Startup Diligence
Diligence report API security, application security, and cloud security software Late-stage private cybersecurity unicorn

Salt Security

Salt Security Public-Source Startup Diligence Report

Track for follow-on diligence rather than underwrite from public sources alone: the company occupies an important security category and has strong historical financing validation, but the 2022 valuation and growth claims must be re-underwritten against current ARR quality, renewal data, competitive displacement, and technical efficacy.

Company profile

Salt Security Public-Source Startup Diligence Report

Salt Security is a credible late-stage API security vendor with verified unicorn financing, recognizable enterprise logos, and a public product narrative aligned to API discovery, posture, and threat protection. The diligence case is nevertheless materially incomplete because audited financials, current ARR, current valuation, customer concentration, product-efficacy evidence, cap table economics, and founder/IP provenance documents are not public.

Website
salt.security
Sector
API security, application security, and cloud security software
Geography
United States headquartered with Israel-linked founding and R&D footprint
Stage
Late-stage private cybersecurity unicorn
Known aliases
Salt Security, Inc., Salt, Secful
Report version
1.0
Timezone
UTC

Executive summary

Strengths

  • CB Insights and the Series D announcement support Salt's $1.4 billion unicorn valuation and $140 million Series D financing.
  • Company product materials consistently position Salt around API discovery, posture/governance, and runtime threat protection.
  • Salt publishes privacy and subprocessor disclosures naming key infrastructure, AI, database, analytics, and affiliated processing vendors.

Risks

  • Financial opacity and the age of the $1.4 billion valuation make current enterprise value hard to underwrite.
  • Inconsistent public founding narratives and Secful-linked patent history require direct founder/IP document diligence.
  • API security is strategically attractive but competitive against standalone vendors and larger application-security/platform suites.
  • Privacy, AI, cloud, database, and analytics subprocessors create operational and regulatory diligence dependencies.

Gaps

  • Audited financial statements, ARR/MRR bridge, gross margin, cash runway, debt, and burn were not public.
  • Current cap table, preference stack, option pool, SAFE/convertible instruments, and valuation marks were not public.
  • Current customer list, revenue concentration, churn, NRR/GRR, deployment scope, and referenceability were not public.
  • Product-efficacy metrics, independent benchmarks, incident history, and SOC 2 / ISO evidence were not public.
  • Founder IP assignment and any founder separation or dispute documents were not public.

Recommended next steps

  • Obtain financial statements, ARR waterfall, bookings pipeline, cohort retention, margin, burn, cash, debt, and board KPI packs.
  • Review Series A-D financing documents, current cap table, investor rights, liquidation preferences, and valuation marks.
  • Conduct five to eight customer references across named logos and recent wins/losses; reconcile references to live revenue and renewal records.
  • Perform technical diligence on API discovery coverage, runtime detection efficacy, deployment friction, data flows, AI usage, and incident history.
  • Commission legal review of incorporation history, founder/IP assignments, Secful patent assets, privacy obligations, subprocessors, and material contracts.

Risk register

high medium likelihood

R-001: Financial opacity and stale unicorn valuation

Salt's $1.4B valuation is verified historically, but current ARR, growth, margin, burn, cash, debt, customer concentration, and valuation marks are not public.

Diligence request: Request audited financials, ARR bridge, retention cohorts, cash/burn/debt, cap table, preference stack, and latest valuation materials.

high medium likelihood

R-002: Founder and IP provenance inconsistency

Public founder/founding narratives and Secful patent records require direct reconciliation through incorporation, founder, invention-assignment, and separation documents.

Diligence request: Obtain formation records, founder agreements, IP assignments, Secful asset-transfer documents, release agreements, and full patent/trademark/open-source schedules.

high medium likelihood

R-003: Competitive compression from specialist and platform vendors

API security is important but crowded; broader security platforms can bundle API features, potentially pressuring standalone pricing and renewal priority.

Diligence request: Review win/loss, competitive pricing, displacement data, customer budget owner interviews, and product benchmark results.

high medium likelihood

R-005: Privacy, AI, cloud, and subprocessor dependency risk

Salt lists cloud, AI, database, analytics, services, and affiliate subprocessors; API-security data flows can trigger stringent customer, privacy, transfer, and AI governance obligations.

Diligence request: Review DPA/SCCs, SOC 2/ISO, DPIAs, vendor contracts, AI-service terms, data-flow diagrams, retention controls, and incident history.

medium medium likelihood

R-004: Customer-logo evidence does not prove revenue quality

Public customer logos and case studies support credibility but do not disclose ARR, renewal status, deployment breadth, churn, concentration, or referenceability.

Diligence request: Conduct customer references and reconcile to signed contracts, renewal schedules, deployment telemetry, NRR/GRR, and support records.

medium medium likelihood

R-006: Product efficacy and deployment coverage not independently proven

Public product pages describe discovery and behavioral protection, but independent efficacy, precision/recall, false positives, deployment friction, and customer outcomes are not public.

Diligence request: Perform technical diligence with live demos, customer telemetry, incident samples, red-team results, model governance, and architecture review.

medium medium likelihood

R-007: GTM efficiency and headcount productivity unknown

Public growth percentages do not reveal sales productivity, CAC payback, quota attainment, rep ramp, marketing ROI, or employee retention.

Diligence request: Request pipeline, quota, win/loss, CAC payback, marketing ROI, rep roster, headcount history, attrition, and compensation data.

medium unknown likelihood

R-008: Legal docket, IP estate, insurance, and contracts not exhaustively verified

No major public litigation was found in the reviewed source set, but exhaustive docket, contract, insurance, IP, and regulatory diligence was not performed.

Diligence request: Have counsel perform docket/regulator searches and review litigation schedules, contracts, insurance policies, IP schedules, and privacy/regulatory records.

Chapter 01

01Financial Information

Public financing evidence is strong through the 2022 Series D, but operating financials are not public. The central diligence issue is whether Salt's current ARR quality, growth durability, and cash profile support or reset the historical $1.4 billion valuation.

