The future of cybersecurity is non-human: Why we’re leading Clutch Security’s Series A

New backdoors are more common than you think. Over the last decade, enterprises have collectively spent billions of dollars building a fortress of identity solutions to protect their crown jewels and mission-critical systems. Companies are increasingly treating identity as the new security perimeter to their environments, and rightfully so—nearly every major attack today leverages misconfigured or stolen credentials in some shape or form. 

As cybersecurity teams continue their never-ending cat-and-mouse game with bad actors, a common theme has emerged—there’s always a new backdoor.

Modern identity infrastructure is a mosaic of fragmented solutions, and most companies find themselves managing an ever-growing volume of identity assets sprawled across numerous tools and environments. Over time, the industry has continued to refine a rigorous set of best practices around managing workforce identity, with entire sub-categories such as PAM and IGA being created to serve new use cases. Despite this, cybersecurity teams are in a never-ending battle against bad actors to account for every backdoor, with news headlines around hacks and breaches showing no signs of letting up. Attackers don’t hack in; they just log in.

Despite our best efforts to layer multiple identity solutions to cover all possible edge cases, accounting for every backdoor has proven to be a non-trivial task. In fact, enterprises are now turning their attention to an emerging and significant invisible network of backdoors known as non-human identities (NHIs).

The critical need to protect NHIs is why we’re excited to lead Clutch Security’s $20 million Series A, alongside Lightspeed Venture Partners and Merlin Ventures.

Automating NHI security for the machine-first era

Clutch Security is redefining how enterprises secure machine identities and is addressing a critical need across all types of businesses. Over the last year, they’ve developed a universal NHI security platform that tracks the visibility and lineage of every NHI in real time. Think of it as a family tree for every asset, offering detailed context into its origin, associated people, storage, consumers, resources, relationships, and risks. Clutch also enforces best practices for NHI lifecycle management - from creation to decommission and access controls, eliminating stale or over-provisioned NHIs that are often sitting ducks for attackers.

‎The rapid adoption of cloud, AI, and DevOps automation has led to an explosion of NHIs—assets such as API keys, service accounts, tokens, and secrets. These assets were created to enable business automation and integration but unintentionally created backdoors for attackers into a company’s environment, even with the layers of identity tools. Most companies are still operating in the dark when it comes to NHIs, despite them outnumbering human identities by 45:1 and being a foundation of their digital ecosystems. There were over a dozen major breaches related to NHIs in the last year alone, with bad actors leveraging these credentials to gain access to other resources and data within a company’s environment.

"Our unique Zero Trust approach to NHI security has resonated deeply with enterprise customers. This funding is a testament to the outstanding traction we’ve seen, the trust we’ve built, and the growing recognition that NHI security is no longer optional—it’s critical. We’re excited to continue scaling our team and our impact."

- Ofir Har-Chen, CEO, Clutch Security

Clutch Security’s differentiated approach

Many security teams still don’t know the true footprint of machine identities spanning across their diverse environments - cloud, SaaS, and on-prem, and don’t have dedicated tools to discover and monitor NHIs in real time to detect misuse. To keep up with adversaries, they need the ability to get a complete, 360-degree view of all NHIs, alongside their lifecycle status and risks, proactively limit their exploitation, and trigger immediate action to keep bad actors out. Companies have tried to treat NHIs like a human identity and thrown existing tooling at the problem, but incumbent solutions cannot support the dynamic and complex nature of these assets. 

Clutch offers a purpose-built, enterprise-grade platform designed to discover, secure, and manage NHIs across an organization’s infrastructure. Clutch takes a differentiated, Zero Trust approach, continuously monitoring and validating NHI usage to prevent unauthorized access. Even if an NHI is compromised, it remains useless to attackers thanks to Clutch’s ongoing verification processes.

To further minimize risk, they enable the transition from static, long-lived NHIs to ephemeral, auto-expiring identities, dramatically reducing exposure windows and limiting damage in the event of a breach.

Clutch’s research debunks the belief that rotating secrets is enough to deter attackers—a dangerous misconception that leaves organizations vulnerable. As non-human identity sprawl accelerates with the rise of agentic workflows, Clutch champions the proactive Zero Trust approach that not only minimizes the attack surface but also eliminates the operational complexity and inefficiencies of traditional rotation policies.

Clutch’s holistic approach secures NHIs and reduces operational burden—a key advantage for enterprise CISOs looking to streamline identity management and security.

We were impressed with Clutch’s innovative vision around ephemeral identities as a dynamic and scalable approach to securing and managing NHIs, including those associated with AI agents. Unlike long-lived credentials that remain vulnerable if exposed, ephemeral NHIs are short-lived and automatically expire after a set period (eliminating the need for rotation). By dynamically generating and revoking these credentials, the attack surface and the window of opportunity for attackers are significantly minimized, stopping new backdoors at the source.

Their founding team is led by an exceptional team of cybersecurity veterans, including:

• CEO Ofir Har-Chen, formerly the COO of Hunters.io, who scaled several business units over his tenure. Before that, he spent 10+ years in various cybersecurity roles focused on incident response and threat modeling.
• CTO Sagi Haas and VP of R&D Tal Kimhi, who served together as senior technical leaders in the Israeli Defense Force's elite 8200 cybersecurity division. The two later continued their collaboration at cybersecurity startup Axonius, where they held key R&D leadership roles.

We’ve been impressed by the team’s unique blend as strong commercial operators and technical practitioners. They're also emerging thought leaders in the NHI space with their recent release of the NHI Index, a centralized resource for understanding and managing NHIs in the modern IT landscape. 

“Enterprises are finally realizing that NHIs are the bedrock of their digital ecosystems, but they lack the tools to secure and manage them proactively and effectively. Clutch Security has emerged as the leader in this space, combining innovative technology and vision with exceptional execution. We’re proud to support them in this critical mission.”

- Jonathan Lim, Partner, SignalFire

The SignalFire advantage: AI-driven, expert-led, founder-focused

We look forward to partnering with Clutch to collaborate on several key growth initiatives. Our team of go-to-market experts, led by the former CMO of Stripe, Jim Stoneham, help Clutch reach target customers identified by our in-house data science team, while our people and talent experts, led by the former head of people at Webflow, Heather Doshay, use our Beacon AI talent engine to help Clutch hire the best engineers as they expand to the U.S. from Tel Aviv. SignalFire's in-house PR expert Josh Constine also advises them on PR and brand building.

As AI reshapes the enterprise and fuels an explosion of NHIs across the modern digital ecosystem, securing these identities has never been more critical to preventing backdoor attacks and downstream breaches. Clutch will help companies securely scale up agentic workflows while ensuring backdoors don’t exist in the first place.

If you’re an enterprise security leader looking to secure your NHIs and future-proof your identity security strategy, we’d love to connect you with their team. Email us at varun@signalfire.com.