security , cloud

Truffle Security Raises $25M Series B to Harden Non-Human Identity Protection

Jon G Nov 06, 2025 · 2 mins read
Truffle Security Raises $25M Series B to Harden Non-Human Identity Protection

Truffle Security closed a $25 million Series B on November 6, 2025, in a round led by Intel Capital and Andreessen Horowitz (a16z), with participation from Abstract, Lytical Ventures, and several prominent security leaders. The financing will accelerate product development, scale go-to-market and customer success, and expand context-aware non-human identity (NHI) protection across cloud platforms.

What the company does now

  • Detects and verifies leaked secrets. TruffleHog finds API keys, service account credentials, tokens, and other machine credentials across code, repositories, and storage.
  • Reduces false positives. Verified detection and a large detector set help prioritize real risks.
  • Developer-friendly remediation. Workflows support developers and security teams to fix leaks earlier in the software development lifecycle.

New funding priorities

  • Scale TruffleHog Enterprise adoption across mid-market and enterprise accounts.
  • Expand TruffleHog’s cloud-aware analysis beyond Google Cloud to AWS and Azure.
  • Invest in secret inventory, remediation automation, and developer productivity tooling.
  • Grow sales, customer success, and community engagement driven by the open-source project.

TruffleHog GCP Analyze: what it delivers

  • Maps leaked Google Cloud service accounts to resources, permissions, and inheritance so teams can see blast radius immediately.
  • Indicates whether leaked credentials are active and which resources they can access, reducing manual IAM investigation time.
  • Helps prioritize the riskiest leaks and shorten mean time to remediation.

Market context and rationale

Credential misuse remains a leading cause of breaches. As cloud adoption, third-party APIs, and AI coding assistants increase, so does the volume and complexity of non-human identities. Investors cited the expanding attack surface and the need for context-aware detection as reasons for backing Truffle Security. The company’s open-source momentum also acts as a growth channel for its enterprise product.

Commercial traction

The company reports strong momentum, with year-over-year revenue growth and adoption across technology, retail, and financial services customers, including Fortune 1000 accounts. Verified detection and low false-positive rates are framed as key to enterprise purchasing decisions.

Why this matters to security teams

Leaked service accounts and API keys enable lateral movement and data exfiltration without exploiting software vulnerabilities. Tools that show access scope and inheritance let defenders prioritize and remove high-risk credentials before attackers exploit them. TruffleHog’s approach emphasizes verification, context, and remediation to reduce incident response toil.

Sources

  • Truffle Security press release via PR Newswire, Nov 6, 2025: https://www.prnewswire.com/news-releases/truffle-security-raises-25-million-series-b-to-expand-nhi-security-302606933.html
  • TruffleHog open-source project on GitHub: https://github.com/trufflesecurity/trufflehog
truffle security trufflehog nhi secrets gcp funding
Written by Jon G
Freelance Technical Writer & Blogger
← SIP + SMS Providers: Persistent VoIP Numbers, Pricing, and Payment Options
More…