Saporo, a Swiss cybersecurity company specialising in graph-native identity security, has raised €7m in a Series A funding round.
The firm, which gives security teams an attacker’s-eye view of their internal identity landscape, is positioning itself as a market leader in hybrid identity security posture management.
The fresh capital was led by TIN Capital, with participation from G+D Ventures, CDP Venture Capital through its Corporate Partners I – ServiceTech fund, XAnge, Lightbird VC and Session VC. Trachet served as M&A and fundraising adviser on the deal, as each investor is expected to support Saporo’s expansion in different European markets.
Saporo’s technology identifies relationships, misconfigurations and excessive access privileges that could allow attackers to move laterally through a company’s digital environment. It uses graph databases to map identity risks across cloud services, on-premises systems and machine identities. The company claims large organisations can have hundreds of millions of potential attack paths, making automated prioritisation essential.
The new funding will be used to scale remediation workflows, extend hybrid identity coverage beyond Microsoft Active Directory, Entra ID and AWS to platforms such as Google Workspace and GitHub, and increase Saporo’s presence in France, Switzerland, Benelux, Germany and Italy. Selective expansion in the US is also planned, alongside growth in R&D, sales and marketing through 2026. Internal AI development has reportedly boosted engineering output by up to 40%.
Other information shared by the company highlights the rising risk of identity-based attacks, which drive roughly 80% of cyber incidents. Analysts estimate that 85% of breaches could be disrupted using stronger identity controls, yet many firms still suffer from over-permissions and shadow administration exposures, with 40% exploitable in a single step.
Saporo CEO and co-founder Olivier Eyries said, “The identity security market is deceptive. ITDR and access graphs create a false sense of security, often not fixing systemic risk and not giving the real attacker’s perspective. In large enterprises, identity graphs routinely surface over a billion attack paths. Fixing them one by one is effectively a century-long project. Our customers use Saporo to remove around eighty percent of those paths within the first year, which delivers faster risk reduction and far lower remediation effort. With this pan-European investor group, we are scaling to meet demand from large enterprise and regulated sectors across Europe, while building a measured footprint in the US.”
Saporo co-founder and chief product officer Guillaume Eyries said, “Attackers don’t break in – they log in. The question isn’t whether a single identity gets compromised, but what it can do next. Saporo gives defenders the attacker’s view of their hybrid identity fabric so they can remove risky paths before an incident. This round lets us double down on automation and broaden multi-cloud and developer-ecosystem coverage to match how real-world attacks traverse Microsoft, Google, AWS, Okta and GitHub.”
Copyright © 2025 RegTech Analyst
Copyright © 2018 RegTech Analyst
