Oneleet Secures $33M to Revolutionize Safety Compliance! 🚀

Bryan Onel’s father was a locksmith. As for Onel, he described himself as the digital equivalent.

Ethical hacking was Onel’s hobby growing up. He studied AI at university and then turned that hacking hobby into a profession. “I spent a decade performing penetration tests for over 150 companies across all sectors,” Onel tells TechCrunch, adding that he kept easily breaking into companies that had passed their security checks. 

Onel realized that security often fell within two brackets: Painful but effective, or painless but ineffective, he said. Most companies were doing the bare minimum in cybersecurity and compliance, as it often takes too much work — and tools and talent — to provide effective security defenses. 

Onel’s clients kept asking if he could provide a solution to their problems, so he gave it a shot. 

In 2022, he teamed up with his wife, Ora, and college friend Erik Vogelzang, and launched Oneleet, an all-in-one security compliance platform. The startup aims to help other companies get their security certifications while helping them become more secure faster. 

Onel tells TechCrunch that most existing compliance platforms are evidence-collection tools, where users import data from their various products, pay a fee, and then voila! — out spits a security certificate saying they are secure. 

“The result is compliance theatre,” Onel tells TechCrunch. “You’re certified on paper, but still vulnerable to all kinds of attacks.” 

Oneleet is different, said Onel. The platform includes a suite of security tools: penetrating testing, code scanning, cloud data security, attack surface management, security training, and more, he said, which aims to provide a better window into a company’s security defenses.

“Because it’s integrated from the ground up, we can deploy comprehensive security with the click of a button,” Onel continued. “That saves clients hundreds of hours and eliminates the blind spots that come from managing fragmented tools.” 

Oneleet then partners with independent auditors to provide formal certification reviews. 

On Thursday, Oneleet announced it raised a $33 million Series A funding round led by Dawn Capital to help grow the business. Onel called his fundraising process “straightforward,” and said he met Dawn Capital in San Francisco, where he described “immediate chemistry.”

“They already had deep knowledge of the security and compliance space and immediately understood what we were building at Oneleet, so there was instant alignment,” said Onel.

Other investors in the round include Y Combinator, Dropbox co-founder Arash Ferdowsi, and former Snowflake and ServiceNow chief executive Frank Slootman. Oneleet participated in the Summer 2022 class of Y Combinator, and said two-thirds of new additions to the VC firm’s portfolio companies are now its clients. 

Competitors in this space include Vanta, Secureframe, and Sprinto. For its part, Oneleet has reached $9 million in annual recurring revenue and has raised $35 million in total to date.

The fresh cash injection will be used to expand Oneleet’s engineering team, increase its AI capabilities, and to find ways to reach more customers. The goal is to end security theatre in compliance, he said, at a time when defending against cyberattacks is more important than ever.

Onel said that AI is changing the scale of cyberattacks. He said, for example, advanced bad actors are automating cyber crimes, while lowering the bar for novice hackers to strike with malicious attacks. 

He said companies are also being reckless, like carelessly using “vibe coding” tools, or giving AI access to business-critical information without the right guardrails. In the world of compliance, Onel said, companies can use AI to generate fake documentation to make it seem as if the business is more secure than it is. 

Onel says his company heavily uses AI, working in the background for threat modeling and other security assessments, and also helps draft policies. But, he said, the company has a human team verifying information so the client does not see any hallucinations. “We’re responsible about it,” he said. 

“Good security should be invisible,” Onel continued. “Companies should spend less time worrying about security and more time building great products. We have a shot at helping companies defend themselves more effectively than ever before.”

This story was updated to fix errors regarding ARR.