Updated:
Mend.io
Mend.io builds unified AppSec and AI security software, covering SCA, SAST, DAST, secrets detection, and runtime protection for enterprise developers.
Mend.io
Mend.io was founded in Giv'atayim, Israel, by a group of engineers and security practitioners who observed that traditional developer security tools struggled to keep pace with modern codebases. The firm set out to build a platform that makes security visible and manageable at enterprise scale, pioneering software composition analysis before expanding across the full AppSec stack. The company's platform covers open-source dependency scanning (SCA), static analysis (SAST), dynamic testing (DAST), secrets detection, and reachability analysis. It now adds AI-specific security layers: model discovery, system prompt hardening, automated red teaming, and runtime behavioral guardrails. Mend.io generates continuous SBOMs and AI-BOMs for compliance with regulations including the EU AI Act and US Executive Order 14028. The platform integrates into existing CI/CD pipelines and claims to produce automated pull requests for vulnerability fixes, reducing manual developer effort. Mend.io maintains the Renovate Enterprise tool for automated dependency updates at scale. The company has not publicly disclosed funding or ownership structure, nor named individual executives on its website. Customer testimonials on its site reference clients such as the London Stock Exchange Group, ViaSat, Vonage, and Checkmarx, though specific deal sizes and contract terms are not disclosed. The firm's structural differentiator is its focus on unifying traditional application security with AI security in a single governed workflow, rather than offering point tools for separate threat surfaces. Mend.io states it is independent from any model provider, positioning itself as an agnostic layer between developers and the increasing complexity of AI-augmented codebases.
General information
Firm type
other
Year founded
—
AUM
Undisclosed
Location
Region
Middle East
Country
Israel
City
Giv'atayim
Corporate office
Giv'atayim, Israel
Sector focus
Frequently asked questions
What does Mend.io's platform actually cover?
Mend.io offers a unified security platform that spans software composition analysis (SCA), static application security testing (SAST), dynamic application security testing (DAST), secrets detection, reachability analysis, and runtime protection. For AI, it includes model discovery, system prompt hardening, automated red teaming, and behavioral guardrails. The platform generates SBOM and AI-BOM for compliance frameworks such as the EU AI Act and NIST.
Who are Mend.io's typical customers?
Based on customer testimonials on the company's website, users include security and development teams at organizations such as the London Stock Exchange Group, ViaSat, Vonage, and Checkmarx. The platform is marketed to enterprises with complex codebases that include open-source dependencies, AI components, and production agents.
How does Mend.io differ from standalone AI security tools?
Mend.io positions itself as unifying application security and AI security into a single platform, rather than offering separate point tools. Its system covers both traditional AppSec layers (SCA, SAST, secrets) and AI-specific testing (model discovery, prompt hardening, red teaming, runtime guardrails) within one governed workflow. The company states it is independent from any model provider.
Does Mend.io offer runtime protection?
Yes. Mend.io includes runtime in-application protection that monitors live interactions between users and applications in production, enforcing policy and blocking unsafe behavior as it occurs. This operates continuously and does not depend on patch cycles.
What compliance frameworks does Mend.io support?
Mend.io generates continuously updated software bill of materials (SBOM) and AI bill of materials (AI-BOM) that support compliance with the EU AI Act, US Executive Order 14028, and the Cyber Resilience Act. The platform provides a single governed repository of inventory, findings, test results, and remediation status.
Is Mend.io a public or venture-backed company?
Mend.io has not publicly disclosed its ownership or funding structure. Its website references being 'supported by our investors' but does not name them. No public filing or press release discloses a funding round or valuation.
Profile maintained by Altss using OSINT (open-source intelligence), regulatory filings, licensed data partners, and verified direct submissions. Read the methodology. Last updated: . Continuous refresh with full update cycles at least every 30 days.
Need institutional-grade insight on family offices?
Altss delivers:
Prefer a guided tour?
We’ll walk you through: