Truffle Security Raises $25 Million Series B to Expand NHI Security

Funding fuels customer growth and product expansion, including TruffleHog GCP Analyze for context-aware detection of leaked GCP secrets in Google Cloud

San Francisco, CA, November 6, 2025 — Truffle Security, the company behind TruffleHog, the leading open-source project for detecting and remediating non-human identities (NHIs) and their secrets, today announced a $25 million Series B funding round led by Intel Capital and a16z. The round also includes participation from Abstract, Lytical Ventures, and prominent security leaders Casey Ellis (Founder, BugCrowd), Emilio Escobar (CISO, Datadog), and Haroon Meer (Founder & CEO, Thinkst).

“As AI transforms how software is built, the security surface is expanding just as quickly,“ said Martin Casado, General Partner at Andreessen Horowitz. “Truffle Security is tackling one of the most urgent challenges in this new era, which is protecting codebases from secret exposure at scale. We’re thrilled to back the team as they continue to define what modern software security looks like in the age of AI.” 

The new investment will fuel continued growth of TruffleHog Enterprise, the company’s enterprise-grade secrets detection, verification and remediation solution, and accelerate innovation in secrets and NHI protection. It also supports the launch of TruffleHog GCP Analyze, an add-on that gives organizations deep visibility into leaked Google Cloud NHIs (service accounts), helping teams assess risk faster and prioritize remediation.

“In the era of coding co-pilots and third-party APIs, compromised credentials remain one of the leading causes of data breaches, making credential protection a critical safety measure for enterprise developers and security teams,” said Nick Washburn, Senior Managing Director at Intel Capital. “With the introduction of TruffleHog GCP Analyze and this latest round of funding, Truffle Security accelerates its mission to make secrets management frictionless, secure, and comprehensive, positioning the company to confidently address broader IAM and NHI market opportunities.”

According to Verizon’s 2025 Data Breach Investigations Report, credential misuse remains a leading cause of security incidents. As API keys, tokens, and service accounts proliferate across multi-cloud environments, enterprises face escalating risks and operational complexity. While the term NHI is new,Truffle Security has been tackling this challenge since its inception, helping organizations detect, validate, and remediate exposed credentials before they become breaches.

“Secrets are one of the most likely ways that organizations get compromised. You don't need fancy exploits if the secrets are right there in the clear,” said Travis McPeak, Security Engineer at Anysphere, the company behind Cursor.

As awareness of credential-based risk grows, demand for TruffleHog Enterprise has surged. In the past year, the company has more than doubled revenue and expanded its customer base across mid-market and Fortune 1000 companies in technology, retail, and financial services. With the new funding, Truffle Security will scale go-to-market and customer success, accelerate product innovation, and extend its NHI analysis capabilities beyond Google Cloud to AWS and Azure. Its open-source momentum continues to drive this growth, with 23,000+ GitHub stars, 15 million downloads, and over 250,000 daily runs worldwide.

“Dylan and the Truffle Security gang have long led the way in secret detection,” said Casey Ellis, Founder of BugCrowd. “This financing marks their expansion beyond finding leaked secrets to making secrets manageable across the full development lifecycle. They’re making secrets easy and leaked secrets obvious.”

Product Innovation Powering Truffle Security’s Growth

The new GCP Analyze add-on for TruffleHog Enterprise is designed to significantly reduce time to remediation when GCP secrets leak. Instead of spending hours untangling IAM complexity, security teams get instant context - what resources it can access, its inheritance and the blast radius of its permissions. By surfacing actionable context, GCP Analyze empowers teams to:

• Quickly assess exposure impact
• Prioritize and remediate the riskiest secrets
• Reduce mean time to response and limit cloud breach risk

This level of visibility has traditionally required extensive manual investigation; now it’s delivered instantly, enabling organizations to better protect cloud environments and reduce credential-driven breach risk. TruffleHog GCP Analyze marks the first in a series of planned context-aware capabilities across major cloud platforms.

Built atop TruffleHog Enterprise’s verified secret detection (which eliminates false positives) and comprehensive 800+ detector coverage, TruffleHog GCP Analyze helps security teams remediate threats faster and more confidently across the software development lifecycle.

“We are so excited and humbled to grow our community and technology into solving more and more pain points non-human secrets can cause - expanding beyond analyzing secret leaks into secret inventory and productivity tooling,” said Dylan Ayrey, CEO and Founder of Truffle Security.

Additional Resources

• Learn about TruffleHog Enterprise. 
• Find out how TruffleHog GCP Analyze maps leaked GCP secrets, their permissions and reach to remediate with confidence
• Register for the webinar, “From Leak to Impact: Mapping Access and Risk in Google Cloud.”

About Truffle Security

At Truffle Security, we make it easier for teams to find and fix security issues before they become problems. Built on our popular open-source project, TruffleHog™, our software helps protect sensitive information such as API keys, private keys, and other machine credentials, no matter where they’re stored or exposed.

TruffleHog helps teams detect, verify and analyze over 800+ types of secrets, determine whether they’re active, understand their access scope, and take action through a clear, developer-friendly interface. Designed in collaboration with the open-source community, TruffleHog supports better coordination between developers and security teams to protect sensitive credentials and reduce risk.