We’re thrilled to announce Corsha’s $12M Series A financing, backed by 1011 Ventures, Razor’s Edge Ventures, and 1843 Capital. Corsha is bringing dynamic identity and MFA to APIs.

For decades, the cybersecurity industry spent billions of dollars figuring out how to keep usernames and passwords from being used by hackers. The so-called “password problem” stemmed from the fact that usernames and passwords were just static values that could be used by anyone who held them, whether they were the rightful user or not. Convincing people to rotate passwords, keep them safe, and make them complex didn’t work.   Unless they were forced, users didn’t want to exercise good security hygiene.

Fortunately, there is a successful and well understood solution to the password problem—multi-factor authentication or “MFA”. When enterprises adopt strong MFA, attacks using stolen usernames and passwords are basically shut down, forcing hackers to look for other attack vectors. MFA pins credentials to authorized devices belonging to a user.  It’s been a terrific success for the cybersecurity industry. It has enabled enterprises to manage user identities and feel confident in who is accessing their data. It’s a primary pillar of Identity and Access Management (IAM) as well as notions of Zero Trust.

Today, API communication is stuck surprisingly in the same place as human user authentication was decades ago. API credentials such as keys, tokens and certs are largely static values. In fact, this anxiety around having to use long-lived Github API keys ourselves was how we came up with the concept behind Corsha and MFA for APIs. Reliance on APIs today is exploding and enterprises are dynamically deploying ‘machines’ such as pods, containers, cloud workloads, servers, and virtual machines at scale to cloud and hybrid environments. For convenience, deployment teams often reuse API secrets and spray them across code repositories, CI/CD pipelines, testing infrastructure, logs, and cloud platforms. We are now seeing weekly headlines where adversaries leveraging stolen API credentials in order to gain access to sensitive systems and data.

Corsha solves this problem! At Corsha, we believe that MFA can be as successful in protecting machine-to-machine communication as it has in solving the human “password problem”. We’re on a mission to reduce the API attack surface and simplify how enterprises manage API Identity and Access Management, one API Authenticator at a time.  

As we have developed our platform, our vision has grown to include not only dynamic machine identities and MFA for every authorized machine, but also tools that give visibility and control over an enterprise’s machines, all from a customer control plane. We integrate easily into automated deployment infrastructure and greatly reduce the burden on engineering and security teams to manage API credentials and maintain good security hygiene around API-based communication.

Our customers and partners are seeing the vision. We are protecting sensitive API traffic in modern cloud environments and legacy architectures alike. We have validation with one the largest cybersecurity customers – the US Federal Government, working with the Air Force to secure and connect industrial IoT equipment. Partners like Dell see how we can revolutionize IAM for machines and bring the promise of Zero Trust to API communications.

That’s why we are so thrilled to announce our Series A financing –  fuel for our growth.  The momentum is building!  Stay tuned for the next chapters in Corsha’s story.

Anusha Iyer and Chris Simkins