Governance, risk management and compliance – also known as GRC – continues to be a thriving area for startup companies, attracting significant investments from venture capitalists. Tracxn, a private market data tracker, reports that as of 2021, approximately 1,500 GRC software vendors had received a total of $28.7 billion in funding.
It’s no surprise that there is such high interest in this field. GRC helps organizations effectively manage risk while ensuring they remain compliant with regulations – and with the growing number of regulations to keep up with, it’s a crucial aspect of business operations.
One of the latest companies to benefit from this booming industry is Anecdotes. This startup aims to streamline GRC tasks through automated workflows, plugins, and app integrations. In a recent announcement, Anecdotes revealed that they have raised $25 million in a Series B funding round. The round was led by Glilot Capital Partners and included participants such as Vertex, DTCP, Red Dot Capital Partners, Vintage Investment Partners, and Shasta Ventures. This investment brings Anecdotes’ total raised funds to $55 million.
Co-founder and CEO Yair Kuznitsov shared that the company plans to use this new funding to expand into new markets and double their team of 60 employees within the next 12-24 months. Kuznitsov and co-founder Roi Amior first met while working at cybersecurity startup IntSights before it was acquired by Rapyd7. During their time there, they encountered various GRC-related challenges, including time-consuming and repetitive audits.
Motivated to find a better solution, Kuznitsov and Amior joined forces to create Anecdotes.
“Our goal was to reinvent the current state of enterprise GRC, making it data-oriented, automated, efficient, customized, and relevant for all stakeholders,” Kuznitsov stated. “Anecdotes is redefining compliance and risk management by transforming it from a labor-intensive task with high costs to a data-driven process.”
Anecdotes’ platform automatically collects relevant data and logs, known as “artifacts,” from a variety of sources. These include a company’s public clouds, on-premise data centers, private clouds, and software-as-a-service tools. This data is then centralized in Anecdotes’ hub, where users can initiate compliance activities such as policy management and user access reviews.
One of Anecdotes’ recent additions to their hub is the AI Toolkit. This tool provides organizations with a list of risks, controls, and policies to follow when deploying generative AI apps into production environments. The AI Toolkit was created in collaboration with industry-leading experts and is open-source.
“The toolkit’s purpose is to give organizations, particularly GRC teams, the framework they need to use GenAI tools while maintaining compliance and minimizing risks,” Kuznitsov explained.
Anecdotes faces competition from other GRC startups, such as VComply, which has raised over $10 million in venture capital, and Cypago, which automates compliance and governance for companies. There are also larger players in the market, like Certa, which recently received a $35 million investment from Fin Capital, Vertex Ventures, and others.
However, Kuznitsov believes that Anecdotes is well-positioned for success, with around 100 customers including Snowflake, Coinbase, SoFi, Grafana, and Payscale. He adds that Anecdotes has a healthy gross margin for their software-as-a-service business and has seen a 3x year-over-year growth. According to Kuznitsov, Anecdotes has already proven its ability to find product-market fit and serve enterprise customers. The next phase of growth requires additional capital to continue expanding globally and innovating their product.