The 10 most innovative security companies of 2025

Why Abnormal Security, Nozomi Networks, Huntress, and Shift5 are among Fast Company’s Most Innovative Companies in data science for 2025.

Cybersecurity has always been a cat and mouse game, but lately the mice have been mutating in new and stunning ways. AI means they can hit our inboxes and phones with more convincing phishing messages built on more precise personal details gleaned from ever mounting piles of stolen data. It also means they can do all this faster and with greater reach than ever, penetrating not only the defenses of governments and Fortune 500 companies but also hospitals, high schools, industrial control systems—if they have any defenses at all. And the mice aren’t just sneaking in; in some cases they’re already inside. (See the case of Volt Typhoon, which continues to plague telecom systems, and which one U.S. senator calls the worst telecom hack in the country’s history.) In terms of cash alone, the impacts are staggering: By one estimate, between ransomware gangs and nation-state hackers, cybercriminals netted over $9 trillion last year. If cybercrime were an economy, it would be the world’s third largest after the U.S. and China.

Our favorite companies in security this year are adapting accordingly, and fast, with their own data, AI, and most importantly sheer human ingenuity. Abnormal Security, Silverfort and Dazz are protecting the many inboxes and identities that bad guys often use to get inside, using machine learning to find hidden anomalies and misconfigurations and to generate rapid responses; Shift5 and Nozomi Networks are focused on protecting critical machinery, industrial control systems, and vehicles. With a mix of proprietary data, OSINT, and deep expertise in government intelligence, Strider is helping alert the US’s biggest companies to nation-state threats, while Huntress is protecting the world’s small businesses that form the backbone of the economy but historically couldn’t afford fancy defenses. As usual, beating the bad guys means the cat needs to think like the mouse: unusually. “For all the shit I give [cybercriminals and nation-state hackers], they’re the real innovators,” says Kyle Hanslovan, Huntress’s founder and CEO—”“the type of person who wakes up and says, ‘I’m going to do something crazy that you’ve never thought of before.’”

1. Huntress

For helping smaller businesses stay as secure and compliant as the Fortune 500

Drawing on their time as NSA hackers helping to penetrate and protect critical networks, the founders of Huntress started their company in 2015 with a wider remit: to protect as many organizations as possible. Whereas many legacy security platforms cater to larger, more complex customers, Huntress has adopted a lean, nimble approach to defend hundreds of thousands of underserved small and mid-size businesses (SMBs) that are being attacked more frequently and with increasing intensity. The company’s automation platform and 24/7 monitoring allows a single IT professional or an outsourced managed service provider to oversee as many as 150,000 endpoints, sending only the most critical issues to the human.

Huntress’s newest offerings include Identity Theft Detection and a Response Security Information and Event Management (SIEM) service. Unlike more expensive offerings that store massive amounts of unused, unnecessary data, the company’s SIEM captures only the data needed to understand threats and meet compliance regulations, equipping customers with a crucial cybersecurity layer that has traditionally been too complicated and costly for small businesses. “It might not be as good as a Formula One car,” says founder and CEO Kyle Hanslovan, “but for the bang for the buck, nobody can compete with that.” 

In September, the company said it had reached $100 million in annual recurring revenue and had more than 150,000 customers. The $150 million it raised from Meritech Capital, Kleiner Perkins, and Sapphire Ventures raised its valuation past $1 billion, making it only the second cybersecurity unicorn since June 2022, and further setting the stage for an IPO. 

Read more about Huntress, honored as No. 31 on Fast Company’s list of the World’s 50 Most Innovative Companies of 2025.

2. Shift5

For keeping critical vehicles safe from failures and attacks

In five short five years, Shift5 has attracted a Who’s Who of defense and transportation customers with its tiny predictive maintenance module, which gathers onboard data from planes, trains, and other vehicles to monitor anomalies and wear and tear in real-time. In addition to cyberattacks, it’s now defending those vehicles from a mounting threat: the GPS spoofing that’s been wreaking havoc on navigation in the skies over Ukraine and the Middle East. The company’s new on-board Integrity Module automates detection of GPS abnormalities in real-time, in part by using a hack-resilient, physics-based detection system to determine if changes in position are physically possible. It also debuted a new pair of on-board devices that capture and instantly process data at the edge, allowing them to start gathering data after a vehicle starts up nearly a thousand times faster than other solutions.

After earning a spot on last year’s list of Most Innovative Companies (in data science), the company more than doubled its annual recurring revenue, doubled its number of customers across defense and commercial aerospace and rail sectors, and grew the rate of its platform deployments on commercial and defense vehicles and weapon systems by over a thousand percent. Its modules are now being deployed throughout the military, including Space Force and Special Operations Command, which recently began using Shift5’s devices to protect its flagship MQ9 Reaper drone from a growing array of digital threats.

