The vulnerability management space is a fast-growing and crowded one, with the global market expected to grow to as much as
$24.04 billion by 2030, driven by the need to protect enterprise data and remain compliant in an expanding regulatory environment. It is a space dominated by heavyweights like Qualys, Rapid7, Cisco Systems, and Tenable - all competing to helping enterprises stay ahead of the next vulnerability.
Despite this, Vineet Edupuganti and the other founders of
Cogent Security saw an opportunity to elbow their way into the competitive sector, with expanding generative AI technologies, including agentic AI, as the way to do it.
“A core piece of what makes Cogent different is that we are AI-native, and also plug into the broader ecosystem,” Edupuganti, the company’s CEO, told MSSP Alert. “Many existing solutions operate within siloed walled gardens, whether due to strategic or technical reasons. Cogent is able to pull together telemetry from a range of sources – [such as] vulnerability scanners, CNAPP [cloud native application protection platforms], and EDR [endpoint detection and response] – and stitch this together.”
In addition, the platform uses AI agents that are trained in vulnerability management, and this automates workflows more effectively and accurately than static, rule-based approaches, the CEO said.
Out of Stealth with $11 Million
The San Francisco startup came out of stealth this month, complete with $11 million raised from Greylock Partners and participation from Lockstep and strategic angel investors such as OpenAI. The company was initiated through Greylock Partners’ Edge program, which helps companies grow from inception through IPO, incubated companies such as Palo Alto Networks and Abnormal Security, and backed Okta and Wiz that is now being
bought by Google for $32 billion.
Edupuganti, formerly with Abnormal Security, co-founded Cogent alongside CTO Geng Sng and VP of Engineering Thanos Baskous. Sng also brings experience from Royal.io and Abnormal, while Baskous previously held roles at Coinbase, Twitter, and The Blackstone Group.
Cogent’s platform uses its AI agents and reasoning models to automate a range tasks for security teams - from assessing the risks to infrastructure and applications, prioritizing top risks, identifying fixes, to creating reporting for executives.
Software Vulnerabilities Targeted
Such capabilities are important at a time when bad actors are increasingly exploiting vulnerabilities in software for data breaches, a surge that is being fueled in large part by the use of AI.
“AI makes software development much simpler and cheaper, which has led to an explosion in the volume of code,” Edupuganti said. “However, a lot of this code is reproducing the work of an average developer, which means that many vulnerabilities are baked in, which leads to a larger exploitable attack surface.”
Attackers also can use AI to exploit code much faster and effectively, making vulnerability exploitation much easier, he said.
For security teams and MSSPs, there tends to be a lack of context in vulnerability management.
“Scanners discover many findings, yet fail to identify the most critical risks in the environment and how they can be fixed,” the CEO said, adding that Cogent, through its use of AI, operates “like a highly skilled team of security, IT, and engineering professionals within a company to reduce risk faster and more intelligently, as well as drive efficiency.”
MSSPs and Vulnerability Management
Vulnerability assessment and management is also a key service that MSSPs and MSPs can provide, according to
Cynet, which provides a cybersecurity platform for MSPs and SMEs. They can identify and evaluate weaknesses in a client’s system or network and then works with them to shore up vulnerabilities and reduce risk.
“Vulnerability assessment and management is a continuous process,” Cynet
wrote. “New vulnerabilities can emerge at any time, whether due to changes in the system or network, new threats, failure to apply security updates, or systems entering end of life. MSSPs can regularly scan the system or network for vulnerabilities, assess their severity, and recommend measures to address them.”
Beyond that, MSSPs can help organizations create a vulnerability plan that details how they can respond to identified security flaws, from who is responsible for addressing them to the actions to take.
Edupuganti said he recognizes the important role MSSPs play in the field.
“We plan to work more closely with MSSPs over time, and we view these partnerships as an opportunity for those organizations to scale their impact with Cogent,” he said. “There is also a very natural intersection between the software Cogent provides and the services an MSSP may offer, which creates excellent synergies.”