Product overview

See how dev-centric DAST for the enterprise secures your business.

Web attacks

Continuous security testing for web applications at high-scale.

API attacks

Safeguard your APIs no matter how often you deploy.

Business logic attacks

Future-proof your security testing with green-flow exploitation testing.

LLM attacks

Next-gen security testing for LLM & Gen AI powered applications and add-ons.

Interfaces & extensions

Security testing throughout the SDLC - in your team’s native stack.


Connecting your security stack & resolution processes seamlessly.


Getting started with Bright and implementing it in your enterprise stack.

Book a demo

We’ll show you how Bright’s DAST can secure your security posture.


Check out or insights & deep dives into the world of security testing.

Webinars & events

Upcoming & on-demand events and webinars from security experts.


Getting started with Bright and implementing it in your enterprise stack.

Case studies

Dive into DAST success stories from Bright customers.


Download whitepapers & research on hot topics in the security field.

About us

Who we are, where we came from, and our Bright vision for the future.


Bright news hot off the press.

Webinars & events

Upcoming & on-demand events and webinars from security experts.

We're hiring

Want to join the Bright team? See our open possitions.

Bug bounty

Found a security issue or vulnerability we should hear about? Let us know!

Contact us

Need some help getting started? Looking to collaborate? Talk to us.

Resources > Blog >
The Future is Bright

The Future is Bright

Gadi Bashvitz

Today we are announcing an additional $20 million in funding to fuel our growth and continue to help organizations (and their software developers) secure their applications and APIs. We’re also changing our company name from NeuraLegion to Bright Security.

When Shoham Cohen, Bar Hofesh, Art Linkov, and I founded the company three years ago, there was no doubt that application security would remain a huge need for many years to come. But there were already many solutions companies could use to secure their applications. Despite that, we observed that many of the existing AppSec solutions – particularly Dynamic Applications Security Testing (or DAST) tools – no longer fit the way modern apps are developed and released. The consequences of that were grave: more than 80% of organizations knowingly release vulnerable apps into production.

The solution: make it easy for developers

It’s well-known that moving security testing earlier in the Software Development Lifecycle (SDLC) is better in every respect: In addition to reducing the risk of vulnerabilities making it into production, it makes remediation faster and cheaper. Thus, the term “shift left” became popular. But that’s easier said than done, especially with DAST.

Unlike traditional DAST tools, Bright was built for developers

Bright’s DAST tool was built to be “developer-first”. It was designed to empower developers to create more secure applications and APIs starting early in the development process and through all stages leading to and including production while enabling the AppSec team to provide the governance. Traditional DAST tools are made for application security (AppSec) experts, who typically test the app after the development cycle is complete and it’s in production.

What makes Bright a dev-first DAST platform?

  • Setup takes minutes and there’s no need for security expertise – we take care of all that
  • No false positives: Our special technology automatically verifies that any vulnerability it detects is actually exploitable so that devs don’t waste time chasing ghosts
  • Remediation instructions that make sense: If a scan detects an issue, get easy-to-follow remediation guidelines with the information developers will need to fix it
  • Control everything with code: Although Bright has a great GUI, developers love using our CLI that lets them control everything
  • Scans take minutes instead of hours or days: Bright’s unique approach allows you to scan only the relevant parts of an app so that you don’t have to slow down the build process – including for unit testing! 
  • Seamless integration with the developer toolchain: Bright works with existing CI/CD pipelines – trigger scans on every commit, pull request, or build with unit testing. It can also automatically add tickets to Jira, GitHub, Azure Boards, GitLab, and other systems.
  • Identify business logic vulnerabilities:  We are determined that AppSec tools can find more than just “classic” technical vulnerabilities, but also find business logic issues. Exploiting business logic vulnerabilities requires an understanding of the application’s flow and business purpose, and the process has traditionally relied on costly and time-consuming manual testing. Bright’s automated AI-powered solution thoroughly analyzes the application’s flow, understands the context, and tests the system through a multitude of interaction combinations, eliminating the need for manual processes.

Our Series A funding round

We’re grateful to have some of the best names in cybersecurity join our journey as investors and to thank them not only for believing in our vision but in the team’s ability to execute. The round, which brings Bright’s total funding to a bit over $25 million, was led by Evolution Equity Partners, who invested in some of the greatest cybersecurity startups out there. Our existing investors DNX Ventures, J Ventures, Fusion Fund, and Incubate Fund are also participating. I’m excited to have Karthik Subramanian of Evolution join our board of directors. 

This funding will allow us to grow the team and make major improvements to the platform (stay tuned for what we have in store…).

We want to thank the more than 4,000 developer teams and enterprise customers around the world who trusted us, shared our vision, and partnered with us on this exciting journey as users and customers.

Last but not least, my co-founders and I are very thankful for the amazing Bright team for their brilliance, dedication, and hard work. None of this would have happened without you, and we’re just getting started!

Now is also a great opportunity to join our growing company. We are looking for marketing, product, and sales roles, and of course, engineers. Head over to our Careers page.

Join us to help developers all over the world build and release secure apps and APIs!

Oh, and have you tried Bright yet? Get your free account.

Gadi Bashvitz, co-founder and CEO, Bright Security


DORA: Exploring The Path to Financial Institutions’ Resilience

DORA (Digital Operational Resilience Act) is the latest addition to the EU regulatory arsenal. A framework designed to bolster the cyber resilience of financial entities operating within the EU. But let’s face it: there’s no lack of regulations issued by the European Union legislature, and they’re not exactly known for keeping things light and easy.

IASTless IAST – The SAST to DAST Bridge

Streamline appsec with IASTless IAST. Simplify deployment, enhance accuracy, and boost your security posture by combining SAST and Bright’s DAST.

Bringing DAST security to AI-generated code

AI-generated code is basically the holy grail of developer tools of this decade. Think back to just over two years ago; every third article discussed how there weren’t enough engineers to answer demand; some companies even offered coding training for candidates wanting to make a career change. The demand for software and hardware innovation was

Get our newsletter