The Story
From a Gurdaspur dorm room to the CISOs of Fortune 500s
In 2011, a post-graduate from Lovely Professional University in Punjab was spending his evenings probing the internet for cracks. Not maliciously - Rahul Tyagi was doing what later got a formal name: responsible disclosure. He found Cross-Site Scripting flaws in the websites of Intel, Sony, HP, Forbes, Dolby, National Geographic, TED Conferences, Spike TV, the IEEE Computer Society, Autodesk, Fujifilm, and HowStuffWorks. He reported them. He got credited. He built a reputation before he had a business card.
A year later, in 2012, Tyagi co-founded Lucideus at IIT Bombay's incubator alongside Saket Modi and Vidit Baxi. The company started as a cybersecurity training outfit - Tyagi personally delivered over a hundred training sessions globally in its first few years. But a training company was never the destination; it was reconnaissance. By 2013, Lucideus had pivoted into enterprise services, offering something the market desperately needed: a number. Not a red/amber/green traffic light, not a checkbox - a financial dollar figure for what your cyber exposure actually costs.
That pivot became an obsession. Safe Security - the renamed and rebranded platform that Lucideus became - is now the world's leading Autonomous Cyber Risk Management platform. It ingests signals from every corner of an enterprise's stack and outputs one unified, board-ready cyber risk score. The FAIR (Factor Analysis of Information Risk) model and MITRE ATT&CK framework are baked in. Actuarial-grade math replaces hacker intuition. Boards can finally read the thing.
The biggest challenge when disrupting a market is there are no other competing companies to learn from and you are the leader defining the path.
- Rahul Tyagi, Co-Founder, Safe Security
John Chambers, Cisco's former Chairman and CEO, saw it early. His backing gave Safe Security a signal of credibility that opened Fortune 500 doors. Today the customer list includes Google, Fidelity, T-Mobile, Chevron, and IHG. The platform doesn't just score risk - it continuously monitors it. It acquired RiskLens, the company that built the gold standard FAIR quantification software, to sharpen its analytics edge. It collaborated with MIT on predictive data models. And in mid-2025, it raised $70 million in a Series C led by Avataar Ventures, bringing its total funding north of $200 million.
July 2025 - Series C Announcement
$70M to Build CyberAGI - the World's First Fully Autonomous CTEM
Safe Security launched the world's first fully autonomous Continuous Threat Exposure Management (CTEM) solution alongside its Series C. Avataar Ventures led the round, joined by Susquehanna Asia, NextEquity, Prosperity7, Eight Roads, Sorenson Capital, and John Chambers. The mission: achieve CyberAGI - a state where AI reasons, acts, and closes cyber risk loops without waiting for a human to pick up the ticket.
The Hacker Years
He broke it first, so he could build it better
Rahul Tyagi is a Certified Ethical Hacker. That's the credential. The backstory is messier and more interesting: a kid from Gurdaspur, Punjab, who got a Master's in Computer Applications and then spent years systematically poking holes in major web properties before anyone was hiring him to do it.
The list of sites where he found vulnerabilities reads like a hall of fame of the early internet:
Intel
Sony
HP
Forbes
Nat Geo
TED
IEEE
Spike TV
Autodesk
Fujifilm
Dolby
Discovery
This wasn't a side hobby. It was the curriculum. Tyagi published "Hacking Crux 2," a practical book on pentesting, information gathering, steganography, and wireless attacks. He built courses. He created a Udemy presence. When the time came to build a business, he had deep credibility with the very people he was selling to - security practitioners who knew whether someone actually understood the field or was just selling slides.
His 2016 "Secure Digital India" campaign trained over 10,000 students across 50+ colleges in 30+ cities. Cyber awareness before it was a boardroom buzzword. It's the pattern that holds through every chapter of his career: scale the skill, don't gatekeep it.
The Platform
Giving boards a number they can actually act on
Safe Security's flagship platform - branded SAFE - ingests data from every layer of an enterprise: endpoints, cloud workloads, third-party vendors, user behaviors, threat intelligence feeds. It runs everything through FAIR model risk quantification and MITRE ATT&CK mapping to produce a real-time cyber risk score in financial terms. Not "your risk posture is medium." More like: "your expected annual loss from a ransomware event is $14 million, here's the top five controls that reduce that by 60%."
The Third-Party Risk Management (TPRM) module has become a flagship product in its own right. In the wake of the MOVEit breach - which exposed over 600 organizations through a single vendor's vulnerability - Tyagi has been vocal about what enterprise vendor risk really means. His take on X was direct: "The MOVEit breach is the ultimate case study in third-party risk. Over 600 organizations exposed. Here's what every TPRM professional must learn from it."
