Salt Security is an API security company that provides a platform for discovering, monitoring, and protecting APIs across their full lifecycle. Founded in 2016 by Roey Eliyahu, Michael Nicosia, and Yaron Azulay, all veterans of the Israeli Defense Forces (IDF) cyber units, Salt was among the first companies to apply behavioral analysis and AI specifically to API traffic. The platform identifies a category of threats that traditional web application firewalls (WAFs) and API gateways miss.
Platform
API Discovery
Salt continuously discovers APIs across an organization, including shadow, zombie, and undocumented APIs that exist outside the purview of API management tools. The platform catalogs every API endpoint, parameters, data types, and authentication methods, providing a living inventory of the organization’s API attack surface.
Behavioral Threat Detection
The core of Salt’s platform is its big data engine, which analyzes API traffic over days and weeks rather than just individual requests. This establishes a behavioral baseline for each API. The long-horizon analysis enables detection of slow and low attacks, credential stuffing, data scraping, API abuse, and business logic exploitation that are invisible to signature-based or rate-limiting approaches.
Posture Governance
Salt provides posture management capabilities that identify API security risks before they are exploited. This includes authentication weaknesses, sensitive data exposure, improper error handling, and deviations from API specifications (OpenAPI/Swagger). The platform generates remediation guidance for developers and integrates with CI/CD pipelines to shift API security left.
Attack Prevention
Real-time blocking and rate limiting protect APIs under active attack, working alongside existing infrastructure like API gateways, WAFs, and CDNs through native integrations. Salt can automatically generate virtual patches for vulnerable APIs while permanent fixes are developed.
Compliance
The platform maps API data flows to regulatory requirements including PCI DSS, HIPAA, GDPR, and SOC 2, identifying APIs that handle sensitive data and flagging compliance violations.
Funding
Salt raised a $140 million Series D in January 2022 led by CapitalG (Google parent Alphabet’s independent growth fund). Earlier rounds included $70 million in Series C from Advent International in 2021, $30 million in Series B from Sequoia Capital in 2020, and $20 million in Series A from Tenaya Capital in 2019. The company has raised $281 million total at a $1.4 billion valuation, achieving unicorn status.
Key investors include CapitalG, Sequoia Capital, Advent International, Tenaya Capital, S Capital, Y Combinator, and the CrowdStrike Falcon Fund.
Market Position
Salt Security is a pioneer and leader in the dedicated API security market, which has grown rapidly as organizations expose more business logic through APIs and attackers shift their focus accordingly. OWASP API Security Top 10 awareness and the proliferation of API-first architectures have driven enterprise demand for purpose-built API security.
Salt competes with Noname Security (acquired by Akamai in 2024), Traceable AI, Wallarm, and Wib, as well as API security features embedded in WAFs and API gateways from Cloudflare, Akamai, and F5. Salt differentiates through the depth of its behavioral analysis engine, which the company claims requires weeks of traffic data to fully train but produces significantly fewer false positives than competitors.
Leadership
Roey Eliyahu co-founded the company and serves as CEO. Michael Nicosia is co-founder and COO, while Yaron Azulay co-founded the company and serves as CTO. Nick Rago leads product strategy as VP.