NextFin News - On February 18, 2026, Venice, an Israeli-American cybersecurity startup, officially emerged from stealth mode with an audacious objective: to unseat the long-standing industry leader CyberArk within the next 18 months. Founded by Rotem Lurie, a former Microsoft product manager and veteran of Israel’s elite Unit 8200, Venice is positioning itself as the modern successor to legacy Privileged Access Management (PAM) systems. The company announced it has secured $20 million in Series A funding led by IVP, with participation from Index Ventures, bringing its total capital to a level that signals strong investor confidence in its disruptive potential. Operating from offices in Tel Aviv and North America, the 35-person team is already reporting successful "rip-and-replace" deployments at Fortune 500 companies, challenging the dominance of incumbents like CyberArk and Okta by drastically reducing implementation times from months to just over a week.
The emergence of Venice comes at a critical juncture for the Identity and Access Management (IAM) sector. According to the Identity Management Institute, global spending on IAM was projected to exceed $24 billion by late 2025, growing at a rate of 13% annually. This growth is driven by the increasing complexity of enterprise environments, where traditional human-centric security models are being overwhelmed by a "tsunami" of non-human identities, including AI agents, microservices, and automated bots. Lurie argues that legacy platforms like CyberArk were built for a static world of IT administrators, whereas today’s enterprises require a dynamic, unified control plane that can manage permissions across on-premises servers, SaaS applications, and multi-cloud infrastructure simultaneously.
The core of Venice’s competitive strategy lies in its technical architecture, which emphasizes "zero standing privilege" and just-in-time (JIT) access. Unlike traditional vaults that store long-lived credentials—a primary target for hackers—Venice brokers momentary entitlements that expire immediately after use. This approach significantly narrows the "blast radius" of potential credential theft. Furthermore, Lurie has made a strategic decision to support legacy on-premises systems alongside modern cloud-native stacks. While many startups avoid the technical debt of supporting older infrastructure, Venice’s ability to bridge this gap is precisely what has allowed it to penetrate the Fortune 500 market, where large manufacturing and financial giants still rely on hybrid environments.
From an economic perspective, Venice is not competing on list price but on the total cost of ownership. Traditional PAM deployments are notorious for their "hidden taxes"—the millions of dollars spent on professional services, consultants, and lengthy integration cycles that can last up to two years. By using AI-powered automation to map permissions and automate the onboarding of sensitive systems, Venice claims it can achieve in 10 days what takes incumbents 10 months. This efficiency is a powerful value proposition for Chief Information Security Officers (CISOs) who are under pressure to show rapid risk reduction in an era of escalating cyber threats and tightening budgets under the current administration of U.S. President Trump, where efficiency and domestic infrastructure security are high priorities.
The leadership pedigree of Lurie provides additional weight to Venice’s claims. Having served as the first product hire at Axis Security—which was acquired by Hewlett Packard Enterprise for $500 million—Lurie has a proven track record of building products that solve full-stack enterprise problems rather than niche technical gaps. Her experience at Microsoft’s Defender for Identity further informs Venice’s platform-centric approach. Investors like Cack Wilhelm, a partner at IVP, have noted that Venice’s ambition mirrors that of industry titans like CrowdStrike or Palo Alto Networks, which succeeded by tackling foundational architectural flaws in existing security paradigms rather than offering incremental improvements.
Looking ahead, the next 18 months will be a litmus test for whether Venice can maintain its momentum as it scales. The primary challenge will be overcoming the "incumbency bias" inherent in the security industry; identity is the most sensitive layer of the enterprise, and switching providers involves significant perceived risk. However, the proliferation of AI agents—where each employee may soon coordinate dozens of software bots—creates a scale problem that legacy systems are fundamentally unequipped to handle. If Venice can continue to prove that its automated, JIT model reduces audit burdens and prevents breaches more effectively than traditional vaults, the 18-month timeline to unseat CyberArk may shift from a bold marketing claim to a market reality. The industry should expect a wave of consolidation as legacy vendors scramble to acquire or replicate the ephemeral, agent-aware capabilities that Venice has pioneered.
Explore more exclusive insights at nextfin.ai.
