Connect with us

Hi, what are you looking for?


Application Security

Myrror Security Emerges From Stealth Mode With $6 Million in Funding

Myrror Security emerges from stealth mode to disrupt supply chain attacks with binary-to-source code analysis.

Israeli application security startup Myrror Security today emerged from stealth mode with $6 million in funding from Blumberg Capital and Entrée Capital.

Founded in 2022 as BlindSpot Security, the Tel Aviv-based firm aims to disrupt the software supply chain threat landscape and secure the entire software development lifecycle.

Myrror Security’s platform tackles the presence of malicious code in open source dependencies, and continuous integration and continuous delivery (CI/CD) attacks.

For that, the startup combines AI with binary-to-source code analysis to identify threats in real time during the development phase, before they make it to production.

The company fetches dependencies’ original source code from public or private repositories, depending on whether the package is open source or proprietary, and uses it for analysis and comparison, to identify potential compromises.

By continuously scanning dependencies for changes and indexing new versions, while filtering dynamically-generated code and other compilation noise, the platform can identify any code in the binary that should not be there, Myrror Security CEO and co-founder Yoad Fekete told SecurityWeek.

Additionally, Myrror maintains its own database of open source software, which it uses for the tampering binary-to-source validation, which essentially reverse-engineers binary artifacts to identify code changes.

“To check for vulnerabilities, we fetch data from multiple external databases and then save it internally after performing reachability analysis and enrichment,” Fekete said.

Advertisement. Scroll to continue reading.

Once an issue is identified in the analyzed package, the customer is notified in real time, so they can take the appropriate steps immediately.

Fekete also says that the company is working on new features to provide users with context about any additional code identified in dependencies, to identify compromised packages that are fetched dynamically in production, and to check the calls an application makes after execution.

Myrror also provides a Code Aware SCA (Software Composition Analysis) solution to identify vulnerable functions within the analyzed code, along with mitigation plans to help customers remediate identified risks.

The new investment will help the startup add new capabilities to its products and expand its go-to-market distribution channels.

“The integration of unverified open source components into the software development process creates a massive attack risk on one hand, and a large amount of false positives for security teams on the other hand. We founded Myrror Security to help security teams protect their organizations from attacks and sort through their mess of alerts before code gets to production, without requiring any engineering behavioral change,” Fekete said.

Related: FusionAuth Snags $65 Million Investment for Customer Identity Tech

Related: SIEM and Log Management Provider Graylog Raises $39 Million

Related: Blockaid Emerges From Stealth With $33 Million Investment

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.