Root Evidence Launches as Cybersecurity Legends Team Up with Ballistic Ventures to Forge a New Era of Vulnerability Management

Startup raises $12.5M Seed to help enterprises tackle the <1% of vulnerabilities that statistically matter

BOISE, Idaho, July 28, 2025 /PRNewswire/ -- Root Evidence, the cybersecurity startup championing evidence-based security, announces it has raised $12.5 million in a seed round. The oversubscribed financing was led by Ballistic Ventures with participation from Grossman Ventures, and others. The investment brings together an incredible group of highly accomplished figures in cybersecurity supporting Root Evidence's mission of delivering evidence-driven solutions that distill digital risk into quantifiable business outcomes. Read the full press release on the Root Evidence website.

Veteran Founding Team

Root Evidence's founders, Jeremiah Grossman (Chief Executive Officer), Robert "RSnake" Hansen (Chief Technology Officer), Heather Konold (Chief Operations Officer), and Lex Arquette (Chief Product Officer), are a widely recognized team of serial cybersecurity entrepreneurs with decades of experience who have led multiple successful companies.

Grossman previously co-founded WhiteHat Security, later joined SentinelOne as Chief of Security Strategy early on prior to their record-setting IPO, and then co-founded Bit Discovery with this same team in 2020, which was quickly acquired by Tenable in 2023. Grossman and Hansen's innovations have been credited with revolutionizing entire sectors of the cybersecurity industry, from web application security to attack surface management, while Lex Arquette, co-founder of WhiteHat Security and Bit Discovery, built Meta's (then known as Facebook) homepage and growth systems that onboarded their first billion users. For years members of the team have also been startup investors, board members, and advisors who have contributed to many other successful startups. Together they are now setting their sights on one of cybersecurity's biggest and most persistent challenges: vulnerability management.

The Vulnerability Management Challenge

Many CISOs have long expressed frustration with the state of vulnerability management. They are overwhelmed by the sheer volume of vulnerability findings, struggle to maintain full coverage of their attack surface, and face constant challenges in prioritizing what to fix first and justifying the resources needed for remediation. Yet, the reality is that only a small fraction, well under 1% of all known vulnerabilities, statistically matter – adversaries only actively exploit a handful to cause material harm. Root Evidence is on a mission to change that.

Why Root Evidence?

"We decided the best way for us to move the needle in cybersecurity is by taking on vulnerability management because the old approaches clearly aren't working. Companies want to be confident that the truly riskiest vulnerabilities are being found and need new ways to demonstrate that what they fix measurably reduces the likelihood of a breach, and translates that impact into actual real dollars and cents," said Grossman.

Root Evidence will cut through the noise by enabling security teams to calculate the financial risk to their organization, allowing them to focus first on the small number of vulnerabilities that have the greatest impact when remediated and genuinely reduce the chance of a breach.

At the heart of the company's approach is evidence-based security, a practice that prioritizes security decisions using the strongest evidence of risk. The company's very name reflects this philosophy. In terms of vulnerability management, "Root Evidence" is the highest standard of evidence and means: "proof a specific vulnerability has been exploited in the wild, led to a reported breach, and resulted in material financial loss." Since root evidence has been historically sparse, using this approach previously was not possible, until now.

The Root Evidence solution does not rely on scanning a list of Known Exploitable Vulnerabilities (KEVs) or a "new" severity scoring algorithm. The company is developing a truly next-generation, and fully integrated vulnerability scanning and attack surface management technology. Adversaries are getting faster, focused on scale, and constantly attacking each and every Internet-facing asset, but only looking to exploit just a tiny fraction of the over 300,000 vulnerabilities cataloged as CVEs in the National Vulnerability Database. The product will be the fastest and most scalable vulnerability management solution available, specifically designed to rocket those issues that have been proven to result in losses to the top of the priority list.

"Success in vulnerability management is no longer about who can report the most theoretical vulnerabilities, no matter how technically severe. Organizations need proof, with evidence, of which vulnerabilities are known to cause the most damage if left unaddressed, to focus on remediating those first. That's what Root Evidence does." said Robert Hansen, CTO of Root Evidence.

Investor Backing and Next Steps

With decades of cybersecurity success behind them, the Root Evidence founders have assembled an incredible group of investors and advisor community underscoring the confidence in their vision. Leading the investment is Roger Thortnon, General Partner at Ballistic Ventures, who founded Fortify Software and AlienVault. Thornton has been searching for a team with the right idea and pedigree to take advantage of the opportunity to reinvigorate the stagnant vulnerability management space.

"The Ballistic partners have years of first-hand experience in vulnerability management, so we know the massive problem of vulnerability overload all too well. The industry is antiquated, and ripe for visionary thinking. Root Evidence's evidence-based strategy is exactly what's needed to solve it. This team has done it before, literally changed how the industry approaches security, and now poised to once again push the industry forward. We're proud to support such an accomplished team," said Thortnon.

Root Evidence already has strong early interest from leading enterprises, including several in the Fortune 500, who urgently need better solutions and want to help shape and accelerate its product roadmap. This highlights the demand for a smarter approach to vulnerability management and meaningful technology innovation. Root Evidence is now expanding its group of design partners who want to apply an evidence-based approach in real-world environments. For interested organizations, contact designpartners@rootevidence.com.

The Root Evidence team will be attending the upcoming Black Hat USA conference in Las Vegas (August 2-7, 2025). To meet onsite, email contact@rootevidence.com.

About Root Evidence

Root Evidence is a cybersecurity company advancing evidence-based vulnerability management to help organizations focus on the small percentage of vulnerabilities that are actually exploited in the wild, have caused reported breaches, and led to material financial losses. With Root Evidence, security teams can calculate the financial risk to their organization, prioritize remediation efforts where they have the greatest impact, and genuinely reduce the likelihood of a breach. Founded in July 2025 by industry veterans Jeremiah Grossman, Robert Hansen, Heather Konold, and Lex Arquette, Root Evidence is headquartered in Boise, Idaho and backed by Ballistic Ventures, Grossman Ventures, and a roster of leading cybersecurity experts.

About Ballistic Ventures

Ballistic Ventures is a venture capital firm solely dedicated to early-stage cybersecurity and cyber-related companies. The partners have spent their entire careers defending against every cyber threat conceivable. Members of the firm have founded, operated, and funded over 90 successful cybersecurity firms – including Abnormal Security, AlienVault, ArcSight, Fortify, Mandiant, and Shape Security – led over 10,000 security professionals globally, and have 40+ years of experience in venture capital. Our experience provides entrepreneurs impactful support from people focused on the same mission. Our networks and relationships open doors for our founders. Learn more at ballisticventures.com.

View original content to download multimedia:https://www.prnewswire.com/news-releases/root-evidence-launches-as-cybersecurity-legends-team-up-with-ballistic-ventures-to-forge-a-new-era-of-vulnerability-management-302514408.html

SOURCE Root Evidence