Toggle Side Panel
Close search

Truffle Security Raises $25 Million Series B to Expand Protection Against Exposed Secrets and Non-Human Identities

vctavern
VC Tavern April 27, 2026

Truffle Security, the San Francisco-based cybersecurity startup behind the widely adopted open-source tool TruffleHog, has raised $25 million in a Series B funding round to accelerate its mission of detecting and remediating exposed non-human identities (NHIs) and sensitive credentials that put modern software systems at risk. The latest financing round was co-led by Intel Capital and Andreessen Horowitz, with participation from Abstract, Lytical Ventures, and prominent security leaders, including Casey Ellis, Founder of BugCrowd; Emilio Escobar, Chief Information Security Officer at Datadog; and Haroon Meer, Founder and CEO of Thinkst.

Founded by Dylan Ayrey, Truffle Security has built its reputation in the developer and security communities through TruffleHog, an open-source scanning engine that detects leaked secrets, tokens, API keys, and other credential types across code repositories, cloud assets, and internal systems. Over time, TruffleHog has become an indispensable tool for developers and security teams, with millions of downloads, more than 23,000 stars on GitHub, and hundreds of thousands of daily runs across organizations of all sizes.

The company’s enterprise offering, TruffleHog Enterprise, extends the open-source core with verified secret detection, impact analysis, remediation workflows, and integrations tailored for complex cloud and application environments. According to Truffle Security, demand for enterprise-grade secrets protection has surged as software development practices evolve, with organizations facing escalating risk from credential exposure in distributed and cloud-native infrastructures.

The Series B funding will support Truffle Security’s efforts to scale go-to-market and customer success initiatives, broaden its product capabilities, and enhance its analysis of non-human identities beyond the company’s initial Google Cloud support to include platforms such as AWS and Azure. A key part of this expansion is the rollout of TruffleHog GCP Analyze, an add-on that delivers deep visibility into leaked Google Cloud service accounts — revealing what resources a secret can access, its inheritance, and the potential blast radius of exploitation — aiming to dramatically reduce the time required for security teams to assess and respond to credential exposures.

Investors in the round emphasized the urgency of protecting credential surfaces in an era shaped by AI-assisted coding tools, APIs, and automation. As AI accelerates code generation and DevOps workflows, security teams are confronted with expanding attack surfaces where exposed API keys and service accounts can be exploited far more rapidly than traditional vulnerabilities. Truffle Security’s focus on credential and NHI risk aligns with this shift, positioning the company as a key player in the next generation of software supply chain defense.

In announcing the funding, executives from both Intel Capital and Andreessen Horowitz highlighted Truffle Security’s unique combination of open-source community roots and enterprise-ready technology. These investors see the company’s solutions as critical infrastructure for protecting digital assets in a security landscape where leaked secrets are routinely cited as one of the primary attack vectors exploited by threat actors.

Over the past year, Truffle Security has more than doubled its revenue and expanded its customer base across mid-market companies and Fortune 1000 organizations in technology, retail, and financial services. This traction has been fueled by the growing adoption of continuous integration and deployment practices, which amplify the risk of unintentionally committing secrets into code repositories or exposing credentials through automated workflows.

Truffle Security’s open-source momentum continues to drive brand recognition and community engagement, with developers relying on TruffleHog to uncover deeply buried credentials in legacy code, cloud configuration files, and infrastructure as code templates. The company believes that marrying this grassroots adoption with robust enterprise features is key to helping organizations not only find but also manage and remediate exposed secrets throughout the software development lifecycle.

The new capital will also enable further investment in research and development, with the goal of broadening the platform’s capabilities to address emerging threats tied to modern identity and access management models. As enterprises increasingly adopt microservices, serverless architectures, and multi-cloud environments, Truffle Security aims to stay ahead of the curve by providing tools that understand context, risk, and impact at scale.

With backing from a mix of strategic venture capital and experienced security practitioners, Truffle Security is doubling down on its vision of making secret management and NHI protection both proactive and actionable. As credential exposure continues to be a leading cause of security incidents in the cloud era, the company’s expanded resources and investor support position it to help organizations better safeguard their most sensitive digital assets.

Share this:
Categories: Funding

Related Articles

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .