When it comes to security breakthroughs, the story often follows a familiar arc: new technology is created that enables excellent efficiency and productivity for business, government, and consumers. Buyers latch on, excited by the promise of what the technology enables. Adoption spreads – but soon, attacks taking advantage of the new technology begin. Vulnerabilities are discovered and exploited, and technologists must work hard to develop and apply the security layers required to ensure continued utility and adoption. 

Anticipating the need for a better security layer to protect emerging technologies has been part of several Ten Eleven investments in the past. It was part of our firm’s investment in Twistlock, a company that developed technology to secure containers as their use began to take off. This story also applies to our investment in Sonrai Security, a cloud security company that has developed to secure the use of public cloud infrastructure, and Ordr, which protects enterprises from attacks via connected devices.

Our latest Series A investment in Corsha also falls in this category – a clear example where a technology that creates incredible efficiency needs a better security layer to protect the enterprises currently benefiting from it. In this case, the innovation is application programming interfaces (APIs) and the exploding number of machine-to-machine API calls. APIs are like building blocks that developers can use to quickly build platforms that quickly access other cloud services and data. It’s not surprising that research shows that developers are using more APIs than ever before and plan to continue to increase this use dramatically in the years ahead. Many companies have adopted “API first” strategies, and API management platforms have seen strong growth as a result. As Cloudflare recently reported, API traffic is growing twice as fast as traditional web traffic.

But with incredible adoption rates, serious challenges have emerged. Security advisor Gartner has seen a 30% year-on-year increase in client inquiries related to API security and predicts API attacks will soon become the most-frequent attack vector to cause data breaches for enterprise web applications. 

The problem lies in APIs’ vulnerabilities in communication methodologies, based on API “secrets” that are too often shared, stale, stolen, or leaked in development databases. Corsha’s revolutionary insight was to tackle the problem in an identity-first way. The company’s technology assigns dynamic identities to a set of trusted machines via a distributed ledger network. API access is then “pinned” to these machines, which require MFA authentication, enabling Corsha to monitor, validate, and secure all API traffic. It’s the first zero-trust approach to API security, offering enterprises and organizations what we believe is a much more robust API protection layer than any other technology on the market today.

Corsha was founded in 2018 and has already received tremendous reception. The company has government and commercial customers and meaningful partnership relationships in API management and public cloud ecosystems. Corsha received SINET Company to Watch recognition in 2021 and was named to the FinTech 100 in 2021 and 2020. The Series A investment will enable further development of API discovery, continuous observability, and open-source tools – all of which are painful buyer needs at this time.

We believe in this incredible team, including Chris, Anusha, and Jared, as we have from the first meeting. We’re pleased to be joined in this investment by our good friends at Razor’s Edge, former investors in my company BlackHorse Solutions, and national security venture specialists. We are also pleased to have 1843 joining us in the round. We look forward to celebrating all together and supporting Corsha continually on the next stage of their journey.