Some startups get built in garages. Bastazo got built in a lab, four professors, a DOE-funded cybersecurity center, and a mission wrapped in a Greek verb: bastazó, “to carry the burden.” And let’s be honest, when your customers run the electric grid, the water supply, or a manufacturing line that can’t afford a single second of downtime, the burden isn’t just technical, it’s existential. You’re not pushing patches. You’re protecting civilization.
Bastazo just locked in $5.3 million in seed funding to do exactly that. Led by Cortado Ventures, with a cap table that reads like a who’s-who of frontier-tech believers, this round brings their total funding to a solid $8.5 million. That includes $1 million from the HF0 Residency, where they were picked as one of 10 from 10,000 startups, and a $2.2 million R&D grant via the BIRD Foundation for a joint play with Salvador Technologies.
This team didn’t stumble into cybersecurity, they architected it. Mauricio Iglesias is running point as CEO, mixing Capital One discipline with homegrown grit. Kylie McClanahan, who just capped her PhD in Computer Science, brings nearly a decade of OT street smarts and GIAC Critical Infrastructure Protection creds as CTO. Philip Huff, Bastazo’s Chief Scientist and co-founder, built his NERC CIP expertise from inside the electric utility trenches. Add in Thao Le-Vasicek as COO and Danielle Chaney as Chief of Staff, and this isn’t a team, it’s a strike force.
And then there’s the founding quartet that lit the fuse: Philip Huff, Alan Mantooth, Jia Di, and Qinghua Li. This is a startup forged in the pressure cooker of academia, DOE research, and real-world critical infrastructure needs. When you’ve got that much signal, there’s no noise.
What makes Bastazo different? They don’t just find vulnerabilities, they triage them with AI, map them to real-world consequences, and serve up remediation plans that even non-cyber folks can follow. Their platform syncs with real-time threat intel, tags in the NVD and CISA KEV catalog, and auto-generates compliance reporting for NERC CIP like it’s just another Tuesday. And this isn’t IT security trying to moonlight in OT. This is purpose-built for environments where one wrong move means people don’t get power or water.
Their customers aren’t chasing hype. They’re managing physical assets, regulatory audits, and the kind of risks you don’t get a second shot at. Bastazo gets it, and now they’ve got the capital to go faster, hire smarter, and build deeper.
If you’re in energy, water, or industrial control systems and your security strategy still starts with “let’s hope nothing breaks,” Bastazo is the call before the crisis. The future of OT cybersecurity just dropped a pin in Bentonville.
And this burden? Bastazo carries it, so the rest of us don’t have to.
