The AI Cyber Arms Race: RAVEN.IO's $20M Bet on 'CVE-less' Security

PALO ALTO, CA – March 18, 2026 – As artificial intelligence accelerates the speed and sophistication of cyberattacks, the cybersecurity industry is racing to build defenses that can keep pace. In a significant move within this new arms race, cybersecurity startup RAVEN.IO today announced it has secured $20 million in funding to advance its novel approach to protecting applications from the inside out.

The funding, which includes a seed round led by Norwest and a post-seed investment led by Elron Ventures, validates a growing consensus: traditional security measures are no longer sufficient. RAVEN.IO aims to tackle the problem of AI-generated exploits by moving beyond outdated signature-based methods and analyzing application behavior in real-time, a strategy it calls "CVE-less runtime behavioral security."

Beyond the Patch: When Traditional Security Fails

For decades, cybersecurity has relied on a reactive model centered on Common Vulnerabilities and Exposures (CVEs). Organizations scan for known flaws, wait for patches, and hope to close security holes before attackers find them. However, this model is collapsing under the weight of modern threats.

The rise of generative AI has given adversaries powerful tools to discover and weaponize vulnerabilities faster than ever before, often before a CVE is even published. This has shrunk the "Time-to-Exploit" (TTE) from weeks or days to mere hours or minutes, creating a dangerous window of exposure for businesses. Industry analysis suggests a growing number of attacks stem from "CVE-less" threats—zero-day exploits, flaws in custom code, or vulnerabilities that simply haven't been cataloged yet.

This reality was starkly illustrated by the "React2Shell" attack in late 2025. A critical vulnerability (CVE-2025-55182) in widely used React server components allowed unauthenticated attackers to execute code remotely with a single HTTP request. Despite the widespread use of Web Application Firewalls (WAFs) and other external defenses, an estimated 39% of servers worldwide were left vulnerable. Exploit code appeared publicly within hours of the patch, and attackers began compromising systems almost immediately, demonstrating the futility of a defense that waits for a signature.

"In an era where AI tools can identify and exploit vulnerabilities at unprecedented scale and speed, organizations can no longer rely solely on signatures or on CVEs published after the fact," said Roi Abitboul, Co-Founder and CEO of RAVEN.IO.

Raven's Answer: Looking Inside the Application

RAVEN.IO was built to address this fundamental gap. Instead of monitoring network traffic or scanning for known vulnerability signatures, its platform operates from within the application itself during runtime. By observing the application's internal execution paths, the technology creates a unique behavioral "fingerprint" for every legitimate process.

When an attack attempts to force the application to deviate from its normal behavior—as was the case with React2Shell's deserialization flaw—RAVEN.IO's platform detects the anomaly instantly and blocks the malicious action. This approach allows it to prevent attacks even when the underlying vulnerability is unknown and has no corresponding CVE. The company states its technology, which is registered in three U.S. patents, can be deployed without complex code instrumentation or performance degradation, a common pain point for other runtime security solutions.

"The cybersecurity market landscape is undergoing a fundamental shift—from code-level vulnerability detection to runtime detection and prevention," commented Dror Nahumi, General Partner, Norwest. "This transition is accelerating amid significant growth in AI-generated code, which expands the attack surface and makes traditional security solutions increasingly ineffective."

Strategic Backing and a Proven Team

The $20 million investment, with participation from notable firms like RedSeed, UpWest, SentinelOne, and others, signals strong investor confidence not only in the technology but also in the team behind it. RAVEN.IO was founded in 2023 by CEO Roi Abitboul, CTO Guy Franco, and Chief Research Officer Omer Yair—three alumni of elite cyber and technological units in the Israel Defense Forces (IDF).

This is not their first venture. The trio previously founded Javelin Networks, an endpoint protection company that was acquired by Symantec in 2018. Their experience building and scaling a successful cybersecurity firm provides them with a crucial advantage in a crowded market. Following the acquisition, they led the development of Symantec's Endpoint Detection and Response (EDR) and cloud protection products, giving them deep insight into the limitations of existing defense mechanisms.

The investment places RAVEN.IO in the rapidly growing application security market, estimated at around $17 billion. "The shift toward modern architectures, cloud environments and accelerated AI-driven development is creating a need for a deeper security layer within the application itself," noted Yaniv Shnieder, CEO, Elron Ventures. "We believe strongly in the company's business momentum and in its potential for broad adoption across global enterprises."

The new capital will be used to accelerate product development, expand go-to-market activities in the United States, and grow the company's engineering and research teams. The platform is already deployed with 11 enterprise customers, primarily in the high-stakes financial and insurance industries, where a single application-layer breach can have catastrophic consequences. By proving its value in these demanding environments, RAVEN.IO is building a strong foundation for its planned U.S. expansion and its mission to return control over vulnerability management to application owners.