Salt Security is a private cybersecurity company focused on securing the APIs, MCP servers, and AI agents that make up modern digital and agentic environments. Its AI-infused Agentic Security Platform is designed to discover, govern, and protect the full agent-to-API path, giving organizations visibility into shadow assets, exposed credentials, posture gaps, and risky behaviors across cloud and hybrid estates.
The company has roots in API security and has expanded that foundation into agentic security, using the Agentic Security Graph to connect external exposure, configuration context, code-level findings, and runtime behavior. Salt Security’s portfolio spans external attack-surface mapping, agentless inventory and posture governance, traffic-based behavioral analysis, and real-time threat protection for business logic abuse and other API-centric attacks.
Offerings, Capabilities, and Integrations
Salt Security combines attack-surface discovery, continuous inventory, posture governance, sensitive-data analysis, and behavioral threat detection in a unified operating model. Its capabilities are built to secure APIs and the action layer behind AI agents, including visibility into agent actions, MCP configurations, and the internal APIs those systems invoke.
Deployment emphasizes low-friction integrations rather than inline re-architecture. Salt Security supports agentless and read-only connections for cloud and code environments, passive and mirrored traffic collection for runtime analysis, and integrations with major cloud platforms, API gateways, code repositories, SIEM and SOAR workflows, and adjacent security tools. This lets teams move from discovery to policy enforcement and incident response without slowing application delivery.
Products and Services
- Agentic Security Platform: Salt Security’s flagship platform for discovering, governing, and protecting AI agents, MCP servers, and APIs across the full lifecycle, from code and configuration through runtime activity.
- Salt Surface: An outside-in attack-surface discovery capability that maps public API exposure and helps identify shadow, rogue, zombie, and misconfigured externally visible assets without requiring traffic collection or agent deployment.
- Salt Connect: An agentless discovery and inventory capability that builds a unified API inventory across AWS, Azure, Google Cloud, on-premises environments, and connected code sources using metadata, logs, and configuration data.
- Salt Collect: A runtime analysis capability that continuously ingests API traffic to understand how APIs behave, who uses them, what data they expose, and where vulnerabilities, drift, or anomalous patterns appear.
- Salt Protect: A real-time protection capability that uses behavioral analysis to detect and block API threats such as business logic abuse, BOLA, scraping, prompt-injection-related misuse, and other low-and-slow attacks.
- GitHub Connect: A code-repository integration that extends Salt Connect into GitHub to discover shadow APIs, MCP-related assets, and posture risks in source code before deployment.
- Ask Pepper AI: A generative AI natural-language interface that lets users query API inventory, risk, and posture data in plain English to speed investigation and prioritization.
- Salt MCP Finder Technology: A discovery engine for identifying and inventorying MCP servers across external exposure, code, and runtime sources so teams can understand the action points available to AI agents.
- Salt Model Context Protocol (MCP) Server: An MCP-based interface that enables users and AI systems to interact with API infrastructure through natural language for insight, posture analysis, and remediation guidance.
Target Customers
Salt Security targets enterprises and digital businesses with large, fast-changing API estates, especially organizations adopting cloud-native architectures, microservices, partner integrations, and AI agents. It is particularly relevant for teams that need to govern APIs across multiple clouds, internal services, and internet-exposed environments.
The company serves organizations in finance, transportation, healthcare, retail, and software, along with other sectors where APIs handle sensitive data or business-critical transactions. Typical stakeholders include security engineering, application security, DevSecOps, cloud platform, and SOC teams seeking stronger API inventory accuracy, posture control, compliance support, and runtime protection.
Cloud Integrations and Marketplace
- AWS Marketplace: Salt Security has an AWS Marketplace presence and supports AWS-centric deployment and integration, including Cloud Connect for AWS and connectivity with services such as API Gateway, Lambda, load balancing, WAF, and AWS security workflows.
- Azure Marketplace: Salt Security is available through Azure Marketplace and integrates with Azure environments including App Gateway, AKS, Functions, API Management, and Microsoft Sentinel-based operations.
- Google Cloud Marketplace: Salt Security has a Google Cloud Marketplace presence and supports Google Cloud environments through integrations with services such as Apigee, GKE, Cloud Functions, Chronicle, and Google Security Command Center.
Key People
- Roey Eliyahu: CEO, Co-Founder
- Michael Nicosia: COO, Co-Founder
- Kfir Lippmann: Chief Financial Officer
- Michael Callahan: Chief Marketing Officer
- Iko Azoulay: Executive VP of Technologies
- Aner Gelman: VP of Product
- Jim Rose: VP of Sales Americas
- Mohammed Khalid: VP of Global Solutions Engineering
- Bill Thrash: VP of Customer Experience & Operations
- Ahuvy Mrad: VP of Human Resources
Key Facts
- Headquarters: Palo Alto, California, United States
- Employees: Approximately 212
- Annual Revenue: $40M-$46.5M
- Parent Company: None
- Subsidiaries: None
- Publicly Listed: Private
Analyst Recognitions
- Gartner: Voice of the Customer for API Protection Tools (2024) — Customers’ Choice. Cool Vendors in API Strategy (2020) — Cool Vendor.
