Open-source security software company Truffle Security Co. announced today that it has raised $25 million in new funding to fuel continued growth of TruffleHog Enterprise, the company’s enterprise-grade secrets detection, verification and remediation solution, and expand its development in secrets and nonhuman identities protection.

Founded in 2019, Truffle Security provides paid solutions based on TruffleHog, an open-source tool that scans code repositories for exposed secrets such as application programming interface keys, tokens and passwords. the tool helps developers and security teams quickly identify and remediate leaked credentials before they can be exploited.

Truffle Security’s offering is focused on detecting exposed secrets, such as API keys, tokens, service-account credentials and other nonhuman identities, across codebases, cloud environments and repositories. The open-source engine supports hundreds of detectors and is designed to scan for signs of secret leakage or improper credentials being checked in.

The company also offers verification and remediation where, once a secret is found, the platform helps determine whether it is active, what systems it could access and what the blast radius might be. The results give contextual insight that allows security teams and development teams to prioritize and respond quickly.

Truffle Security’s paid offering, TruffleHog Enterprise, provides monitoring, detection and integration into the software development lifecycle so that secrets don’t become entry points for breaches.

The Series A round was led by Intel Capital Corp. and a16z (Andreessen Horowitz). Joining the round were Abstract Ventures, Lytical Ventures and individual investors. Those included Casey Ellis, founder of BugCrowd Inc., as well as Emilio Escobar, chief information security officer at Datadog Inc. ,and Haroon Meer, founder and chief executive of Thinkst Applied Research Pty. Ltd.

“As AI transforms how software is built, the security surface is expanding just as quickly,” said Martin Casado, general partner at Andreessen Horowitz. “Truffle Security is tackling one of the most urgent challenges in this new era, which is protecting codebases from secret exposure at scale.”

Along with the funding, Truffle Security also announced a new GCP Analyze add-on for TruffleHog Enterprise that is designed to significantly reduce time to remediation when Google Cloud Platform secrets leak.

With GCP Analyze, security teams get instant context, including what resources it can access, its inheritance and the blast radius of its permissions, instead of having to spend hours untangling identity and access management complexity.

The new offering is built on top of TruffleHog Enterprise’s verified secret detection, which eliminates false positives to help security teams remediate threats faster and more confidently across the software development lifecycle.

Coming into the new funding round, Truffle Security had previously raised a $14 million Series A round in December 2021, according to data from Tracxn.

Image: Truffle Security