Malicious hackers — backed by adversary states like Russia and China or organised crime — are cracking complex cryptography by weaponising artificial intelligence and advanced computing power. And a major target for worming their way in to attack is not just the cloud, but the tens of billions of connected devices that are being used by individuals and organisations. One way to fight that is through embedded security: solutions built directly into the very chipsets that connect those devices to data networks.
Exein — one of the startups building that embedded tooling — is today announcing significant funding, underscoring the focus on the approach and its own traction in the market and the impact it’s having on companies in sectors like energy, healthcare, defence, automotive, aerospace, industrial automation, semiconductors and robotics.
The startup out of Rome, Italy has secured €100 million in a mix of equity and debt, roughly in a 50:50 split, according to Gianni Cuozzo, the CEO who co-founded the company with Gerardo Gagliardo, CFO and Giovanni Alberto Falcione, CTO (pictured above with Cuozzo centre).
“Cybersecurity needs to be decentralised and embedded on devices we all use every day because the nature of the threat has fundamentally changed,” he said. “We’re seeing more attacks on infrastructure and physical systems, not just on services or websites. When attackers target firmware, the damage isn’t just digital. It becomes physical.”
The equity part — led by Blue Cloud Ventures with participation from previous backers HV Capital, Intrepid Growth Partners, and Geodesic Capital — is effectively a bridge between Series C round that Exein raised in July of this year and a bigger round it plans for the future.
Those funds will be used partly for further research and development.
Exein, as we noted when writing about the Series C previously, spent the first years of its life in stealth mode and only released its first product, in runtime security technology, in 2023. The plan is to expand that with more AI-based continuous monitoring and response that will work with AI and large language models used on-device (in line with how a lot of hardware makers are building AI tools themselves). This is expected to be shown off at RSAC 2026 in San Francisco in March.
To date, Exein claims to have identified and fixed more than 1 million vulnerabilities with its tech, growing its revenues “5x” in the process. As a mark of that progress, this latest equity investment values Exein at nearly €700 million, double its valuation four months ago.
The debt portion meanwhile is coming from J.P. Morgan, and Exein said it will be using these funds to make acquisitions in the space.
We have asked Cuozzo about what kinds of companies he hopes to target for M&A, and we will update this post as we learn more.
There are a number of companies working on embedded security including Palo Alto Networks, Microsoft, Claroty, Forescout and Armis.
Among them, Exein already has some significant scale in the market. Earlier this year, it noted that its technology is embedded in over 1.5 billion devices, and it now says it’s on track for that figure to pass 2 billion by the first quarter of 2026. Companies that it works with include Nvidia, AWS, Arm, Intel, MediaTek and Super Micro.
There is a lot more room for growth for Exein and its many competitors. Estimates vary but the general consensus is that there are roughly around 20 billion connected devices in the world today, with that figure growing to more than 30 billion in the next five or so years.
(And not all of the devices with Exein’s tech embedded in them are “live.” The company is built on “open core” principles: it offers a free license to embed its tech in a chipset and then charges for those who will want to actually use it. Currently, the conversion it’s seeing to paying usage is around 10%, Cuozzo told me earlier this year.)
Resilience, as our readers know, is a multi-faceted topic that encompasses not just military posture but all of the many ways that adversaries can infiltrate a country’s infrastructure and opeations, and in our current very digital age, cybersecurity is very much a part of that.
In Cuozzo’s view, we are in the middle of a “generational shift” in cybersecurity at the moment that he likens to the advances seen in mobile with the rise of the iPhone. On a smartphone, applications function because of the functionality of the hardware that hosts them, and that is similar to how cybersecurity is evolving: his ambition is to make Exein the tool to help all cybersecurity function as it should.
“AI is accelerating both sides of the fight. It’s like nuclear power: it can be used to protect or to destroy,” he said. “We’re already seeing automated and even fully autonomous attacks, where AI agents can execute the entire attack chain directly against devices. That reality demands a new security model that protects devices themselves, not just in the cloud.”
Exein’s investors believe it has a good shot at being the lynchpin in that new security model.
“Connected devices are now the largest and least protected attack surface in the world,” said Rami Rahal, founder and managing partner at Blue Cloud Ventures, in a statement. “Exein’s mission is a vital one, and its solution – to place intelligent, real-time defence inside the device itself – is exactly what the market needs as cyberattacks increasingly spill into the physical world.”
“Securing the world’s connected devices is becoming essential to the resilience of modern infrastructure,” added Max Hauer, Innovation Economy Banking at J.P. Morgan. “Exein is playing a pivotal role in this, and we are pleased to support the company as it enters its next phase of global growth.”
