Former Microsoft PM Aims To Unseat CyberArk In 18 Months

Gregory Zuckerman
By Gregory Zuckerman
Technology
7 Min Read

An Israeli-American startup named Venice is coming out of stealth with a bold target and fresh funding: replace CyberArk in enterprise privileged access management within 18 months. Led by former Microsoft product manager Rotem Lurie, the 35-person company says it is already displacing entrenched vendors at Fortune 500 organizations by unifying identity, permissions, and secrets for both humans and the rapidly multiplying universe of non-human identities.

A High-Stakes Bid in Privileged Access Management

CyberArk has dominated privileged access management (PAM) for over a decade, earning a steady spot as a Leader in industry assessments and cementing deep ties in regulated sectors. Unseating it is not a casual claim. Venice argues the ground has shifted: cloud-native stacks, hybrid IT, and AI agents now overwhelm legacy models built for static admins and long-lived credentials. The company’s bet is that a platform built from day one for dynamic, multicloud, and on-prem environments will win on time-to-value and risk reduction rather than on price.

Table of Contents
The CyberArk logo, featuring a blue and gray stylized cube forming a C shape, centered on a professional light gray background with a subtle hexagonal pattern.

Venice raised $20 million in a recent Series A led by IVP with participation from Index Ventures, backing an approach that consolidates the sprawl of PAM, secrets management, and just-in-time access into a single control plane. According to the team, most identity and access groups juggle around 10 separate tools to govern who or what can reach sensitive systems. By centralizing that work across legacy servers, SaaS applications, and public cloud infrastructure, Venice says it removes months of services-heavy integration and the operational drift that often follows.

The Founder Betting on Security Platform Consolidation

CEO Rotem Lurie’s resume reads like a blueprint for building enterprise security products: Unit 8200 alumna, early product leader on Microsoft’s Defender for Identity, and first product hire at Axis Security, later acquired by Hewlett Packard Enterprise for a reported $500 million. A brief stint inside a cybersecurity-focused venture firm sharpened her conviction that enduring winners solve full-stack problems, not narrow slices to be flipped. That view underpins Venice’s decision to support tough on-prem use cases alongside modern cloud and Kubernetes—functionality many startups postpone but that large enterprises still demand.

The team’s bench is equally notable. Co-founder and CTO Or Vaknin leads R&D in Israel, while the company’s go-to-market team operates in North America. Nearly half of the staff are women—an uncommon balance in security—something Lurie says happened by design of culture and networks rather than quotas.

AI Agents and the New Identity Tsunami in Enterprises

Identity is no longer only about people. Bots, microservices, CI/CD pipelines, and LLM-powered agents all need credentials to touch code, data, and infrastructure. Analyst firms and government agencies have warned for years that credential misuse remains a top breach vector; recent incidents at major cloud and software providers have traced back to compromised tokens, standing privileges, or permissions that were broader than necessary. Security leaders are responding with “zero standing privilege,” ephemeral credentials, and just-in-time access as default controls.

Investors backing Venice point to timing. If each employee suddenly coordinates tens of software agents, a PAM stack tuned for a handful of admins per system becomes a bottleneck. The priority shifts from vaulting a few passwords to brokering millions of momentary entitlements with strong policy, approvals, and audit. That is the scale problem Venice wants to own.

A blue and gray abstract cube logo centered on a light blue background with subtle hexagonal patterns.

How Venice Says It Wins in Privileged Access Control

Venice positions itself as a single, policy-driven platform that brokers access across Active Directory, Linux and Windows servers, major clouds, and SaaS—covering human logins and machine identities alike. The product emphasizes just-in-time provisioning, short-lived credentials, fine-grained approvals, and automated revocation. While it sells as SaaS, the team stresses that savings come less from low list prices and more from eliminating customization work that has become a hidden tax on PAM deployments.

Early enterprise wins, the company says, involve rip-and-replace efforts against incumbents like CyberArk and Okta in environments where legacy data centers meet AWS, Azure, and Google Cloud footprints. The pitch: fewer consoles, fewer agents, faster audits, and a measurable drop in standing privileges that narrows the blast radius of credential theft.

A Crowded Market With Room to Run in Enterprise IAM

The identity market is expanding even as it crowds. Identity Management Institute has projected IAM spending surpassing $24 billion in the near term with double-digit growth, and the vendor map includes longtime PAM specialists like CyberArk, BeyondTrust, and Delinea, as well as identity platforms such as Okta and Microsoft Entra. Newer entrants—Veza in authorization, Persona in verification, and GitGuardian in secrets detection—underscore how broad the problem has become.

For Venice to hit its 18-month target, it will need to thread three needles: shorten time-to-value in hybrid estates, prove it scales with AI-driven agent sprawl, and demonstrate that consolidation genuinely reduces audit and incident response burdens. Enterprise cycles commonly run six to 18 months, making reference customers and clean, regulator-ready evidence—think NIST-aligned controls, strong segregation of duties, and airtight session recording—critical proof points.

What to Watch Next as Venice Scales in Enterprise PAM

If the company’s claims bear out, expect to see rapid growth in annual recurring revenue, a widening roster of Fortune 500 logos, and deeper integrations with cloud-native stacks and developer workflows. Also watch for independent validations—third-party penetration tests, SOC 2 and ISO certifications, and inclusion in major industry evaluations—that often signal readiness for large-scale rollouts.

Unseating a category leader is never easy, and identity buyers are rightfully skeptical. But the center of gravity is shifting from vaults and tickets to automated, least-privilege brokering at massive scale. If Venice can consistently translate that shift into faster deployments and fewer standing permissions, its 18-month shot at CyberArk’s turf moves from audacious to plausible.

Gregory Zuckerman
ByGregory Zuckerman
Gregory Zuckerman is a veteran investigative journalist and financial writer with decades of experience covering global markets, investment strategies, and the business personalities shaping them. His writing blends deep reporting with narrative storytelling to uncover the hidden forces behind financial trends and innovations. Over the years, Gregory’s work has earned industry recognition for bringing clarity to complex financial topics, and he continues to focus on long-form journalism that explores hedge funds, private equity, and high-stakes investing.
Latest News