Delhi-based cybersecurity startup Astra Security has raised $2.7 million in a growth capital round led by Emergent Ventures. The company plans to utilise this funding to expand into the US market and further develop its AI-driven security products, according to Co-Founder and CEO Shikhil Sharma.
“We have scaled massively, but we have built the business in a sustainable way,” Sharma said. “With AI coming in, we saw a massive opportunity that we could actually build a really, really large outcome out of our business, hundreds of millions in revenue, and that led us to actually raise this growth capital from Emergent Ventures.”
The company claims to have uncovered more than 5,500 vulnerabilities daily in the past year and assisted customers in prioritising the remediation of over 2 million vulnerabilities. Sharma believes that with the rapid adoption of AI, this number could triple by the end of the year.
“With AI coming in, everyone is talking about productivity—AI agents handling financials, sales enablement, customer relationship management. But threat actors and hackers are also becoming more productive and innovative,” Sharma explained. “They are building AI agents that hack 24/7. So, you need fire to fight fire. At Astra, we are essentially building this platform which mimics hacker behaviour to continuously find vulnerabilities in our customers’ websites, APIs, and cloud servers.”
Despite having no physical presence in the US, Astra Security has managed to secure over 60% of its customer base in the Western market through inbound marketing. With the fresh capital infusion, the company aims to establish a sales team and a stronger operational presence in the US to accelerate growth.
Below is the verbatim transcript of the interview.
Q: You have been cash positive via scaling. What made this the right moment to raise funding, and how do you plan to deploy the $2.7 million you’ve raised?
Sharma: We have scaled massively, but we have built the business in a sustainable way. And with AI coming in, we saw a massive opportunity that we could actually build a really, really large outcome out of our business, hundreds of millions in revenue, and that led us to actually raise this growth capital from Emergent Ventures.
Q: I was reading that you’ve uncovered more than 5,500 vulnerabilities a day last year, and help customers prioritise remediation of more than 2 million of those. You claim the number could triple by year end, so what does this tell us about the evolving threat landscape and the work that you’re doing in this field?
Sharma: That number is correct, and it’s growing massively, as we speak, in 2025. With AI coming in, everyone is talking about productivity. We’re talking about AI agents to do your financials, do sales enablement, sales outreach, customer relationship management, everything is using AI. That means people are becoming super productive.
Interestingly, threat actors and hackers are also getting more productive and innovative. So, hackers are also building these AI agents which hack 24/7. So, you need fire to fight fire. So, at Astra, we are essentially building this platform which mimics hacker behaviour to find vulnerabilities continuously in our customers websites, APIs, cloud servers, etc. So, that’s how we actually using AI.
We realised that one interesting insight that we had was that whenever you hear about a breach or a data which got leaked due to hack, a lot of times it’s not really one vulnerability, and a lot of times it’s not even a vulnerability which is a high severity vulnerability. So, what usually causes a breach is essentially two to three vulnerabilities combined with each other, and those vulnerabilities could be one medium severity vulnerability, one low severity vulnerability, but combined with each other to actually cause a breach. So, what happens on the organisation’s side is, whenever they get a pen test done or a security scan done, they just prioritise based on that severity score that they get that it’s a high severity vulnerability. But usually there are other vulnerabilities which get overlooked or that’s the kind of correlation that we are able to offer to our customers where we tell them that you’re just looking at this high severity vulnerability in silos, but probably you should not be looking at it because there’s some other defence mechanism in a system which is mitigating it. How about looking at this medium and low severity vulnerability in your APIs and your cloud servers, which can be combined to actually cause a breach which can be fatal. So that’s something that organisations seem to value quite a bit.
Q: You’ve built a client base across 70 plus countries. And if I look at your customers, they range from ITC to Mamaearth to Muthoot Finance, it’s quite a wide range. Tell us where you see the next big growth opportunity, the next big market in terms of growth for you, across segments, across geographies, what are you looking at?
Sharma: The innovation has been received really well by customers across the geography. Interestingly, we do not have any feet on the ground in the US right now, and that is one of the areas where we would plan to expand with this fundraise. Without having any feet on the ground in the US, we’ve managed upwards of 60% of customer base, which is in the West, in addition to a lot of customers in India and APAC region. So, we’ve realised that with this inbound marketing, we’ve managed to crack customers across the globe. So, if we actually are putting a targeted effort with sales team and people on ground in these geographies, the growth potential and the types of customers that we’d be able to get would be many, many more.
Our special focus would be on mid-market as well as enterprises going forward, because we’ve realised that when it comes to mid markets, these set of organisations usually have good amount of budgets for security, but they do not really have the expertise of choosing or navigating through the sea of jargons of all sorts of keywords that cyber security field comes with. So, we’ve built a solution which helps them achieve the outcome without navigating through the jargon and works really well for lean to no security teams or engineering teams which are security conscious.
