Listen to this article
SubImage raised $4.2 million in a seed round led by FundersClub, with participation from Y Combinator, Phosphor Capital, and Transpose Platform. Funds will be used to expand the engineering team, scale customer pilots, and accelerate feature development focused on reducing remediation times for security issues.
SubImage’s $4.2 million seed round marks a significant milestone for the San Francisco-based cloud security startup, underscoring its potential to redefine infrastructure mapping in enterprise environments. Founded in 2024 by Alex Chantavy and Kunaal Sikka, seasoned security professionals with experience across government agencies, Fortune 500 companies, and hypergrowth tech firms, the company builds on the foundations of Lyft’s open source Cartography project from 2019. This initiative, which pioneered graph based cloud asset visualization, exposed a critical industry shortfall: security tools that overwhelm teams with irrelevant alerts rather than actionable, context specific intelligence.
The round, led by FundersClub with participation from Y Combinator (YC W25 batch), Phosphor Capital, and Transpose Platform, was quietly closed before YC Demo Day, allowing the two person team to prioritize seven months of heads down development with early adopters. This stealth approach contrasts with high profile pitches, reflecting confidence in SubImage’s traction, $220K in revenue by September 2025 signals robust product market fit for its open core model, which combines a free, extensible library with premium managed services.
The seed funding totals $4.2 million, fitting within the $3-5 million range typical for early stage security startups in 2025, where valuations often hover at $20-30 million post money for YC-backed ventures. While specifics on valuation or individual check sizes are not public, YC’s standard $500K investment likely forms a baseline, with FundersClub anchoring as lead for the balance. The syndicate’s composition is telling: FundersClub specializes in seed bets on AI-infrastructure plays, having backed over 200 startups; YC offers unparalleled mentorship and demo exposure; Phosphor Capital targets scalable enterprise platforms; and Transpose Platform favors ambitious founders disrupting legacy models.
| Investor | Type | Focus Areas | Notable Quote/Insight |
| FundersClub | VC Firm | Seed stage AI & infrastructure | “SubImage will be critical for companies that need to map all of their assets… and address vulnerabilities for their customers.” – Alex Mittal |
| Y Combinator | Accelerator | Early stage tech | Provides $500K standard seed + 3-month program; emphasizes rapid iteration toward product market fit. |
| Phosphor Capital | VC Firm | Enterprise software | Backs extensible tools; aligns with SubImage’s open core extensibility for custom integrations. |
| Transpose Platform | VC Firm | Disruptive ventures | Supports founders with proven open source pedigrees, like Cartography’s influence on graph based security. |
This investor mix not only validates SubImage’s technical edge but also equips it with networks for talent acquisition and customer intros, crucial in a competitive talent market for security engineers.
SubImage’s origins trace to frustrations encountered by Chantavy and Sikka in prior roles: tools like traditional vulnerability scanners treat all organizations uniformly, generating “millions of findings that don’t reflect real risk.” Drawing from Cartography, a tool that maps cloud relationships and has been adopted by thousands of engineers, SubImage evolves it into a commercial offering. The platform ingests data from AWS, Azure, GCP, SaaS apps, and on-premises systems via secure proxies, constructing a dynamic, queryable graph that reveals “who can access what, and why.”
With just two employees as of the round’s close, the founders’ efficiency is evident: bootstrapping to $220K revenue in under a year, primarily through pilots with mid sized enterprises. Chantavy, with a background in government cybersecurity, brings expertise in compliance heavy environments; Sikka, from hypergrowth startups, focuses on scalable automation. Their complementary skills have enabled a lean operation, but the funding addresses a clear bottleneck, team expansion to handle incoming demand.
Recommended: Lavnlux Introduces The Porto and Redefines Modern Spa Relaxation
SubImage’s architecture centers on a hosted Cartography instance, augmented with proprietary AI layers for contextual analysis. Core components include:
- Data Ingestion Layer: Automated pulls from cloud APIs and encrypted tunnels for hybrid setups, ensuring real time updates without manual intervention.
- Graph Engine: Neo4j-inspired querying for relationships between assets, identities, and permissions, e.g., tracing a misconfigured S3 bucket back to its owning team.
- AI Prioritization Module: Machine learning models learn from organizational signals (e.g., usage patterns, compliance policies) to rank risks by exploitability and business impact, reducing alert fatigue by up to 90% in early tests.
- Remediation Workflow: Integrated ticketing, ownership assignment, and automated fix suggestions, integrating with tools like Jira or Slack.
This open core strategy, free core for self hosting, paid tiers for managed ops and AI features, mirrors successes like HashiCorp’s Terraform, appealing to open source advocates while monetizing value-adds. It positions SubImage as a “Wiz alternative” for cost conscious teams, checking boxes for CNAPP, CSPM, and PAM (Privileged Access Management) while emphasizing extensibility.
The cloud security market, projected to exceed $100 billion by 2028, is rife with fragmentation: incumbents like Wiz ($10B+ valuation) and Palo Alto Networks dominate with comprehensive suites, but their closed models limit customization. SubImage differentiates through openness and AI driven relevance, targeting mid market enterprises overwhelmed by multi cloud sprawl. Early pilots demonstrate 50% faster incident response, a compelling metric in an era of rising breaches (e.g., 2025’s average cost at $4.88M per incident).
Challenges include scaling AI accuracy across diverse environments and competing for mindshare against venture fueled giants. However, the open core ethos could foster ecosystem partnerships, much like how Cartography influenced tools from Datadog to Netflix.
Allocations prioritize:
- Engineering Hires (60%): Doubling the team to 4-6, focusing on multi cloud expansions and device mapping.
- Customer Expansion (25%): Scaling pilots to 20+ beta users, with go to market via YC’s alumni network.
- Product R&D (15%): Features like predictive risk modeling and deeper SaaS integrations to cut remediation times from days to hours.
Post-funding, SubImage aims for $1M+ ARR by mid 2026, leveraging the round to ship quarterly updates and pursue strategic alliances.
This funding fits into 2025’s AI security surge, where U.S. startups raised over $20B in the sector alone. SubImage’s success could accelerate open source adoption in enterprise security, challenging proprietary norms and empowering smaller teams. Investor enthusiasm, evident in quotes praising its “automation and intelligence”, suggests ripple effects, potentially inspiring hybrid models in adjacent fields like observability.
SubImage’s round is more than capital; it’s a catalyst for transforming reactive security into proactive intelligence, with the founders’ vision and backers’ support poised to capture meaningful market share.
Please email us your feedback and news tips at hello(at)dailycompanynews.com
