Picus Security Inc.

Picus Security, founded in 2013, is a cybersecurity company specializing in Breach and Attack Simulation (BAS) and continuous security validation. The company's core mission is to help organizations understand and improve the effectiveness of their security controls, thereby enhancing cyber resilience and fostering a threat-centric approach to security decision-making. While its legal headquarters are in Wilmington, Delaware, Picus Security also maintains a significant operational presence in San Francisco, California, and has offices across multiple continents.

Picus Security offers the Picus Complete Security Control Validation Platform, which unifies exposure assessment, security control validation, and exposure validation. This platform simulates real-world cyberattacks across network, endpoint, and cloud environments to identify security gaps, evaluate prevention and detection systems, and provide vendor-specific mitigation recommendations. Key offerings include Exposure Validation, Security Control Validation, Attack Surface Management, Attack Path Validation, Detection Rule Validation, and Cloud Security Validation. The company has also integrated AI-powered breach simulation features, including the Numi AI assistant, to enhance its capabilities.

In recent developments, Picus Security completed a $45 million Series C funding round in 2024, led by Riverwood Capital, bringing its total funding to $80 million. The company launched its Exposure Validation system in 2025 and released its Blue Report 2025, which highlighted a decline in defensive effectiveness against cyberattacks. Picus Security is recognized as a leader in the Breach and Attack Simulation and Adversarial Exposure Validation markets, with a high customer recommendation rate. The company's leadership includes co-founders H. Alper Memiş (CEO), Volkan Ertürk (CTO), and Süleyman Özarslan (VP of Picus Labs).

Latest updates

Cybersecurity Validation Summit Signals Shift from Reactive to Autonomous Defense

Event summary

  • Picus Security is hosting a virtual summit on May 12 and 14, 2026, focused on autonomous validation.
  • The summit features speakers including David B. Cross (Atlassian CISO), Ying Ting Neoh (Frost & Sullivan analyst), Johnny Xmas (Kraft Heinz), and Marius Poskus (Glow Financial Services).
  • Key topics include AI-driven threats, signal-driven validation approaches, and strategies for reducing CVE noise.
  • The summit is targeted at CISOs, security leaders, vulnerability managers, and practitioners.

The big picture

The summit underscores a growing recognition within the cybersecurity industry that traditional testing methods are inadequate against increasingly sophisticated, AI-powered attacks. The shift towards continuous, autonomous validation represents a fundamental change in security strategy, moving from reactive patching to proactive, real-time defense. This trend is likely to be driven by increasing regulatory pressure and the escalating costs associated with data breaches.

What we're watching

Adoption Rate
The summit's attendance and subsequent adoption of autonomous validation practices will indicate the degree to which security teams are willing to shift away from traditional, periodic testing models.
Vendor Consolidation
Increased reliance on autonomous validation tools may accelerate consolidation within the cybersecurity vendor landscape, as organizations seek integrated platforms.
Skill Gap
The implementation of autonomous validation will likely exacerbate the existing cybersecurity skills gap, requiring organizations to invest in training or outsource specialized expertise.
CID: 2517