Sweet Security Targets Uncle Sam’s AI Cloud with FedRAMP Bid

TEL AVIV, Israel – June 10, 2026 – Cloud and AI security firm Sweet Security has announced its strategic expansion into the U.S. federal market, a move underscored by its pursuit of the rigorous FedRAMP Moderate authorization. The company is partnering with leading cyber advisory firm Coalfire Systems to navigate the complex compliance landscape, aiming to provide its proactive security platform to federal agencies accelerating their adoption of cloud and artificial intelligence.

The announcement signals a significant step for the Israeli startup, positioning it to compete for a share of the highly regulated but lucrative federal technology sector. This move comes as government bodies face immense pressure to modernize their IT infrastructure while simultaneously defending against increasingly sophisticated, AI-powered cyber threats.

Navigating the FedRAMP Gauntlet

For any technology company, entering the U.S. federal market is less a matter of salesmanship and more a trial of endurance, with the Federal Risk and Authorization Management Program (FedRAMP) serving as the primary gatekeeper. Sweet Security is targeting FedRAMP Moderate, the most common authorization level, which is required for cloud services that handle Controlled Unclassified Information (CUI)—the vast majority of the government's sensitive data.

Achieving this certification is a formidable undertaking. It requires a provider to implement and document 325 distinct security controls derived from the National Institute of Standards and Technology (NIST) Special Publication 800-53. These controls span everything from access control and incident response to personnel security and physical protections. The authorization process itself is notoriously lengthy, often taking between eight and 24 months to complete, involving intensive documentation, a thorough audit by a Third-Party Assessor Organization (3PAO), and final approval from a sponsoring federal agency or the Joint Authorization Board (JAB).

By partnering with Coalfire, a firm reportedly involved in approximately 70% of all new FedRAMP Authorities to Operate (ATOs), Sweet Security is signaling a serious, well-resourced commitment. Coalfire will act as an advisor, leveraging its extensive experience to benchmark Sweet's security program and prepare it for the formal assessment.

“Sweet Security’s investment in pursuing FedRAMP certification demonstrates a serious commitment to serving this market, and Coalfire is proud to support them as they work toward that goal,” said Karen Laughton, Coalfire's Executive Vice President.

Securing the Federal AI Revolution

The timing of Sweet Security’s federal push is critical. Government agencies are no longer just experimenting with AI; they are actively deploying it. Federal AI use cases are projected to surge from around 700 in 2023 to over 3,600 by 2025. This rapid integration, while promising unprecedented efficiency and capability, also introduces a minefield of new security risks.

AI models, hungry for vast datasets, can expose sensitive information if not properly secured. The deployment of AI tools like chatbots and code assistants expands the digital attack surface, creating new vectors for data exfiltration and system manipulation. This is the new frontier Sweet Security aims to protect.

“By being where the action is, Sweet helps organizations prevent risk before it becomes an incident, defend against active threats, and protect what matters most - including the rapidly expanding AI systems and workloads that are reshaping the federal landscape,” said Eyal Fisher, co-founder and CPO of Sweet Security.

His colleague, SVP of Sales Bryan Whorton, added that the company is seeing “strong demand across the public sector for security solutions that enable innovation while meeting rigorous compliance and security requirements.” He framed the FedRAMP journey as an essential step to help agencies “accelerate cloud and AI adoption with greater confidence and resilience.”

A Runtime-First Approach in a Competitive Field

Sweet Security enters a crowded federal cloud security market populated by established giants like CrowdStrike, Palo Alto Networks, and Wiz. To stand out, the company is banking on its unique “runtime-first” approach. Unlike traditional security tools that focus on scanning for potential vulnerabilities in pre-production environments, Sweet's platform uses lightweight eBPF-based sensors to provide deep visibility directly into live, production systems.

This focus on runtime intelligence—monitoring applications, identities, and infrastructure as they operate—is designed to detect and respond to active threats in real time. The goal is to deliver high-signal, low-noise alerts, cutting through the alert fatigue that plagues many security operations centers. By analyzing what is actually happening in a cloud environment, the platform helps prioritize real-world risk over theoretical vulnerabilities.

This capability is particularly relevant for securing opaque AI workloads, where it can help uncover “Shadow AI” (unauthorized AI usage) and enforce security policies on agentic applications. Industry analysts and users have taken note, with the platform earning high ratings on peer review sites for its effective detection and non-intrusive nature. For a startup, achieving FedRAMP Moderate authorization would serve as both a powerful market differentiator and a validation of its security posture, enabling it to compete on a more level playing field.

By undertaking the arduous FedRAMP process, Sweet Security is not just seeking a certification; it's pursuing a license to operate at the heart of the U.S. government's technological transformation. For federal agencies, the entry of specialized, runtime-focused security platforms represents a critical step toward realizing the promise of AI and cloud modernization without compromising national security.