Truffle Security, the company behind TruffleHog, the leading open-source platform for detecting and remediating NHIs and their secrets, has raised $25m in a Series B funding round.
The investment was led by Intel Capital and Andreessen Horowitz (a16z), with participation from Abstract, Lytical Ventures, and prominent cybersecurity leaders including Casey Ellis, founder of BugCrowd; Emilio Escobar, CISO at Datadog; and Haroon Meer, founder and CEO of Thinkst.
Truffle Security develops technology designed to help enterprises identify, verify, and remediate secret exposures before they become breaches. Its TruffleHog Enterprise solution offers large-scale, enterprise-grade detection and remediation capabilities for credentials and secrets across software codebases.
The company plans to use the new funding to expand the growth of TruffleHog Enterprise, accelerate innovation in secrets and NHI protection, and support the launch of TruffleHog GCP Analyze. The new add-on provides organisations with deep visibility into leaked Google Cloud service accounts, helping teams assess risk faster and prioritise remediation.
According to the company, compromised credentials remain one of the leading causes of data breaches, and as API keys, tokens, and service accounts multiply across multi-cloud environments, enterprises face growing operational risks. Truffle Security has been addressing this issue since its inception and now aims to broaden its non-human identity analysis capabilities across cloud providers including AWS and Azure.
Andreessen Horowitz general partner Martin Casado said, “As AI transforms how software is built, the security surface is expanding just as quickly. Truffle Security is tackling one of the most urgent challenges in this new era, which is protecting codebases from secret exposure at scale. We’re thrilled to back the team as they continue to define what modern software security looks like in the age of AI.”
Intel Capital senior managing director Nick Washburn said, “In the era of coding co-pilots and third-party APIs, compromised credentials remain one of the leading causes of data breaches, making credential protection a critical safety measure for enterprise developers and security teams. With the introduction of TruffleHog GCP Analyze and this latest round of funding, Truffle Security accelerates its mission to make secrets management frictionless, secure, and comprehensive, positioning the company to confidently address broader IAM and NHI market opportunities.”
Truffle Security CEO and founder Dylan Ayrey said, “We are so excited and humbled to grow our community and technology into solving more and more pain points non-human secrets can cause – expanding beyond analyzing secret leaks into secret inventory and productivity tooling.”
The company has reported strong growth in the past year, more than doubling its revenue and expanding its customer base across technology, retail, and financial services sectors. TruffleHog’s open-source project has amassed over 23,000 GitHub stars, 15m downloads, and 250,000 daily runs worldwide, underscoring its community-driven momentum.
BugCrowd founder Casey Ellis added, “Dylan and the Truffle Security gang have long led the way in secret detection. This financing marks their expansion beyond finding leaked secrets to making secrets manageable across the full development lifecycle. They’re making secrets easy and leaked secrets obvious.”
Earlier this week, Bugcrowd acquired Mayhem Security, a company specialising in AI-powered offensive security testing founded by leading cybersecurity experts.
Copyright © 2025 RegTech Analyst
Copyright © 2018 RegTech Analyst
