Remediation is a workflow that identifies violations in a cloud management policy, triggers an alert, and provides an explanation of the violation as well as steps to remedy the issue. With the addition of AI, many of these steps can be automated creating a self-healing model. However, this does come with challenges if not managed properly. Gombac.AI is an automated cloud remediation platform that allows organizations to ensure their cloud deployments are not susceptible to security breaches. The platform takes a deterministic AI approach to develop solutions rather than generative AI, allowing the platform to be repeatable, contextually aware, and accurate by ensuring that the correct solution is deployed that improves security immediately, remains consistent with robust logging capabilities, and ultimately resulting in a reduction in time spent on management. Gomboc.AI can be used both for existing cloud environments as well as new deployments, making it versatile for the enterprise’s growing cloud needs both at a centralized security and local DevOps or engineering level.
AlleyWatch caught up with Gomboc.AI Cofounder and CEO Ian Amit to learn more about the business, the company’s strategic plans, recent round of funding, and much, much more…
Who were your investors and how much did you raise?
Our investors are Glilot Capital and Hetz Ventures – both highly prominent Israeli VCs focusing on cyber. We raised $5.3M in our seed round.
Tell us about the product or service that Gomboc.AI offers.
We provide a cloud infrastructure remediation solution. Essentially getting rid of security misconfigurations in your cloud deployments – whether these are existing architectures, or ones that are build built by your developers.
What inspired the start of Gomboc.AI?
As practitioners (a former CISO, and a former professional services manager at AWS), we lived through the problem and realized there aren’t any effective solutions to it. Yet this is still the #1 reason for cloud breaches. We decided to find an approach that would solve it correctly – at the source.
How is Gomboc.AI different?
Gomboc.ai is different in several ways – notably we use deterministic AI to produce solutions (rather than generative AI which cannot be trusted for delivering accurate and repeatable results), as well as our integration to the DevOps pipelines that does not require ticketing or learning new languages. That’s a full shift-left approach, that delivers results directly into the code such that security is being addressed seamlessly while developers can focus on building functionality.
What market does Gomboc.AI target and how big is it?
Essentially every organization that uses cloud infrastructure (AWS, GCP, Azure, etc). The market covers companies small and big and is currently mostly unaddressed. It’s estimated at over $16B.
What’s your business model?
Since we essentially provide a virtual DevSecOps engineer to every team, our business model simply scales based on the size of the development organization in the company. We do not charge per account, nor by the size of the cloud deployment – and that is in order to keep the costs predictable and fair.
How are you preparing for a potential economic slowdown?
As we free up precious resources (from both DevOps as well as Security teams), we are finding ourself in a perfect position for an economic slowdown where companies are doing more with less people. We enable such companies to better utilize their existing workforce and free it to handle higher level problems as we address the security aspects of their cloud infrastructure.
What was the funding process like?
We iterated on the main pillars of how the solution should be delivered, insisting on keeping the focus clear and concise, while assuring that the integration and friction is kept to a minimum. We built a functional prototype that proves the solution can be delivered, and interviewed dozens of CISOs as well as DevOps leaders to make sure we build a solution that addresses the right problem in the right way. Once we had a provable product-market fit we went fundraising, and started operating with capital in November of 2022.
What are the biggest challenges that you faced while raising capital?
Two main issues – one is the hype of generative AI and having to explain what kind of AI is usable for which problem, and the second one was gaining trust that accurate and correct remediations can actually be delivered to existing code. We are solving a hard problem that required deep-tech innovation, which in modern startups is less frequent.
What factors about your business led your investors to write the check?
The fact that we remediate both existing cloud deployments as well as new ones, and the potential for addressing additional domains outside of security – essentially transforming the way organizations will be using the cloud in the future, and closing the growing knowledge gap that security and DevOps teams face as cloud services grow exponentially.
What are the milestones you plan to achieve in the next six months?
We plan to deliver full multi-cloud capabilities, as well as expand our coverage of Infrastructure-as-Code languages. Additionally, we plan to start covering hybrid environments on top of just cloud ones.
We plan to deliver full multi-cloud capabilities, as well as expand our coverage of Infrastructure-as-Code languages. Additionally, we plan to start covering hybrid environments on top of just cloud ones.
What advice can you offer companies in New York that do not have a fresh injection of capital in the bank?
Tap into the highly diverse local economy – there are so many sectors operating here, with leaders available to assist and provide validation to new innovations!
Where do you see the company going now over the near term?
We’ll be growing our go-to-market team, but plan to stay fairly nimble in the short term in order to be as effective as possible and focus on delivering high customer value.
What’s your favorite summer destination in and around the city?
Any rooftop bar, and every park in the city where you can have a snack or an impromptu picnic.