How Tamnoon is tackling the cloud security backlog with autonomous remediation

Cloud security has dramatically improved over the past decade. New tools that surface risks, misconfigurations, and vulnerabilities in real time have given organizations remarkable visibility.

But visibility has created a new problem. Security platforms generate thousands of alerts, and addressing them is rarely straightforward, particularly in live production environments where one small change can have unintended consequences. The result is huge backlogs of unresolved alerts, where risk is understood but not addressed.

“Detection and visibility are a software problem,” explains Marina Segal, cofounder and CEO of cloud remediation solution Tamnoon. Tools can plug into your cloud systems, pull out data, and automatically spot issues.

Fixing those issues is more challenging because it involves coordination and human judgment.

“You actually need to perform almost like an open heart surgery on the production system of your customer,” says Segal. You need to figure out who owns the system, convince them that the issue needs resolving, and gain approval to make changes.

“It’s more of an operational, people, process problem. People don’t want to take down production environments that generate revenues for the companies.”

“Security cannot be the aspect that stops your revenue generation streams.” 

The path to Tamnoon

Tamnoon’s founding team has deep roots in cloud security. Segal, along with cofounders Idan Perez and Zohar Alon, worked together at Dome9, an early pioneer in cloud security posture management (CSPM). “We were there in the cloud security space when it wasn’t called cloud security,” says Segal.

“We’ve seen the industry develop from day zero.”

The trio had a front-row seat to where the market was falling short. With remediation lagging behind detection capabilities, many customers were unwilling to risk making changes in live production environments, so even when automated fixes were available, they often went unused.

“What we noticed is that we have amazing technology, we have an amazing ability to…get visibility into the cloud,” recalls Segal. “The biggest challenge…that is not solved fully yet is, how do we make those tools fully operational?”

Solving that problem became the foundation for Tamnoon. The founders spent roughly two years refining the concept during the pandemic before deciding to focus fully on building a remediation solution.

Before building the product, Segal tested it with the market, gathering feedback from CISOs and security practitioners across industries. The pattern was consistent: Organizations had invested in powerful detection tools but lacked the resources, processes, and confidence to safely act on what those tools surfaced.

The AI Agent built to fix what detection tools leave behind

Tamnoon rolls the stages of remediation into one workflow. It connects to customers’ existing security tools, takes in their alerts, and investigates, prioritizes, and resolves them safely. “We’re basically the fixers,” says Segal. “We are doing all the heavy lifting.”

This positioning sets Tamnoon apart from much of the market, where most tools are designed to detect issues, not resolve them in complex, live environments. The platform is powered by a hybrid model. Tamnoon’s AI Agent, Tami, handles large-scale data processing, triage, and investigation.

“We trained her on how to prioritize cloud security issues in the context of each and every customer environment,” Segal says. “It’s not an Agent that was trained on generic LLM models…She was trained on real-life executions in production environments.”

 “You have to be behind the wheel to a certain extent.”

Human experts step in in situations where confidence is lower, such as when changes could impact critical systems, to validate decisions and oversee execution. “The most important thing is to know where human involvement is necessary and where it is not,” says Segal. “That’s how Tamnoon is able to scale human operations in a very sophisticated way.”

From seed to scale

Tamnoon officially launched in 2023, the company emerging from stealth with a $5.1M seed round. Growth followed quickly: The company expanded its customer base by more than 300% leading up to the seed round and continued to build momentum into its $12M Series A in September 2024.

Alongside this announcement, Tamnoon launched Tamnoon Prevent, a proactive tool designed to stop non-secure configurations before they are deployed. Later that year, the company became a launch partner for Wiz Defend, integrating its remediation capabilities to help security teams detect and respond to threats more effectively.

By 2025, the platform was operating at full tilt. Tamnoon processed 6.3 million alerts over the course of the year, resolved 2.7 million of them, and protected more than 200,000 critical customer assets.

“We want to make the remediation process fully autonomous”

As Tamnoon scaled, its AI capabilities accelerated. “From when we started, we knew that we wanted to leverage machine learning and AI,” says Segal. “The problems that we are solving are very, very complex, and in order to scale human operations, you really need to use machine learning and AI capabilities.”

The company has gradually shifted more responsibility from human operators to its AI systems, using AI to handle most of the analysis and decision-making, and humans to review higher-risk cases. “Our platform is smart enough to perform the majority of the processes and operations on its own,” Segal says.

As of 2026, Tamnoon has reached what it defines as level four autonomy, meaning that the “majority of the decisions around prioritization, investigation and safe remediation plan…are being done by machines,” Segal explains. This automation benchmark was created by the Society of Automotive Engineers in 2014 and is mostly used to evaluate self-driving vehicles. “Level five is where we are headed next.”

At level five autonomy, the platform will be able to execute certain remediation actions directly in production when confidence is high. “The moment we reach a certain safety score…we will let the machine drive on its own,” she says.

The future of cloud remediation

Even as Tamnoon pushes automation forward, the underlying problems it is tackling are persistent. “I’ve been talking about it for 10 years, and nothing is changing,” Segal says. Identity and access issues, misconfigurations, and exposed assets continue to be the most common sources of risk, driven “mostly by human mistakes and network problems.”

Addressing those risks at scale requires a clearer understanding of when it is actually safe to act, or as Segal refers to it, the “confidence factor.”

“If you want to fix something, the first thing that you have to do is make sure that it is not being used actively by something in your environment,” she explains. Where dependencies exist, the system guides teams on what needs to change first rather than blindly applying a fix.

This reflects Tamnoon’s efforts to move earlier in the lifecycle. “My vision is that we have to move into preemptive space more and more,” says Segal. By addressing misconfigurations before they reach production, the goal is to reduce the volume of alerts altogether, resulting in fewer incidents.

“With the landscape of threat actors that we have today and how fast they are able to move, we have to be in the preemptive space sooner than later,” warns Segal. “They don’t care if they break anything in production, and we do.”

* Editor’s Note: Insight Partners has invested in Tamnoon.