Cerby, a fast-growing identity security startup, just raised $40 million in Series B funding to fix one of the most persistent security gaps in enterprise tech—apps that fall outside traditional identity systems. These “unmanageable” tools, which don’t support standard protocols like SAML or SCIM, often escape detection by identity and access management (IAM) platforms. As a result, security teams are forced to rely on error-prone, manual processes to handle access, multi-factor authentication, and password controls. The risks are real: over half of companies have experienced breaches tied to these unsecured apps.
Cerby’s platform is built to solve this exact problem. It uses automation, agentic AI, and browser-based orchestration to lock down access across more than 2,000 disconnected applications—tools that most identity systems simply ignore. By closing this security blind spot, Cerby not only strengthens compliance and access governance but also slashes operational costs for IT teams. Their latest funding round was led by DTCP and backed by previous investors including Okta Ventures, Salesforce Ventures, and Two Sigma Ventures. The fresh capital brings Cerby’s total raised to $72.5 million.
Founded in 2020 by Belsasar “Bel” Lepe, Vidal González, and Jyri Virkki, Cerby is headquartered in Alameda, California. The founding team brings years of experience in cybersecurity and SaaS platforms, with previous roles at companies like Ooyala and Wizeline. Since its Series A just 20 months ago, Cerby has expanded its ARR tenfold and now supports major global brands like L’Oréal, Fox, Allstate, Chime, and Dentsu.
Cracking the Code of Unmanageable Apps
What sets Cerby apart is its ability to bring identity security to the long tail of business apps that fly under the radar. These tools may be critical to workflows but don’t support modern IAM integrations. Cerby steps in with its Application Network—a platform that automates user onboarding, offboarding, MFA setup, password changes, and policy enforcement for all applications, regardless of protocol compatibility.
A standout feature, Cerby Scout, uses browser extensions to “record” user actions and replay them automatically for tasks like provisioning or MFA enrollment. This reduces integration time from months to hours. The platform also includes Universal Logout, built in collaboration with Okta, which enables instant deactivation and password revocation—even for apps that don’t support global token policies.
By integrating with identity leaders like Okta and Microsoft Azure AD, Cerby enhances existing infrastructure instead of replacing it. Its architecture supports passwordless logins, SSO, and comprehensive identity lifecycle management across legacy, SaaS, mobile, and cloud apps.
Expanding Globally With Smarter Identity AI
Cerby plans to use the new funding to enhance its platform and meet rising customer demand, particularly in complex regulatory markets such as the UK, Germany, France, and the Middle East. With a growing focus on agentic AI, Cerby aims to further cut the workload for security teams, allowing even non-technical users to securely manage app access.
The company’s agentic AI, integrated secrets vault, and enrollment-based security model also help discover and govern shadow IT—apps deployed without IT oversight. These innovations give security teams visibility and control without slowing productivity.
Lance Matthews of DTCP, who led the Series B, said Cerby is reshaping the identity security landscape by addressing what others miss. Unlike competitors that offer partial fixes or require extensive custom integrations, Cerby offers a full-stack solution built for automation and scale.
With the enterprise threat surface expanding, Cerby’s platform provides a much-needed safety net for identity security in the age of SaaS sprawl.
