Startup Diligence
Diligence report Enterprise technology, cyber-physical systems security, OT/IoT/IoMT security Private unicorn / late-stage cybersecurity company

Claroty

Claroty Startup Diligence Report

Claroty merits continued diligence as a category leader candidate in cyber-physical systems security; investment reliance should wait for ARR cohort validation, customer contract review, technical/security diligence and legal/compliance review.

Company profile

Claroty Startup Diligence Report

Claroty has credible public evidence of late-stage scale, a strong CPS/OT cybersecurity positioning, named enterprise case studies and a public trust posture, but valuation, ARR quality, customer concentration, gross retention, deployment economics and audit-report exceptions remain private.

Website
claroty.com
Sector
Enterprise technology, cyber-physical systems security, OT/IoT/IoMT security
Geography
United States headquartered in New York with Israeli origins and global enterprise markets
Stage
Private unicorn / late-stage cybersecurity company
Known aliases
Claroty, Claroty Ltd., Claroty Inc.
Report version
1.0
Timezone
UTC

Executive summary

Strengths

  • Company pages verify Claroty targets industrial, healthcare, commercial and public-sector CPS environments with asset inventory, exposure management, network protection, secure access and threat detection.
  • Trust Center lists multiple compliance certifications and notes audit/pen-test reports are available under NDA.
  • SecurityWeek reports Claroty exceeded $100M ARR in 2023 and claimed usage by 20% of Fortune 100 companies.

Risks

  • Valuation support is mixed and current share economics are private.
  • ARR quality, customer concentration and deployment economics are not public.
  • Mission-critical CPS environments create product-liability, incident-response and compliance stakes.

Gaps

  • Audited financials, ARR waterfall, retention/churn and customer concentration.
  • Current cap table, preference stack, debt/credit terms and IPO-readiness materials.
  • SOC 2/ISO audit reports, penetration tests, incident logs and subprocessor/data-flow inventory.
  • Legal schedule, IP ownership assignments and pending litigation/regulatory correspondence.

Recommended next steps

  • Request financial, customer and technical data rooms before relying on ARR or valuation claims.
  • Conduct customer calls across industrial, healthcare, commercial and public-sector segments.
  • Review security audit reports and incident-response history under NDA.

Risk register

high medium likelihood

R-CLY-001: Valuation and capital structure support are not public

CB Insights lists $3B while SecurityWeek reports a $2.5B valuation was reported but not confirmed; full capital structure, preferences and current fair value are private.

Diligence request: Request cap table, round docs, debt/credit terms, board valuation support and latest 409A.

high medium likelihood

R-CLY-002: ARR quality, retention and concentration are not public

$100M+ ARR and Fortune 100 penetration claims are public but not supported by cohort exports, contracts, churn or top-customer concentration in public sources.

Diligence request: Request ARR waterfall, NRR/GRR, customer-contract schedule, top-10 ARR share and reference calls.

high medium likelihood

R-CLY-003: Product reliability in critical CPS environments

Claroty operates in industrial, healthcare, commercial and public-sector environments where misconfiguration, detection gaps or access-control failures can carry high consequences.

Diligence request: Review incident logs, SLAs, product-liability terms, deployment QA and customer escalation records.

high unknown likelihood

R-CLY-005: Security audit exceptions and incident history require NDA

Trust Center lists certifications but audit reports and pen tests are not public, leaving scope, exceptions and remediation unknown.

Diligence request: Review SOC 2, ISO, pen-test reports, exceptions, remediation, subprocessor and incident history under NDA.

medium medium likelihood

R-CLY-004: Competitive and pricing pressure in OT/CPS security

Specialist OT-security competitors and broader security-suite vendors can challenge pricing, bundling and renewals.

Diligence request: Request win/loss, pricing-discount, competitive-displacement and renewal data.

medium medium likelihood

R-CLY-006: Enterprise/public-sector customer obligations may create liability complexity

Critical-infrastructure, healthcare and public-sector customers can impose indemnity, breach-notification, audit and procurement obligations that are not visible publicly.

Diligence request: Review customer MSAs, public-sector terms, data-processing terms, indemnities and limitation-of-liability schedules.

Chapter 01

01Financial Information

Public evidence supports major funding and ARR-scale claims, but valuation anchors conflict and current financial quality is not public.

I.A Financing, valuation and public ARR signals

partially verified confidence: medium

Claroty's public financing profile is strong, but investors need direct records to reconcile CB Insights' $3B valuation row with SecurityWeek's $2.5B reported-but-unconfirmed valuation and to validate ARR quality.

Evidence gaps

  • Audited financial statements
  • ARR waterfall
  • cap table
  • preference stack
  • debt terms

Hidden risks

  • Valuation markdown/downside since 2024
  • Debt or structured capital terms
  • ARR quality masked by services or multi-year prepayments.

Follow-up questions

  • What is current ARR
  • NRR
  • GRR
  • gross margin
  • cash runway and valuation support as of the latest month close?
Public funding and valuation evidence
dateeventpublic evidencediligence gap
2021-06-17Unicorn-list anchorCB Insights row lists $3B valuation and first-unicorn dateRound documents and valuation support
2024-03-06$100M strategic growth fundingSecurityWeek says total funding reached $735M and reported $2.5B valuation was not confirmed by ClarotySecurity terms, proceeds, debt/private-credit components and current valuation

Treat $2.5B and $3B as public valuation anchors, not audited fair value.

Public ARR and financial quality requests
metricpublic signalverification statusrequest
ARRExceeded $100M ARR in 2023 per SecurityWeekpartially_verifiedARR waterfall, new/expansion/churn, invoiced vs recognized revenue
Runway/burn$100M strategic growth funding in 2024partially_verifiedCash balance, burn, debt and forecast
Gross marginNo public gross-margin evidencenot_publicly_verifiableSaaS/on-prem/services gross margin by product

ARR quality is the central financial diligence item.

Claroty funding and valuation anchors Public valuation and funding anchors from CB Insights and SecurityWeek.

Values are public anchors, not audited valuation.

Chapter 02

02Products

Claroty publicly markets a CPS protection platform with asset inventory, exposure management, network protection, secure access, threat detection and flexible cloud/on-prem deployment.

II.A Platform capabilities and pricing opacity

verified confidence: high

Public product pages clearly describe modules and deployment modes, but pricing, module attach rates, implementation times and support economics are not public.

Evidence gaps

  • Pricing model
  • module ARR
  • deployment duration
  • support ticket volume
  • incident SLAs and product gross margin by deployment mode.

Hidden risks

  • Complex deployments could lengthen sales cycles
  • OT asset discovery errors could impair customer trust
  • On-prem support may pressure gross margin.

Follow-up questions

  • What percentage of ARR is xDome SaaS versus CTD on-premise
  • and what are implementation costs by segment?
Product capability matrix
capabilitypublic evidencediligence gap
Asset inventoryPlatform page calls asset inventory critical and describes multiple discovery methodsAccuracy, false positives and deployment scope
Exposure managementPlatform page says it scopes CPS assets to prioritize vulnerabilities and exposuresRemediation outcomes and vulnerability SLA
Network protection and secure accessPlatform page describes segmentation policy and secure third-party accessIntegration costs and access-control exceptions
Threat detectionPlatform page says alerts integrate with SIEM, SOAR, EDR and SOC technologiesDetection efficacy and alert fatigue

Product descriptions are public company claims.

Pricing and deployment model diligence
product or modelpublic signalprivate data needed
xDome SaaSPlatform page calls xDome a modular SaaS-based cloud solutionARR, retention, gross margin and implementation effort
CTD on-premisePlatform page says CTD is an on-premise deployment optionLicense mix, support cost, renewal rates and upgrade path
Professional servicesNot publicly broken outServices attach, margins and revenue recognition

Public pages do not disclose pricing.

Claroty platform architecture Public platform modules and deployment model.

Simplified from public product descriptions.

Chapter 03

03Customer Information

Public evidence includes case studies across healthcare, data centers and industrial customers plus a reported Fortune 100 penetration claim; concentration and contract economics remain private.

III.A Customers, segments and partnerships

partially verified confidence: medium

Public case studies show named/partly named enterprise deployments, while SecurityWeek reports 20% Fortune 100 usage; customer concentration, ACV and renewal quality are not public.

Evidence gaps

  • Customer list
  • ACV distribution
  • top-10 ARR share
  • renewals
  • product usage logs

Hidden risks

  • Large-account concentration
  • partner/channel conflict
  • deployment stalls in regulated environments.

Follow-up questions

  • How much ARR is concentrated in the top 10 customers and partners
  • and what is NRR by segment?
Public customer and case-study signals
customer or segmentpublic evidencediligence gap
Ohio State University Wexner Medical CenterFeatured case study on xDome for IoMT/IoT/OT device visibilityContract size, duration and reference-call validation
PHSA and FHAFeatured healthcare case study listedARR and renewal status
Hydrovolt / data-center platform / PhlowCase-study page lists industrial, data-center and pharma/manufacturing examplesCustomer concentration and deployment outcomes

Case studies validate customer logos/use cases, not financial concentration.

Strategic relationships and dependency questions
relationship typepublic signalrisk or gap
Technology alliancesCompany navigation exposes Technology Alliance PartnersIntegration depth, revenue share and co-sell terms
Channel partnersCompany navigation exposes Channel Partners and partner loginPartner-sourced ARR and channel conflict
Enterprise integrationsThreat detection integrates with SIEM/SOAR/EDR and SOC technologiesIntegration maintenance and vendor roadmap dependency

Partner economics are not public.

Customer segment and case-study distribution Public case-study examples by segment.

Counts reflect cited public examples, not full customer base.

Chapter 04

04Competition

Claroty competes in OT/CPS cybersecurity against specialist OT-security vendors and broader security-platform vendors extending into industrial, IoT and healthcare environments.

IV.A Competitive positioning and category risk

partially verified confidence: medium

Public positioning emphasizes purpose-built CPS breadth and analyst recognition; competitive durability depends on protocol coverage, integrations, deployment success and budget consolidation.

Evidence gaps

  • Win/loss data
  • competitive displacement metrics
  • ARR by competitor replaced
  • pricing pressure and renewal discounting.

Hidden risks

  • Security-suite vendors may bundle comparable capabilities
  • OT specialists may compete on depth
  • Gartner/analyst position may not translate into win rates.

Follow-up questions

  • Against which vendors does Claroty most often win or lose
  • and why?
Competitor comparison matrix
competitorsegmentoverlapdiligence question
DragosOT security specialistIndustrial threat detection and asset visibilityWin/loss, protocol coverage and incident-response attach
Nozomi NetworksOT/IoT security specialistAsset visibility, monitoring and threat detectionCustomer overlap and pricing
Microsoft / Palo Alto / Cisco extensionsBroad security platformsSecurity operations and IoT/OT modulesBundling pressure and suite displacement

Competitor details should be validated with win/loss data.

Basis-of-competition scoring
axisclaroty positionrisk
CPS breadthIndustrial, healthcare, commercial and public-sector verticals are publicBreadth can dilute product focus and increase support complexity
Deployment flexibilityCloud and on-premise options are publicDual deployment models can pressure gross margin and roadmap
Trust postureMultiple certifications listedAudit exceptions and incident history not public

Scoring is qualitative until win/loss and customer calls are complete.

CPS security market positioning Qualitative competitive map.

Placement is qualitative and should be verified against win/loss data.

Chapter 05

05Marketing, Sales, and Distribution

Claroty appears to sell enterprise CPS-security solutions through direct, partner and industry-specific motions; channel economics and pipeline quality are not public.

V.A GTM signals and enterprise pipeline

partially verified confidence: medium

Public site navigation surfaces demo requests, case studies, partner programs, events and resources, but sales productivity, CAC payback and pipeline conversion are private.

Evidence gaps

  • Pipeline
  • bookings
  • sales productivity
  • channel mix
  • CAC payback

Hidden risks

  • Long regulated-enterprise sales cycles
  • Partner dependency
  • Public-sector procurement delays.

Follow-up questions

  • What is the conversion funnel from demo request to closed ARR by segment and channel?
GTM channels and motions
channelpublic evidencediligence gap
Direct enterprise salesRequest-a-demo and enterprise case studiesSales productivity and pipeline conversion
Technology alliancesTechnology Alliance Partners navigationCo-sell terms and attach rate
Channel partnersChannel Partners and partner login navigationPartner-sourced ARR, margin and churn

Public site does not disclose channel mix.

Public marketing and demand signals
signalpublic evidencediligence relevance
Analyst recognitionCompany page lists 2026 Gartner Magic Quadrant Leader and Forrester Wave Leader badgeSupports category credibility but not conversion
Case-study libraryCase-study page lists multiple named/segmented examplesSupports use-case breadth
$100M+ ARR claimSecurityWeek reported ARR exceeded $100M in 2023Indicates GTM scale but needs current ARR validation

Marketing outcomes are not public.

Enterprise GTM funnel Publicly visible GTM flow from awareness to customer success.

Public data does not provide conversion rates.

Chapter 06

06Research and Development

Claroty's R&D credibility is supported by platform breadth, Team82 threat research, vulnerability disclosure resources and named technology leadership, but roadmap, engineering productivity and IP ownership remain private.

VI.A Product development, Team82 and security controls

partially verified confidence: medium

Company navigation and leadership pages indicate threat research, vulnerability disclosure, CTO/CIO roles and multiple discovery methods, but detailed roadmap and engineering health are not public.

Evidence gaps

  • Roadmap
  • release cadence
  • engineering org
  • IP assignments
  • patent portfolio

Hidden risks

  • Undisclosed audit exceptions
  • R&D complexity across cloud/on-prem
  • Protocol coverage debt
  • Vulnerability disclosure liability.

Follow-up questions

  • What technical debt
  • security audit exceptions and roadmap items are material to renewals and win rates?
R&D leadership and security personnel signals
role or teampublic evidencediligence gap
Chief Technology OfficerLeadership page lists Amir Preminger as CTOR&D org and roadmap ownership
Chief Information OfficerLeadership page lists Yuval Zilberman as CIOInternal security operations and audit ownership
Team82 threat researchSite navigation links Team82, threat intelligence, vulnerability disclosure dashboard and researchResearch output, disclosure SLAs and legal review process

Technical organization size and productivity are private.

Product pipeline and evidence gaps
product or research areapublic signaldiligence request
Discovery methodsClaroty Edge, passive monitoring, safe queries, project file analysis and ecosystem enrichment listedCoverage roadmap and attach rates
Compliance/security controlsSOC 2 Type 2, ISO and other certifications listedAudit reports, exceptions and remediation status
Vulnerability disclosureVulnerability disclosure dashboard and PGP key in navigationDisclosure backlog, SLA and legal review

Pipeline dates are not public.

R&D and assurance operating model Publicly visible research, product and compliance loops.

Artifact scope and exceptions require NDA.

Chapter 07

07Management and Personnel

Claroty publicly lists a deep executive team and board, including CEO Yaniv Vardi, CFO/COO Udi Bar Sela, CTO Amir Preminger and investors/directors from Team8, Bessemer, SoftBank, MoreVC, Standard Investments, Rockwell Automation and SE Ventures.

VII.A Leadership, board and workforce signals

verified confidence: high

Leadership depth is visible, but tenure, founder operating roles, attrition, headcount distribution and compensation liabilities need private diligence.

Evidence gaps

  • Org chart
  • headcount trend
  • employee attrition
  • option refresh needs
  • employment agreements and board/investor rights.

Hidden risks

  • Founder role transition
  • Complex investor rights
  • Executive retention risk before IPO/liquidity.

Follow-up questions

  • What are current headcount
  • attrition
  • executive retention arrangements and board consent rights?
Senior management roster
namerolediligence gap
Yaniv VardiChief Executive OfficerEmployment terms, retention and succession
Udi Bar SelaChief Financial Officer and Chief Operating OfficerFinance controls and IPO readiness
Gil Gur Arie / Amir Preminger / Yuval ZilbermanCPO / CTO / CIOProduct and technology org retention
Upa Campbell / James Love / Shira Bar YosefCMO / CRO / CCOGTM productivity and customer-success accountability

Public page is current enough for roster, not compensation.

Board and workforce diligence signals
areapublic evidencerequest
Board/investor governanceBoard includes co-founders and directors from Team8, Bessemer, SoftBank, MoreVC, Standard Investments, Rockwell Automation and SE VenturesBoard rights, consent rights and related-party contracts
Workforce scaleNo current headcount found in public sources in this passHeadcount by function/location, attrition and hiring plan
Culture/employer signalCompany page lists Great Place to Work April 2025Employee survey, attrition and critical-role vacancies

Workforce metrics require company records.

Claroty executive org chart Public executive team structure.

Reporting lines are inferred from executive structure, not confirmed reporting relationships.

Claroty public people-signal counts Publicly observable management/personnel anchors and missing workforce metrics.

The zero value denotes unavailable public data, not an employee-count estimate.

Chapter 08

08Legal and Related Matters

Public sources did not confirm an IPO, acquisition or shutdown; legal diligence should focus on security/compliance audit evidence, customer/regulatory obligations, IP ownership and IPO-preparation reports.

VIII.A Legal status, compliance and regulatory exposure

partially verified confidence: medium

Public evidence indicates compliance claims and possible IPO preparation, but no completed IPO; audit reports, open matters, IP schedules and regulatory correspondence remain private.

Evidence gaps

  • Legal open-matter schedule
  • IP assignment records
  • regulatory inquiries
  • customer indemnities
  • incident history

Hidden risks

  • Undisclosed security incidents
  • Critical-infrastructure contractual liability
  • Export-control/public-sector compliance
  • Investor rights triggered by IPO process.

