From vendors offering code security tools to those protecting inboxes and websites against attacks, here’s a look at 20 key companies in web, email and application security.
As hackers continue to utilize GenAI to make phishing schemes more convincing — and attacks more successful — security vendors are making their own countermoves with new capabilities powered by AI. Email security vendor Inky, for instance, recently unveiled new capabilities that use GenAI to analyze every email intended for a customer’s inbox, rather than just a portion of emails. “This means that it doesn’t matter how cleverly the attacker tries to word something — if a human would understand it, then Inky is going to understand it also,” Inky Co-founder and CEO Dave Baggett told CRN.
[Related: 10 Major Ransomware Attacks And Data Breaches In 2024]
The product is just one among many that have recently sought to balance the scales — or even tip things in the defender’s favor — when it comes to AI and security.
Meanwhile, segments such as application security also continue to evolve as attacks intensify. Vendors such as Wiz and Snyk have recently deployed new capabilities that enable developer and security teams to trace back insecure portions of applications to the specific components that need to be remediated. The idea is to not only identify security risks but also tell customers, “‘Here is the line of code that you should go and fix,’” Wiz co-founder Yinon Costica told CRN.
As for web security, vendors such as Island have continued to expand their capabilities for protecting against browser-based threats, such as with expanded data loss prevention capabilities.
What follows are the 20 web, email and application security companies that made our Security 100 for 2025.
Evan Reiser
Co-Founder, CEO
Abnormal Security has unveiled what its called an “AI coworker” for protecting email inboxes with the debut of AI Security Mailbox. The tool provides a customized response to employees who report a potential attack about whether the reported email was determined to be malicious, along with details on how the system arrived at its determination.
Tom Leighton
Co-Founder, CEO
Akamai revealed its latest move to double down on API security with the $450 million acquisition of Noname Security. A major focus of the acquisition is on offering improved discovery of “shadow” APIs as well as detection of API vulnerabilities and attacks. Meanwhile, Akamai unveiled the extension of its Guardicore Segmentation offering to AWS.
Dror Davidoff
Co-Founder, CEO
Aqua Security enhanced its cloud-native application protection platform with protection for GenAI applications— with capabilities including real-time monitoring for LLM-based workloads— and a partnership with Orca Security. The partnership integrates Aqua’s runtime protection for cloud-native workloads with Orca’s visibility and security for cloud environments.
Hatem Naguib
President, CEO
Barracuda unveiled updates to its Email Gateway Defense offering such as machine learning classifiers that deliver improved detection efficacy, as well as the addition of new capabilities for real-time reporting. Meanwhile, Barracuda introduced an enhanced policy engine and custom classifiers for its Data Inspector tool.
Sandeep Johri
CEO
Recent enhancements to the Checkmarx software supply chain security offering included the secrets detection capabilities for rapid identification of exposed credentials. It also rolled out new repository health tools to enable continuous tracking of health scores for software repositories throughout the organization’s application footprint.
Matthew Prince
Co-Founder, CEO
Cloudflare bolstered its offerings with the acquisition of passwordless authentication startup BastionZero, which brought zero-trust controls for protecting access to infrastructure onto the Cloudflare One platform. It then added enhanced preventative security capabilities to its platform with the acquisition of startup Kivera.
François Locoh-Donou
CEO
F5 unveiled new capabilities for API security with the debut of F5 Distributed Cloud Services Web Application Scanning. Other updates have included the introduction of the BIG-IP Next Web Application Firewall featuring improved automation functionality and the launch of the F5 AI Gateway to simplify the adoption of secure AI services.
Dave Baggett
Co-Founder, CEO
Inky debuted its DMARC Monitoring offering with the aim of helping MSPs more easily integrate Domain-based Message Authentication Reporting and Conformance with email security controls. Benefits include better prevention against domain spoofing and the potential for unauthorized use of domains.
Eyal Benishti
Founder, CEO
Recent updates from Ironscales included the launch of the Autopilot capability, which provides complete automation around detecting and remediating email security threats. Other enhancements included the debut of Adaptive AI Spam Hygiene for improved, real-time adaptability around blocking of unwanted emails.
Michael Fey
Co-Founder, CEO
For its secure workplace browser, Island unveiled an expansion of its DLP functionality to include a new module, DLP 360. The module provides capabilities such as governance over clipboard data and text inputs in application fields. Meanwhile, Island also recently introduced Microsoft Purview support.
Amir Ben-Efraim
Co-Founder, CEO
Key updates from Menlo Security have included new capabilities for its Menlo Zero Trust Access offering, such as improved support for Apple devices and software, multi-cloud application connectors and a new dashboard for monitoring application access. It also debuted its cloud-delivered secure enterprise browser for protecting workforces.
Marc van Zadelhoff
CEO
Mimecast rolled out AI-driven updates to its Advanced Business Email Compromise Protection and Incydr data protection offerings. It also added capabilities for detection of payloadless attacks and enhanced visibility for its Advanced BEC Protection offering, as well as AI-powered, cloud-based content inspection for Incydr data protection.
Gil Geron
Co-Founder, CEO
Orca Security unveiled its Orca Sensor tool for simplfied deployment of runtime protection. It expands the functionality of Orca’s cloud detection and response offering, which also was updated with a new event-driven security dashboard and capabilities for classifying security events via cloud-agnostic terminology.
Sumit Dhawan
CEO
Proofpoint unveiled new capabilities for its email security offerings, including LLM-based detection that analyzes emails prior to delivery as well as after delivery and at the time of a click. The new capabilities take just milliseconds to analyze emails before they are delivered, and the models continue running post-delivery as well.
SafeBreach
Guy Bejerano
Co-Founder, CEO
SafeBreach offers its breach and attack simulation platform that can help to validate endpoint security and other tools. The offering provides security validation in a continuous, automated fashion through offensive testing that replicates the activities of an adversary that is seeking to thwart security controls.
Roey Eliyahu
Co-Founder, CEO
Salt Security updated its API Protection Platform, including with improved API discovery through leveraging eBPF (Extended Berkeley Packet Filter) technology. It also debuted new capabilities for improved enforcement of API posture standards as well as LLM-driven insight about attacker tactics.
Peter McKay
CEO
Building on the debut of Snyk ’s application security posture management offering, AppRisk, the company launched AppRisk Pro. The “developer-first” ASPM offering includes key capabilities such as being able to trace back insecure portions of apps to specific components in the code that need to be fixed.
Thales
Patrice Caine
Chairman, CEO
Recent launches from Thales following its acquisition of Imperva included the Data Risk Intelligence, an Imperva Data Security Fabric offering. It provides proactive remediation of data risks and is the first new product to combine Imperva threat identification with Thales CipherTrust data protection.
Veracode
Brian Roche
CEO
Veracode has made its GenAI-powered remediation suggestions tool, Veracode Fix, available directly within integrated development environments. It also acquired software supply chain security startup Phylum, which aims to enhance the vendor’s capabilities around protecting against malicious open-source code.
Assaf Rappaport
Co-Founder, CEO
Wiz has now expanded its capabilities in cloud remediation with its acquisition of a top startup in the space, Dazz. Meanwhile, the recent debut of Wiz Code has brought the vendor new capabilities for tracing security risks back to application code through correlating source code with vulnerable cloud assets and potential attack paths.
