Echo Software Ltd., a startup that’s using artificial intelligence agents to secure container images at the base layer, said today it has raised $35 million in an early-stage funding, just four months after closing on its $15 million seed raise.

The Series A round was led by N47 and saw participation from Notable Capital, Hyperwise Ventures and SentinelOne. It brings its total amount raised to more than $50 million.

The startup is looking to fix problems with container images, which it says are among the most insecure components of modern software today. These days, almost all cloud-based applications are built on container base images – essentially, prebuilt operating systems that define the app’s runtimes and dependencies.

Containers have become the building blocks of modern software because they provide a consistent and portable environment for applications, enabling them to run reliably across different platforms without change, meaning they can be deployed more rapidly in any environment. They also make it easier for developers to manage dependencies and improve application scalability.

They rule the software world, but they also come with significant security risks. In fact, Echo’s own research shows that some of the world’s most widely used official Docker images, such as Python, Go, Ruby and Node.js, each contain more than 1,000 common exposures and vulnerabilities or CVEs.

Echo co-founder and Chief Technology Officer Eylam Milner (pictured, right) said the company’s research shows that more than 90% of container vulnerabilities stem from the original base image layer rather than the application code. This is problematic, he added, because most enterprises simply grab prebuilt container images and build directly atop of them when creating new software. “Large organizations with thousands of cloud services inherit millions of security issues before their engineers write a single line of code,” he said.

The startup’s solution is to rebuild everything from scratch using AI agents to remove all of those vulnerabilities and exploits. It offers access to a growing library of CVE-free container base images that have been reconstructed using only the most essential components, reducing the attack surface considerably while ensuring they still function as before. In this way, Echo’s hardened container images serve as drop-in replacements for standard Docker images, and they couldn’t be easier to install. All developers have to do is change a single line in their application’s Docker file to swap out a potentially vulnerable Docker image for a cleaner Echo version.

Of course, Echo understands that even these “clean” container images may be affected by new vulnerabilities found in their most essential components. Fortunately, its AI agents work to maintain them around the clock, so the moment a new vulnerability is discovered and entered into the CVE database, they’ll autonomously research the discovery and identify any images it might affect.

Then they either find or develop their own fixes from unstructured sources, such as GitHub comments, forums and research blogs. Once the fix is ready, Echo’s agents will apply a patch, run comprehensive compatibility tests and create a pull request so the fix can be reviewed by a human.

Echo co-founder and Chief Executive Eilon Elhadad (left) said this AI-first approach enables the company to maintain a library of more than 600 secure container images, despite only having a team of 35. Without AI agents, he believes, the company would need to hire hundreds of security researchers.

“Our time-to-value is instant, with customers immediately seeing their vulnerability count drop to zero when moving to Echo images,” he said. “Security teams love us because we make them look like heroes overnight, and developers love us because they can stop wasting time fixing vulnerabilities in infrastructure they didn’t even create.”

Elhadad and Milner are veterans of the Israeli Defense Force’s elite Unit 8200 cybersecurity team, and they have a solid track record in the security industry. They previously founded the software supply chain firm Argon Ltd., which was acquired by Aqua Security Software Ltd. in December 2021 just one year after it launched.

Echo says its secure container images have already been widely deployed by a number of major enterprises, including the database firm EnterpriseDB Corp., the data analytics startup Varonis Systems Ltd. and the publicly traded robotic process automation giant UiPath Inc. EDB Chief Information Security Officer Dan Garcia said Echo saves his company about 235 developer hours for each software release it puts out, while reducing the number of critical vulnerabilities it has to deal with.

N47 General Partner Moshe Zilberstein said he’s investing in Echo because he thinks AI-generated software is soon going to make manual vulnerability management obsolete. “AI agents now write more code than humans, while bad actors are using AI to compress exploit windows from weeks down to just hours,” he said. “Echo is building the first operating system that’s immune to vulnerabilities by design.”

Photo: Echo Software