I.A Annual and quarterly financial information for the past three years

not publicly verifiable confidence: medium

No audited financial statements, quarterly P&L, revenue by product, gross margin, deferred revenue, burn, cash, or debt schedule were located in public sources. The most concrete operating datapoints are unaudited growth percentages reported in the 2022 Series D announcement.

Evidence gaps

  • Audited financials, current ARR, revenue by product/customer/region, gross margin, burn, cash, debt, and bookings pipeline.

Hidden risks

  • Public percentage-growth claims can mask small baselines, one-time enterprise wins, or weaker net retention after the funding cycle.
  • Cybersecurity budget cycles and consolidation into larger suites may pressure standalone ARR growth and pricing.

Follow-up questions

  • What were ARR, net dollar retention, gross retention, CAC payback, gross margin, burn multiple, cash balance, and runway at each quarter since 2021?
Financial statement visibility matrix
itempublic statusdiligence implication
Audited financial statementsNot found publiclyCannot assess revenue recognition, costs, margins, cash, debt, or contingencies.
ARR / MRR scheduleNot found publiclyHistorical growth percentages cannot be converted into current run-rate quality.
Cash, burn, debt, and runwayNot found publiclyCurrent financing risk cannot be measured from public evidence.
Revenue by product and customerNot found publiclyProduct-market fit and customer concentration remain unverified.

Absence of public disclosure is expected for a private company but is material for underwriting.

Public growth claims requiring denominator diligence
metricpublic claimmissing denominatorprimary request
Revenue growth500%Starting ARR, ending ARR, period, currency, and revenue-recognition policy.ARR bridge, audited revenue, bookings, NRR/GRR, and revenue by customer/product.
Customer growth300%Customer-count definition, paid versus pilot, and starting/ending count.Customer roster by quarter, paid status, contract value, cohort retention, and churn.
Employee growth250%Starting headcount, function, geography, and contractor inclusion.Payroll roster, hiring plan, attrition, and headcount by function/location.
Fortune/Global 500 signed customers900%Signed-customer baseline, active deployment, contract value, and renewal status.Signed enterprise-customer roster, ARR, contract dates, reference status, and deployment scope.

Percentage claims are directionally useful but cannot be valued without denominators and current metrics.

Public financing history and valuation evidence
milestonedatedisclosed termsdiligence read
Series A2020$20M Series A led by Tenaya Capital reported publicly.Supports venture validation but not current valuation, preference terms, or ARR.
Series B2020$30M Series B led by Sequoia Capital reported publicly.Supports strong investor syndicate; cap table terms remain private.
Series C2021$70M Series C led by Advent International reported publicly.Indicates pre-Series-D capital availability but not operating quality.
Series D / unicorn2022-02-10$140M Series D led by CapitalG; $271M total funding; $1.4B valuation.Verifies unicorn status historically; must be re-underwritten against current metrics.

Public sources do not disclose liquidation preference, option-pool refresh, secondary sales, debt, or current valuation.

Salt financing and product-development timeline Public timeline of disclosed financing and selected product/integration signals.

Timeline dates after financing are public-source signals, not audited roadmap milestones.

Disclosed cumulative funding and valuation snapshot Chart comparing disclosed financing amounts and the 2022 unicorn valuation snapshot.

Round amounts and valuation are public disclosures; current valuation is unknown.

I.B Financial Projections

not publicly verifiable confidence: low

Public sources did not provide management forecasts, pipeline conversion, budget, or hiring-plan projections. Any underwriting case requires direct access to the plan and variance history.

Evidence gaps

  • Board-approved plan, pipeline coverage, sales capacity model, quota attainment, churn scenarios, and sensitivity cases.

Hidden risks

  • Forecasts may depend on continued enterprise-security budget expansion, channel performance, and displacement of broader application-security platforms.

Follow-up questions

  • How does management bridge current ARR to the next 24 months by new logos, expansion, price increases, churn, and channel contribution?

I.C Capital Structure

partially verified confidence: high

Public announcements identify Seed/Series A-D milestones and the 2022 $1.4 billion valuation, but cap table economics, preference stack, option pool, debt, and secondary activity are not public.

Evidence gaps

  • Fully diluted cap table, investor-rights agreements, option grants, secondary transactions, debt documents, and valuation marks.

Hidden risks

  • A high 2022 valuation may imply complex liquidation preferences or reset risk if current growth has decelerated.
  • Public funding totals do not reveal liquidation preference, participating preferred rights, redemption rights, debt, or option-pool dilution.

Follow-up questions

  • What is the current fully diluted ownership, preference stack, liquidation waterfall, and most recent 409A / third-party valuation?

I.D Other financial information

not publicly verifiable confidence: low

Tax, debt, off-balance-sheet liabilities, significant contracts, credit facilities, and insurance schedules were not public.

Evidence gaps

  • Debt schedule, liens, tax exposures, customer indemnities, data breach insurance, and material-contract liabilities.

Hidden risks

  • Enterprise SaaS contracts may include service-credit, indemnity, privacy, and breach-notification obligations not visible in marketing materials.

Follow-up questions

  • Provide all debt, liens, guarantees, material off-balance-sheet obligations, service-credit exposure, and insurance claims history.
Chapter 02

02Products

Salt's public product architecture centers on API discovery, posture/governance, runtime threat protection, and security-program integrations. The key diligence question is whether runtime efficacy and deployment coverage are independently validated across live enterprise environments.

II.A Description of each product

partially verified confidence: medium

Public product pages describe a platform for API discovery, inventory/context, posture and compliance, threat detection, testing/remediation, and integrations into development, cloud, and security workflows. Public materials also highlight newer agentic-security positioning.

Evidence gaps

  • Architecture diagrams, deployment modes, supported gateways, API coverage metrics, detection precision/recall, model governance, and customer incident outcomes.

Hidden risks

  • API discovery gaps can undermine downstream posture and threat-detection claims if traffic coverage is incomplete.
  • Runtime detection quality may vary by deployment mode, data sources, baseline period, and customer API complexity.
  • AI-enabled security positioning may create customer questions about data processing, explainability, and model/vendor dependencies.

Follow-up questions

  • What percentage of APIs are discovered in production within 30/60/90 days, and how is coverage measured against customer source-of-truth inventories?
  • What independent benchmark or red-team evidence supports Salt's threat-detection claims?
Salt product module evidence matrix
modulepublic evidencediligence question
API discovery and inventorySalt describes discovery and context for APIs across environments.What percentage of live APIs are discovered and classified versus a customer source of truth?
API posture and governanceProduct materials reference posture, compliance, and remediation workflows.How are policy violations prioritized, assigned, remediated, and verified?
Runtime threat protectionSalt describes behavioral threat detection and protection against API attacks.What precision, recall, and response-time evidence exists in production environments?
AI / agentic security positioningSalt markets an Agentic Security Platform and AI-era API protection.Which features use AI models or AI vendors, and how are customer data and model outputs governed?

Product descriptions are publicly verifiable; efficacy requires non-public technical evidence.

Public integration and ecosystem signals
integration signalstrategic logicdiligence request
GitHub ConnectShifts API-security findings into developer workflow and source context.Usage metrics, attach rates, remediation time, and customer adoption.
Databricks-related connector or partner contentExtends API/data security workflow to data-platform environments.Production deployments, revenue contribution, and partner terms.
Netlify-related connector or partner contentConnects API security to modern application delivery and developer workflows.Active users, conversion to paid accounts, and co-marketing pipeline.
Security operations, cloud, and application workflowsIncreases stickiness if findings route to SIEM/SOAR, ticketing, and cloud controls.Integration telemetry, customer retention impact, and support burden.

Public integration existence does not establish meaningful revenue or retention impact.

Product efficacy diligence checklist
claim areapublic claim statusvalidation artifact
API discovery coverageDescribed by Salt product pagesSide-by-side inventory reconciliation for sampled customers.
Behavioral threat detectionDescribed by Salt product pagesPrecision/recall, incident-response evidence, false-positive logs, and customer outcomes.
AI / agentic controlsMarketing and product positioning visibleModel cards, data-flow diagrams, vendor terms, prompt/log retention, and abuse-testing records.
Remediation workflow impactIntegration signals visibleTime-to-remediate metrics, ticket closure data, and developer-adoption evidence.

Technical diligence should include live demo, architecture review, customer telemetry, and red-team results.

Publicly described Salt platform data-flow architecture High-level architecture inferred from public product and subprocessor materials.

This is an inferred architecture from public materials, not a verified internal diagram.

Public Series D growth-claim index Series D announcement growth percentages indexed for visual comparison.

Growth percentages are not audited financial metrics in public sources.

Chapter 03

03Customer Information

Salt publicly names credible enterprise customers and publishes case-study/logos, but revenue concentration, renewal status, deployment breadth, customer satisfaction, and churn are not public.

III.A Top customers by application

partially verified confidence: medium

Public Salt materials list enterprise customers across financial services, technology, retail, travel, and infrastructure. Public sources do not rank customers by revenue or deployment size.

Evidence gaps

  • Top-20 customer list by ARR, contract start/end dates, deployment scope, renewal status, NRR/GRR, support tickets, and churn/downsells.

Hidden risks

  • Customer logos may include pilots, expired deployments, limited-scope contracts, or low-revenue reference use.
  • Large financial-services customers can create demanding uptime, privacy, audit, and indemnity obligations.

Follow-up questions

  • Which public customer logos remain active paid customers today, what ARR do they represent, and are they willing to provide references?
Public named-customer evidence
customer or segmentpublic source typediligence limit
Ally BankSalt customer/case-study evidence reviewed in-sessionCurrent contract value, deployment scope, renewal, and reference status.
Finastra, Equinix, Armis, CarrefourSalt customer-logo evidence reviewed in-sessionPaid status, ARR, product modules used, and deployment breadth.
City National Bank, Payoneer, TripActionsSalt customer-logo or case-study evidence reviewed in-sessionCurrent customer status and customer referenceability.
Fortune / Global 500 signed customersSeries D growth claimBaseline, count, contract value, current status, and deployment scope.

Public logo use is useful but must be tested through direct references and contract data.

Customer economics evidence gaps
customer metricpublic statusrisk if missing
ARR by customerNot publicConcentration and dependence on a few enterprise contracts cannot be measured.
Net revenue retention and gross retentionNot publicLogo growth may hide churn, downsell, or weak expansion.
Deployment scope and modules usedNot publicLogos may represent narrow pilots rather than broad production usage.
Renewal and churn scheduleNot publicNear-term ARR stability cannot be assessed.

Customer economics are priority diligence before valuation work.

Public customer segment map Public named-customer evidence by segment and verification depth.

Map reflects public evidence only, not customer size or revenue.

III.B Strategic relationships

partially verified confidence: medium

Public materials indicate integrations and ecosystem relationships with developer, data, and deployment platforms, but channel economics and contractual commitments are not public.

Evidence gaps

  • Partner agreements, marketplace revenue, referral fees, integration usage, and co-sell pipeline.

Hidden risks

  • Integration partners may not drive material revenue unless supported by joint selling, marketplace motions, and technical stickiness.

Follow-up questions

  • What portion of pipeline and ARR comes through partner or marketplace motions, and what contractual commitments exist?
Public go-to-market channel signals
channel signallikely roleneeded metric
Enterprise customer pages and case studiesReference selling and category validation.Closed-won ARR influenced by references and case studies.
Product integrationsDeveloper workflow stickiness and partner-led discovery.Integration attach rate, partner-sourced pipeline, and renewal lift.
API-security threat research and contentDemand generation and buyer education.Content-sourced pipeline, MQL-to-SQL conversion, and CAC payback.
Enterprise direct salesClosing large security and application-team contracts.Quota attainment, ramp time, sales cycle, discounting, and win rate.

Public GTM signals do not establish productivity or efficiency.

Public go-to-market evidence funnel A diligence funnel showing what public GTM evidence can and cannot prove.

Funnel is a diligence logic model, not a measured conversion chart.

III.C Revenue by customer

not publicly verifiable confidence: low

Revenue by customer is not public. Public logos and growth percentages are insufficient to assess concentration, expansion, churn, or cohort quality.

