ShiftLeft Raises $20 Million Series B Funding for Automated Application Security Tech

ShiftLeft,  a provider of application-specific cloud security, has raised $20 million in Series B funding. This latest round, led by Thomvest Ventures and joined by new investor SineWave Ventures as well as existing investors Bain Capital Ventures and Mayfield, follows the company's announcement of its first round of $9.3 million less than 18 months ago. The new funding brings the total raised to nearly $30 million.

The company has also appointed Jim Sortino, who previously held executive roles at Trend Micro and Dome9 Security (acquired by Checkpoint), as vice president of worldwide sales.

“Our founding vision is that application security needs to be a seamless part of the development process, not an afterthought,” said Manish Gupta, CEO and co-founder of ShiftLeft. “The problem has long been inaccurate tools and a heavily manual process, leaving security and development teams frustrated and applications vulnerable. ShiftLeft completely upends this paradigm, delivering automated and customized protection for every software release, and the analytics dev teams need to improve on the overall security posture.”

The company plans to use the new funding to drive broader adoption of its code-informed runtime protection by expanding the breadth of its product portfolio, application coverage and global sales and marketing initiatives.

According to ShiftLeft, from containers and microservices to cloud and open source, a vast array of forces are rapidly changing and accelerating application development and deployment. The investment, it says, underscores both the importance of ensuring security despite this complex landscape, and ShiftLeft’s ability to empower application security teams to protect the enterprise.

Unlike traditional application security approaches, which are focused on external threats and rely on manual efforts to triage inaccurate alerts, ShiftLeft uses code analysis to understand application vulnerabilities, and create a virtual security perimeter to detect and protect every application version against malicious or unauthorized activity targeted at those vulnerabilities. 

For more information, go to