BREAKING Permiso wins Best ITDR Platform - 2026 Cybersecurity Stars Awards NEW Identity Runtime Attribution now covers AI agents - Autodesk on board P0 LABS Ten open-source tools shipped, including CloudGrappler & YetiHunter FUNDING $18.5M Series A led by Altimeter Capital SCALE 1,400+ identity threat detection rules and counting BREAKING Permiso wins Best ITDR Platform - 2026 Cybersecurity Stars Awards NEW Identity Runtime Attribution now covers AI agents - Autodesk on board P0 LABS Ten open-source tools shipped, including CloudGrappler & YetiHunter FUNDING $18.5M Series A led by Altimeter Capital SCALE 1,400+ identity threat detection rules and counting
Company Dossier // Cybersecurity
Permiso Security logo

Permiso Security

The Palo Alto company that answers a deceptively simple question about your cloud: who did that, and should they have?

Identity Security ITDR Founded 2020 Palo Alto, CA ~50 employees

ABOVE: The mark of a company built by breach responders. Permiso's founders spent 25 years at FireEye and Mandiant watching attackers walk through the front door with valid credentials - then left to build the tool that would have caught them.

The Story

The attacker doesn't hack in anymore. They log in.

Here is the uncomfortable premise the entire cybersecurity industry has been slow to admit: most modern breaches don't involve kicking down a door. They involve someone - or something - walking in with a working key. A leaked API token. A phished password. A service account nobody remembered existed. The intrusion looks, to almost every security tool ever built, exactly like a normal login. That is the gap Permiso Security decided to live in.

Permiso is an identity security company. That phrase does a lot of quiet work, so let's unpack it. Your firewall watches the network. Your endpoint agent watches the laptop. Your cloud posture tool (CSPM, in the acronym-soup of the field) tells you which S3 bucket is embarrassingly public. All useful. None of them can tell you that the person logged into your AWS console at 3 a.m. is a threat actor wearing your DevOps engineer's credentials rather than the engineer working late. Answering that question - attribution, in the trade - turns out to be the whole game, and it's the thing Permiso built its platform around.

The founders came out of FireEye and Mandiant, the incident-response firms that get called after the worst has already happened. Co-CEOs Jason Martin and Paul Nguyen each spent roughly 25 years in the field; Phani Modali, the third co-founder, ran engineering and cloud security for about as long. When you spend a quarter-century cleaning up other people's breaches, you develop opinions about root causes. Their opinion, roughly: the tools were watching the wrong layer. So in 2020 they started a company to watch the right one.

1,400+
Detection Rules
10
Open-Source Tools
$57M
Total Raised
45:1
Machine-to-Human IDs

Our mission is to turn cloud zeros into cloud heroes - to make it so a two-person security team can defend like a twenty-person one.

— Permiso Security, on why elite defense shouldn't require a Mandiant résumé
The Product

One graph for every identity you forgot you had

Permiso's central idea is the Universal Identity Graph - a way of stitching thousands of scattered signals (logins, API calls, role assumptions, token grants) into a single, coherent picture of who each identity is and what it normally does. Once you have that baseline, deviation becomes visible. The token that usually calls three APIs from Ohio and is suddenly enumerating your entire environment from a data center in another hemisphere stops being noise and starts being an alert.

Crucially, "identity" here isn't just people. It's the sprawling, mostly-unwatched population of non-human identities - service accounts, keys, bots, CI/CD pipelines - that in a typical cloud environment outnumber humans by something like 45 to 1. And, as of 2026, it's AI agents: autonomous software that authenticates, calls tools, and touches data at machine speed. Permiso's bet is that every new kind of identity becomes a new attack surface faster than anyone is ready for.

The platform organizes itself around three verbs - Discover, Protect, Defend - spanning identity visibility, posture management (finding the stale and over-privileged accounts before an attacker does), and threat detection and response.

What you can actually do with it

  • See every human, machine, and AI identity in one inventory
  • Catch account takeover and credential compromise in real time
  • Spot insider threats by behavior, not guesswork
  • Kill off stale and orphaned accounts before they're abused
  • Attribute AI-agent actions at the LLM and OS level
Platform · 2022

Permiso Platform (P0)

The core identity security platform - discover, protect, and defend identities across cloud and on-prem on one graph.

Capability · 2023

ISPM

Identity Security Posture Management surfaces stale, orphaned, and over-privileged identities to shrink your attack surface.

Capability · 2023

ITDR

Identity Threat Detection & Response catches takeover, credential abuse, and insider threats using behavioral analytics.

New · 2026

AI Agent Attribution

Identity Runtime Attribution extends detect-and-respond to autonomous AI agents across their full lifecycle.