Evidence gaps

  • Customer ARR distribution, renewal schedule, cohort retention, upsell/downsell, and customer health scores.

Hidden risks

  • Enterprise cybersecurity ARR can be concentrated in a small number of large accounts or renewals.

Follow-up questions

  • Provide top customers by ARR and renewal month, including gross retention and net retention by cohort.

III.D Significant relationships severed within the last two years

inconclusive confidence: low

Public sources reviewed did not identify significant severed customer relationships, but absence of public evidence is not conclusive.

Evidence gaps

  • Churn log, lost-deal reports, customer escalations, legal demand letters, and non-renewal reasons.

Hidden risks

  • Churn, product replacement, security incidents, or procurement disputes may remain confidential.

Follow-up questions

  • List every top-50 customer churn, non-renewal, or material downsell in the last 24 months and the stated reason.

III.E Top suppliers

verified confidence: high

Salt's public subprocessor disclosure identifies major infrastructure, AI, database, analytics, and affiliated-service providers, including AWS, Microsoft Azure OpenAI, MongoDB Atlas, SingleStore, Sisense, Sec4U, Salt Canada, and Salt Ltd.

Evidence gaps

  • Supplier contracts, DPAs, incident SLAs, data residency controls, audit reports, and business-continuity plans.

Hidden risks

  • Cloud, database, analytics, and AI subprocessors can create concentration, cross-border transfer, retention, and regulatory-control dependencies.

Follow-up questions

  • Which subprocessors process production customer traffic, API payloads, model inputs, security findings, logs, or metadata?
Public subprocessor and supplier risk leads
vendorapparent rolediligence focus
AWSCloud infrastructureData residency, uptime, security controls, BCP/DR, cloud spend, and commitments.
Microsoft Azure OpenAIAI service subprocessorCustomer-data use, retention, prompt/log controls, model governance, and regulatory representations.
MongoDB Atlas and SingleStoreDatabase/storage infrastructureCustomer-data segregation, encryption, backups, access controls, and data-location commitments.
Sisense, Sec4U, Salt Canada, Salt Ltd.Analytics, services, and affiliated processingData flows, affiliate agreements, support access, and cross-border transfer controls.

The subprocessor list is a concrete starting point for privacy, vendor, and business-continuity diligence.

Legal, privacy, and regulatory issue matrix
topicpublic evidencediligence workstream
Privacy and customer data processingPrivacy policy describes customer-data processing, privacy rights, transfer mechanisms, and related obligations.DPA, SOC 2, ISO, DPIA, retention, incident, audit, and customer-security review.
SubprocessorsPublic list includes cloud, AI, database, analytics, services, and affiliate subprocessors.Vendor contracts, data flows, AI terms, transfer-impact assessments, and BCP/DR.
Litigation and regulatory actionsNo major public action identified in reviewed public search set.Counsel-led docket searches, claims schedule, demand letters, and regulator correspondence.
IP / founder provenanceSecful patent record and inconsistent founder-source narratives.IP schedule, assignment chain, founder agreements, and separation releases.

Legal diligence should be counsel-led and include jurisdictions beyond public web searches.

Chapter 04

04Competition

API security is a meaningful security subcategory, but Salt competes with standalone API-security vendors and broader application-security, cloud-security, gateway, and security-platform vendors. Public differentiation claims require customer win/loss and technical evidence.

IV.A Competitive landscape by market segment

partially verified confidence: medium

Salt's public positioning emphasizes dedicated API security, behavioral runtime protection, posture, and discovery. Competitive pressure comes from other API-security specialists and larger security platforms that can bundle API protection into existing customer footprints.

Evidence gaps

  • Win/loss reports, displacement data, renewal loss reasons, competitive battlecards, feature benchmark results, and pricing comparisons.

Hidden risks

  • Incumbent security platforms may undercut pricing or bundle API functionality.
  • Customer security teams may prefer consolidated CNAPP/WAF/API gateway/application-security platforms over standalone tools.

Follow-up questions

  • Against which vendors does Salt most often win or lose, and what is the pattern by customer segment, deployment mode, and geography?
Competitive segment map
segmentexample competitionimplication for salt
Standalone API securitySpecialist vendors focused on API discovery, posture, and runtime protection.Direct product comparisons and win/loss matter most.
Application security platformsSAST/DAST/IAST, ASPM, and application-risk platforms adding API security.Buyers may consolidate testing, posture, and remediation budgets.
WAF, gateway, and CDN platformsTraffic-management and edge-security vendors with API controls.Incumbent traffic position can reduce standalone deployment willingness.
CNAPP and cloud security suitesCloud-security platforms expanding into application and API risk.Suite consolidation could pressure price and procurement priority.

Competitive examples are category-level; specific win/loss data must come from management and customers.

Differentiation claims and validation plan
claimed edgepublic supportvalidation test
Behavioral runtime protectionSalt product pages describe behavioral threat detection.Review customer incident detections, false positives, false negatives, and response workflows.
Broad API discoverySalt describes API discovery and inventory capabilities.Compare discovered APIs against customer CMDB, gateway logs, and code repositories.
Developer and ecosystem integrationsGitHub Connect and data/deployment connectors are publicly referenced.Measure attach rate, workflow adoption, ticket close time, and retained ARR lift.
Agentic-security positioningSalt markets an Agentic Security Platform.Validate product readiness, SKU revenue, customer adoption, model risk, and competitor parity.

Differentiation must be backed by win/loss, technical benchmarks, and customer ROI.

Competitive hidden-risk register
risk themepublic evidencediligence request
Suite bundlingMarket contains many adjacent security categories that can add API capabilities.Win/loss and pricing pressure by competitor class.
Feature paritySalt's product claims are public, but competitor feature comparison is not independently proven.Third-party benchmark, buyer survey, and competitive demo results.
Buyer consolidationPublic customer logos show enterprise relevance but not procurement priority.Customer budget ownership, renewal justification, and stack-consolidation plans.

Competitive diligence should be customer-led, not vendor-marketing-led.

API security competitive market map Positioning map for Salt versus competitive segment types.

