November 7, 2023 at 08:06AM
Israeli application security startup Myrror Security has come out of stealth mode with $6 million in funding. The Tel Aviv-based company aims to address security threats in the software supply chain by using AI and binary-to-source code analysis. It identifies malicious code in open source dependencies and CI/CD attacks in real time during the development phase. The funding will be used to enhance the company’s products and expand distribution channels.
Myrror Security, a Tel Aviv-based startup that was founded in 2022 as BlindSpot Security, has recently emerged from stealth mode with $6 million in funding from Blumberg Capital and Entrée Capital. The company aims to disrupt the software supply chain threat landscape and secure the entire software development lifecycle.
Myrror Security’s platform utilizes AI and binary-to-source code analysis to identify threats in real time during the development phase, before they make it to production. It focuses on addressing the presence of malicious code in open source dependencies, as well as continuous integration and continuous delivery (CI/CD) attacks.
To analyze dependencies, the company fetches their original source code from public or private repositories and compares it to identify potential compromises. By continuously scanning dependencies for changes and indexing new versions, while filtering dynamically-generated code and compilation noise, the platform can pinpoint any unauthorized code in the binary.
The company also maintains its own database of open source software, which it uses to validate binary artifacts and detect code changes. It fetches data from multiple external databases and performs reachability analysis and enrichment to check for vulnerabilities.
Once an issue is detected, Myrror Security notifies the customer in real time, allowing them to take immediate action. The company is also working on adding features that provide users with context about additional code identified in dependencies, identify compromised packages fetched dynamically in production, and check an application’s post-execution calls.
In addition to its threat detection capabilities, Myrror Security provides a Code Aware SCA solution that identifies vulnerable functions within the analyzed code and offers mitigation plans to help customers remediate identified risks.
The recent investment will support the startup in adding new capabilities to its products and expanding its go-to-market distribution channels. The goal is to help security teams protect their organizations from attacks and streamline the alert management process without requiring significant changes to existing engineering practices.