Nudge Security
Researched 2026-06-28. Primary category: ai-access-governance. Founders are ex-AlienVault, not ex-Duo (task hint corrected).
One-liner — Agentless SaaS and shadow-AI discovery + posture platform that scans corporate mailboxes (Google Workspace / Microsoft 365) to inventory every app, account, OAuth grant, and AI tool employees have signed up for, then “nudges” users toward safer behavior.
What it does — Nudge Security catalogs an organization’s entire SaaS/AI footprint without endpoint agents or network changes. Its patented method uses machine learning to scan mailboxes for signup, welcome, invoice, and receipt emails, reconstructing which apps exist, who created them, what OAuth integrations are connected, and up to two years of historical SaaS spend. On top of discovery it layers SaaS security posture management (misconfigurations, identity risks, MFA gaps, supply-chain breach alerts across 200,000+ vendor profiles), identity governance/offboarding workflows, and a “shadow AI” use case that tracks AI app adoption, AI agents, embedded AI in existing SaaS, and “AI conversation monitoring.” The “nudge” itself is an automated, behavioral prompt delivered via browser, Slack, or Teams when risky behavior (e.g., signing up for an unvetted AI tool) is detected.
Where it sits in the stack — Spans sspm (its origin), ai-spm (AI posture/inventory), and ai-access-governance (governing which AI tools the workforce can adopt and how). Layer: model-prompt / governance-adjacent — it sits at the discovery-and-governance layer rather than inline on prompts. Risk role: it addresses sensitive-data exposure (knowing which third-party AI/SaaS tools hold or can reach company data) and outbound data flows (flagging risky OAuth grants and unsanctioned tools that move data out); it is not an inline runtime firewall, so it does not screen untrusted input. Trust zones: it helps illuminate the red/yellow boundary by inventorying where data is flowing to unsanctioned (red) services.
Deployment & architecture — SaaS, agentless. One lightweight OAuth integration to Google Workspace or Microsoft 365 (self-serve, ~5-minute setup, 14-day free trial). No VPN, no endpoint agent, no inline proxy. Discovery is mailbox/identity-graph based rather than network- or browser-based, which is its core differentiator. Integrations: IdP (Okta), workspace suites (Google, Microsoft 365), key SaaS (Salesforce, Snowflake, Zoom), SSO + RBAC for the console, and a public API to push data to SecOps/SIEM, ITSM, and identity-management tools.
Positioning & differentiators — Nudge comes at AI governance from the SaaS discovery / SSPM direction rather than the network or browser direction. Versus inline/runtime players like witnessai, harmonic-security, aurascape, and lanai — which sit on traffic to inspect or block prompts in real time — Nudge is a discovery-and-nudge layer: it tells you which AI/SaaS tools exist and quietly steers users, but does not inline-block prompt content. Versus grip-security and reco (its closest neighbors, both SSPM/SaaS-identity-risk vendors), Nudge’s signature is the agentless email/mailbox-based discovery of the full historical app graph (including dormant and personal-but-corporate signups) plus the behavioral “nudge” delivery model and SaaS spend reconstruction. Its weakness relative to inline tools is that it cannot enforce at the moment of data egress — it discovers, scores, and prompts.
Ownership, funding & M&A — Independent, venture-backed. Founded 2021 in Austin, TX by Russell Spitler (Co-Founder & CEO) and Jaime Blasco (Co-Founder & CTO), both former AlienVault (acquired by AT&T) leaders — Spitler led product/strategy, Blasco led threat research; together they built AlienVault’s Open Threat Exchange (OTX). Funding: $7M seed (Apr 2022, public launch Oct 2022); $16.5M seed extension led by Forgepoint Capital (May 2024); $22.5M Series A led by Cerberus Ventures, announced 2025-11-18, with existing investors Ballistic Ventures, Forgepoint Capital, and Squadra Ventures participating — bringing total to roughly $40M. No acquisition; ownership independent (confidence: high). Vendor-reported traction (marketing, unverified): ~200 customers, 3x ARR growth two consecutive years.
CTO / hedge-fund lens — A Day-1-ish tool for a fund that has already lost track of how many SaaS and AI tools staff have signed up for — which describes most shops the moment employees start using ChatGPT, Claude, Gemini, and AI features baked into existing SaaS. Its low-friction agentless onboarding (one OAuth grant to Google/M365) makes it realistic for a lean 20-100 person fund with no dedicated SaaS-ops team to get a shadow-AI/shadow-IT inventory in an afternoon. It is strongest as visibility and governance, weakest as enforcement: it will tell a CTO that ten people are pasting research into an unsanctioned AI summarizer and nudge them to stop, but it won’t inline-block the paste — pair it with an inline runtime/DLP control (witnessai, harmonic-security, or an AI gateway) if hard enforcement is required. Limited direct SR 11-7 / model-risk relevance; its value is operational AI/SaaS governance and third-party risk, not model validation. hedge_fund_fit: medium (high for discovery/governance, low for inline enforcement).
Competitors / alternatives — grip-security, reco (nearest SSPM/SaaS-identity neighbors); harmonic-security, aurascape, witnessai, lanai (AI-access/runtime governance, different — inline vs discovery).
Open questions / to verify
- Exact customer count and ARR are vendor-reported marketing; not independently verified.
- Total-funding figure varies by source (”~$30M” vs “close to $40M”); $40M is the post-Series-A sum of disclosed rounds.
- Depth of “AI conversation monitoring” — how it captures prompt/response content without an inline proxy or browser agent is unclear; verify whether it relies on connected-app APIs only.
- Whether Nudge enforces (blocks) at all, or is strictly discover-score-nudge.
Sources
- Nudge Security Raises $22.5M Series A to Secure Workforce AI and SaaS — fetched 2026-06-28 — supports: Series A amount/lead/investors, founders, HQ, founded 2021, product framing, customer metrics; confidence: high (funding/founders), med (metrics, vendor marketing).
- Nudge Security Product page — fetched 2026-06-28 — supports: agentless deployment, mailbox/OAuth discovery, SSPM features, shadow-AI, integrations; confidence: med (vendor marketing).
- Nudge Security Raises $22.5 Million in Series A Funding — SecurityWeek — fetched 2026-06-28 — supports: independent corroboration of Series A, funding history ($7M seed, $16.5M ext.), ex-AlienVault founder background; confidence: high.
History
- [2026-06-28] Stub created from seed registry.
- [2026-06-28] Researched; established independent/VC-backed (Series A $22.5M led by Cerberus Ventures, 2025-11-18, total ~$40M, ownership_confidence high), founded 2021 Austin TX by ex-AlienVault Russell Spitler & Jaime Blasco (corrected task’s “ex-Duo” hint), agentless mailbox/OAuth-based SaaS+shadow-AI discovery + SSPM + nudge model. Set status researched, confidence medium, hedge_fund_fit medium. Kept categories [ai-access-governance, ai-spm, sspm]. No M&A.