Echo, the leader in AI-powered secure software infrastructure, today announced it has raised $35 million in Series A funding led by N47, with participation from Notable Capital, Hyperwise Ventures, and SentinelOne. Echo is already securing production workloads for enterprise customers, like Varonis, EDB, and UiPath, with its AI-powered approach to eliminating container vulnerabilities at the source.
Nearly all modern cloud-based applications are built on container base images: a pre-built operating system layer that defines an application’s runtimes and dependencies. While these foundational images offer numerous portability and scalability benefits to millions of developers and are used by virtually all of the world’s largest enterprises, they also expose applications to significant security risks. In fact, according to Echo's research, official Docker images, like Python, Node.js, Go, and Ruby, each contain well over 1,000 known vulnerabilities (CVEs).
“Studies consistently show that more than 90% of container vulnerabilities originate from the base image layer rather than application code,” said Eylam Milner, co-founder and CTO of Echo. “This means large organizations with thousands of cloud services inherit millions of security issues before their engineers write a single line of code.”
Echo solves this with CVE-free container base images that are built from scratch to eliminate vulnerabilities at the source. Rather than trying to fix vulnerable open-source images, Echo reconstructs them with only essential components to reduce the attack surface, while maintaining full functionality. These hardened container images are drop-in replacements for standard Docker images. Developers simply change one line in their Dockerfile to switch from the vulnerable open-source version to Echo's clean equivalent, instantly eliminating the vast majority of their application’s vulnerabilities.
“Our time-to-value is instant, with customers immediately seeing their vulnerability count drop to zero when moving to Echo images,” said Eilon Elhadad, co-founder and CEO of Echo. “Security teams love us because we make them look like heroes overnight, and developers love us because they can stop wasting time fixing vulnerabilities in infrastructure they didn't even create.”
Echo uses purpose-built AI agents that work autonomously to create container images from scratch and maintain them as new vulnerabilities emerge. When a new CVE is discovered anywhere in the world, Echo's agents automatically research the vulnerability, identify affected images, find or develop fixes from unstructured sources (like GitHub comments, forums, and blogs), apply patches, run comprehensive compatibility testing, and create a pull request for human review. This AI-driven approach enables Echo’s team of 35 to maintain 600+ secure images. Using traditional methods, this would require hundreds of security researchers.
“AI agents now write more code than humans, while bad actors are using AI to compress exploit windows from weeks down to hours,” said Moshe Zilberstein, General Partner at N47. “This AI-versus-AI arms race makes manual vulnerability management obsolete. Echo is building what every Fortune 1000 company needs: the first operating system that's immune to vulnerabilities by design. They're positioned to capture massive value as the secure infrastructure layer for the AI-native era.”
"Echo saves at least 235 developer hours per release and has helped cut critical vulnerabilities,” said Dan Garcia, CISO of EDB. “For the first time in my career, engineers are thanking security for bringing in a tool like this. Echo has empowered our team to drive proactive, strategic security improvements.”
Echo was founded by Eilon Elhadad and Eylam Milner, veterans of Israel's elite 8200 and Ofek technology units. The pair’s previous software supply chain security company, Argon, was acquired by Aqua Security for $100M just one year after its founding.