As organisations continue to migrate critical infrastructure to the cloud, cybersecurity teams are facing a rapidly evolving threat landscape where traditional detection methods often struggle to keep pace. Modern attacks are becoming faster, more automated and increasingly difficult to detect using conventional tools. In response, companies are adopting new approaches that assume breaches will occur and focus on identifying threats as early as possible. Against this backdrop, cloud security startup Tracebit has raised $20 million in Series A funding to expand its threat detection platform built around deception technology.
The round was led by FirstMark, with participation from Accel and additional investors including MMC Ventures, Tapestry VC and CCL. This follows the company’s earlier seed funding and brings its total capital raised to $25 million. The new investment will support product development, team expansion and broader market adoption.
Rethinking threat detection for cloud environments
Tracebit was founded in 2023 by Andy Smith and Sam Cox, both former employees of cybersecurity company Tessian. The company focuses on building cloud native security solutions designed to detect threats earlier in the attack lifecycle.
Traditional cybersecurity systems often rely on identifying known patterns or anomalies in large volumes of data. However, in complex cloud environments, attackers can move quickly and remain undetected for extended periods.
Tracebit takes a different approach by using deception technology. Instead of only monitoring real assets, the platform introduces decoy elements into an organisation’s infrastructure to attract and detect malicious activity.
Using canaries to detect intrusions early
At the core of the platform are so called canaries, which are decoy assets placed across an organisation’s cloud environment. These canaries are designed to appear as legitimate resources such as credentials, files or services, but are in fact monitored closely by the system.
When an attacker interacts with one of these decoys, it signals potential malicious activity. Because legitimate users should not normally access these assets, such interactions can provide early and highly reliable indicators of compromise.
The platform automatically generates and deploys these canaries at scale, tailoring them to the specific structure of each organisation’s infrastructure. This allows companies to monitor a wide range of environments without manually configuring detection systems.
Expanding across modern infrastructure
As cloud ecosystems become more complex, organisations are using multiple platforms and tools to manage their operations. Tracebit has expanded its capabilities to support this diversity by extending its technology beyond a single cloud provider.
The platform now supports deployment across environments including Azure, Kubernetes systems, continuous integration and deployment pipelines, developer workstations and identity management systems. It is also adding support for Google Cloud Platform.
This expansion reflects the need for security tools that can operate across hybrid and multi cloud environments where data and applications are distributed across different systems.
Introducing perimeter level deception
Alongside its funding announcement, Tracebit has introduced new products designed to enhance its detection capabilities. One of these innovations is the concept of perimeter canaries.
While traditional deception techniques focus on detecting attackers once they have penetrated deeper into a system, perimeter canaries are placed at the outer edges of cloud and software environments. These decoys act as an early warning layer, allowing organisations to detect threats before attackers move further into internal systems.
This approach is particularly relevant as attackers increasingly use automated tools and artificial intelligence to scan systems for vulnerabilities at scale. By detecting these activities earlier, organisations can respond more quickly and reduce potential damage.
Scaling detection across large datasets
Tracebit’s platform operates at significant scale, monitoring billions of events each week and generating millions of canaries across customer environments. The system is already used by a range of companies across different industries, reflecting growing demand for advanced threat detection tools in cloud based operations.
As organisations continue to adopt cloud infrastructure, the volume of data and potential attack surfaces increases, making scalable detection systems essential.
Supporting growth and product development
With the new funding, Tracebit plans to expand its engineering and go to market teams while continuing to develop its product suite. The company aims to enhance its ability to deploy deception technology across increasingly complex environments and support a wider range of use cases.
By focusing on early threat detection through deception and automation, Tracebit is positioning its platform as part of a broader shift in cybersecurity strategy. As businesses move toward an assume breach mindset, technologies that can identify threats quickly and accurately are becoming critical to protecting modern digital infrastructure.