Most companies treat 3rd-party risk like a paperwork problem. Lema AI looked at the same mess and said this is not a paperwork problem, this is a crime scene. In February 2026, Lema Labs, Inc. stepped out of stealth with $24M in total funding, a Seed round of roughly $6.5M led by F2 Venture Capital and a Series A of about $17.5M led by Team8, with Salesforce Ventures in the mix. That is not just capital. That is conviction. Conviction that the old way of managing vendor risk with static questionnaires and spreadsheet theater is finally getting audited by reality.
Credit where it is due. Congratulations to Eddie Dovzhik, Co-Founder & CEO, Tomer Roizman, Co-Founder & CTO, and Omer Yehudai, Co-Founder & CPO. 3 founders who saw that enterprises now depend on thousands of vendors, yet still rely on compliance rituals that feel like they were designed when fax machines were considered cutting edge. They did not build another dashboard. They built an agentic AI security platform that behaves more like a digital investigator than a polite auditor.
Lema AI focuses on enterprise supply chain and 3rd-party risk management, but they approach it like a forensic lab. The platform continuously analyzes how vendors actually behave inside an environment, tracking access to critical assets, data movement, and permission changes over time. It maps attack paths and calculates blast radius, which is a polite way of asking, if this vendor gets popped, how bad is the damage really. New vendors can be assessed in under 5 minutes. Weeks of back and forth reduced to minutes of signal.
That matters when nearly 33% of recent cyber breaches originate with 3rd parties and about 60% of companies rely on more than 1,000 vendors. Financial services. Healthcare. Fortune 500 operators with sprawling ecosystems and no patience for surprises. Lema AI already counts major customers across these sectors, which tells you this is not theory. It is traction.
The real takeaway is this. Lema AI reframed 3rd-party risk as a living system, not a compliance checkbox. They turned TPRM teams into what they call Risk Engineers, people who interrogate evidence instead of collecting signatures. That shift, from static assurance to continuous analysis, is why Team8 leaned in, why F2 Venture Capital seeded it, and why Salesforce Ventures showed up.
Supply chains used to be about efficiency. Now they are about exposure. Lema AI is betting that the companies who understand that difference will not just pass audits, they will survive the next wave of attacks. And in a world where vendor sprawl keeps expanding, survival is a competitive advantage hiding in plain sight.
