Orca Security, Inc.
 | |
| Private | |
| ISIN | 🆔 |
| Industry | |
| Founded 📆 | |
| Founder 👔 |
|
| Headquarters 🏙️ | |
Area served 🗺️ | |
Key people |
|
| Products 📟 | Orca AI, SideScanning™ Technology, CNAPP, CSPM, CWPP, CIEM, DSPM, Container & Kubernetes Security, Cloud security, Vulnerability Management AI-SPM, API Security, Application Security, Orca Sensor |
| Members | |
Number of employees | 374 (2025) |
| 🌐 Website | orca |
| 📇 Address | |
| 📞 telephone | |
Orca Security is an Israeli-American cloud security company headquartered in Portland, Oregon. The company develops a Cloud-Native Application
Protection Platform (CNAPP) that provides agentless scanning technology for multi-cloud environments, including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
History
Orca Security was founded in January 2019 by eight co-founders: Avi Shua, Ety Spiegel, Gil Geron, Hadas Amitay, Liran Antebi, Matan Ben-Gur, Shay Filosof, and Wagde Zabit.[2]
The company's technology, SideScanning™ - marketed as an agentless approach to analyzing cloud environments - was first introduced in 2019.[3]
Orca was founded during a period of increased adoption of cloud computing, with its products positioned to address security and visibility challenges in multi-cloud environments.
In its early years, Orca Security expanded its platform to include pre-deployment capabilities along with runtime security features. The company stated that these additions were intended to provide identification, prioritization, and remediation of security risks across cloud services such as AWS, Azure, and Google Cloud Platform.
The company has focused on establishing partnerships with a number of technology companies, including Jira, Slack, and ServiceNow, to support the interoperability of cloud security.
Orca Security has expanded its operations and market reach. By late 2022, the company began its expansion into Australia and New Zealand.
Growth and Funding
Orca Security achieved unicorn status in March 2021 after a Series C round led to a US$1.2 billion valuation.[4] The company has raised over $600 million in venture capital, with funding rounds led by firms such as YL Ventures, ICONIQ Capital, CapitalG, Redpoint Ventures, and Temasek Holdings.[5] As of August 2025, Orca Security employed approximately 374 people, with offices in Portland, Tel Aviv, and London.
Technology
The SideScanning technology, developed and patented by the company in 2019, enables agentless monitoring of cloud workloads. Industry analysts, including Gartner, have identified Orca Security as a representative vendor in the CNAPP category.
In 2023, Orca announced integration with ChatGPT for cloud risk remediation and later supported GPT-4 via Azure OpenAI Service - attributed in industry coverage as firsts within the cloud security sector.[6]
Cloud-Native Application Protection Platforms (CNAPPs)
Orca Security’s platform is classified as a Cloud-Native Application Protection Platform (CNAPP), a category of cloud security solutions designed to combine the functions of previously separate tools. CNAPPs typically integrate Cloud Security Posture Management (CSPM), Cloud Workload Protection (CWPP), and Cloud Infrastructure Entitlements Management (CIEM) into a single system.
By consolidating these capabilities, CNAPPs aim to reduce operational complexity and improve the management of cloud security risks across multiple environments. Analysts note that these platforms can facilitate coordination between security, development, and operations teams while providing centralized visibility into cloud assets and configurations.
Agentless-First Approach
Orca Security employs an agentless deployment model, which provides monitoring and visibility of cloud resources without requiring the installation of agents on individual workloads. Unlike agent-based solutions, which must be deployed and maintained on each virtual machine or container, agentless approaches can access cloud assets remotely, potentially simplifying deployment and reducing operational overhead.
The company states that this model allows organizations to quickly assess security risks across their cloud environments, including misconfigurations, vulnerabilities, and permissions, without the need for ongoing agent management or modifications to existing infrastructure.
Automated Risk Management and Remediation
The platform continuously monitors cloud environments for security risks and compliance issues, including misconfigurations, vulnerabilities, malware, and policy violations, both before deployment and during runtime. Orca Security’s solution incorporates AI-based features that generate guidance for addressing identified issues.
These capabilities are intended to assist security teams in prioritizing risks and reducing response times for remediation. By providing structured remediation instructions and suggested corrective actions, the platform supports organizations in maintaining security standards and regulatory compliance across multi-cloud environments while enabling a more proactive approach to risk management.
Integration and Developer Experience
Orca Security’s platform is designed to integrate with development workflows, including CI/CD pipelines, and offers IDE plugins that provide feedback on potential security issues during coding. This integration allows developers to receive information about vulnerabilities or misconfigurations directly within their development tools, reducing the need to switch between multiple systems.
By embedding security visibility into the development process, the platform aims to support the adoption of secure coding practices, facilitate faster identification of potential risks, and help teams maintain consistent security standards across applications without disrupting normal development operations.
Products and partnerships
Orca Security's main product is its CNAPP platform, which provides risk assessment and compliance monitoring for multiple public cloud environments, including AWS, Azure, Google Cloud, Oracle Cloud, and Alibaba Cloud. The company maintains partnerships and integrations with major cloud providers and is recognized as an AWS Advanced Security Competency Partner and Google Advantage Partner.
