Arnica, a behavior-based solution for software supply chain security, announced today the general availability of its product and $7 Million in seed funding. The round was led by Joule Ventures and First Rays Venture Partners, with angel investment from industry leaders including Avi Shua, co-founder & CEO of Orca Security, Dror Davidoff, co-founder & CEO of Aqua Security and Baruch Sadogursky, Head of Developer Relations of Jfrog. Arnica will use the funds to accelerate product development and scale its go-to-market teams.
Software supply chain attacks are on the rise, increasing by 650% in just the last year. According to a recent IBM report, supply chain attacks now account for one-fifth of all data breaches and the average cost of a supply chain compromise has hit an all-time high of $4.46 million. Despite the growing threat, companies are hesitant to take drastic measures to achieve complete protection out of fear that it will harm their developers’ agility.
Arnica uses machine learning algorithms to identify the nuances of how each developer works and validates the authenticity of every change they make to the code. This allows Arnica to detect a would-be attacker who’s impersonating a developer, and prevent them from pushing malicious code to the codebase.
The platform also helps organizations manage excessive permissions and reach least-privileged status, minimizing the “blast radius” of a potential breach without impacting developers’ workflow. Arnica automatically revokes privileges that are not being used, while deep integrations with everyday tools like Slack enable developers to regain permissions when they are needed. By providing self-service access management in just a few clicks, Arnica circumvents the usual friction needed to maintain minimal access to source code repositories.
“The golden rule when hardening developer environments is: Do not harm developer velocity,” said Nir Valtman, Co-Founder and CEO of Arnica. “A developer’s ability to rapidly and seamlessly make code changes and ship products to users has a direct impact on revenue, so getting in the way of that is a non-starter for organizations. We created a solution that not only protects but empowers developers, allowing them to continue working in their preferred manner — but within a safe environment. We believe that by learning how developers work, we can both protect the company’s code and at the same time, enable and support developers.”
“In a market full of security solutions adding only incremental value, Arnica’s instant resolution-oriented approach is a game changer for enterprise dev teams,” said Brian Rosenzweig, Partner at Joule Ventures. “Arnica goes beyond just flagging security problems — every issue that is identified can be immediately addressed with a provided one-click fix. This allows businesses to quickly protect their software supply chain from attacks, while behavior-based detection ensures it remains secure in the long term. Arnica’s pragmatic approach and advanced technology enable companies to avoid costly breaches without compromising on agility.”