"Nudge Security delivers visibility and governance at the Workforce Edge - where thousands of decentralized technology decisions happen every day." - Nudge Security, on its mission

Who is behind it

The two co-founders are not newcomers. Russell Spitler, the CEO, spent more than fifteen years in cybersecurity, leading product and strategy at AT&T Cybersecurity, AlienVault, and Fortify Software. Jaime Blasco, the CTO, is a well-known security researcher who ran AT&T Alien Labs, the company's threat-intelligence unit. Together, before Nudge, they helped build the Open Threat Exchange - described as the world's largest open threat-intelligence community. That pedigree matters: the pair spent years watching how attackers exploit organizations, and concluded that the softest target was rarely the firewall. It was the gap between what employees do and what security teams can see.

Who uses it

Nudge Security's customers are the security, IT, and governance-risk-compliance teams at mid-market and enterprise organizations - the people who inherit responsibility for tools they never bought. As of late 2025 the company counted nearly 200 customers, among them Reddit, whose security chief has spoken publicly in support of the product. Across its base, the platform has discovered more than 70,000 unique SaaS applications, a number that says as much about the scale of shadow IT as it does about the company's reach.

The problems it solves

The core problem is visibility. You cannot secure what you cannot see, and most organizations have no reliable inventory of the apps, accounts, tenants, and integrations their people have created. Nudge Security starts there, detecting new SaaS and AI accounts as soon as they appear - what the company calls Day One discovery - without requiring an agent on every laptop or a VPN in the path. From that inventory flow the harder problems: which OAuth grants are risky, which accounts belong to employees who left months ago, which vendors just disclosed a breach, and, increasingly, which AI tools and agents are quietly ingesting company data.

That last category - shadow AI - has become the company's sharpest talking point, and for good reason. If shadow IT crept in over a decade, shadow AI arrived in a matter of quarters. Every employee with a browser can spin up an AI assistant, connect it to corporate email, and grant it standing permissions, all before lunch. Nudge Security's pitch is that the same discovery-and-nudge engine it built for SaaS maps cleanly onto AI: find the tools, score the risk, and reach the person who made the decision with guidance rather than a denial.

The company frames this as human-centric security, and the framing is more than marketing. Traditional controls assume the employee is the weakest link and design accordingly - blocking, restricting, and generating friction. Nudge inverts the assumption. If you give people timely, relevant information at the moment they are making a choice, the argument goes, most of them will make the safer one. The platform's playbooks and self-service app directory extend the same logic: let employees request access through a sanctioned path instead of going around IT entirely.

One platform, seven jobs

Nudge Security bundles what once required a stack of separate tools - discovery, posture management, identity governance, third-party risk, and spend - into a single self-service platform that deploys in minutes.

DISCOVERY

SaaS & AI Discovery

Finds every app, account, tenant, AI tool, agent, and integration ever created - detecting shadow IT and shadow AI on Day One. No agent, no VPN.

POSTURE

SSPM

Continuously monitors misconfigurations and identity risks in critical apps like Microsoft 365, Google Workspace, Okta, Salesforce, and Snowflake.

IDENTITY

Identity Governance

Streamlines SSO onboarding, automates access reviews, and closes every account a departing employee ever touched.

RISK

Third-Party & Supply-Chain Risk

Security profiles for 200,000+ vendors and alerts for breaches affecting third- and fourth-party providers.

OAUTH

OAuth Risk Management

Scores risky OAuth grants and enables two-click revocation of the permissions employees hand out.

SPEND

SaaS Spend Management

Analyzes up to two years of historical SaaS spend to surface waste, redundant apps, and inactive accounts.

BEHAVIOR

Security Nudges & Playbooks

Guides employees via browser, Slack, Teams, and email without blocking - plus automated playbooks for offboarding and reviews.

MODEL

Self-Service & Free Trial

Deploys in minutes through a lightweight integration. SSO, RBAC, and API access included at no extra cost.

A funding path built in stages

From a $7M seed in 2022 to a $22.5M Series A in November 2025, Nudge Security has raised roughly $39M. Cerberus Ventures led the latest round, with Ballistic Ventures, Forgepoint Capital, and Squadra Ventures returning.

$7M
2022
Seed
$16.5M total
2024
Seed ext.
$22.5M
2025
Series A

Bars show round size; 2024 reflects cumulative seed funding after the Forgepoint extension.

Where it fits in a crowded market

SaaS security posture management is not an empty field. Nudge Security competes with standalone SSPM vendors such as AppOmni, Obsidian Security, and CrowdStrike Shield (formerly Adaptive Shield), and with a wave of SaaS-security peers including Valence Security, Wing Security, Grip Security, Push Security, DoControl, and Lumos. Many of those tools lead with configuration monitoring and automated remediation for a defined set of sanctioned apps.

Nudge Security's differentiation is its starting point. Rather than beginning with a list of approved applications to harden, it begins with discovery - agentless, organization-wide, and reaching into the long tail of apps nobody sanctioned. Layered on top is the behavioral engine: the nudges, playbooks, and self-service directory that engage employees directly. Critics note that a discovery-first, engagement-first design can trade away some of the deep, continuous configuration enforcement that dedicated SSPM tools emphasize. Nudge's answer has been to add SSPM capabilities over time while keeping the workforce, not the app catalog, at the center of the model.

"We're betting on the workforce as security's greatest asset." - Nudge Security, on its Series A thesis

The business model reinforces the positioning. Nudge sells a B2B SaaS subscription with a genuine free trial and enterprise features included by default, betting that a product a security team can turn on in minutes will spread faster than one that needs a procurement cycle to justify. That product-led motion, the company says, helped drive 3x annual-recurring-revenue growth two years running.

A short history

2021

Founded in Austin

Russell Spitler and Jaime Blasco reunite to build a security company for the decentralized, SaaS-first workforce.

2022

$7M seed and product launch

Ballistic Ventures leads the seed round; the discovery-and-governance platform launches in October.

2024

Seed extension and SSPM push

Forgepoint Capital joins the syndicate, bringing seed funding to $16.5M, as the platform adds SSPM capabilities.

2025

$22.5M Series A

Cerberus Ventures leads a Series A to accelerate workforce AI and SaaS governance; Morgan Mahlock joins the board. Customer count nears 200.

Frequently asked

What does Nudge Security do?

It discovers and governs the SaaS and AI applications employees adopt - covering shadow IT, security posture, identity governance, third-party risk, and spend - and nudges employees toward safer choices without blocking them.

Who founded Nudge Security and when?

It was founded in 2021 by Russell Spitler (CEO) and Jaime Blasco (CTO), who previously built the Open Threat Exchange and worked together at AT&T Cybersecurity.

How much has Nudge Security raised?

Roughly $39M total: a $7M seed (later extended to $16.5M) and a $22.5M Series A led by Cerberus Ventures in November 2025.

How is it different from other SSPM tools?

It leads with agentless Day One discovery of all apps and AI tools and uses behavioral nudges delivered through the browser, Slack, and Teams, rather than relying only on blocking or configuration policies.

How is it deployed?

It deploys in minutes through a lightweight integration with no agent or VPN, works across all devices, and offers a free trial with enterprise features like SSO and API access included.

Share this profile