Cybersecurity AI-Powered Cybersecurity Startups

9 Cybersecurity Startups to Watch From TechCrunch Disrupt Startup Battlefield 200

Meet nine cybersecurity startups selected for TechCrunch Disrupt Startup Battlefield 200, spanning AI security, deepfake detection, ransomware defense, and cloud risk.

A
·
Ad
White outline text "STARTUPS" against a dark blue starry night sky with three shooting stars.
The word 'STARTUPS' in white outline text is displayed against a dark blue starry background with three shooting stars.
Table of contents

Cybersecurity is increasingly being shaped by AI—both as a powerful tool for defenders and as an accelerant for attackers. This year’s crop of early-stage companies reflects that shift, with startups tackling everything from AI-enabled penetration testing and cloud vulnerability management to deepfake detection and ransomware recovery.

What Startup Battlefield 200 represents

TechCrunch’s Startup Battlefield is designed to surface ambitious, venture-scale startups across categories, culminating in a high-profile pitch competition. Each year, thousands of companies apply. From that pool, TechCrunch selects 200 “Startup Battlefield 200” contenders, and then narrows it further to 20 startups that pitch on the main stage for the Startup Battlefield Cup and a $100,000 cash prize.

But the remaining 180 startups don’t simply disappear into the background. They also participate in their own pitch competition and are often where emerging trends become visible first—particularly in cybersecurity, where new threat models and new defensive approaches can appear quickly.

Why these nine cybersecurity startups stand out

Across these nine companies, several themes are clear:

  • Security for AI, and security powered by AI: Multiple startups are building products aimed directly at AI risk (guardrails, unmanaged AI visibility, small language models tuned for security), while others use AI to scale defensive work like code analysis and asset discovery.
  • Operational security needs are expanding: Cloud vulnerabilities, unpatched exposures, and unknown assets remain persistent problems—areas where automation and “digital twin” style testing can help teams keep up.
  • Trust and authenticity are now frontline issues: Deepfakes are no longer a niche concern; real-time detection ties directly into identity authentication, age verification, and fraud prevention.

The 9 top cybersecurity startups from Startup Battlefield 200

AIM Intelligence

What it does: AIM Intelligence builds enterprise cybersecurity products aimed at protecting organizations from emerging AI-enabled attacks—and it also applies AI within its defenses.

Why it’s noteworthy: The company uses AI to run penetration tests that mimic AI-optimized attack techniques, and it focuses on protecting corporate AI systems by adding customized guardrails. It also provides an AI safety planning tool, reflecting the growing need for structured governance as businesses adopt AI across teams and workflows.

Corgea

What it does: Corgea offers an AI-driven enterprise security product for code analysis. It can scan code to identify flaws and also detect broken code that’s supposed to implement security controls such as user authentication.

Why it’s noteworthy: Beyond identifying issues, Corgea emphasizes the creation of AI agents that can help secure code. The company says its approach works across popular programming languages and their libraries—an important claim in modern environments where security teams have to support diverse stacks, frameworks, and rapid release cycles.

CyDeploy

What it does: CyDeploy focuses on automating asset discovery and mapping—identifying all the applications and devices connected to a network.

Why it’s noteworthy: Asset visibility is foundational: you can’t defend what you can’t see. CyDeploy goes a step further after mapping by creating digital twins that allow sandbox testing. It also enables security organizations to use AI to automate additional security processes, potentially reducing manual work tied to inventory, validation, and change management.

Cyntegra

What it does: Cyntegra provides a hardware-plus-software solution designed to prevent ransomware attacks.

Why it’s noteworthy: The company’s approach centers on securing a locked-away backup of systems—an idea that aims to deny ransomware operators their main leverage. By isolating a trusted copy, Cyntegra positions organizations to restore the operating system, applications, data, and credentials in the minutes following an attack, when speed can determine whether disruption spreads across the business.

HACKERverse

What it does: HACKERverse deploys autonomous AI agents that perform known hacker attacks against a company’s defenses inside an “isolated battlefield.”

Why it’s noteworthy: Security teams frequently rely on vendor tools and promised capabilities, but verification can be difficult in real environments. HACKERverse is positioned as a way to test whether vendor security products perform as advertised by simulating realistic attacks in a controlled setting—an approach aligned with the broader move toward continuous validation rather than periodic assessments.

Mill Pond Research

What it does: Mill Pond Research detects and secures unmanaged AI.

Why it’s noteworthy: As employees increasingly adopt AI tools to help with day-to-day work, “shadow AI” becomes a security and compliance issue—especially when those tools touch sensitive or regulated data. Mill Pond Research targets this gap by identifying AI tools that may be accessing confidential information or otherwise introducing risk, helping organizations bring visibility and control to AI usage happening outside formal procurement or governance processes.

Polygraf AI

What it does: Polygraf AI builds small language models tuned specifically for cybersecurity use cases.

Why it’s noteworthy: Rather than relying only on general-purpose models, the company’s security-focused models are used by enterprises to enforce compliance, protect data, detect unauthorized AI usage, and identify deepfakes, among other applications. The emphasis on “small language models” suggests a push toward models that can be more targeted and potentially easier to operationalize within enterprise constraints such as data handling and control requirements.

TruSources

What it does: TruSources detects AI deepfakes across audio, video, and images.

Why it’s noteworthy: Deepfakes are moving from novelty to operational threat, particularly in social engineering, identity abuse, and fraud. TruSources is positioned to work in real time for scenarios including identity authentication, age verification, and identity fraud prevention—use cases where decisions need to be made instantly and the cost of false trust can be high.

ZEST Security

What it does: ZEST Security offers an AI-powered enterprise security platform aimed at helping infosec teams detect and resolve cloud security problems.

Why it’s noteworthy: Cloud environments change quickly, and vulnerability backlogs can grow faster than teams can patch. Zest focuses on helping teams keep pace with known but unpatched vulnerabilities and brings vulnerability management together across clouds and applications—an increasingly important capability for organizations operating in multi-cloud and hybrid setups.

How to interpret the trendline: AI is now part of the attack surface

Many of these startups sit at the intersection of AI and security, but they approach the intersection from different angles. Some are explicitly focused on protecting AI systems (such as guardrails and safety planning). Others are focused on security outcomes powered by AI—automating code review, simulating attacks, or accelerating detection and remediation.

At the same time, the list underlines how security boundaries are expanding. “Assets” now include not only servers, endpoints, and SaaS apps, but also employee-adopted AI tools. Identity trust is no longer limited to passwords and MFA—it may involve determining whether the person on a call, in a video, or behind a biometric prompt is even real.

What to watch as these companies evolve

While each startup has a distinct product focus, buyers and practitioners will likely evaluate them along a few shared dimensions:

  • Deployment and integration: How easily the product fits into existing engineering and security workflows.
  • Signal vs. noise: Whether AI-driven detection and analysis produce actionable outcomes rather than more alerts.
  • Validation and measurability: How clearly value can be demonstrated—reduced risk, faster remediation, improved visibility, or higher resilience after an incident.
  • Governance readiness: For AI-focused tools, whether they support policies and controls that enterprises can audit and enforce.

Conclusion

This set of Startup Battlefield 200 selectees highlights where cybersecurity is heading: toward continuous testing, greater automation, stronger resilience against ransomware, and a fast-growing emphasis on securing AI usage and detecting synthetic media. As these startups mature, they could shape how enterprises defend both traditional infrastructure and the new AI-driven attack surface.

Based on reporting originally published by TechCrunch. See the sources section below.

Sources

Ad

You might also like