Cybersecurity company RAVEN.IO, which develops a platform designed to protect applications while they are running and stop attacks in real time, announced this week that it has raised $20 million in a seed round and a post-seed investment.
The funding was led by Norwest and Elron Ventures, with participation from investors in Israel and abroad including RedSeed, UpWest, SentinelOne, Jibe Ventures, Dnipro VC and CyberFuture, Elron’s cybersecurity micro-fund. The company said the money will be used to accelerate product development, expand go-to-market activity in the United States and grow its workforce.
RAVEN.IO was founded in 2023 by Roi Abitboul, the company’s chief executive, Guy Franco, its chief technology officer, and Omer Yair, its chief research officer. The three founders are veterans of elite Israeli military cyber and technology units and have decades of combined experience in cybersecurity systems and technology leadership.
After their military service, the founders worked in malware research and cyber consulting. In 2014, they founded Javelin Networks, an endpoint protection company that was acquired by Symantec four years later for tens of millions of dollars. Following that deal, they led development of Symantec’s endpoint detection and response, or EDR, and cloud protection products.
The company says it is addressing what its founders see as a major gap in server security: many existing protection tools focus on operating systems and basic processes but lack visibility into what is happening inside the application itself, where many sophisticated attacks occur.
RAVEN.IO said its technology operates inside applications at runtime, mapping execution chains and creating a unique fingerprint for each path. When an attacker exploits a vulnerability and changes the normal execution pattern, the company said, the platform can detect the deviation in real time, issue an alert and stop the suspicious process without shutting down the entire application.
The company said its system does not depend on signatures or known Common Vulnerabilities and Exposures, or CVE, lists, allowing it to block attacks even when the underlying vulnerability has not yet been publicly disclosed. It said the technology, developed after an extended research effort, has been registered in three U.S. patents and is designed to run inside applications in real time without slowing performance or disrupting operations.
RAVEN.IO pointed to a December 2025 attack known as React2Shell, identified as CVE-2025-55182, which it said affected about 40% of servers worldwide despite protections such as web application firewalls and EDR tools. The company said its platform is designed to stop exploitation of similar vulnerabilities in real time.
The company said it has a double-digit number of customers, most of them large enterprises in financial services, banking and insurance, and that it also operates in other sectors considered highly sensitive to application and supply-chain incidents.
“In an era where AI tools can identify and exploit vulnerabilities at unprecedented scale and speed, organizations can no longer rely solely on signatures or on CVEs published after the fact,” Abitboul said. “We founded RAVEN.IO to enable organizations to precisely prevent attacks and to truly understand, in real time, what is happening inside their applications, without compromising performance or business continuity.”
Yaniv Shnieder, chief executive of Elron Ventures, said application security is one of the fastest-growing areas in cybersecurity and that runtime application security is emerging as one of its fastest-growing segments.
“The shift toward modern architectures, cloud environments, and accelerated AI-driven development is creating a need for a deeper security layer within the application itself,” he said.
Dror Nahumi, a general partner at Norwest, said the cybersecurity market is shifting from code-level vulnerability detection to runtime detection and prevention, a change he said is being accelerated by the growth of AI-generated code and the broader attack surface it creates.
“The Raven team has previously demonstrated deep technological expertise in building runtime exploit prevention solutions, deployed in complex, large-scale production environments,” Nahumi said. “Today, they are leveraging these capabilities to return control over vulnerability management to application owners.”