What Valence Does
Every enterprise app that gets connected - a marketing tool, a code repository, an AI assistant - is another door into the business. The average organization has thousands of these doors, most opened without security ever signing off. Valence Security exists to count those doors, judge which ones are unlocked, and help shut the dangerous ones.
The company describes its purpose plainly: protect organizations from the threats created by SaaS and AI sprawl. Rather than sell one narrow tool, Valence unifies four capabilities that have historically lived in separate products - SaaS discovery, SaaS Security Posture Management (SSPM), AI Security Posture Management (AI-SPM), and Identity Threat Detection and Response (ITDR) - into a single platform. It discovers shadow apps and AI agents, flags misconfigurations before they become incidents, watches human and non-human identities for suspicious behavior, and then does the part most tools skip: it helps teams fix what it finds.
By the Numbers
Figures compiled from public sources including Crunchbase, Gartner Peer Insights, and company materials. Revenue and headcount vary by source; employee count reported at roughly 46-53.
The Problem It Solves
SaaS adoption outran the ability to govern it. Business teams buy and connect apps directly, granting OAuth permissions and wiring integrations without a security review. The result is a sprawling, interconnected estate where a single over-permissioned token or forgotten third-party grant can expose sensitive data. Traditional network and endpoint tools were never built to see inside Microsoft 365, Salesforce, GitHub, or Slack - let alone the connections between them.
Two newer complications sharpen the problem. First, non-human identities - service accounts, API keys, automation bots - now outnumber human users in many organizations, and each is a credential an attacker can abuse. Second, AI has arrived inside SaaS: embedded copilots, third-party AI integrations, and autonomous agents that request broad permissions humans would rarely be granted. Valence frames this as the shift from shadow IT to shadow AI, and it built its discovery and posture tools to surface both.
Too many apps
Thousands of SaaS and AI apps connected, most without a security review.
Non-human explosion
Service accounts, tokens, and AI agents multiply the attack surface.
Alert backlog
Visibility tools flag risk but leave teams drowning in unremediated tickets.
Products & Services
SaaS Discovery
Continuously uncovers shadow SaaS, shadow AI, and AI agents - including apps adopted entirely outside approved workflows.
SSPM
Monitors configurations, permissions, and integrations across connected apps, flags drift, and prioritizes actionable fixes.
AI-SPM
Maps AI usage across SaaS, cataloging embedded AI features, integrations, and agents to govern adoption and curb data leakage.
ITDR
Watches human and non-human identity behavior across SaaS, flagging suspicious activity to head off identity-based attacks.
How It's Different
Plenty of vendors can produce a dashboard of SaaS risks. Valence's argument is that dashboards are not the bottleneck - remediation is. Its platform leans on one-click fixes, automated workflows, and a distinctive collaborative model: when a risky configuration traces back to a specific business user, Valence loops that person into the fix rather than routing everything through an overloaded security queue. The often-cited fact is that the risky setting was usually made by a marketer or an engineer, not an attacker, so the fastest path to closing it runs through them.
The second differentiator is scope. By combining discovery, SSPM, AI-SPM, and ITDR in one platform, Valence positions integration itself as the moat - avoiding the seams that appear when teams stitch together five point tools. Its neutrality across vendors is part of the pitch too: the company that helps secure Microsoft 365 also secures Google Workspace, Salesforce, GitHub, Okta, and more than 170 other applications.
Funding & Backers
Valence launched from stealth in 2021 with a $7M seed led by YL Ventures. In October 2022 it announced a $25M Series A led by M12, Microsoft's corporate venture arm - a notable vote of confidence given how much of Valence's work involves securing Microsoft's own SaaS products. Participants included YL Ventures, Porsche Ventures, Akamai Technologies, Alumni Ventures, and former Symantec CEO Michael Fey.
The Founders
Yoni Shohet
Previously co-founded SCADAfence, an industrial IoT/OT security startup. His second act moves from securing factory floors to securing the enterprise SaaS estate.
Shlomi Matichin
Technical co-founder leading the platform's engineering and its unified approach to SaaS, AI, and identity risk.
The pair's work is reinforced by an advisory bench of former CISOs from Goldman Sachs, Bank of America, Adobe, and SAP - a signal of how closely the product is tuned to how large security teams actually operate.
Who Uses It
Valence sells to enterprise security, IT, and GRC teams. Publicly referenced customers span technology, financial services, and consumer brands:
Where It Fits in the Market
Valence sits in the fast-consolidating SaaS security posture management (SSPM) category, competing with vendors such as AppOmni, Obsidian Security, DoControl, Grip Security, and Wing Security. Adaptive Shield, once a peer, was acquired by CrowdStrike - a sign that the larger platform players see SaaS security as strategic. Valence's differentiation in that field is its emphasis on remediation and its early expansion into AI security posture management, staking out ground for what it calls the agentic era, when AI agents rather than people request access to sensitive systems.
B2B SaaS subscription. The cloud-delivered platform is sold to enterprise security teams on annual contracts, typically scaled by connected applications and identities, and goes to market both directly and through channel and technology partners.
Timeline
Founded & out of stealth
Yoni Shohet and Shlomi Matichin launch Valence with $7M seed led by YL Ventures.
$25M Series A
Microsoft's M12 leads a $25M round, bringing total funding to $32M.
Recognition & ITDR
Named an RSA Innovation Sandbox finalist and deepens SaaS identity threat detection.
AI security expansion
Adds AI Security Posture Management to discover and govern embedded AI and agents.
Built for the agentic era
Publishes the State of SaaS Security 2026 report and positions for AI-agent security.
FAQ
What does Valence Security do?
It helps enterprises find and fix risks created by SaaS and AI sprawl, unifying SaaS discovery, SSPM, AI-SPM, and ITDR with collaborative and automated remediation.
Who founded Valence Security and when?
Founded in 2021 by Yoni Shohet (CEO) and Shlomi Matichin (CTO). Shohet previously co-founded industrial security startup SCADAfence.
How much funding has Valence raised?
About $32M total - a $7M seed in 2021 and a $25M Series A in 2022 led by Microsoft's M12, with YL Ventures, Porsche Ventures, and Akamai participating.
What makes Valence different?
It emphasizes remediation over pure visibility - one-click fixes and collaborative workflows that engage business users - plus a unified platform spanning SaaS, AI, and identity risk.
Who uses Valence Security?
Enterprise security, IT, and GRC teams. Publicly referenced customers include Akamai, Elastic, Lionbridge, ServiceTitan, Riskified, and Corelight, across 175+ supported apps.