Native Exits Stealth With $42M to Operationalize Security-by-Design
Native, a cloud security startup founded by former AWS security leaders, has emerged from stealth with $42 million in total funding and a bold pitch: that modern organizations need a security control plane that doesn't just detect threats after the fact, but automatically translates security policy into enforceable cloud infrastructure configuration across AWS, Azure, GCP, and Oracle Cloud.
The announcement, made on March 17, 2026, positions Native as the first company to build what it calls a cloud security control plane — a layer that sits above individual cloud provider consoles and continuously enforces an organization's security intent using each provider's native capabilities, without requiring custom scripts, manual remediation, or configuration drift.
The Problem Native Is Solving
Multi-cloud is the default architecture for enterprises. But as organizations spread workloads across AWS, Microsoft Azure, Google Cloud, and Oracle Cloud Infrastructure, security teams face a persistent and painful reality: security policies defined in one place don't automatically enforce everywhere else.
The result is configuration drift — a slow accumulation of gaps between what the security policy says and what the cloud environment actually does. Security teams typically discover these gaps reactively, through audit findings, cloud security posture management (CSPM) alerts, or worse, post-incident forensics.
Native's approach flips the model. Rather than scanning for misconfigurations after they occur, Native allows security teams to define their intent once — in a provider-agnostic policy language — and then automatically applies that intent using the native security controls of each cloud platform.
| Traditional Approach | Native's Approach |
|---|---|
| Define policies manually per-cloud | Define policy once, apply everywhere |
| Detect drift after the fact | Prevent drift continuously |
| Remediate misconfigurations manually | Auto-enforce using native cloud controls |
| Separate tools per cloud provider | Unified control plane across all clouds |
| Reactive security posture | Proactive security-by-design |
Company and Funding Details
| Attribute | Value |
|---|---|
| Company | Native |
| Founded | 2024 |
| HQ | Seattle, WA (engineering primarily in Tel Aviv, Israel) |
| Employees at Launch | 41 |
| Target Headcount (End 2026) | ~90 |
| Total Funding | $42 million |
| Seed Round | ~$11M — General Catalyst, YL Ventures, Merlin Ventures |
| Series A | $31M — led by Ballistic Ventures |
| Supported Clouds | AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud Infrastructure |
| Target Customers | Fortune 100 (finance, technology, media) |
The Team: AWS Security Veterans
Native's founding team brings unusually deep pedigree in cloud security — all three founders built and led AWS's flagship security products before starting Native.
| Name | Role | Background |
|---|---|---|
| Amit Megiddo | CEO | Led Amazon GuardDuty (AWS's threat detection service) |
| Gal Ordo | CPO | Led AWS Security Hub (AWS's centralized security findings platform) |
| Eyal Faingold | CTO | Former VP of Cloud Security at Check Point |
Having the leaders of GuardDuty and Security Hub building a cloud security startup gives Native a credibility advantage that few cloud security companies can claim — these are the people who built the products that the rest of the industry integrates with.
Phil Venables Joins the Board
Among the notable additions to Native's board: Phil Venables, former Chief Information Security Officer of Google Cloud and now a Venture Partner at Ballistic Ventures, which led the Series A.
Venables is one of the most recognized security executives in the industry, having served as Google Cloud CISO following a long tenure as a Goldman Sachs CISO. His involvement signals both Ballistic's conviction in Native's approach and Native's positioning at the intersection of enterprise cloud security and security engineering.
Other board members and advisors include:
- Zohar Alon — Founder of Dome9 (acquired by Check Point)
- Doug Merritt — CEO of Aviatrix, former CEO of Splunk
- Udi Mokady — Founder and Executive Chairman of CyberArk
Why "Security-by-Design" Is Having a Moment
The timing of Native's launch aligns with growing pressure from regulators, frameworks, and security incidents pushing organizations toward secure-by-design principles — building security in from the start rather than bolting it on later.
CISA's Secure-by-Design initiative, NIST's updated cybersecurity frameworks, and a wave of cloud misconfigurations that have contributed to major breaches have created executive-level demand for exactly the kind of proactive enforcement layer Native is building.
For Fortune 100 customers in regulated sectors — finance, healthcare, media — the ability to prove continuous, automated enforcement of security policy across multi-cloud environments is increasingly a compliance requirement, not just a best practice.
Market Context
The cloud security market is crowded with CSPM tools (Wiz, Orca Security, Lacework) that excel at detecting misconfigurations and prioritizing findings. Native's pitch is differentiated in that it focuses on enforcement rather than detection — moving left of the alert into automated policy application.
This positions Native in a category that has been underserved: the gap between policy intent and what cloud environments actually enforce. CSPM tools tell you something is misconfigured. Native aims to make misconfigurations structurally harder to introduce in the first place.
Key Takeaways
- Native exits stealth with $42M in funding (Ballistic Ventures, General Catalyst, YL Ventures) and Fortune 100 customers in finance, technology, and media
- The founding team built Amazon GuardDuty and AWS Security Hub — cloud security credibility that's difficult to match
- The core problem they're solving is the gap between security policy intent and actual cloud enforcement across multi-cloud environments
- Phil Venables (ex-Google Cloud CISO) joining the board underscores enterprise and regulatory credibility
- The approach is proactive enforcement rather than reactive detection — positioning Native in a differentiated space from CSPM-centric competitors
- For security teams evaluating multi-cloud security posture, Native represents a new category of tool worth tracking: the cloud security control plane
Sources
- Cloud Security Startup Native Exits Stealth With $42 Million in Funding — SecurityWeek
- Cybersecurity startup Native, led by AWS vets, comes out of stealth with $42M — GeekWire
- Exclusive: Cloud security startup Native raises $42M — Axios
- Native Launches with $42M to Operationalize Security-by-Design — AccessNewswire / Yahoo Finance