This market map is analytical, not a paid analyst quadrant.

Chapter 05

05Marketing, Sales, and Distribution

Public materials indicate an enterprise-led go-to-market motion supported by customer logos, case studies, product integrations, and security thought leadership. Sales productivity, pipeline conversion, partner economics, and budget efficiency are not public.

V.A Strategy and implementation

partially verified confidence: medium

Salt appears to sell to enterprise security and application teams through direct enterprise sales, customer references, category education, and product integrations. Public sources do not disclose sales capacity or productivity.

Evidence gaps

  • Quota-carrying reps, pipeline coverage, win rates, sales cycle, CAC payback, marketing spend, partner attribution, and discounting.

Hidden risks

  • Enterprise GTM can be expensive, sales-cycle length can lengthen in security budget downturns, and channel contribution may be overstated.

Follow-up questions

  • Provide by-quarter pipeline, bookings, quota attainment, win/loss, CAC payback, sales-cycle length, and channel contribution since 2021.
Sales productivity requests
metricwhy it mattersrequested cut
Quota attainmentTests sales force productivity after headcount growth.Quarter, region, segment, rep tenure, new logo vs expansion.
CAC payback and burn multipleLinks GTM efficiency to valuation and financing risk.Segment, channel, customer size, and cohort.
Pipeline conversionTests forecast reliability.Source, stage, channel, segment, and competitor.
Discounting and sales cycleReveals price pressure and enterprise procurement friction.Segment, competitor, product module, and deal size.

These data are not public; request directly from management.

V.B Major Customers

partially verified confidence: medium

Major-customer evidence is primarily logo/case-study based. This supports brand credibility but does not substitute for live references and contract-level diligence.

Evidence gaps

  • Customer consent to reference, live deployments, renewal dates, contract value, expansion opportunities, and support escalations.

Hidden risks

  • Some logos may be non-referenceable or reflect narrow product use.

Follow-up questions

  • Which customer logos can take diligence calls within two weeks, and what deployment metrics will they validate?
Reference-call plan for major customers
reference groupkey questionsevidence to match
Financial services logosWhy Salt, what APIs are protected, what alternatives were evaluated, what outcomes were measured?Contract ARR, deployment scope, renewal status, security findings, and support tickets.
Technology and infrastructure logosHow was Salt integrated into developer, data, and runtime workflows?Integration usage, remediation workflow telemetry, and expansion history.
Recent wins and recent lossesWhat drove selection or rejection, and what competitive vendors were involved?Win/loss database, pricing, competitor, and procurement timeline.

Reference selection should include management-provided references and off-list customer checks.

V.C Principal avenues for generating new business

partially verified confidence: medium

Public signals point to direct enterprise sales, product-led technical education, partner/integration visibility, and thought leadership around API attack risk.

Evidence gaps

  • Lead-source attribution, campaign ROI, partner pipeline, marketplace transactions, and sales-assist economics.

Hidden risks

  • Category awareness may be high, but budgets could be captured by application-security, WAF, API gateway, or CNAPP vendors.

Follow-up questions

  • What are the top three lead sources by closed-won ARR and CAC payback?

V.D Sales force productivity model

not publicly verifiable confidence: low

Public sources did not disclose sales force size, quota attainment, ramp time, rep productivity, sales cycle, or CAC payback.

Evidence gaps

  • Rep roster, quota capacity, attainment, ramp cohorts, sales cycle, discounting, CAC payback, and pipeline coverage.

Hidden risks

  • Headcount growth without quota productivity can materially increase burn multiple.

Follow-up questions

  • How many quota-carrying reps are currently productive, ramping, or underperforming, and what ARR does each cohort generate?
Personnel and headcount diligence matrix
topicpublic evidencerequested detail
Employee growth250% employee growth claim in Series D announcement.Monthly headcount by function, geography, employee/contractor status, and cost.
Sales capacityNo public quota-carrying rep details.Rep roster, quota, ramp cohort, attainment, and turnover.
R&D capacityProduct releases and patent evidence show technical activity but not current capacity.Engineers by team, attrition, roadmap ownership, and technical debt.
Compensation and equityNot public.Compensation bands, executive pay, commission plans, option ledger, and retention grants.

Payroll and equity data are necessary to understand execution risk and dilution.

Personnel-growth claim versus diligence data need Public employee-growth percentage compared with missing personnel metrics.

Chart intentionally shows data availability, not actual headcount.

V.E Ability to implement marketing plan with current and projected budgets

not publicly verifiable confidence: low

Current and projected marketing budgets were not public. Category education, customer references, and partner integrations are visible, but their cost and conversion rates are unknown.

Evidence gaps

  • Marketing budget, campaign ROI, lead quality, paid-channel mix, field-event spend, and partner marketing contribution.

Hidden risks

  • Marketing ROI may decline if API-security demand is captured by broader platform vendors.

Follow-up questions

  • Provide marketing source-of-pipeline and source-of-ARR by channel for the past eight quarters.
Chapter 06

06Research and Development

Public evidence shows active product development around API security, integrations, and AI/agentic positioning, while patent evidence links Secful-era IP to Roey Eliyahu and Omer Sadika. Internal roadmap, code quality, R&D headcount, and technical debt remain non-public.

VI.A Description of R&D organization

partially verified confidence: low

Public materials indicate Israel-linked founding/R&D context and product development in API security, but no detailed R&D org chart, headcount-by-function, budget, release cadence, backlog, or technical-debt register was public.

Evidence gaps

  • Engineering org chart, team locations, attrition, roadmap, bug backlog, technical debt, SDLC controls, and security review process.

Hidden risks

  • R&D execution may depend on scarce API-security, threat-research, and machine-learning talent.
  • Founder/IP provenance questions can affect technical ownership if not contractually clean.