This is why close customer relationships are critical to ensure SAFE delivers what the industry is lacking.
- Rahul Tyagi
In 2022, Safe Security launched SAFE Me - a mobile-first security awareness platform targeting the human element. Tyagi championed this personally. His argument: the enterprise perimeter is wherever your employees are. Phishing doesn't respect VPN schedules. SAFE Me was designed to re-engineer what Tyagi called "cyber consciousness" at the individual level.
Then in 2024, the team unveiled SAFE X - a GenAI-powered mobile app designed for CISOs, providing real-time insights into an organization's cyber risk posture on a device that fits in a jacket pocket. It's one thing to report to the board quarterly; it's another to have your risk score in your hand at the airport.
Funding Trajectory
Total funding: $200M+ | Series C closed July 2025 | Lead: Avataar Ventures
Global Reach
The bridge between Bengaluru, Singapore, and Palo Alto
Rahul Tyagi's geography is unusual for a Silicon Valley-headquartered company executive. Safe Security's company address is 3000 El Camino Real, Palo Alto - classic Bay Area. But Tyagi has spent significant energy building Safe Security's presence across the ASEAN region, making cyber risk quantification accessible to a part of the world that regulators and insurers had largely ignored.
His role as ASEAN Marketing Lead isn't a token title. Regulatory shifts in India (CERT-In compliance requirements), the UAE (Dubai's growing fintech and enterprise market), and Southeast Asian financial services have created a fresh audience for what SAFE offers. When Tyagi observed, "This is a monumental shift that has begun in the U.S., Jordan and the newest regulations by CERT last month in India," he was tracking a global compliance wave that Safe Security was positioned to ride.
He has spoken at Cybertech Africa, W3Summit, and regional security conferences across Southeast Asia, building a reputation as a practitioner - not a pitch-maker. The nuance matters. ASEAN CISOs have seen enough vendor theater to know the difference.
Character & Roots
Loyal to Lovely Professional, even from Palo Alto
Rahul Tyagi is not an IIT graduate. That fact carries weight in India, where the founding mythology of the tech industry is almost inseparable from the IIT network. Lucideus was incubated at IIT Bombay, yes - but Tyagi's own academic home was Lovely Professional University in Punjab, a second-tier institution by prestige rankings, first-tier by affection.
He has remained conspicuously loyal. When speaking at LPU in 2018, he told students directly: "LPU students carry an immense potential and I always prefer LPU students when it comes to hiring." He backed it. Several LPU graduates work at Safe Security. It's the kind of loyalty that doesn't show up on a company careers page but shapes the culture of who gets a chance.
The #100Days100CyberTools series on X is another window into the character behind the executive title. No one with 1,300 employees and $200M raised needs to post daily security tool breakdowns to an internet audience. Tyagi does it anyway. The hacker curiosity that spent evenings finding XSS bugs in Sony's website didn't disappear when the company grew - it just found a new outlet.
▶
Watch on YouTube
Rahul Tyagi, Co-Founder of Lucideus, talks Zoom hacks, Cyber Security and How To Stay Safe Online
Career Timeline
The arc, year by year
1987
Born in Gurdaspur, Punjab, India
2011
Graduated from Lovely Professional University with a Master of Computer Applications. Spent evenings doing responsible disclosure on major web properties.
2012
Co-founded Lucideus Tech at IIT Bombay's incubator with Saket Modi and Vidit Baxi. Focused on ethical hacking training and certification.
2013
Lucideus expanded from training into enterprise cybersecurity consulting. Started quantifying digital risk for HDFC, RBI, Indigo, and other major corporates.
2016
Launched "Secure Digital India" campaign: trained 10,000+ students across 50+ colleges in 30+ cities. John Chambers enters as a key backer.
2018
Serving as Vice President of Training at Lucideus. Returns to LPU to mentor students. Cybertech and global conference circuit begins.
2020
SAFE platform officially launched. Company enters 120%+ year-on-year growth trajectory. Pandemic creates massive enterprise demand for remote risk visibility.
2021
Lucideus rebrands as Safe Security. Acquires RiskLens, the FAIR model quantification pioneer.
2022
Launches SAFE Me - mobile-first platform for individual security awareness and "cyber consciousness."
2024
Unveils SAFE X - GenAI-powered mobile app for CISOs. Real-time risk posture in your pocket.
2025
Raises $70M Series C led by Avataar Ventures. Launches world's first autonomous CTEM. Announces CyberAGI vision. 1,300+ employees, $200M+ total funding.
Find Rahul Online
Profiles, platforms, publications
Cyber Risk Quantification
TPRM
CyberAGI
FAIR Model
MITRE ATT&CK
Ethical Hacking
CTEM
Safe Security
Agentic AI
ASEAN
