Reclaim Security raises $20 million Series A to automate cyber remediation
The Israeli startup aims to close the growing gap between AI-powered attackers and slow manual patching.
Cybersecurity startup Reclaim Security has raised $20 million in a Series A funding round led by Acrew Capital, with participation from Ibex Investors and QP Ventures. To date, the company has raised $26 million, including a previous Seed round.
Founded in 2024, Reclaim was established by CEO Barak Klinghofer, who previously sold Hexadite to Microsoft; Chief Product Officer Roy Peretz, who sold WhiteBox Security; VP Engineering Yaniv Waksman; and VP Research Or Virnik. The company employs about 30 people, 25 of them in Israel.
Reclaim has developed an automated vulnerability remediation platform designed to help organizations move beyond simply identifying security weaknesses to actively fixing them. The system combines AI-based automation with simulations tailored to each company’s business environment, allowing security teams to prioritize and implement remediation actions more effectively.
“We take the vulnerabilities identified across the organization, analyze how the company operates, and provide clear guidance on what needs to be done to prevent harm,” Klinghofer said in an interview with Calcalist. “The challenge today is that organizations receive recommendations from many different systems. It becomes difficult to decide what to fix first and understand the consequences of each action. We are trying to create trust for the person who needs to make that decision. Our system also knows how to fix the problem.”
The company has also had to adapt to the ongoing conflict with Iran. “Our offices are in Tel Aviv, in the Sarona area, and we have completely shifted to remote work,” Klinghofer said. He added that he recently had to cut short a client call due to an air-raid siren, which clients accepted with full understanding.
Most employees live in Tel Aviv but have temporarily relocated to quieter areas. “We learned lessons from previous rounds of conflict,” Klinghofer said. “Maintaining daily communication is important for everyone, and we are working to preserve operational continuity.”
Klinghofer acknowledges that the rapid evolution of AI tools, including Claude, is reshaping the cybersecurity landscape.
“In practice, we write many AI agents daily, but we also have concerns,” he said. “It used to take five years to build a company. Today it takes much less time, for us and for competitors.”
He believes AI will significantly change workforce dynamics in engineering. “Ultimately, we will need fewer people in engineering. If everyone becomes more productive, you need fewer engineers. Companies are expanding and then adjusting, riding the AI wave to make changes they would have needed to make anyway.”
The urgency is underscored by a widening gap between attackers and defenders. While attackers’ time to breach systems has shrunk to just 27 seconds, companies still require an average of 27 days to patch critical vulnerabilities.
Over the past decade, organizations have invested heavily in tools that detect vulnerabilities. However, remediation remains largely manual, slow and operationally risky, resulting in a growing backlog of unresolved exposures.
“The recent launch of Claude Code, which caused traditional security giants to lose billions in market value, is a serious wake-up call,” Klinghofer said. “Tools like these can identify hundreds of vulnerabilities in seconds, but they also give attackers a fast, autonomous engine to exploit them. If remediation still requires manual review of every task, we are losing the race.”
Reclaim’s platform analyzes how real attack techniques could unfold within a specific environment, evaluates how existing defenses would respond, and predicts the operational impact of remediation steps before they are implemented.
By combining attack-path analysis models with business-aware remediation, the system aims to neutralize exploitable attack paths at scale without disrupting critical operations. The goal, according to the company, is to shift organizations from reactive “assume breach” strategies to proactive risk reduction.
