BREAKING: SAFE closes $70M Series C led by Avataar Ventures Forrester names SAFE a Leader in CRQ Wave, Q2 2025 World's first fully autonomous CTEM solution shipped Google, Chevron, T-Mobile, Fidelity, IHG on the customer list Total funding crosses $170M Plan: build CyberAGI 3M signals per customer, per day BREAKING: SAFE closes $70M Series C led by Avataar Ventures Forrester names SAFE a Leader in CRQ Wave, Q2 2025 World's first fully autonomous CTEM solution shipped Google, Chevron, T-Mobile, Fidelity, IHG on the customer list Total funding crosses $170M Plan: build CyberAGI 3M signals per customer, per day
Safe Security logo
Company / Cybersecurity / Palo Alto

Safe Security.

A 1,300-person company quietly turning the messiest question in enterprise IT - "how much cyber risk do we actually have?" - into a number a CFO can read.

Photographed in studio light: a logo that has outgrown its first name.

FOUNDED 2012 HQ PALO ALTO, CA SERIES C - JUL 2025 ~1,300 EMPLOYEES
SHARE //

01 / NOWThe room where the dollar number lands

Inside a US bank's quarterly risk meeting, the CISO opens a dashboard. There is no heat map. There is no traffic light. There is a single line: the company's cyber risk exposure, in dollars, updated this morning. The number ticks down. A patch landed overnight. Somebody on the other side of the world fixed an Okta misconfiguration. The board nods. The meeting ends in twenty minutes instead of two hours.

This is what Safe Security wants every cybersecurity meeting to look like. The Palo Alto-headquartered company - formerly called Lucideus, now operating as SAFE - has spent more than a decade insisting that the language of cyber should be money. Not severity. Not red, amber, green. Money.

The CISO finally has a P&L. It happens to be denominated in breaches. - The pitch, in one line
$170M+Total funding
~1,300Employees
3MSignals / customer / day
120%Avg. YoY growth since 2020

02 / THE PROBLEMCybersecurity ran out of adjectives

For most of its short life, the cyber industry has communicated in shades. Critical. High. Medium. A risk register reads like a weather forecast written by a committee. Executives nod through the briefing, ask one or two polite questions, and then ask the only one that matters: should we spend more or less, and on what? The honest answer, usually, is a shrug dressed up in a slide template.

That gap - between what security teams measure and what business leaders need to decide - is the problem Safe Security was built around. The team noticed something inconvenient: every other risk discipline at a large enterprise (credit, market, operational) had been speaking in dollars for decades. Cyber was the only one still speaking in colours.

Field note

If you have ever sat through a "tabletop exercise" where the impact of a ransomware scenario was described as "significant", you already understand the wedge SAFE drove in. "Significant" is not a budget line. "$42.6M expected loss over twelve months" is.

A heat map is a polite way of saying we don't know. - A CISO, on background

03 / THE BETThree engineers, one stubborn idea

In 2012, three engineers in India - Saket Modi, Vidit Baxi and Rahul Tyagi - started a company called Lucideus. Modi was still finishing his computer science degree. The early business was, by their own admission, ethical hacking services. Useful, billable, unromantic.

The bet came later, and it was a strange one. The founders decided their consultancy was the wrong shape. The world did not need another red team. It needed a way to translate everything a red team learned into a single, defensible, real-time number. They renamed the company SAFE, rebuilt the product around what the FAIR Institute calls quantitative risk analysis, and aimed at a market that did not yet exist.

Cisco's former chairman John Chambers was an early believer; his fund wrote the first significant US check. By 2025 SAFE had raised more than $170 million in total, with a $70 million Series C led by Avataar Ventures landing in July.

What "renaming the category" looks like

Cyber Risk Quantification, or CRQ, barely registered on analyst slides a decade ago. In Q2 2025, Forrester published a full Wave dedicated to it - and named SAFE a Leader. The category, in other words, exists now. So does a market for it.