3. Nozomi Networks

For securing vital industrial control systems at the deepest level

Industrial cybersecurity has become a hot-button topic since the Colonial Pipeline attack, and warnings from the U.S. government and its allies about threats to critical infrastructure have escalated to record highs. Ransomware and hacker groups, which have historically pursued softer targets in IT networks, are intensifying their strikes against industrial control systems, programmable logic controllers (PLCs), and other platforms that govern the daily operations of heavy machinery. In 2024, San Francisco-based Nozomi introduced Arc Embedded, the first security sensor for industrial control systems, designed to be embedded in Mitsubishi Electric’s PLCs. These devices, widely used in factories serving many industries, automate machinery by executing a pre-programmed set of instructions.

Nozomi’s sensor provides unprecedented visibility at the process level of automated machines, deters threats without impacting operations, and continuously monitors the health of the controller. A new integration with the cybersecurity platform of longtime partner Mandiant helps streamline the way security teams anticipate, diagnose, and respond to cyber threats. Nozomi also announced a $1.25 million contract with AFWERX, the Air Force’s innovation arm. It includes Guardian Air, a new sensor that scans for potential threats such as rogue wireless devices that could attack critical infrastructure. In March, the company raised $100 million in a Series E funding round that included Mitsubishi Electric and Schneider Electric, bringing its total raised to $250 million.

4. Axiado

For keeping AI data centers secure—and efficient—at the chip-level

“Zero trust” is all the rage in security, but Axiado goes even further with its AI-driven chip, the Trusted Control/Compute Unit, or TCU—a mix of processors, interfaces, and dedicated software designed to monitor and protect the processors in data centers, 5G stations and network switches. This integrated approach moves the industry away from fragmented, software-based solutions and toward a unified, hardware-based architecture, preventing attacks at the lowest levels of the infrastructure.

Lately, the eight-year-old startup is using the same approach to optimize the cooling of super-hot AI data chips, with its Dynamic Thermal Management device. The chip’s two AI cores monitor and predict a central processor’s cooling needs and orchestrate cooling systems accordingly, lowering energy costs by 50%. For a typical data center with 100,000 servers, the company says that’s enough to achieve more than $7 million in annual savings in operating costs. Partnerships with Nvidia, Intel, AMD and Jabil to implement its technology helped the 100-person company raise $60 million in a Series C round in December that included Maverick Silicon and Samsung Catalyst Fund, bringing Axiado’s total funding to $144.8 million.

5. Abnormal Security

For fighting fraud by spotting anomalies in emails and other communication apps 

Email is an increasingly popular—and terrifyingly easy—vehicle for the dirty work of hackers and fraudsters. By analyzing deviations from users’ typical communication and behavioral patterns and practices, Abnormal Security‘s AI-based Account Takeover Protection identifies issues before they escalate into threats. Founded by a pair of ex-Twitter advertising experts, the company has lately expanded its behavioral data expertise beyond email, helping organizations to easily and quickly monitor access to popular cloud-based apps such as Slack, Zoom, and AWS.

Abnormal also released AI Security Mailbox, a digital assistant that can answer questions about—and if necessary, help remediate—suspicious emails. In just four years, the company has grown its customer  base to more than 2,400 clients, including 17% of Fortune 500 companies, and recently reached 100% year over year growth in annual recurring revenue, crossing $200 million and making it the second fastest-growing cybersecurity company ever behind only Wiz. In 2024, it also racked up $250 million in Series D financing at a $5.1 billion valuation, its second funding round in two years ahead of a possible IPO in 2025. The cash will help the company expand into non-English-speaking markets, develop products for federal customers, and develop its posture management tools, which help customers discover and remove configuration risks across multiple cloud platforms.

6. Strider Technologies

For using open-source data and AI to screen employees, R&D, and partners.

Cybersecurity companies protect data against nation-state threats, but Utah-based Strider takes a more in-depth approach that addresses the most dangerous backdoor of all: an organization’s people. To meet rising concerns over phishing attacks, insider threats, IP theft and espionage, Strider offers a giant trove of open-source intelligence built using patented data collection and curation methods, and supercharged by large language models. Backed by its founders’ years of experience analyzing adversaries and advertising, the platform also offers real-time monitoring of organizational data, employee behavior, and connections to suspicious entities in China, Russia, and Iran. 

