Truffle Security, developer of TruffleHog, an open-source project for detecting and remediating non-human identities (NHIs) and secrets, announced a $25 million Series B round led by Intel Capital and Andreessen Horowitz (a16z), joined by Abstract, Lytical Ventures, and security leaders Casey Ellis (BugCrowd), Emilio Escobar (Datadog), and Haroon Meer (Thinkst).
“As AI transforms how software is built, the security surface is expanding just as quickly,“ said Martin Casado, General Partner at Andreessen Horowitz. “Truffle Security is tackling one of the most urgent challenges in this new era, which is protecting codebases from secret exposure at scale. We’re thrilled to back the team as they continue to define what modern software security looks like in the age of AI.”
Funding supports TruffleHog Enterprise growth, enhancing detection, verification, and remediation capabilities, and launching TruffleHog GCP Analyze, an add-on providing visibility into leaked Google Cloud NHIs for faster risk assessment and remediation.
“In the era of coding co-pilots and third-party APIs, compromised credentials remain one of the leading causes of data breaches, making credential protection a critical safety measure for enterprise developers and security teams,” said Nick Washburn, Senior Managing Director at Intel Capital. “With the introduction of TruffleHog GCP Analyze and this latest round of funding, Truffle Security accelerates its mission to make secrets management frictionless, secure, and comprehensive, positioning the company to confidently address broader IAM and NHI market opportunities.”
Verizon’s 2025 Data Breach Investigations Report confirms credential misuse as a major attack vector. With API keys and tokens expanding across multi-cloud systems, Truffle Security focuses on detecting and remediating exposed credentials before breaches occur.
Growing demand for TruffleHog Enterprise led to doubled revenue and a broader Fortune 1000 client base across technology, retail, and finance sectors. The funding enables expansion into AWS and Azure NHI protection, further product innovation, and customer growth. Open-source adoption continues, surpassing 23,000 GitHub stars, 15 million downloads, and 250,000 daily runs.
“Dylan and the Truffle Security gang have long led the way in secret detection,” said Casey Ellis, Founder of BugCrowd. The GCP Analyze add-on reduces remediation time by delivering instant context on leaked credentials, access permissions, and exposure impact, enabling teams to assess and mitigate threats efficiently. Built on TruffleHog Enterprise’s verified detection technology with 800+ detectors, the tool strengthens protection across the software lifecycle.
“We are so excited and humbled to grow our community and technology into solving more and more pain points non-human secrets can cause — expanding beyond analyzing secret leaks into secret inventory and productivity tooling,” said Dylan Ayrey, CEO and Founder of Truffle Security.