Defakto

Defakto raised $30.75 million in Series B funding in October 2025, bringing total lifetime funding to approximately $50 million. The round was led by XYZ Venture Capital with participation from The General Partnership, Bloomberg Beta, WndrCo, Adverb Ventures, and J.P. Morgan.

Strategic investors include Michael Coates, former Twitter CISO.

Defakto provides a non-human identity and access management platform that replaces long-lived secrets like API keys and service accounts with short-lived, cryptographically verifiable identities. Each robot, script, container, microservice, or AI agent receives an identity document minted on demand and set to expire within minutes.

The platform consists of six core modules. Console is a web interface where security teams can see non-human identities across cloud, on-premises, and edge environments. Ledger continuously scans infrastructure to catalog workloads and flag orphaned or over-privileged identities. Mint issues X.509-SVID certificates that last only minutes when workloads start up, eliminating the need for credential vaults or manual rotation.

Ship injects identities into CI/CD pipelines so build jobs no longer store API keys in environment variables. Trim uses analytics to detect overly broad privileges and automatically reduces permissions. Mind extends the same short-lived identity model to AI agents and large language models, replacing static OpenAI keys with auditable, policy-bound access.

The platform is built on the open SPIFFE standard, so identities work natively with Kubernetes, Istio, Envoy, and other cloud-native tools. When a Kubernetes pod starts, it calls Defakto Mint, which verifies the pod's context and issues a certificate valid for about five minutes. The pod uses this certificate for secure communication, and when the pod dies, the certificate expires automatically.

Defakto sells a B2B SaaS platform used by enterprise security, platform engineering, and DevOps teams. Annual subscriptions are typically priced based on the number of workloads or identities under management, with enterprise contracts averaging $360,000 annually.

The platform focuses on securing non-human identities, which now outnumber human identities by 20-to-1 in most enterprises. Instead of managing static credentials that live for months or years, Defakto supports dynamic identities that exist only when needed and expire automatically.

Revenue expansion comes from new customer acquisition and from existing customers expanding deployments. As organizations adopt more microservices, AI agents, and automated pipelines, demand for identity management rises in parallel. The platform's integration with existing cloud infrastructure and adherence to open standards can reduce switching costs and speed deployment.

The business model benefits from the shift toward zero-trust security architectures and increasing regulatory requirements around access management and audit trails. Enterprise customers typically start with pilot deployments in specific environments before expanding across their entire infrastructure, creating expansion revenue patterns.

Traditional identity and access management vendors are extending their platforms to cover non-human identities. CyberArk offers Workload Identity Manager, which issues ephemeral certificates and integrates with its privileged access management suite. The company has deep enterprise relationships and comprehensive governance workflows, though solutions tend to be heavier and priced for large accounts.

Okta has expanded its identity fabric to include AI agents and just-in-time privileged access, given its footprint in workforce identity. CrowdStrike launched unified identity security that protects human, machine, and AI agent identities through its existing endpoint detection platform. SailPoint added an Agent Identity Security module that brings traditional identity governance to AI agents, though it lacks the low-latency identity issuance that many modern workloads require.

HashiCorp Vault Enterprise has added native SPIFFE authentication and automatic certificate rotation, moving beyond static secrets storage toward dynamic identity issuance. HashiCorp has an established enterprise presence and ecosystem integrations, though its architecture still centers around vault-based secret management rather than secretless operations.

Venafi, now part of CyberArk, focuses on certificate lifecycle management and has expanded into workload identity. Smallstep provides certificate automation and zero-trust connectivity, competing directly in the short-lived certificate space. These vendors are moving up-stack from certificate management toward comprehensive identity platforms.

Major cloud providers embed workload identity features natively into their platforms. AWS IAM Roles for Service Accounts, Microsoft Entra Workload ID, and Google Cloud Workload Identity Federation provide built-in solutions that integrate tightly with their respective ecosystems. While convenient for single-cloud deployments, these solutions create vendor lock-in and do not address multi-cloud identity federation needs.

The expansion of AI agents and autonomous systems creates a new category of non-human identities that need management. Defakto's Mind module provides short-lived, auditable identities for large language models and AI agents. As enterprises deploy more AI automation, each agent needs secure access to internal APIs and data sources, replacing the current practice of embedding static API keys.

Microsoft, CrowdStrike, and CyberArk launched AI identity products in 2025, broadening the total addressable market beyond traditional DevOps into enterprise AI automation. The agentic AI market is growing as organizations automate more business processes while maintaining security and compliance.

New regulations like NIS2 and DORA in Europe mandate specific cryptography, access control, and incident reporting requirements with fines up to €10 million. These deadlines are prompting enterprises to implement auditable identity management systems. Defakto's continuous discovery and audit trails align with these compliance requirements.

Similar zero-trust mandates are emerging in APAC markets, including Singapore's MAS guidelines and Australia's cybersecurity framework. Federal agencies in the US require FedRAMP compliance and award Department of Defense contracts, which can necessitate specialized government cloud deployments.

Connected devices in healthcare, energy, and manufacturing represent an expansion opportunity beyond traditional cloud workloads. Machine identities already outnumber human identities by 45-to-1, and this ratio continues growing as more industrial systems become connected. Each smart device, industrial robot, and edge computing node needs secure identity management.

The machine identity management market is projected to grow 8-12% annually through 2033, driven by digital transformation in regulated industries. Defakto can extend its platform to issue and govern identities for fleets of IoT devices, expanding from cloud-native workloads into operational technology environments.

hyperscaler integration: Major cloud providers like AWS, Microsoft, and Google are embedding workload identity features directly into their platforms, potentially commoditizing the market. If enterprises prefer native cloud solutions over third-party platforms, Defakto could face higher competitive pressure despite its multi-cloud positioning.

standards fragmentation: While Defakto built on the open SPIFFE standard, the identity space could fragment as different vendors promote competing approaches. If the market fails to converge on common standards, or if major players abandon SPIFFE for proprietary solutions, Defakto's interoperability advantage could diminish.

economic sensitivity: Enterprise security spending often correlates with broader economic conditions, and identity management projects may be deprioritized during budget constraints. Since Defakto targets large enterprise deals with long sales cycles, economic downturns could reduce new customer acquisition and expansion revenue.