Shlomie Liberow, Aisy
Cybersecurity companies have long measured their worth in big numbers. Dashboards boast millions of vulnerabilities discovered, thousands of alerts generated, and endless tickets created — proof, at least on the face of it, that the tools are working. The more problems surfaced, the better the product appears. For the teams on the receiving end, however, it often means the opposite: an ever-expanding to-do list with a lack of clarity on what to prioritise.
Datadog’s recent State of DevOps Report found that only 18% of critical vulnerabilities are actually worth prioritising, yet teams spend around 130 hours per week monitoring threats and more than 20 minutes of manual effort on each individual vulnerability. If you’re starting out with one million tickets, even cutting a queue by 90% could still leave tens of thousands of problems demanding attention.
Aisy, an AI-native threat prioritisation startup emerging from stealth today, is approaching the problem “backwards”. Instead of starting at the ticket level, it looks at business objectives and threat models first, figures out the big-picture problems, and uses context to assess what steps need to be taken from there.
The company is emerging from stealth with $2.3m in seed funding from Flying Fish Ventures, Osney Capital, and 6DC to tackle what founder and CEO Shlomie Liberow sees as cybersecurity’s volume trap. He says it all comes down to simplifying things and reducing security tool overwhelm.
“This is a very challenging area to get right, because you can't really get it wrong,” Liberow tells Pathfounders. “You can't get it right 50% of the time or even 80% of the time and be okay with that. And so the whole theme throughout is, how do we keep it really simple? It doesn't feel like there's a lot going on, but there's a lot of work that we have to do in the background to make it feel that way.”
This idea is clearly a core tenet of the company, even down to the design aesthetic — futuristic, calming landscapes that seem more likely to feature as the background to a meditation app than a cybersecurity platform.
“The focus, the branding, the vibe is all about bringing a bit more simplification to the world that’s usually lots of flashing lights and scary colours,” he adds, “but doing so in a confident way.”
With more than eight years of experience in the bug bounty space, Liberow is a self-taught hacker and bug bounty hunter who previously led hacker R&D at HackerOne. He left his role early last year to start working on Aisy, which was inspired by his own experience in the field, and the platform uses the same reconnaissance techniques bug bounty hunters would use for discovery.
“I realised that it's very difficult for people to operate when they don't have the headspace and the bandwidth to look at every single ticket. [...] So we're able to say, these are the three things you need to worry about. And this is why. And here's the story. And if you want to dig in deeper, we can do that.”
Differentiating in a crowded space
Rather than approaching security from a ticket level, which Liberow describes as “essentially whack-a-mole”, the platform asks users what problem they want to solve — that could be key products, customer journeys, sensitive systems — and then searches for anything that threatens those priorities.
The startup is not trying to replace the many background scanners and security products companies already rely on. Its target is the layer where a user has to log in, interpret alerts and decide what matters.
The company is entering an increasingly busy field. British startup Maze raised $25m Series A last June in a round led by Theory Ventures that added to a $6m seed round, while Cogent Security raised $11m last July and Zafran Security, slightly further along on its growth journey, secured $60m Series C funding last month.
“This space generally is crowded, no doubt,” Liberow says, “especially in the last two years, where you can just say anything and claim anything and do a good proof of concept. And so it was more about how we convey the background to what we're doing and why we're doing things differently.”
He began working on Aisy in early 2025 after a series of advances in machine learning made him realise that his bug bounty experience could be translated into software. Funding followed at the end of the year, and Liberow intentionally looked outside of the cyber space, hoping a more AI-focused fund would help extend access to more AI specialists, though they also have one cyber VC and one more traditional European firm for “access to old school markets”.
“Companies are facing an explosion in their attack surface while security teams are overwhelmed with data,” Flying Fish Ventures partner Vanessa Pegueros said in a statement. “Aisy’s attacker-driven approach transforms vulnerability management from reactive triage into proactive risk reduction. Aisy gives CISOs and other security leaders a far more accurate view of their real exposure with the context security leaders need to make better decisions and move faster.”
Aisy’s backers also include advisers and angels from DeepMind, Cisco, HP and Trail of Bits. Liberow plans to use the funds to double down on ML, bring in hacking experts as contractors, add three more people to his current team of three (Liberow, an ML specialist, and a core engineer,) and open a London office this quarter.
Owning the context layer
The security and vulnerability management market is projected to grow from $17.55bn in 2025 to $24.7bn by 2030, but Liberow believes success will depend less on new detection techniques than on scaling human expertise.
“We're not using AI for creativity — we're using it to scale the creative expertise that we already have,” he says. “The more niche the knowledge, the better, because that's where new companies can offer deep value alongside AI, by bringing deep domain understanding that off-the-shelf AI models can't match.
Recent breakthroughs in AI’s reasoning capabilities, context management, and compute costs will allow the startup to scale what has previously been incredibly time-consuming manual work.
“I feel like if we wait another year, who knows where things will go. I think this is the right combo of good enough capabilities to be able to start scaling up that knowledge and then tweaking it from there.”
Long term, Liberow describes this as owning the context above the tools.
“I want to own the context layer more than anything else,” he says. “Vulnerability management is a stepping stone to solving a problem. But what I really want to do is understand what matters to the organisation, who's involved, who's talking to who, why things are important, and when you do that you can unlock vulnerability management, but you can also unlock a lot of other things…eventually.”