We’re thrilled to announce that we’ve raised $4.2M to build SubImage: security software that maps your infrastructure. You can think of us as an open-core alternative to Wiz.
We quietly closed the round before YC Demo Day and have spent the past seven months heads-down building with our early customers. Now felt like the right time to share what we’ve been up to.
Cloud environments are more complex than ever. With the rise of AI, ephemeral compute, and shifting access models, the attack surface is changing faster than security teams can keep up.
Organizations need to know what assets they have and how they’re configured, because getting that wrong means getting hacked.
Today, many still rely on spreadsheets or proprietary tools that lock data behind APIs, limit automation, and restrict integrations. We believe there’s a better way.
We’re the team behind Cartography, which we built in 2019 at Lyft to secure cloud-native environments. Since then, more than 70 companies have adopted it in production. The project joined the CNCF last year, recognized for its reliability, extensibility, and strong community.
Cartography gives security teams a superpower: it maps data from multiple sources into a single graph, helping answer questions like: Who has access to what, and should they have that access? Which assets are exposed to the internet, and could those exposures lead to vulnerable systems with access to sensitive data? From where in the supply chain was a container image vulnerability introduced?
SubImage takes Cartography to the next level: it combines the polish and ease of use of a paid platform with all of the benefits of being based on an open core library.
To us, open source means more than just “free as in beer.” It means teams can extend the platform, debug and introspect their own data, and unblock themselves instantly instead of waiting days for vendor support.
Kunaal and I have spent our careers on security teams across government, enterprises, and hypergrowth startups. Most tools can tell you what’s exploitable but not what’s relevant. They treat every company the same, flooding teams with millions of findings that don’t reflect real risk. SubImage uses AI to learn each organization’s context and surface the issues that genuinely matter for that environment.
We believe the future of security platforms is open, interoperable, and graph-driven. We can imagine a world where a Cartography-style representation of your infrastructure becomes an industry standard.
We’re just getting started, and we’re excited to build this future together with the security community.