P0 Labs

Give away your best work for free

Most security companies guard their detection logic like a family recipe. Permiso does something odder: its research arm, P0 Labs (a nod to "priority zero," the highest-severity incident class), publishes threat research on real cloud adversaries and then ships free, open-source tools to detect them. Ten of them, at last count.

CloudGrappler queries high-fidelity detections for known threat actors in AWS and Azure. YetiHunter hunts indicators of compromise in Snowflake - released, pointedly, after the wave of Snowflake data-theft campaigns that rattled the industry. There's also Cloud Console Cartographer, an Azure Activity Log tool, and SandyClaw, which sandboxes AI-agent skills and records every action to deliver a verdict.

The strategy is not charity, exactly. A rising tide of capable cloud defenders is good for the whole field, and the team that arms the community for free tends to be the team defenders trust with the paid platform. It's marketing that happens to also be a genuine contribution.

Open Source

CloudGrappler

Detects well-known threat actors across AWS and Azure environments.

Open Source

YetiHunter

Finds indicators of compromise inside Snowflake environments.

Open Source

SandyClaw

Sandboxes AI-agent skills and records behavior at the LLM and OS level.

The People

The ex-Mandiant playbook

Jason Martin

Co-Founder & Co-CEO

25+ years in cybersecurity; former EVP at FireEye/Mandiant. Spent a career on the response side before building the prevention side.

Paul Nguyen

Co-Founder & Co-CEO

25+ years in security; former SVP at FireEye. Co-runs the company on the thesis that identity is the new perimeter.

Phani Modali

Co-Founder & SVP Engineering

25+ years in product development and cloud security, leading the engineering behind the Universal Identity Graph.

The Money

From stealth to category leader

Permiso emerged from stealth in January 2022 with a $10M seed, then raised an $18.5M Series A led by Altimeter Capital in April 2024. Total reported funding sits around $57M across backers that include Point72 Ventures, Foundation Capital, 11.2 Capital, and Workbench.

RoundAmountDateLead / Investors
Seed$10MJan 2022Point72 Ventures, Foundation Capital, 11.2 Capital, Workbench
Series A$18.5MApr 2024Altimeter Capital (lead), Point72 Ventures
The Record

Timeline

2020

Permiso is founded

Ex-FireEye/Mandiant leaders Jason Martin, Paul Nguyen, and Phani Modali start the company in Palo Alto.

2022

Emerges from stealth with $10M

Public launch backed by Point72 Ventures, Foundation Capital, 11.2 Capital, and Workbench.

2024

$18.5M Series A

Altimeter Capital leads the round; P0 Labs expands its open-source suite to ten tools.

2025

Most Promising Early-Stage Startup

Recognized at the 2025 SC Awards as the identity platform gains traction.

2026

ITDR for AI agents + Best ITDR Platform

Launches Identity Runtime Attribution for AI agents with Autodesk, and wins Best ITDR Platform at the Cybersecurity Stars Awards.

The Field

Who uses it, who they're up against

Customers. Enterprise security and cloud teams, from mid-market up to the Fortune 500. Named users include Autodesk, Nutanix, ACV Auctions, Coupa, and Modern Health. Autodesk, notably, is using Permiso to secure the AI agents now running across its products and cloud infrastructure - a real-world test of the AI-identity thesis.

Competitors. Permiso sits in a busy, fast-moving neighborhood. Adjacent players include Wiz and CrowdStrike on the platform side, and specialists like Vectra AI, Obsidian Security, Mitiga, Oleria, and Push Security. Permiso's wager is that identity-first attribution is a distinct enough category to win on its own terms.

Recognition

  • Best ITDR Platform - 2026 Cybersecurity Stars Awards
  • Most Promising Early-Stage Startup - 2025 SC Awards
  • Ten open-source tools contributed to the community
  • 1,400+ original detection rules
Watch

Interviews & demos

Q & A

Frequently asked

What does Permiso Security do?

Permiso is an identity security company that discovers, protects, and defends human, non-human, and AI identities across cloud and on-prem environments, detecting account takeover, credential compromise, and insider threats.

Who founded Permiso Security?

It was founded around 2020 by Jason Martin and Paul Nguyen (Co-CEOs) and Phani Modali (SVP Engineering), all veterans of FireEye and Mandiant.

How much funding has Permiso raised?

Permiso raised a $10M seed in 2022 and an $18.5M Series A led by Altimeter Capital in 2024, with total reported funding around $57M across investors.

What are Permiso's open-source tools?

Its P0 Labs research team has released ten free tools, including CloudGrappler for AWS/Azure threat detection and YetiHunter for Snowflake indicators of compromise.

How is Permiso different from CSPM or SIEM tools?

Rather than flagging misconfigurations or aggregating logs, Permiso focuses on identity - attributing activity to specific human, machine, or AI identities and detecting when credentials are abused in real time.

Connect

Find Permiso Security