Follow-up questions

  • What material legal
  • compliance
  • security or regulatory matters have been reserved
  • disclosed or remediated?
Legal and regulatory matter summary
matterpublic evidencestatusrequest
Completed IPO/acquisition/shutdownIPO snippets described possible preparation, not completionNo completed IPO foundConfirm corporate status, board minutes and strategic process
Open litigation/regulatory actionsNo complete docket/regulatory search evidence in public notesnot_publicly_verifiableCounsel open-matter schedule, reserves and regulatory correspondence
Security/compliance audit reportsTrust Center says reports and pen tests require NDAnot_publicly_verifiableSOC 2/ISO reports, pen-test reports and remediation log

Absence of public matter is not a clean legal opinion.

IP, certifications and compliance evidence
topicpublic evidencerisk or request
CertificationsSOC 2 Type 2, ISO 27001:2022, ISO 27701:2019, C5, CSA STAR, HIPAA, GDPR and SOCI listedReview audit scope and exceptions
IP ownershipNot public in this passRequest patents/trademarks, invention assignments and OSS/SBOM review
Critical-infrastructure customer obligationsPublic-sector, healthcare and industrial markets are publicReview indemnities, breach obligations, export controls and public-sector clauses

Compliance claims need documentary audit review.

Claroty risk heatmap Key risk priorities from public diligence.

Risk placement is an analyst judgment from public evidence.

Evidence

Evidence claims
IDClaimStatusSources
EC-CLY-001 CB Insights candidate data listed Claroty as a United States enterprise-tech unicorn headquartered in New York, valued at $3B with first-unicorn date June 17, 2021. partially verified medium SRC-CLY-001
EC-CLY-002 SecurityWeek reported Claroty raised $100M strategic growth funding in March 2024, bringing total investment to $735M, with a reported $2.5B valuation that Claroty declined to confirm while confirming an up-round. verified high SRC-CLY-002
EC-CLY-003 SecurityWeek reported Claroty exceeded $100M ARR in 2023 and claimed its solutions are used by 20% of Fortune 100 companies. partially verified medium SRC-CLY-002
EC-CLY-004 Claroty says it secures industrial, healthcare, commercial and public-sector cyber-physical systems. verified high SRC-CLY-003
EC-CLY-005 Claroty's platform includes asset inventory, exposure management, network protection, secure access, threat detection, multiple discovery methods and cloud/on-prem deployment. verified high SRC-CLY-004
EC-CLY-006 Claroty Trust Center lists SOC 2 Type 2, ISO 27001:2022, ISO 27701:2019, C5, CSA STAR, HIPAA, GDPR and SOCI posture, while audit reports and pen tests require NDA. partially verified high SRC-CLY-005
EC-CLY-007 Claroty publicly lists case studies including Ohio State University Wexner Medical Center, PHSA/FHA, Phlow, Hydrovolt and a global data center platform. verified high SRC-CLY-006
EC-CLY-008 Claroty company page lists multiple awards and recognitions including Gartner, Forrester, Forbes Cloud 100, Deloitte Fast 500 and Great Place to Work. partially verified medium SRC-CLY-003
EC-CLY-009 Claroty's leadership page lists its executive team, board and Team82/threat research navigation. verified high SRC-CLY-008
EC-CLY-010 Public IPO-related snippets indicated Claroty may be preparing for an IPO, but no completed IPO was found. partially verified medium SRC-CLY-009
EC-CLY-011 Several material diligence items, including current financials, contracts, headcount, legal matters and IP schedules, are not publicly verifiable. not publicly verifiable high SRC-CLY-011
Sources
IDPublisherTitleAccessed
SRC-CLY-001 CB Insights CB Insights unicorn-list candidate row for Claroty 2026-05-25
SRC-CLY-002 SecurityWeek Fresh $100 Million Claroty Funding Brings Total to $735 Million 2026-05-25
SRC-CLY-003 Claroty Claroty About Us / Company page 2026-05-25
SRC-CLY-004 Claroty Claroty Platform page 2026-05-25
SRC-CLY-005 Claroty Claroty Trust Center 2026-05-25
SRC-CLY-006 Claroty Claroty XIoT Cybersecurity Case Studies 2026-05-25
SRC-CLY-008 Claroty Claroty Leadership Team 2026-05-25
SRC-CLY-009 Public web search snippets / aggregator notes Claroty IPO search and aggregator notes 2026-05-25
SRC-CLY-011 GitHub Copilot diligence agent Analyst gap log from public-source diligence 2026-05-25

Disclaimer

This report is a public-evidence diligence snapshot, not investment advice. Important financial, legal, technical, and contractual facts remain non-public and should be verified directly with management and primary documents before any investment decision.