A short and slightly improbable timeline

  1. 2012
    Lucideus founded in India
    Saket Modi, Vidit Baxi and Rahul Tyagi start an ethical-hacking firm out of college.
  2. 2020
    SAFE platform launches
    John Chambers leads a Series A; the company pivots from services to product.
  3. 2021
    Lucideus becomes SAFE
    A rebrand that ties the company name to a single number on the dashboard.
  4. 2023
    Series B extension
    Sorenson Capital and Eight Roads add fuel; enterprise logos pile up.
  5. 2024
    Autonomous TPRM ships
    Third-party risk - traditionally a spreadsheet nightmare - gets agentic AI.
  6. 2025
    $70M Series C + autonomous CTEM
    Avataar Ventures leads. SAFE unveils what it calls the first fully autonomous Continuous Threat Exposure Management product, and the word "CyberAGI" enters the vocabulary.

04 / THE PRODUCTOne dashboard, a lot of plumbing

What customers actually buy is called SAFE One. Underneath the marketing surface, it is a data platform: ingest signals from every security tool an enterprise already owns - endpoints, cloud, identity, code, third parties - and translate them, through the FAIR model and a lot of company-specific context, into expected financial loss.

SAFE counts the number it processes at roughly three million signals per customer per day. That is a lot of telemetry to keep boring. The point of the boring, though, is exactly the point. A CISO does not want fireworks. A CISO wants the same number, tracked over time, that bends downward when good decisions are made.

Three things SAFE One actually does

First-party risk. Every control you own, scored and priced. Third-party risk. Every vendor, scored without sending another 400-question PDF. Continuous threat exposure. The work between scans, run by agents that don't need to sleep.

The CISO's central cockpit. That is the phrase Saket Modi uses, and you can tell he means it. - Saket Modi, on the SAFE blog

05 / THE PROOFWho actually bought it

The customer list is the part of SAFE that does the heavy persuasive lifting. Google. Chevron. T-Mobile. Fidelity. IHG. These are not companies that buy speculative platforms for fun; they have procurement teams whose job is, charitably, to make life unpleasant for vendors.

SAFE says more than half of its existing customers have adopted the third-party risk module since it launched in 2024. That is a quietly aggressive number. Enterprise software's usual cross-sell rate is "we hope." Half is a different sport.

FUNDING / SAFE'S CAPITAL STACK

$170M+ and counting

Series C led by Avataar Ventures with Susquehanna Asia, NextEquity, Prosperity7, Eight Roads, John Chambers and Sorenson Capital.

The Forrester footnote

Being named a Leader in Forrester's CRQ Wave for Q2 2025 is not a press release headline. It is the kind of analyst stamp that procurement teams print out and put inside a binder. Boring. Decisive.

06 / THE MISSIONCyberAGI is a serious word for a serious goal

SAFE's stated ambition is to build what it calls CyberAGI - an agentic AI-native system that does not just measure cyber risk but autonomously discovers, prioritises and remediates it, across an enterprise and every third party it depends on.

It is the kind of phrase that should make any sober reader narrow their eyes. The interesting part is that SAFE is not coming at it from a research lab. It is coming at it from a product that already ingests, by its own count, billions of signals a day from real customers and translates them, in real time, into a single financial number. The vocabulary is new. The plumbing has been shipping for years.

Most "AI for cyber" companies still have to find a customer. SAFE has 1,300 employees and a customer list. The order matters. - Observation, not endorsement

07 / TOMORROWWhy this matters next quarter

Two things are happening at the same time, and they are happening fast. Boards are being asked - by the SEC, by regulators in Europe and India, by their own auditors - to disclose cyber risk in materially honest terms. And AI is making the attack surface bigger than any human team can map by hand.

The first trend is a vacuum. The second is a wind. SAFE happens to be standing exactly in the place where they meet. That is the unromantic, mostly defensible reason a $70 million Series C made sense in the summer of 2025.

Back in that bank's quarterly risk meeting, the line on the dashboard has dipped again. Twenty minutes. Decisions made. Budget reallocated. The cyber team did not get less of it - they got more, and crucially, the room understood why. That is the change SAFE is trying to make at scale: not better security theatre, but a shorter, calmer, more numerate conversation about a thing that used to be impossible to measure.

Read, watch, follow