Why we invested in Native Security
By Jake Seid, Co-founder and General Partner, Ballistic Ventures
At Ballistic, our investment thesis has always been about more than just improving security. It’s about improving business enablement. The best security platforms don’t slow organizations down; they help them move faster, more confidently, and with fewer self-inflicted wounds. Nowhere is that more true than in the cloud. That’s why we’re excited to announce our newest investment is in Native Security, which emerges from stealth today with $42M in funding to make secure-by-design the default in multi-cloud.
The cloud security landscape is changing at an incredible pace. Today, virtually every organization we speak with is operating across two to four cloud environments, often driven by different business units with different goals. Or, they want to operate across multiple clouds to take advantage of best-in-class tooling, cost, and resiliency, but they’re prevented from doing so due to operational complexity. That reality has fundamentally changed the job of the CISO and the security team.
For years, the industry response to cloud risk has focused on visibility: finding vulnerabilities, prioritizing them, triaging alerts, fixing issues after the fact, and then making sure the fix didn’t break something. Those tools still matter, but they’re no longer sufficient. You simply can’t secure modern, multi-cloud environments by playing whack-a-mole with misconfigurations and vulnerabilities. AI is attacking you at machine-scale and speed and, as a result, the time to exploit a vulnerability is now negative-one day today, down from over a month last year according to Google’s Mandiant. It’s hard to believe but that negative number will only get larger as AI models speed up by a 100x over the next 2 years. 100x faster models with agents built for offensive cybersecurity will be in the hands of 1,000x more groups looking to break into enterprises. At the same time, AI is exponentially growing the amount of new code and configurations pushed into production massively growing the attack surface. The old model is simply no longer enough and a secure-by-design approach has gone from a nice-to-have to a must-have as a result. That’s why we invested in Native Security.
Preventive controls for a multi-cloud world
Native is Ballistic’s investment in preventive cloud security controls, a fundamentally different approach to securing cloud infrastructure. Instead of starting from the bottom up with endless findings, Native starts from the top down with policy intent.
Security teams using Native can step back and ask a far more powerful question: What is my policy intent across all of my cloud environments
From there, Native allows teams to configure and enforce those policies using the native security controls already built into AWS, Azure, GCP, and other cloud platforms. The result is a stronger, more consistent security posture – one that holds up over time and dramatically reduces noise, toil, and firefighting.
This approach recognizes a hard truth in today’s enterprises: individual security teams cannot maintain deep expertise across every cloud provider, every service, and every new feature that ships weekly. What they need is a way to define policy once and trust that it will be enforced everywhere – natively, correctly, and safely.
Native’s founding team was built for this moment
As part of our investment, we are equally excited about Native’s founding team, which came together at exactly the right moment in the market.
Co-founder and CEO Amit Megiddo served in Israel’s Unit 8200, where he gained early exposure to cloud environments, and later went on to help build Amazon GuardDuty. In that role, he saw firsthand how customers wanted to do far more with cloud-native security controls, but they consistently struggled to operationalize them at scale. Through conversations with AWS customers around the world, Amit developed a deep understanding of the real pain points security teams face.
Amit met his Co-founder and CPO Gal Ordo, where Gal was leading the AWS Security Hub. Fellow Co-founder and CTO Eyal Faingold, was VP of R&D at Dome9, one of the earliest companies in cloud security, and then led the cloud security portfolio at Check Point, one of the industry’s longest-standing public security companies. Together, the trio brings rare insight across hyperscalers, startups, and large enterprises, which is exactly the mix needed to tackle this problem.
The real-world impact of Native Security
Native’s impact isn’t futuristic. The platform is already deployed in large Fortune 100 global enterprises, and that’s not a coincidence.
One customer – one of the largest streaming services in the world – was dealing with constant CNAPP misconfiguration issues across cloud environments. Traditional tools left them stuck in a cycle of detecting and reacting. With Native, they were able to simulate policy impact safely, then enforce preventive controls across all environments, enabling them to stop misconfigurations before they happened.
Another example comes from one of the world’s top chip manufacturers, running sensitive AI experiments in the cloud. They needed to lock down certain environments from internet exposure, which is a highly complex task. Running across three major clouds, achieving this securely would require close to 150 separate CSP native controls, and the team was spending months just researching how to do it. With Native, the customer was able to accomplish this safely and effectively in a matter of weeks.
Secure-by-Design is here
“Secure by design” isn’t a new concept, but it has become an urgent priority. Today’s CISOs have a dual mandate: protect the enterprise and enable the business to move faster. That means driving security down into the platforms themselves, making environments secure by design and secure by default.
When workloads spin up in the cloud, security leaders want confidence that the right guardrails are already in place, including that policies are enforced automatically, consistently, and without friction. When you achieve that, security stops being a bottleneck and becomes a force multiplier for agility and productivity.
This is why Native resonates so strongly with customers. It’s truly multi-cloud, which is where the world already is – and where it’s going faster, thanks to resiliency demands and AI adoption. Analysts are increasingly aligned with this direction as well. As AI accelerates both innovation and attack speed, secure by design is no longer optional: it’s the only path forward.
That’s why we believe Native Security represents the future of cloud security. And that’s why we’re proud to invest in this company and team.
Watch the Interview
Native Security Co-founder & CEO Amit Megiddo sat down with Ballistic’s Jake Seid and Phil Venables to talk about the company and what’s ahead. Watch now!