
At Brightmind, we don’t just invest in companies—we back visionary founders solving critical problems in cybersecurity. When we met the SGNL team, it was clear they weren’t just another security startup; they were rethinking privileged identity management (PIM) from the ground up. Here’s why we knew SGNL was a game-changer.
A Team Built for This Mission
SGNL’s founding team isn’t new to identity security. SGNL is led by identity legends (as well as great human beings) Scott Kriz, Erik Gustavson and Atul Tulshibagwale who bring half a century of experience driving innovation in the space. Having previously built and sold companies to Google, as well as pioneering the invention of CAEP, they know exactly what it takes to redefine an industry. Their expertise, combined with deep technical acumen, gives us confidence that they can build a category-defining solution.
A Greenfield Approach to a Legacy Problem
When we started Brightmind, we focused heavily on evaluating the adversary landscape, operator pain-points and components of the security stack that are not living up to their potential. Most privileged access solutions today operate on static, pre-configured permissions—leaving enterprises exposed to insider threats and credential abuse. SGNL’s real-time, context-aware approach eliminates standing privileges, ensuring users only have access when they actually need it. This isn’t just an incremental improvement—it’s a fundamental shift in how identity security should work. While identity-based attacks are the most prominent entry points into modern enterprise networks, the incumbent vendors lack the architecture to evaluate risk and enforce contextual access. Adversarial activity, not efficacy, is driving enormous spend to the incumbents.

A Market Hungry for Change
With the rise of AI-driven security threats and stricter compliance regulations, enterprises are looking for more adaptive, zero-trust access models. SGNL’s approach aligns perfectly with this demand, making it well-positioned for adoption among Fortune 500 and high-growth companies alike.
Identity solutions should be a force multiplier in the enterprise security stack. Dynamic access is, in many ways, the most elegant response to contain a threat, but two key pieces of technology are needed: 1) shared signals or integrated ingestion of risk from tools within the enterprise environment and 2) policy-driven, flexible access control to enforce based on those shared signals. SGNL is a central nervous system for identity security, integrating with the core identity capabilities in the enterprise environment (SSO for authentication, privilege portals for crown jewel access, etc.) to shift them from the static tools they are today to the dynamic enforcement tools operators need to respond to risk at adversary speed.

Early Traction with the Right Buyers
We have seen a significant trend in “identity transformation” projects among large enterprises. They simply feel it’s time to replace 20-year-old legacy identity technologies. In many ways we view this as recognition that the gap between spend and efficacy is too significant in identity using incumbent approaches. SGNL has the opportunity to become a key piece of what constitutes identity transformation – enabling enterprises to dynamically enforce access based on risk, balance user friction while reducing standing privilege and, importantly, get more out of their security and infrastructure investments.
Despite launching their product only recently, SGNL has already gained attention from leading security teams. Their focus on F500 adoption and repeatable go-to-market execution set them apart from early-stage competitors.
Our Conviction in SGNL’s Future
We believe SGNL has the potential to become the gold standard for privileged identity management. The combination of strong leadership, a bold vision, and a massive market opportunity made our decision to invest an easy one.
We couldn’t be more excited to support SGNL on their journey—and if you’re in security or identity access management, you should be paying close attention.
Stay tuned.
Let's Secure Tomorrow, Together.
We're always looking for the next generation of cybersecurity innovators. Reach out to our team to start the conversation.
Other Articles
Pi: Building Zero Recurrence Code Security for the AI CodeGen Era
Pi Security is defining a new category, Zero Recurrence Code Security, built on the premise that the industry no longer has a vulnerability discovery problem but a vulnerability recurrence problem. Rather than generating more findings, Pi learns how an organization builds, breaks, fixes, and secures software, then turns that institutional security knowledge into preventative guardrails enforced across the software development lifecycle at design time, IDE time, and pull request time. The platform ingests context from prior incidents, tickets, pull requests, repositories, architecture decisions, and developer workflows to drive root cause analysis, variant discovery, contextual remediation, and ownership mapping, becoming a living security intelligence layer for developers, AI coding agents, and security teams. Founded by Guy Arazi, an offensive security operator and former CISO with roots at Palo Alto Networks and Microsoft, and Yonatan Ramon, who built safety-critical systems at Tesla, Pi raised a $35 million Series A alongside Third Point Ventures and angels including George Kurtz, Yevgeny Dibrov, and Nadir Izrael. Brightmind led Pi's Seed round in early 2025 and is continuing its support through the Series A.
Aryon: Building the Proactive Cloud Security Policy Enforcement Platform
Brightmind invested in Aryon, founded by Ron Arbel, Ariel Litmanovich, and Yair Ladizhensky, with the founders' firsthand experience securing complex cloud control planes on Project Nimbus as members of Matzov, the IDF's elite cybersecurity unit, serving as the driving force behind a proactive approach to policy enforcement. Traditional cloud security has been reactive and fragmented, catching misconfigurations only after they reach production and consistently failing enterprises due to native enforcement tools that are hard to configure, risky to enforce, brittle in production, and easily bypassed. Aryon's proactive, preventative platform enforces policy before misconfigurations ever ship, embedding safe enforcement directly into the cloud control plane to ensure context-aware governance that holds across Azure, AWS, and GCP and extends toward AI, SaaS, M365, identity, and data security. With AI-generated code and offensive AI introducing vulnerabilities at machine speed while patching and remediation still operate at human speed, Brightmind sees Aryon as the foundational layer for proactive cloud policy enforcement while also reducing operational friction for the IT and platform teams responsible for governance at scale.
