Why we invested in Magnitude AI

By Jake Seid, Co-founder and General Partner, Ballistic Ventures

Third-party risk management (TPRM) has become one of cybersecurity’s hardest problems.

The reason is simple: companies now run on an ever-expanding ecosystem of vendors, SaaS tools, suppliers, integrations, and downstream dependencies. Every one of those relationships creates risk. And now, with AI being embedded into nearly every product, the risk profile of those third parties is changing faster than traditional TPRM processes can keep up.

TPRM teams are being asked to do two things that are increasingly in tension: help the business adopt AI quickly, and make sure the company and its data stay safe.

That would be hard enough on its own. But the attacker side of the equation is changing just as fast.

Third parties have become one of the most attractive attack surfaces in cybersecurity because a single compromise of a widely used vendor can give adversaries access to thousands of companies at once. And with the rise of offensive AI, attackers can now find, weaponize, and exploit weaknesses at machine speed.

The data from Google Mandiant below makes the point clearly. As recently as 2022, organizations often had more than a month to respond to newly disclosed vulnerabilities. By 2024, that number had gone negative, meaning exploitation was routinely happening before a patch was even available.

That is the new reality: defenders are being asked to manage more third-party risk, across more vendors, while attackers are moving faster than ever.

This is exactly the kind of market shift we look for at Ballistic.

It is why we invested in Magnitude AI, and why we are excited to see the company emerge from stealth today with a $10 million seed round led by Ballistic.

Our conviction starts with Founder and CEO Rami Habal.

Rami was Ballistic’s first Entrepreneur-in-Residence. From the earliest days of exploring what would become Magnitude AI, we had a front-row seat to his thinking, his vision, and his obsession with solving a problem that security leaders increasingly recognize as mission-critical.

Rami’s track record speaks for itself.

He joined Proofpoint early and helped scale the company through its IPO, gaining firsthand experience building one of the defining cybersecurity platforms of the last generation. More recently, he served as Chief Product Officer at Abnormal during a period of extraordinary growth, helping the company scale to more than $150 million in ARR and become one of the fastest-growing cybersecurity companies in history.

Across both companies, Rami used the machine learning and AI of the day to solve urgent security problems. With the rise of agentic AI, he saw another opportunity to do the same.

Third-party and Nth-party risk management is still dominated by manual workflows, point-in-time questionnaires, fragmented evidence collection, and overstretched teams. Most organizations simply cannot continuously assess every vendor, supplier, product, integration, and downstream dependency that could introduce risk.

That model worked when the world moved more slowly.

It does not work in an AI-first world.

Agentic AI changes the equation.

The same advances that are accelerating cyber threats can also give defenders a new operating model. Instead of relying on humans to manually chase evidence, review assessments, monitor vendors, and coordinate remediation, AI agents can work continuously across the third-party ecosystem.

They can gather and validate evidence. Assess risk. Make recommendations. Track changes. Escalate issues. Drive remediation. And they can do it at a scale and speed that human teams alone could never match.

That is the vision behind Magnitude AI.

Magnitude is building the world’s first autonomous AI workforce for third-party risk management teams.

Its AI risk agents continuously assess, govern, and reduce risk across third- and Nth-party ecosystems. This is not just about making existing workflows faster. It is about reimagining how external risk gets managed when both attackers and defenders are operating at machine speed.

Every great cybersecurity company sits at the intersection of three things: an urgent problem, a major technology shift, and a team uniquely qualified to solve it.

Magnitude has all three.

The problem is urgent. Third-party risk is expanding faster than security teams can manage it.

The technology shift is real. Agentic AI creates the possibility of continuous, autonomous risk operations.

And the team is exceptional. Rami and the Magnitude team have lived this market, built category-defining security products, and understand what it takes to deliver for the world’s most demanding security organizations.

At Ballistic, we believe the future of third-party risk management will not be built around more questionnaires, more dashboards, or more manual follow-up.

It will be built around intelligent agents that help security teams move at the speed of the threat.

That is why we are proud to partner with Rami and the Magnitude AI team as they build that future.

Watch the Interview

Magnitude AI’s Co-founder & CEO Rami Habal sat down with Ballistic’s Jake Seid to talk about the company and what’s ahead. Watch now!