Truffle Security, the firm behind the popular open-source project TruffleHog, has raised $25m in a Series B funding round to accelerate its work in protecting NHIs and their secrets across enterprise environments.
The round was led by Intel Capital and Andreessen Horowitz (a16z), with participation from Abstract, Lytical Ventures, and industry figures including Casey Ellis, founder of BugCrowd, Emilio Escobar, CISO at Datadog, and Haroon Meer, founder and CEO of Thinkst.
Truffle Security, known for its flagship product TruffleHog, provides enterprises with advanced tools to detect, verify, and remediate exposed secrets and credentials within their software ecosystems. Its technology helps organisations safeguard against data breaches by scanning for compromised credentials across codebases and cloud environments.
The new funding will drive the continued expansion of TruffleHog Enterprise, enhance innovation in secrets management and NHI protection, and support the launch of new features such as TruffleHog GCP Analyze. The latter offers deep visibility into leaked Google Cloud service accounts, helping teams assess exposure and prioritise remediation more effectively.
Intel Capital senior managing director Nick Washburn said, “In the era of coding co-pilots and third-party APIs, compromised credentials remain one of the leading causes of data breaches, making credential protection a critical safety measure for enterprise developers and security teams. With the introduction of TruffleHog GCP Analyze and this latest round of funding, Truffle Security accelerates its mission to make secrets management frictionless, secure, and comprehensive, positioning the company to confidently address broader IAM and NHI market opportunities.”
Andreessen Horowitz general partner Martin Casado said, “As AI transforms how software is built, the security surface is expanding just as quickly. Truffle Security is tackling one of the most urgent challenges in this new era, which is protecting codebases from secret exposure at scale. We’re thrilled to back the team as they continue to define what modern software security looks like in the age of AI.”
The company has been addressing credential exposure since its inception, long before “non-human identity” became a common term. Its platform is widely adopted by organisations looking to detect and remediate leaked credentials before they become entry points for cyberattacks.
Demand for TruffleHog Enterprise has surged over the past year, with the company more than doubling revenue and growing its client base among mid-market and Fortune 1000 firms in technology, retail, and financial services. With this investment, Truffle Security plans to expand its go-to-market operations, customer success initiatives, and extend its NHI protection tools across AWS and Azure.
BugCrowd founder Casey Ellis said, “Dylan and the Truffle Security gang have long led the way in secret detection. This financing marks their expansion beyond finding leaked secrets to making secrets manageable across the full development lifecycle. They’re making secrets easy and leaked secrets obvious.” Earlier this week, Bugcrowd acquired Mayhem Security, a company specialising in AI-powered offensive security testing founded by leading cybersecurity experts.
The latest funding underscores Truffle Security’s growing influence in the cloud security sector. Its open-source TruffleHog tool now boasts over 23,000 GitHub stars, 15m downloads, and more than 250,000 daily runs worldwide.
Truffle Security CEO and founder Dylan Ayrey said, “We are so excited and humbled to grow our community and technology into solving more and more pain points non-human secrets can cause – expanding beyond analysing secret leaks into secret inventory and productivity tooling.”
Find more on RegTech Analyst.
Copyright © 2025 FinTech Global