Seventeen academic institutions already use its new Academia Platform to gain insights into the people, partners, and organizations involved in their research ecosystems. Still, Strider says the greatest demand comes from large U.S. companies scrambling to protect their most valuable intellectual and physical assets, from chips to AI to quantum computers. The startup now counts eight of the Fortune 10 companies as customers, as well as the U.S. Dept. of Defense, which selected the firm as the sole provider of foreign influence risk data for its $3 billion small business innovation program. The company’s recently opened Japan office has seen brisk business, and in September Strider announced it raised $55 million in a series C round, bringing its total funding to over $112 million.

7. Anjuna

For keeping data private throughout the AI pipeline

Confidential computing, which promises to draw valuable insights from data even while keeping it secret, isn’t a new idea. However, a panoply of different protocols can make it difficult and costly to use the approach across multiple systems. Palo-Alto-based Anjuna’s platform, built around “virtual data exchange boxes,” provides compatibility for a range of competing protocols, allowing easier, faster computation. In 2024, Anjuna debuted a new AI-focused virtual clean room capable of running any AI or machine learning model, allowing for analytics projects to be deployed up to 30% faster.

New integrations with Nvidia and Intel are aimed at helping businesses protect “data-in-use” during critical GPU operations like AI training, inference, and even the storage of the AI models themselves. Recently, the U.S. Navy tested Anjuna’s system by running large language models on Nvidia H100 GPUs as part of an effort to protect AI operations and sensitive data onboard ships. In 2024, revenue more than doubled year-over-year, and the company closed a $25 million Series B financing round led by M Ventures, SineWave Ventures, and AI Capital Partners.

8. Dazz (acquired by Wiz)

For using AI to help find and fix critical issues within cloud infrastructures

Founded in 2021 and acquired by Wiz at the end of 2024, Dazz developed a technology that automates the critical tasks of posture management and remediation, which help security teams better understand and automatically protect their networks. Last year, it upgraded its Unified Remediation Platform with additional generative AI functionality to cut response times from weeks to hours, adding features that suggest code fixes, offer remediation guidance, and include new systems to monitor and prioritize those efforts. Stellar online reviews helped the firm achieve a 400% increase in annual recurring revenue during the last fiscal year, triple its salesforce, and expand its footprint globally.

Under founder and CEO Merav Bahat, the company also took aim at gender parity, with hands-on and philanthropic efforts to support women in an industry where they constitute only 2.1% of CEOs. Based in Palo Alto with roots in Tel Aviv, Dazz enjoyed close relationships with an elite ecosystem of Israeli cybersecurity firms, especially mega-unicorn Wiz. In November, months after Wiz walked away from an eye-popping $23 billion offer from Google, the company announced it was acquiring Dazz. The cash-and-share deal, estimated at $450 million, was a $50 million premium over Dazz’s last valuation, and brought Dazz’s features into Wiz’s end-to-end security platform.

9. Silverfort

For protecting every login and account in an enterprise

Identity attacks via stolen credentials are on the rise: machines, clouds, and all kinds of apps are vulnerable. Silverfort focuses on identity security, integrating authentication into a single, easy-to-install platform that can instantly block compromised accounts, trigger multi-factor authentication, and accelerate remediation time. In 2024, the Tel Aviv-based company expanded its protection to Non-Human Identity (NHI) accounts—the credentialed machines, apps or services performing an automated task or action—and to privileged accounts, which have broad access permissions.

It also launched its Identity-First Incident Response Solution, including a kill-switch-like “authentication firewall” that instantly shuts down compromised accounts; the system integrates with existing security infrastructure and cuts remediation times from weeks to days. Demonstrating the need for continuous vigilance over digital identities, it revealed at the 2024 RSA Conference that a shrewd attacker could hijack the token that proves a user’s authentication status, exposing vulnerabilities in the widely-used FIDO2 authentication standard and Single Sign-On (SSO) protocols used by major systems like Microsoft Entra ID and PingFederate.

With 100% annual growth and continuing expansions into Australia and Asia, Silverfort raised $116 million from Citi Ventures, GM Ventures and others in January, bringing its total funding to $222 million. In November, it used an undisclosed amount of its cash to acquire the Israeli startup Rezonate and expand its identity protection services deeper into cloud environments.

10. Epirus

For using microwaves to keep soldiers safe from drones

Stopping swarms of weaponized drones is a high priority in the Pentagon’s vision for future war. Epirus has spent the past few years developing that future with Leonidas, a microwave weapon capable of disabling approaching drones invisibly and instantly for as little as five cents per takedown. While many counter-drone systems work by targeting individual drones, Leonidas’ high-powered microwaves act more like a shield or force field that can knock out a sky full of robots. In contrast to previous failed microwave weapons built around bulky vacuum tubes, Epirus’ solid-state gallium nitride semiconductor “pods” are more compact, generate more power, and offer more redundancy. 

In March, two year