Let’s talk Defakto, the Palo Alto squad formerly known as SPIRL, just dropped a 30.75M Series B led by Ross Fubini and XYZ Capital, with The General Partnership, Bloomberg Beta & WndrCo all jumping back in. This isn’t a “raise” in the press-release sense; it’s a signal flare that cybersecurity’s next battlefront isn’t human, it’s every non-human thing that moves code or data. Machines, services, pipelines, AI agents, Defakto gives them something the industry’s been faking for years: identity that actually proves itself.
Born in 2022, Defakto came out swinging from the overlap of experience & pain. CEO Danny Oliveri saw firsthand at Oracle Cloud & TopSpin Security how static creds multiply like gremlins. CTO Eli Nesterov fought credential chaos at ByteDance, watching a single secret ripple across a million nodes. COO Evan Gilman, creator of the SPIFFE standard & author of Zero Trust Networks, knew the open source ideals weren’t enough unless someone made them enterprise-ready. Together they built a platform that turns nonhuman identity from liability into leverage.
Here’s the Defakto play: replace static creds & over-privileged service accounts with short-lived, policy-driven certs that self-expire at runtime. No vaults, no human babysitting, no stored secrets waiting to leak. It syncs with AWS IAM, Azure AD, GCP IAM, Kubernetes, Istio, GitHub Actions, Jenkins, Terraform, the full modern stack. Fully SPIFFE/SPIRE-compliant, FIPS-approved, & multicloud native. The payoff? Real-time trust at machine speed.
That 30.75M isn’t going toward fancy décor. It’s fueling R&D for AI-agent identity governance, ramping GTM & customer success, and building an adaptive-risk policy engine that could finally make auditors chill. With 32 employees & Fortune 100 clients already on deck, Defakto’s scaling with surgical precision. VP of Product Heather How is tuning usability & integrations like a DJ mixing signals into signal.
Recognition’s already rolling in, Defakto’s SPIFFE-compliant architecture powers multiple F500 environments, cutting credential-management overhead by >80%. The 2025 Cybersecurity Excellence Award for Machine Identity Security wasn’t luck; it was validation. When a company called Defakto says they secure what’s real, that’s not branding, that’s prophecy.
