Loading organizations...
§ Private Profile · New York City, NY, USA
Gomboc.AI is a technology company.
Gomboc.AI delivers an AI Code Security Assistant (ACSA) for automated Infrastructure-as-Code (IaC) remediation. It scans IaC configurations, generating deterministic, merge-ready fixes directly in Git and CI/CD workflows. Using its ORL Engine and deterministic AI, Gomboc converts security issues into precise code changes, offering trusted cloud security solutions without disrupting development.
Co-founded by CEO Ian Amit and CPO Matt Sweeney, the company leverages deep industry experience. Amit brings two decades in security leadership, including CISO roles. Sweeney, formerly leading Google Cloud Security's Mandiant Validation and holding AI patents, recognized the critical need for automated, reliable remediation in modern development.
Gomboc.AI targets DevOps, platform, and security teams, aiming to cut remediation times and misconfiguration risks. Its vision sets a new standard for cloud and infrastructure security through efficient, automatic issue resolution. This cultivates a more secure cloud environment, accelerating deployment for clients.
Gomboc.AI has raised $13.0M across 2 funding rounds.
Gomboc.AI has raised $13.0M in total across 2 funding rounds.
Gomboc.AI has raised $13.0M across 2 funding rounds. Most recently, it raised $8.0M Seed in February 2025.
| Date | Round | Lead Investors | Other Investors | Status |
|---|---|---|---|---|
| Feb 1, 2025 | $8M Seed | Ballistic Ventures | Citi Ventures, Cyberstarts VC, Energy Impact Partners, Glilot Capital Partners, Hetz Ventures, TLV Partners, Jacques Benkoski, Matt Carbonara, Rakesh K. Loonkar, Shlomo Kramer | Announced |
| Aug 1, 2023 | $5M Seed | Glilot Capital Partners, Hetz Ventures | Citi Ventures, Cyberstarts VC, Energy Impact Partners, TLV Partners, Jacques Benkoski, Matt Carbonara, Rakesh K. Loonkar, Shlomo Kramer | Announced |
Gomboc.AI has raised $13.0M in total across 2 funding rounds.
Gomboc.AI's investors include Ballistic Ventures, Citi Ventures, Cyberstarts VC, Energy Impact Partners, Glilot Capital Partners, Hetz Ventures, TLV Partners, Jacques Benkoski, Matt Carbonara, Rakesh K. Loonkar, Shlomo Kramer.
Gomboc.AI is a cybersecurity startup founded in 2022 that builds an AI-powered platform for automating cloud infrastructure security remediation. It serves DevOps and security teams at organizations using multi-cloud environments (AWS, Azure, GCP), solving the problem of manual vulnerability fixes and configuration drift by generating precise, policy-aligned Infrastructure as Code (IaC) fixes—such as for Terraform, CloudFormation, and Puppet—that integrate directly into CI/CD pipelines via pull requests.[1][2][3][6] This slashes remediation time from days to seconds, eliminates alert fatigue from tools like Wiz, Orca, and Prisma Cloud, and ensures compliance with standards like PCI, HIPAA, NIST, CIS, and SOC 2, with reported ROI including $100K savings per cloud workload and 11x risk reduction.[1][3][4]
The platform targets industries like financial services, government, media, healthcare, and more, with early traction shown in case studies: a leading financial data company reduced manual IaC reviews by 30% across 1,000+ repositories, saving 250+ hours quarterly.[5] Backed by a $13M seed round, Gomboc.AI has 15-19 employees across New York (HQ) and California, focusing on deterministic AI that avoids hallucinations for trustworthy, auditable fixes.[2][3][8]
Gomboc.AI was founded in 2022 in New York, New York, by cybersecurity experts Ian Amit and Jonathan Desrocher (with some sources noting Matt Sweeney as a co-founder).[2] The founders drew from deep industry experience—Amit is known for vulnerability research and bug bounties—to address a core pain point: cloud security teams drowning in alerts while DevOps struggles with manual IaC fixes, leading to delays, errors, and compliance risks.[1][2][7]
The idea emerged amid booming cloud adoption post-2020, where misconfigurations cause most breaches, but tools only flagged issues without fixing them. Early traction came from integrations with major CSPM vendors (Wiz, Orca, Prisma Cloud) and GitOps workflows, culminating in a $13M seed raise to scale their deterministic AI approach—engineered for precision in IaC generation rather than generic AI outputs.[1][3][8] Pivotal moments include AWS Marketplace listing and government-focused partnerships via Carahsoft, proving viability in regulated sectors.[4][6]
Gomboc.AI rides the AI-augmented GitOps and shift-left security wave in cloud-native ecosystems, where IaC (Terraform et al.) dominates but misconfigs fuel 80%+ of breaches amid exploding multi-cloud complexity.[1][3] Timing is ideal: post-2022 AI boom enables deterministic models for code-gen, while CSPM fatigue (from Wiz/Orca) demands automation—Gomboc bridges scanning-to-remediation, influencing DevSecOps by embedding security in developer workflows without friction.[1][7]
Market tailwinds include regulatory pressures (e.g., SEC cybersecurity rules, GDPR evolutions) and cloud spend growth (projected $1T+ by 2030), favoring tools that cut costs/risks for enterprises.[4][6] It shapes the ecosystem by setting a standard for auditable AI in compliance-heavy sectors like finance/government, potentially accelerating adoption of AI agents in infra security and reducing vendor lock-in via multi-cloud support.[2][4][5]
Gomboc.AI is poised to dominate IaC security automation, expanding from seed-stage integrations to full-suite offerings like agentic remediation across more IaC tools and clouds. Upcoming trends—agentic AI, zero-trust infra, and AI governance—will amplify its edge, especially as breaches from drift rise; expect Series A funding, enterprise wins in regulated verticals, and partnerships with Big 3 clouds.[3][8]
Its influence could evolve from niche fixer to ecosystem orchestrator, powering "security-by-default" in GitOps, much like how Snyk transformed SCA—ultimately making cloud security as automated and reliable as the infra it protects.[1][7]