Gambit Security this week emerged from stealth with $61 million in seed and Series A funding. Participants included Spark Capital, Kleiner Perkins, and Cyberstarts.
Gambit Security’s AI-native resilience platform connects to all environments, security solutions, and backup tools to autonomously map an organization’s infrastructure and backup data, uncovering gaps that break static recovery plans and put continuity at risk. Across enterprise environments analyzed by the platform, Gambit Security identified a profound danger to recoverability: while most have extensive backup coverage and security measures, only around 5% of systems were resilient against the impact of ransomware attacks.
The platform continuously measures resilience against the impact of evolving threats, driving early remediation, rapid recovery, and business continuity – not only in the event of a cyberattack, but also in response to critical system failures and technical disruptions.
Beyond improving recovery readiness, Gambit Security eliminates inefficient backup management and redundant data storage, typically reducing cloud storage costs by at least 10%, accumulating to millions of dollars at scale. These savings are incremental to additional benefits such as reduced cyber-insurance premiums, lower audit and compliance overhead, and avoided brand, customer, and revenue loss due to operational downtime.
“The hard truth is that cyberattacks and infrastructure failures are now routine, creating major disruptions and financial losses. Pouring more money into security and backup tools has become an unwinnable race,” said Alon Gromakov, co-founder and CEO of Gambit Security. “Recovery has fallen decades behind, and what was recoverable yesterday can fail today, leaving organizations vulnerable to devastating downtime. Gambit Security changes that – removing the expiration date from resilience strategies and bringing real-time capabilities to help teams ensure their environments stay resilient through changes and threat actors’
evolution, not just on a periodic basis.”
“Resilience and restoration are core to a strong security posture and incident recovery,” said Ilya Fushman, partner at Kleiner Perkins. “Gambit turns data resilience from a clunky and uncertain manual process centered on backups into an automated and AI-powered capability that gives CISOs and IT leaders confidence and a platform to understand and automate recovery.”
“Because every business is digital, Gambit ensures enterprises stay resilient in the face of increasingly sophisticated attacks,” said Clay Fisher, partner at Spark Capital. “Gambit is defining the standard for resilience and is the only solution in the market delivering verifiable resilience as an outcome, rather than backup as a tool. Spark is delighted to partner with this consequential company.”
“From the moment we invested in Gambit at its inception, we recognized this team was not going to build another security feature; they were tackling and redefining an immense problem and market,” added Lior Simon, general partner at Cyberstarts. “Their deep understanding of the industry enabled them to drive a fundamental shift from static defense to continuous preparedness. They address what organizations truly need: resilience that endures through constant change and evolving threats, especially in today’s AI-driven landscape. This is the kind of transformation that reshapes how enterprises protect operational continuity and
revenue.”
Gambit Security research: The AI attack path behind the Mexican government breach
Alongside the announcement, Gambit is disclosing new research into the attack path behind one of the largest and most consequential government breaches ever recorded. The breach itself, which began in late December 2025 with a compromise of Mexico’s tax authority, was already known. What was not known, until now, is exactly how it was executed.
Within a month of the initial compromise, 10 government bodies and one financial institution were affected, approximately 195 million identities exposed, and roughly 150GB of data exfiltrated: tax records, civil registry files, and voter data. The attacker even built an automated system that forges official government tax certificates using live data. It was orchestrated by an individual actor directing AI to operate as a nation-state-level team of operators and analysts.
Gambit analyzed the attacker’s logs and discovered the full attack path. The operation ran on more than 1,000 prompts to Anthropic’s Claude Code and regularly passed information to OpenAI’s GPT-4.1 for analysis.
AI didn’t just assist, it functioned as the operational team: writing exploits, building tools, automating exfiltration. The prompt logs reveal the attacker bypassing guardrails by convincing models that their actions were authorized. Claude executed the attack under the guidance of the attacker, and OpenAI analyzed data in support of accelerating Claude’s attack execution efforts.
An attack of this scale does not end when it is discovered. Recovery can be long, disruptive, and expensive, often requiring organizations to rebuild systems, suspend critical services, and work to regain public trust. Costs can reach into the millions, and reputational damage can last for years.
More importantly, incidents like this highlight a clear shift in the threat landscape: traditional defenses alone are no longer enough. Instead of trying to block every possible attack, organizations must focus on their ability to withstand and recover from
them. In today’s environment, Gambit said resilience is essential.