Reach Security Announces $10 Million Strategic Investment from M12, Microsoft's Venture Fund with Support from Artisanal Ventures and Other Existing Investors

Investment validates Reach's domain-specific AI approach for exposure management; new ConfigIQ Drift™ module enables customers to define and detect drift across SaaS and On-prem environments.

SAN FRANCISCO, July 29, 2025 /PRNewswire/ -- Reach Security, the AI-powered assistant for operationalizing security controls across the enterprise turning intent into enforcement and helping organizations fix what matters across SaaS and on-prem environments, today announced a $10 million strategic investment from M12, Microsoft's Venture Fund, and existing investors including Artisanal Ventures. The investment highlights M12's belief in domain-specific AI as a transformative force in cybersecurity and underscores Reach's leadership in enabling AI-powered exposure management.

As part of the announcement, Reach introduced ConfigIQ Drift™, a virtual assistant that allows security teams to define and enforce configuration drift detection without the need for deep configuration expertise or code skills. The company also previewed its upcoming Asset Intelligence capability, which will bring full-context visibility across identities, devices, and workloads to further enhance prioritization and remediation workflows.

Why M12, Microsoft's Venture Fund Invested
M12's investment reflects growing momentum in the exposure management category, with a focus on how virtual security assistants can drive adoption of security capabilities and automation in drift detection, policy enforcement, and remediation. M12 identified Reach's unique combination of domain-specific language models (DSLM), operational automation, and real-world traction as key differentiators.

"Reach is redefining what actionable exposure management looks like," said Todd Graham, Managing Partner at M12. "Their AI-powered assistant and extensible platform align directly with the needs of enterprise customers adopting Zero Trust, navigating compliance frameworks like CMMC, and helping customers migrate to or even activate underused capabilities in Microsoft 365 E5."

Introducing ConfigIQ Drift™: A Virtual Assistant for Security Configuration
Reach launched its first drift capability three months ago. Today's release of ConfigIQ Drift™ expands that foundation with a capability enabling customers to write their own drift detection rules. This makes it easy to define a baseline or "gold image" of intended configurations specifying exactly what to monitor for drift. For the first time, customers can now detect deviations across both SaaS and on-prem security products from a single, centralized location.

"Security teams aren't just overwhelmed, they're under-leveraged," said Garrett Hamilton, CEO and Co-founder of Reach Security. "This partnership with M12 validates our belief that the next generation of cyber defense will be AI-powered, assistant-driven, plus deeply operational and focused on creating leverage for companies and their security tools. We're building the infrastructure for that future today."

Use Case Highlights: Zero Trust, CMMC, and Microsoft E3 to E5 Optimization
Reach is enabling real progress across a wide spectrum of high-priority security initiatives:

• Zero Trust: Aligning enforcement with ZT principles across identity, email, endpoint, and network controls
• CMMC 2.0: Mapping controls to live configurations and detecting drift in real time
• E3 to E5 Optimization: Helping organizations unlock the full value of Microsoft 365 by:
  • Mapping current posture and identifying gaps
  • Accelerating feature deployment through guided config generation
  • Monitoring for drift post-activation
  • Sustaining ROI with ongoing validation and insights

"Zero Trust is more than a framework, it's a shift in how we operationalize protection," said Jay Wilson, CISO at Insurity. "Reach is making it possible for us to move from planning to execution faster than we thought possible."

Looking Ahead: Asset Intelligence and Adaptive Enforcement
Reach also previewed its upcoming Asset Intelligence capability. This will provide continuous insight into the security relevance, control coverage, and posture history of each identity, device, and workload. By combining that context with natural language rule authoring, Reach aims to deliver truly adaptive, assistant-driven enforcement.

Industry Recognition

Gartner® recently noted the importance of automation in exposure management:

"To combat the speed at which attackers exploit vulnerabilities, there will be a shift toward end-to-end automation of exposure management, including: continuous discovery, assessment, prioritization, validation and remediation of exposures."
—Gartner, Emerging Tech: The Future of Exposure Management is Preemptive, by Elizabeth Kim, Apoorva Chhabra, 25 June 2025

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

• Get the Gartner report: https://www.reach.security/gartner-report

View original content to download multimedia:https://www.prnewswire.com/news-releases/reach-security-announces-10-million-strategic-investment-from-m12-microsofts-venture-fund-with-support-from-artisanal-ventures-and-other-existing-investors-302515033.html

SOURCE Reach Security