Zafran Announces Strategic Investment from Amex Ventures

Zafran Security, a pioneer in AI-native Threat Exposure Management, today announced a strategic investment from Amex Ventures, the venture capital arm of American Express. Amex Ventures joins existing investors Menlo Ventures, Sequoia Capital, and Cyberstarts.

Zafran helps enterprises rethink security as AI becomes deeply embedded across core infrastructure. As innovation accelerates, CISOs are being asked to move faster while maintaining resilience, regulatory confidence, and uninterrupted operations.

Large, highly regulated enterprises, especially in critical infrastructure, operate under constant pressure. They face intense regulatory scrutiny, relentless targeting by sophisticated threat actors, and the challenge of securing complex hybrid environments across cloud, data centers, endpoints, and third parties. At the same time, their tolerance for disruption is almost nonexistent. Any downtime, instability, or rushed change can create immediate business and reputational risk.

Over time, most vital organizations have assembled best in class security stacks to address these challenges. EDR, firewalls, WAFs, cloud security platforms, vulnerability scanners, and ticketing systems are all in place. The challenge is not a lack of tools. It is the lack of coordination between them.

Security teams are flooded with signals but still struggle to answer fundamental questions with confidence. Where are the real cracks in our defenses? Which exposures can actually be exploited in our environment? How do we reduce risk quickly without disrupting critical systems?

This is where Zafran takes a fundamentally different approach. Zafran is designed to serve as the “defensive coordinator” for complex security programs where many tools must work together. It aligns coverage across environments and exposes where defenses may break down in real-world conditions.

Zafran integrates across the full breadth of an organization’s existing security stack and consolidates these inputs into a unified view of exposure. Rather than forcing teams to replace tools or introduce new operational complexity, Zafran acts as a force multiplier. It validates how existing controls work together, identifies gaps in coverage, and surfaces the small number of vulnerabilities that carry real risk.

“Critical infrastructure institutions, such as financial and healthcare, are under constant pressure to innovate while maintaining trust, resilience, and regulatory confidence,” said Sanaz Yashar, Co-founder and CEO of Zafran Security. “We built Zafran to serve as the defensive coordinator for complex environments. We help teams see where the real risk is, align their existing tools, and mobilize action to stop exploitation without disrupting the business.”

Zafran’s Agentic Exposure Management platform unifies discovery, prioritization, mitigation, and remediation into a single operating model. By coordinating tools, teams, and workflows, Zafran helps complex institutions reduce exposure faster, improve consistency, and gain confidence that their defenses are working as intended.

For Amex Ventures, the investment reflects a focus on technologies that help enterprises like financial institutions scale securely.

“As financial systems become more complex and interconnected, visibility and coordination across security controls become essential,” said Kevin Weber, Managing Director at Amex Ventures. “Zafran’s approach aligns with how leading financial organizations think about managing risk at scale while continuing to innovate.”

As AI and digital transformation become part of day-to-day business, complex institutions need security platforms that do more than produce alerts. They need something that brings clarity, aligns defenses, and helps teams act quickly and confidently. Zafran is building toward that reality, helping CISOs maintain a disciplined, resilient defense while the business keeps moving.