From Compliance to Intelligence: How Lema’s $24 Million Bet Is Transforming Third-Party Cyber Risk

In today’s hyper-connected digital economy, enterprises no longer operate as isolated fortresses. They function as ecosystems — deeply intertwined with SaaS providers, cloud vendors, contractors, and increasingly, AI platforms. While this interconnectedness fuels speed and innovation, it also introduces a dangerous reality: the biggest cybersecurity risks often lie outside the organization itself.

It is this invisible and rapidly expanding threat surface that Lema, a next-generation cybersecurity startup, is setting out to secure. Emerging from stealth with a $24 million funding round, Lema is challenging decades-old approaches to third-party risk management and redefining how enterprises understand and mitigate external cyber threats.

The Third-Party Risk Crisis Enterprises Can No Longer Ignore

Third-party risk management (TPRM) has traditionally been treated as a compliance exercise. Vendors are evaluated through annual questionnaires, self-attestations, and static risk scores — processes designed more for audits than for real-world defense.

But modern cyberattacks no longer respect these boundaries.

Today’s enterprises rely on hundreds or even thousands of third-party services, each with varying levels of access to sensitive systems and data. A single compromised vendor can serve as an entry point for attackers, enabling lateral movement, data exfiltration, and large-scale breaches. Recent industry data consistently shows that a significant portion of major breaches originate through third parties, exposing the limits of checkbox-driven security models.

This growing disconnect between compliance and actual risk is precisely what Lema was built to address.

Meet Lema: Built by Security Practitioners, Not Auditors

Founded in 2023 by cybersecurity veterans Eddie Dovzhik, Omer Yehudai, and Tomer Roizman, