Most security tools guard the door. Theom watches the data on the other side of it - who touches it, what it's worth, and whether that touch is an attack. It calls the result an AI-native Data Operations Center.
Here is a fact about enterprise security budgets that everyone knows and few say out loud: an enormous amount of money goes toward guarding the perimeter - firewalls, identity, endpoints, the front door - and comparatively little goes toward the thing behind the door, which is the actual data. This made sense when data lived in a handful of databases you could point at. It makes less sense now, when data is smeared across cloud warehouses, lakehouses, SaaS apps, and, increasingly, whatever a large language model happens to be reading this afternoon.
Theom, a company founded in December 2020 and headquartered in San Jose, is a bet on the idea that this has to change - that, as its CEO likes to put it, "in the AI era, data is the new perimeter." That's a nice line, and lines like that are cheap. What makes Theom worth a second look is that it tries to turn the line into arithmetic. Its platform doesn't just tell you where sensitive data lives; it estimates the financial value of the data that's at risk. The pitch, roughly, is that security teams should stop drowning in undifferentiated alerts and start triaging the way a CFO would - by how much money is on the table.
The company's founders are not new to this. CEO Navindra Yadav was a founding engineer at Insieme and later founded Tetration Analytics - both absorbed by Cisco - and he holds, by the company's count, more than 425 patents. His co-founders Ravi Sankuratri and Farid Jiandani come out of Tetration, Yahoo, Sun Microsystems and Andreessen Horowitz. There's a pattern here worth noticing: the same team that once mapped and secured the data-center network is now trying to map and secure the data-center's data. Founders tend to keep solving the same problem, just aimed at a bigger target.
Theom bundles a soup of security acronyms - DSPM, DDR, data access governance - into what it calls a Data Operations Center. Tools proliferate when nobody owns a problem end-to-end; Theom's bet is that collapsing them into one platform is itself the product.
Discovers and classifies sensitive data across structured and unstructured stores, maps which users and roles can reach it, establishes its criticality, and keeps a continuous risk register ranked by what matters most.
Detects attacks on cloud data lakes and warehouses and - notably, as the only product Theom claims does this - maps them to the MITRE ATT&CK framework, then responds through SIEM/SOAR integrations.
Analyzes not just whether someone has access but what they're doing with it and why - the insider-threat problem DLP tools structurally can't see, because access alone looks legitimate.
Provides detailed access-policy and usage control over the enterprise data estate so organizations can put generative-AI applications into production without the data underneath becoming a liability.
Security has historically focused on infrastructure and access - but in the AI era, data is the new perimeter.
In May 2025 Theom closed a $20 million Series A led by Wing VC, bringing total funding to roughly $36 million. The interesting part isn't the number - it's the cap table. Snowflake and Databricks are direct rivals in the data-platform market, and both wrote checks. When the platforms you secure invest in you, that's less a term sheet than a reference check you can't buy.
A few numbers behind the company, drawn from public and third-party sources (revenue and headcount are approximate):
"Theom is the first platform delivering detailed access policy and usage control over enterprise data estates, essential for AI applications."
Gaurav Garg · Wing VC"Theom helps enterprises put trustworthy data and AI into production with end-to-end visibility and control."
Andrew Ferguson · Databricks Ventures"Theom's traction in financial services validates its technology for protecting and governing complex data assets."
Harsha Kapre · Snowflake Ventures"Theom is reimagining data security with a fundamentally new approach to governance and intelligence."
Rob Salvagno · SentinelOne S VenturesSince leaving stealth in 2022, Theom has landed customers in exactly the places where a data breach is most expensive: regulated finance and high-growth software. Named accounts include Fiserv, Grammarly, Tradeweb and JetBlue. Winning that kind of logo in three years isn't done with a demo - it's done by answering the single question every financial-services CISO loses sleep over: who touched the data, and was that allowed?
Navindra Yadav and co-founders start Theom in December 2020 to attack cloud data security from a data-first angle.
Theom launches its AI-native Data Operations Center with early enterprise customers, backed by Ridge Ventures and M12.
Extends into Data Detection and Response, translating cloud data-lake and warehouse attacks into MITRE ATT&CK language.
Wing VC leads a $20M round joined by Snowflake Ventures, Databricks Ventures and SentinelOne's S Ventures.
It's fair to be skeptical of any startup that arrives with a new three-letter category and a story about how the old three-letter categories are obsolete. The data-security-posture-management space is crowded - Cyera, Sentra, BigID, Varonis, Securiti and others are all circling the same enterprise budgets. What separates Theom, at least on paper, is the insistence on going past posture (where is the data, who can see it) to behavior (what are they doing, and does it match policy and intent). Posture is a snapshot; behavior is a movie, and the interesting crimes only show up in the movie.
The other thing Theom keeps returning to is generative AI, and here the timing is either lucky or shrewd. Enterprises are racing to put LLMs into production and quietly terrified of what those models might read, leak, or memorize. Theom's argument is that you govern the data before the model ever sees it - that AI safety, for a bank, is mostly a data-governance problem wearing a fashionable hat. Whether that argument scales into a durable business is the open question. But the people asking it have built and sold this kind of thing before, and the companies whose platforms they're securing decided to fund them. That's not proof. It's a strong tell.
Theom provides an AI-native Data Operations Center that discovers, classifies, governs and protects enterprise data across cloud, SaaS, PaaS and generative-AI environments - detecting breaches and enforcing policy in real time.
It was founded in December 2020 by Navindra Yadav (CEO), Ravi Sankuratri (COO) and Farid Jiandani (SVP Business Development), drawing on backgrounds at Cisco Tetration and Google.
Roughly $36 million total, including a $20 million Series A in May 2025 led by Wing VC with Snowflake Ventures, Databricks Ventures and SentinelOne's S Ventures.
Beyond posture management, Theom analyzes user identity, action and intent, scores the financial value of data at risk, and detects/responds to attacks mapped to the MITRE ATT&CK framework.
Fortune 500 and high-growth enterprises, especially in regulated industries like financial services. Named customers include Fiserv, Grammarly, Tradeweb and JetBlue.