Follow-up questions

  • Provide current R&D headcount by function and geography, roadmap commitments, release cadence, security bug backlog, and model-governance ownership.
Patent and IP provenance evidence
itemevidencediligence implication
Secful-linked patentPatent record for US9853996B2 identifies Secful and inventors Roey Eliyahu and Omer Sadika.Verify whether and how Secful IP was assigned to Salt.
Founder narrative inconsistencyCurrent and older public sources reviewed in-session vary on date/founder framing.Request formation, assignment, founder departure, and release documents.
Broader IP estateOnly limited public patent evidence was captured for this standard screen.Verify patents, trademarks, copyrights, open-source use, and trade-secret ownership.

IP assignment is a priority legal diligence item because public records alone do not prove clean ownership.

R&D and roadmap public signal matrix
signalinterpretationdiligence gap
GitHub ConnectProduct development reaches earlier into developer workflow and source context.Adoption, SKU economics, remediation impact, and support burden.
Databricks and Netlify connector referencesProduct strategy may follow modern data and application delivery workflows.Active customer usage, partner terms, and revenue impact.
Agentic Security Platform positioningSalt is adapting API security for AI/agentic software risk.Technical maturity, model governance, customer adoption, and differentiated IP.
Behavioral runtime protection messagingCore R&D focus remains API abuse detection and runtime context.Detection efficacy, customer incident proof, and scalability.

Public roadmap signals require management roadmap and customer adoption evidence.

IP and product provenance timeline Public IP and product signals relevant to technical and legal diligence.

Current and older public narratives should be reconciled with legal documents.

VI.B New Product Pipeline

partially verified confidence: medium

Public new-product signals include integrations and agentic-security positioning, but commercial adoption, release timing, and roadmap risk are not public.

Evidence gaps

  • Roadmap, beta customer list, SKU/pricing, attach rates, usage telemetry, release risks, and model-validation results.

Hidden risks

  • New product messaging may be ahead of realized customer adoption or monetization.
  • AI/agentic features may increase evaluation burden for privacy, security, and model-risk teams.

Follow-up questions

  • Which new products have separate SKU revenue, committed design partners, active production usage, and measurable retention impact?
Chapter 07

07Management and Personnel

Public leadership and growth claims support a scaled late-stage organization, but founder history contains public inconsistencies and detailed personnel data is not public.

VII.A Organization Chart

partially verified confidence: medium

Current public pages identify executive leadership at a high level, but no complete organization chart, reporting lines, board composition, or functional ownership map was public.

Evidence gaps

  • Full org chart, board roster, committee structure, decision rights, succession plan, and key-person dependencies.

Hidden risks

  • Leadership changes, founder role changes, and unclear ownership of AI/privacy/security controls may affect execution risk.

Follow-up questions

  • Provide current org chart, board and observer list, executive compensation, succession plans, and key-person retention risk assessment.
Founder and leadership narrative reconciliation
source clusterobserved narrativereconciliation needed
Current Salt about / leadership pagesCurrent materials reviewed in-session cite Roey Eliyahu and Michael Nicosia with a 2018 founding narrative.Incorporation records, board consents, role history, and company-approved founder list.
Older financing and market-database sourcesOlder materials and snippets reference 2016 origin and/or Omer Sadika.Founder agreements, separation agreements, equity treatment, and public correction history.
Patent recordsSecful patent records name Roey Eliyahu and Omer Sadika as inventors.Invention assignment and asset-transfer chain from Secful-era work to Salt.

Inconsistency is not proof of wrongdoing; it is a document request trigger.

Public leadership and diligence org chart Publicly identified leadership nodes and missing diligence functions.

This figure is a diligence ownership map, not Salt's official org chart.

VII.B Historical and projected headcount by function and location

partially verified confidence: medium

The Series D release reported 250% employee growth, but public sources do not disclose baseline headcount, current headcount, functional mix, location mix, attrition, or hiring plan.

Evidence gaps

  • Headcount by month/function/location, attrition, open roles, hiring plan, compensation bands, and recruiter capacity.

Hidden risks

  • Rapid hiring may have increased burn or organizational complexity without proportional ARR productivity.

Follow-up questions

  • Reconcile employee-growth claims to payroll records and provide headcount by function/location since 2020.

VII.C Senior management biographies

partially verified confidence: medium

Public sources identify key executives, but diligence should verify employment history, founder roles, equity ownership, departures, and any unresolved claims from early company formation.

Evidence gaps

  • Incorporation documents, founder agreements, IP assignments, invention-assignment chains, founder departures, and equity treatment.

Hidden risks

  • Founder-history ambiguity may reflect ordinary narrative evolution, but it can also signal unresolved IP, equity, attribution, or separation issues.

Follow-up questions

  • Identify all founders and early inventors, describe any departures or role changes, and provide signed IP assignment and release documents.

VII.D Compensation arrangements

not publicly verifiable confidence: low

Compensation arrangements were not public.

Evidence gaps

  • Executive compensation, commission plans, severance, retention grants, and change-of-control terms.

Hidden risks

  • Retention packages and sales commissions may affect burn, dilution, and post-transaction incentives.

Follow-up questions

  • Provide executive compensation, commission plan, retention packages, and change-of-control arrangements.

VII.E Incentive stock plans

not publicly verifiable confidence: low

Option plans, equity grants, and option-pool capacity were not public.

Evidence gaps

  • Equity incentive plan, grant ledger, option pool, refresh policy, 409A history, and retention grants.

Hidden risks

  • Late-stage down-round or refresh grants could dilute common holders and complicate retention.

Follow-up questions

  • Provide option ledger, fully diluted share count, refresh grants, 409A values, and unallocated pool.

VII.F Significant employee relations problems, past or present

inconclusive confidence: low

Public sources reviewed did not identify significant employee-relations problems, but no exhaustive employment docket or internal HR review was performed.

Evidence gaps

  • Employment claims, HR investigations, attrition data, engagement surveys, and exit-interview themes.

Hidden risks

  • Employment disputes, investigations, or retention problems may be confidential.

Follow-up questions

  • Disclose any employment claims, threatened claims, internal investigations, or material attrition events since 2020.

VII.G Personnel Turnover

not publicly verifiable confidence: low

Personnel turnover was not public.

Evidence gaps

  • Attrition by function/location, regretted attrition, key-person departures, and retention plans.

Hidden risks

  • Rapid growth can obscure turnover or talent-density changes in critical engineering and sales roles.

Follow-up questions

  • Provide quarterly attrition, regretted attrition, and key-person departure logs since 2020.
Chapter 08

08Legal and Related Matters

Public legal evidence includes privacy/subprocessor disclosures and patent records. Major litigation was not identified in public searches, but this is not a substitute for counsel-led docket, contract, IP, insurance, and regulatory diligence.

VIII.A Pending lawsuits against the Company

inconclusive confidence: low

No major pending lawsuit against Salt Security was identified in the public web searches summarized for this report, but this is low-confidence because docket systems were not exhaustively queried.

Evidence gaps

  • Counsel litigation letter, docket searches, demand letters, threatened claims, indemnity claims, and insurance notices.

Hidden risks

  • Private arbitration, threatened claims, small docket entries, employment claims, customer disputes, or sealed matters may not be captured.

Follow-up questions

  • Provide a counsel-prepared litigation and threatened-claims schedule across all jurisdictions.
Material contracts and insurance requests
document groupwhy neededpriority
Top customer contracts and DPAsVerify ARR, renewal, indemnity, service levels, security obligations, and privacy terms.high
Vendor and subprocessor contractsTest data-processing, AI, continuity, audit, termination, and cost risks.high
IP, founder, and employee assignment documentsResolve Secful/founder provenance and ownership of product IP.high
Insurance policies and claims historyAssess coverage for cyber, E&O, D&O, EPLI, customer claims, and privacy incidents.medium

These requests should be tied to a diligence materiality threshold and counsel review.

Salt diligence risk heatmap Risk severity and likelihood ratings derived from this public-source report.

Ratings reflect public-source uncertainty, not an investment recommendation.

VIII.B Pending lawsuits initiated by Company

inconclusive confidence: low

Public sources reviewed did not identify material litigation initiated by Salt, but exhaustive docket searches were not completed.

Evidence gaps

  • Counsel schedule of company-initiated proceedings and threatened matters.

Hidden risks

  • IP, customer, vendor, or employment claims may be pending or threatened outside public visibility.

Follow-up questions

  • List all claims or disputes initiated by Salt or its subsidiaries since inception.

VIII.C Environmental and employee safety issues and liabilities

inconclusive confidence: low

As a software company, public environmental exposure appears limited; employee safety and workplace issues were not publicly verifiable.

Evidence gaps

  • EHS policies, employment-law compliance, workers' compensation claims, and office lease obligations.

Hidden risks

  • Office leases, remote-work compliance, travel, and local employment-law compliance may create non-obvious exposures.

Follow-up questions

  • Provide employment-law, workplace-safety, remote-work, and lease-compliance disclosures.

VIII.D Material patents, copyrights, licenses, and trademarks

partially verified confidence: medium

Patent records identify Secful-linked patent US9853996B2 with Roey Eliyahu and Omer Sadika as inventors. The broader IP estate, trademark ownership, open-source usage, invention assignments, and any founder separation terms were not public.

Evidence gaps

  • Patent schedule, trademark schedule, open-source BOM, code ownership, contractor assignments, founder assignments, and IP dispute history.

Hidden risks

  • Missing or disputed IP assignments could affect ownership of early inventions, patents, code, trade secrets, or data sets.
  • Public patent coverage may be narrower than product claims or irrelevant to current defensibility.

Follow-up questions

  • Provide complete IP schedule and all invention-assignment agreements from founders, employees, contractors, and acquired entities.

VIII.E Insurance coverage and material exposures

not publicly verifiable confidence: low

Insurance coverage and claims history were not public.

Evidence gaps

  • Insurance policies, coverage limits, exclusions, claims history, customer-required coverage, and broker letters.

Hidden risks

  • Customer indemnity, data breach, service outage, or AI/privacy claims could exceed coverage if policies are weak.

Follow-up questions

  • Provide current policies, limits, exclusions, pending claims, and customer contract insurance requirements.

VIII.F Material contracts

partially verified confidence: medium

Material customer, vendor, subprocessor, cloud, AI, database, partner, lease, and financing contracts are not public. Privacy and subprocessor disclosures provide the main public leads.

Evidence gaps

  • Top customer contracts, vendor contracts, cloud commitments, AI-service terms, DPAs, partner agreements, and termination rights.

Hidden risks

  • Vendor terms may create data-transfer, service-continuity, audit, cost, or AI/data-use obligations.
  • Customer contracts may include broad security warranties, indemnities, audit rights, or breach penalties.

Follow-up questions

  • Provide all material contracts over the diligence threshold, including customer, vendor, partner, cloud, AI, and database agreements.

VIII.G Regulatory agency problems

partially verified confidence: medium

Public privacy materials indicate GDPR/CCPA and cross-border-transfer commitments. No regulator enforcement action was identified in the reviewed public source set, but privacy and AI-related data processing warrant counsel review.

Evidence gaps

  • Regulator correspondence, DPIAs, transfer-impact assessments, DPA templates, privacy incidents, customer audit reports, and AI governance documentation.

Hidden risks

  • Security vendors handling API traffic metadata may process sensitive customer data and be subject to strict contractual, sectoral, and cross-border requirements.

Follow-up questions

  • Provide privacy incident logs, regulator correspondence, DPIAs, transfer-impact assessments, customer audit findings, and AI governance documentation.

Evidence

Evidence claims
IDClaimStatusSources
EC-001 CB Insights lists Salt Security as a unicorn with a $1.4 billion valuation and a 2022-02-10 unicorn date. verified high SRC-001
EC-002 Salt Security announced a $140 million Series D led by CapitalG, $271 million total funding, and a $1.4 billion valuation. verified high SRC-002
EC-003 Salt Security publicly announced or was reported to have raised a $70 million Series C led by Advent International. verified medium SRC-003
EC-004 Salt Security publicly announced or was reported to have raised a $30 million Series B led by Sequoia. verified medium SRC-004
EC-005 Salt Security publicly announced or was reported to have raised a $20 million Series A led by Tenaya Capital. verified medium SRC-005
EC-006 Salt's Series D announcement reported 500% revenue growth, 300% customer growth, 250% employee growth, and 900% Fortune/Global 500 signed-customer growth. partially verified medium SRC-002
EC-007 Public sources did not disclose Salt's audited financial statements, current ARR, gross margin, cash, debt, burn, or detailed forecasts. not publicly verifiable medium SRC-002SRC-012
EC-008 Salt publicly describes API discovery, inventory/context, posture/governance, and remediation capabilities. verified high SRC-007SRC-008SRC-009
EC-009 Salt publicly describes behavioral threat protection and AI/agentic-security positioning. partially verified medium SRC-010SRC-011
EC-010 Salt publicly references product integrations or connectors such as GitHub Connect, Databricks, and Netlify-related workflows. partially verified medium SRC-020SRC-021SRC-022
EC-011 Salt publicly names enterprise customers including Ally Bank, Finastra, Equinix, Armis, Carrefour, City National Bank, Payoneer, and TripActions. partially verified medium SRC-012SRC-013SRC-014
EC-012 Salt's public customer materials do not disclose customer revenue concentration, churn, NRR/GRR, renewal status, or deployment breadth. not publicly verifiable high SRC-012SRC-013
EC-013 Salt's public subprocessor list includes AWS, Microsoft Azure OpenAI, MongoDB Atlas, SingleStore, Sisense, Sec4U, Salt Canada, and Salt Ltd. verified high SRC-016
EC-014 Salt's privacy policy describes customer-data processing, privacy rights, GDPR/CCPA context, SCCs/cross-border transfers, and retention/processing concepts. verified high SRC-015
EC-015 Public patent records for US9853996B2 identify Secful and inventors Roey Eliyahu and Omer Sadika. verified high SRC-017SRC-018
EC-016 Public founder/founding narratives reviewed in-session are inconsistent across current company materials, older financing materials, market-database snippets, and patent records. partially verified medium SRC-006SRC-002SRC-017SRC-018SRC-025
EC-017 Salt publishes leadership/about materials that identify current leadership and company positioning at a high level. partially verified medium SRC-006SRC-019
EC-018 Public searches reviewed for this standard screen did not identify major pending litigation, acquisition, IPO, shutdown, or regulatory-enforcement events for Salt Security. inconclusive low SRC-026
EC-019 Salt competes in a crowded API-security market with standalone vendors and broader application-security, WAF/gateway, CNAPP, and platform-suite competitors. partially verified medium SRC-023SRC-024
EC-020 Salt's public go-to-market signals include enterprise customer references, category education, integrations, and direct enterprise-security positioning. partially verified medium SRC-012SRC-020SRC-021SRC-022SRC-023
EC-021 No public IPO, acquisition, or shutdown event for Salt Security was identified in the reviewed source set. inconclusive medium SRC-006SRC-007SRC-026
EC-022 Salt publicly positions itself around an Agentic Security Platform and AI-era API risks. partially verified medium SRC-011
EC-023 Salt's broader patent, trademark, copyright, open-source, and invention-assignment estate is not fully verifiable from the limited public patent records reviewed. not publicly verifiable medium SRC-017SRC-018
EC-024 Salt's public employee-growth claim is 250%, but exact current headcount, function mix, location mix, attrition, and productivity are not public. partially verified medium SRC-002SRC-027
EC-025 Public subprocessor disclosures indicate Salt depends on third-party cloud, AI, database, analytics, services, and affiliated processors. verified high SRC-016
EC-026 Salt's privacy and subprocessor materials create specific AI, data-transfer, customer-data, and retention diligence issues. verified high SRC-015SRC-016
Sources
IDPublisherTitleAccessed
SRC-001 CB Insights The Complete List Of Unicorn Companies 2026-05-16
SRC-002 PRNewswire / Salt Security Salt Security Extends API Security Leadership with $140M Series D Financing at $1.4B Valuation 2026-05-16
SRC-003 Salt Security Salt Security Raises $70 Million Series C to Combat API Security Threats 2026-05-16
SRC-004 TechCrunch Salt Security raises $30M Series B to protect APIs 2026-05-16
SRC-005 TechCrunch Salt Security raises $20M Series A to help companies prevent API attacks 2026-05-16
SRC-006 Salt Security About Salt Security 2026-05-16
SRC-007 Salt Security Salt Security Platform 2026-05-16
SRC-008 Salt Security Salt API Discovery 2026-05-16
SRC-009 Salt Security Salt API Posture Management 2026-05-16
SRC-010 Salt Security Salt API Threat Protection 2026-05-16
SRC-011 Salt Security Salt Agentic Security Platform 2026-05-16
SRC-012 Salt Security Salt Security Customers 2026-05-16
SRC-013 Salt Security Salt Security customer case studies 2026-05-16
SRC-014 Salt Security Salt Security customer resources and stories 2026-05-16
SRC-015 Salt Security Salt Security Privacy Policy 2026-05-16
SRC-016 Salt Security Salt Security Subprocessors 2026-05-16
SRC-017 Google Patents US9853996B2 patent record 2026-05-16
SRC-018 Justia Patents Patent US9853996B2 2026-05-16
SRC-019 Salt Security Salt Security Leadership 2026-05-16
SRC-020 Salt Security Salt Security GitHub Connect public material 2026-05-16
SRC-021 Salt Security Salt Security Databricks connector public material 2026-05-16
SRC-022 Salt Security Salt Security Netlify connector public material 2026-05-16
SRC-023 Salt Security Salt Security API security threat research and blog resources 2026-05-16
SRC-024 Gartner Peer Insights Gartner Peer Insights API Protection vendor page for Salt Security 2026-05-16
SRC-025 Crunchbase Crunchbase company profile for Salt Security 2026-05-16
SRC-026 Analyst search notes Public negative-search notes for Salt Security legal and corporate-event checks 2026-05-16
SRC-027 LinkedIn LinkedIn company profile for Salt Security 2026-05-16

Disclaimer

This report is a public-evidence diligence snapshot, not investment advice. Important financial, legal, technical, and contractual facts remain non-public and should be verified directly with management and primary documents before any investment decision.