Truffle Security has raised $25 million to scale its open source rooted TruffleHog Enterprise platform.
Truffle Security Co., the open source security software company behind the widely used TruffleHog tool, has secured $25 million in new funding to expand protection for secrets and nonhuman identities across modern software environments. The investment will accelerate growth of TruffleHog Enterprise, which delivers enterprise-grade detection, verification and remediation of leaked credentials in codebases and cloud systems.
TruffleHog, originating as an open source scanning engine, remains central to the company’s approach. It is designed to identify exposed API keys, tokens, passwords and other nonhuman identities, supported by hundreds of detectors capable of scanning repositories, cloud environments and development pipelines.
TruffleHog Enterprise layers on continuous monitoring and SDLC integration to determine whether a discovered secret is active, what systems it touches and the potential blast radius, enabling security teams to prioritise response with context.
The round was led by Intel Capital Corp. and Andreessen Horowitz (a16z), with participation from Abstract Ventures, Lytical Ventures and security leaders including Casey Ellis (BugCrowd), Emilio Escobar (CISO, Datadog) and Haroon Meer (Founder & CEO, Thinkst Applied Research). The company previously raised $14 million in December 2021.
“As AI transforms how software is built, the security surface is expanding just as quickly,” said Martin Casado, General Partner, Andreessen Horowitz. “Truffle Security is tackling one of the most urgent challenges in this new era, which is protecting codebases from secret exposure at scale.”
Truffle Security also launched a GCP Analyze add-on to reduce remediation time for leaked Google Cloud Platform credentials by providing instant access and permission context, built on its verified secret detection engine to minimise false positives.
