Brinqa is building the context layer that enterprise security is missing

The cybersecurity industry has been a victim of its own success. There is a tool for every attack surface and vulnerability, but each one generates alerts, and few of them talk to each other. This leaves big companies drowning in alerts.

“They’ve invested millions in all of these different tools. They’ve got their [endpoint detection and responses] (EDRs), they’ve got threat intelligence, they’ve got [cloud security posture management] (CSPM), and attack surface management — and all of them do very specific things,” says Dan Pagel, CEO of Brinqa.

“But they don’t want to have to go into each one to take action…There’s just so much noise and so much for them to triage that when you get to a certain size and volume…they simply can’t get to the bottom of it.”

Brinqa was built to solve this problem for some of the most complex security environments, including Global 2000 companies and the largest healthcare providers. The platform pulls signals from across an organization’s stack into a single decision layer, helping security teams figure out which of the thousands of vulnerabilities flagged each week actually matter, and what to do about them.

Turning data into a living map

This is a key part of what is known as continuous threat exposure management (CTEM), and with the rise of AI, it’s become a crowded category. In Pagel’s opinion, not always for the right reasons.

“What’s happening right now in the space is the same thing that happened with zero-trust six or seven years ago. It was perceived as a product. And the reality is it’s a framework,” he says.

“There’s no one company that’s doing all of it. It’s going to be various different companies and platforms that are bringing those pieces together so that you can have that continuous exposure management.”

Brinqa’s piece is helping people make decisions. The company’s platform ingests exposure data from over 240 security, IT, cloud, identity, application, and business systems, and unifies it in a cloud-native data layer. Brinqa’s Cyber Risk Graph turns this data into a contextual map of an organization’s environment, combining assets, vulnerabilities, ownership, and exploitability into a single model.

“The standard companies are giving you visibility to the assets. They’re giving you better dashboards. What we’re doing is we’re telling you what that all means.”

“We’re tying everything together and putting context around it that says, ‘This isn’t exploitable in your environment. Ignore that. Let’s focus on the 10 or 15 things that truly are.’  It’s a living, breathing context…and it’s changing as your environment changes.”

A record year

The company was founded in 2009 by cybersecurity veterans Amad Fida and Hilda Perez, who saw early on that enterprise security would become a coordination problem. The proliferation of best-of-breed point solutions, even then, had created the need for a horizontal view of risk across disparate sources — something that could proactively identify cybersecurity gaps and automate remediation.

Fida and Perez bootstrapped the company for more than a decade before Insight Partners led Brinqa’s first institutional round of $110 million in June 2021. Then, in 2024, Pagel, previously CEO of Playvox (acquired by NICE) and a leader at Britive, NetMotion, and MobileIron, stepped in as CEO. The company doubled bookings through the first three quarters of 2025.

A big part of that, says Pagel, was just listening. “[We] spent a lot of time sitting down with customers and trying to hear…what are their real challenges, and what does their day-to-day actually look like, versus what we perceive it to look like.”

Many customers, it turned out, were using Brinqa just for vulnerability management, leaving its application security and cloud security capabilities untouched. Teaching customers about the wider platform increased retention and net revenue retention.

“Explainability is trust”

On top of the data layer, Brinqa is building a growing number of AI Agents, which can fill gaps in the data, merge any duplicate findings, and enrich exposure intelligence. This gives security teams confidence in the data they’re making decisions with, and reduces traditionally manual work.

Take, for example, ownership of assets. “In many organizations, up to 80% of assets don’t have an owner attributed to them,” explains Pagel. “So even if you can find the exploitable vulnerability, who do you actually hand it to to go take care of it?” This is exactly what AI is good at: going through masses of data and contextualizing it. And the more data, the better.

“We’re telling customers, ‘Give us more, keep feeding it in, the more the better.’”

“We can then build Agents on top of that, and we can become the decisioning layer to do all of these individual point things that required many thousands of man hours…and so the Agents are saving millions of dollars for these customers, just taking away the spreadsheet processes that existed in correlating that data.”

But security teams aren’t comfortable with AI doing everything. “Customers aren’t quite ready…to trust AI to actually take actions within their environments, but they are ready for it to surface context.” Brinqa’s platform assigns a confidence score to every output, so security teams can see whether the model is 65% or 95% confident in the result, leaving the human to act on it or not.

This explainability matters for CISOs because they are increasingly being asked to justify their decisions to CIOs, CEOs, auditors, and boards. Brinqa’s data layer helps here, too. CISOs can pull snapshots of their company’s exposure profiles from six months and two years ago and show how it’s improving over time.

CISOs need to evolve with the speed of AI

What CISOs need to prove is getting harder because AI has changed what good looks like. It is expanding the surface they have to defend, and shrinking the time they have to defend it.

“The attack surface is going to evolve with the speed at which AI moves,” says Pagel. But he thinks it’s not necessarily attackers using speed to attack zero-days that are the biggest risk, but rather, AI expanding the attack surface, via the defenders.

Engineering teams are using AI to build their own applications, and that creates new vulnerabilities. “Their own attack surface is expanding, from the code that they’re writing, from the ability of attackers to build faster to be able to come after their environments.”

That leaves CISOs with a choice: chase the faster zero-days, or focus on reducing the overall footprint. “They’re still trying to figure out which one to address.”

“The job of a CISO today is not an enviable one…any breach is unacceptable, so it’s just that one vulnerability that matters.”

Either way, they now have less time to solve it. “We had a large Fortune 100 retailer who told us that six months ago, their [service level agreements] SLAs were 30 days for exploitable critical vulnerabilities. By the end of 2025, that was down to two days,” says Pagel. “And they expect that to come down to basically real time.”

Consolidation, expansion, and cutting through

“We’re moving at a crazy pace, but I’d say over the next two years, I think that we’re going to see both consolidation and expansion in the market. There is a huge opportunity, and it’s only getting bigger right now. You seem to hear of another acquisition taking place by a platform vendor every few months, and you absolutely see every couple of weeks, somebody coming out of stealth claiming to be a CTEM platform.”

But Pagel plans to focus on what Brinqa has always focused on. “We see the opportunity continuing to be to address the core problem that exists, which is companies being able to take in all of this data, put it into one place, and then make decisions against it,” says Pagel.

There will always be tools that create noise, and there will always be a need for tools that cut through it.

*Editor’s Note: Insight Partners has invested in Brinqa.