Modern websites are increasingly complex, loaded with third-party apps, scripts, and external services, which create hidden vulnerabilities. Assessing and controlling this expanding attack surface is a challenge for enterprises.
Reflectiz addresses this with a fully agentless, AI-powered platform that continuously monitors all client-side activity remotely, with no need for code changes or data access. Its AI engine can instantly de-obfuscate suspicious JavaScript, offering real-time insights that usually take weeks to analyse manually.
Today, Reflectiz closed a $22 million Series B funding round led by Fulcrum Equity Partners, with participation from Capri Ventures, YYM Ventures, and AFG Partner. This funding aims to expand product development, bolster its global team (notably in Boston), and increase its market reach and partner network.
In a conversation with TFN, Reflectiz CEO Idan Cohen shares, “We’ve raised $27 million in total funding, including our most recent Series B round”
Bringing continuous threat exposure management to the web
Founded in 2019 by Idan Cohen (CEO) and Ysrael Gurt (CTO), the company focuses on protecting websites from modern client-side threats arising from third-party tools, open-source components, and dynamic scripts.
Cohen tells TFN, “Reflectiz was born out of a challenge Idan and Ysrael saw firsthand while working together at Bugsec. As security advisors to third-party providers, they noticed both sides struggled with trust – providers lacked visibility to prove their security levels, and organisations relied on questionnaires that didn’t tell the full story. Everyone wanted a better way to verify real activity and risk. That’s what inspired Reflectiz: to bring transparency and validation to what’s really happening across the web ecosystem.”
Reflectiz’s platform offers complete inventory mapping of all web components, including first-, third-, and nth-party scripts and applications. Its AI engine analyses behaviour, detects malicious activity like web skimmers, and assesses risk levels, delivering automated, real-time alerts.
Unlike generic vulnerability scanners, Reflectiz targets client-side threats, providing a proactive defence against supply chain attacks and privacy violations. The platform’s capabilities include automated mapping, behavioural analytics, and a unique exposure rating system benchmarked against industry peers, helping companies understand their web threat exposure and prioritise actions efficiently. Its agentless, remote operation is a significant competitive advantage.
Cohen elaborates, “Traditional solutions focus on vulnerabilities in a company’s own code; we focus on the risks that come from everywhere – the external scripts, tools, and tags companies don’t directly control, misconfigurations, and business logic issues. We’re not just looking for the next known vulnerability. That’s where we see the biggest, fastest-growing exposure, and where we are pushing the industry forward.”
What’s next?
Reflectiz plans to leverage its recent funding to enhance its platform’s features within its CTEM (Continuous Threat Exposure Management) framework, focusing on scalability and AI risk scoring accuracy. The company aims to deepen its presence in sectors such as financial services, healthcare, and e-commerce, expanding its global footprint.
Cohen concludes, “Our new funding will enable us to expand our current product offering to provide comprehensive CTEM for websites, support our growing partner and alliances network, and accelerate our go-to-market efforts. It will also fuel our establishment of our global headquarters in Boston, where we are rapidly growing our team. “
Jim Douglass, Partner at Fulcrum Equity Partners, adds, “Their platform delivers a scalable solution that enables enterprises to safeguard their digital footprint with clarity and speed. We’re proud to back their mission and help accelerate their expansion.”