In January 2022, Orca Security acquired Israeli web-application security firm RapidSec, which specialized in protection against client-side attacks. The acquisition - estimated by Calcalist to be worth around US $5 million in cash and stock—brought RapidSec’s team and technology into Orca as a new development group.[7]
In May 2025, Orca Security acquired Opus Security, an independent startup specializing in AI-driven cloud automation and remediation.[8] The acquisition - reported by independent technology and business press - was characterized as bolstering Orca's move toward AI-enabled autonomous security and remediation.[9]
Research
Orca Security's vulnerability research team has publicly disclosed several security issues in major cloud platforms, including
- "BreakingFormation" (AWS CloudFormation, January 2022)
- "AutoWarp" (Microsoft Azure, March 2022)[10]
- "SynLapse" (Azure Synapse, May 2022)[11]
- "CosMiss" (Azure Cosmos DB, November 2022)
- "Bad.Build" (Google Cloud Build, July 2023)
- "Sys:All" (Google Kubernetes Engine, January 2024)
- "LeakyCLI" (AWS/Google Cloud CLI, April 2024)[12]
Orca Security recently discovered additional vulnerabilities in 2025, such as CRD abstraction risks in Kubernetes orchestration and Azure Machine Learning privilege escalation.[13]
Government Support
Orca Security achieved FedRAMP Moderate Authorization in February 2025. [14] This certification allows Orca to provide security solutions to the federal government while meeting stringent regulatory requirements such as the CMMC and Executive Order 14028.
Industry recognition
Orca Security has appeared on the Forbes Cloud 100 (2023), CNBC Disruptor 50 (2023), and Forbes America's Best Startup Employers lists (2023, 2024). The company and its founders have been cited in various industry awards and analyst reports from Gartner and Frost & Sullivan.[15] [16] [17]
Legal Disputes
Orca Security v. Wiz (Patent Infringement, 2023–present)
In July 2023, Orca Security filed a patent infringement lawsuit against rival company Wiz, Inc. in the U.S. District Court for the District of Delaware. The complaint accused Wiz of “flagrant, ongoing, and unauthorized use” of Orca’s patented technologies concerning agentless cloud scanning and related methods.[18]
Orca alleged that Wiz had willfully infringed its patents - specifically referred to as the ’031 and ’032 patents - by reproducing features such as cloud snapshot analysis, attack path detection, and full-stack visibility, and by improperly hiring away Orca’s outside counsel and patent attorney to replicate its intellectual property. Orca sought damages, injunctive relief, and enhanced penalties, including tripled damages under U.S. patent law, as well as attorney’s fees and a jury trial.[19]
In June 2024, Wiz responded with a counterclaim denying all infringement. In its filing to the same Delaware court, Wiz accused Orca of copying its own patented technologies - claiming that Orca had infringed on Wiz’s patents related to holistic cloud security tools, attack path analysis, AI-driven risk detection, and large language model–based incident response - and had misused Wiz's confidential information. Wiz also requested dismissal of Orca’s claims and sought reimbursement for legal costs, along with a jury trial to address its counterclaims.[20]
As of mid-2025, the litigation remains ongoing, with both companies pursuing their respective claims in court.
See also
References
- ↑ Orca Security (13 October 2025). "Contact Us". Retrieved 13 October 2025.
- ↑ "Israeli cybersecurity startup Orca achieves unicorn status with $210 million series C". C Tech. March 23, 2023.
- ↑ "Orca Security scores $6.5M seed round to solve cloud native security". TechCrunch. June 12, 2019.
- ↑ "Orca Security raises $210 million, becomes 'unicorn' with $1.2 billion valuation". The Times of Israel. March 24, 2021.
- ↑ "Orca Security raises $340m at $1.8b valuation". Globes. October 5, 2021.
- ↑ "Orca Security combines the power of GPT-4 with the security and reliability of Microsoft Azure". Microsoft. August 28, 2023.
- ↑ "Orca acquiring web application security startup RapidSec". Calcalist Tech. January 19, 2022.
- ↑ "Orca snaps up Opus to advance automated cloud security". SC Media. May 20, 2025.
- ↑ "Orca Security acquires Opus to expand AI-driven cloud security automation". Silicon Angle. May 13, 2025.
- ↑ "Microsoft Azure 'AutoWarp' Bug Could Have Let Attackers Access Customers' Accounts". The Hacker News. March 8, 2022.
- ↑ "Microsoft resolves critical vulnerability in Azure Synapse after prior patches fall short". Cybersecurity Dive. June 14, 2022.
- ↑ "LeakyCLI Flaw Exposes AWS and Google Cloud Credentials". Infosecurity Magazine. April 16, 2024.
- ↑ "Orca Security tells AWS fail tale with a happy ending". The Register. January 13, 2022.
- ↑ "Orca Security Achieves FedRAMP Authorized Status to Help U.S. Government Agencies and Contractors Strengthen Cloud Security". SDX Central. February 13, 2025.
- ↑ "Disruptor 50 2023". CNBC. May 9, 2023.
- ↑ "Market Guide for Cloud-Native Application Protection Platforms". Gartner. August 5, 2025.
- ↑ "Best Startup Employers". Forbes.
- ↑ "Orca v. Wiz: Cloud's Latest Patent Fight". Futuriom. July 17, 2023.
- ↑ "Orca Security, Inc. v. Wiz, Inc" (PDF). Security Week. July 12, 2023.
- ↑ "Cyber wars: Wiz denies Orca's patent claims, strikes back with counterclaims". Calcalist. June 6, 2024.
External links
This article "Orca Security, Inc." is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Orca Security, Inc.. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.
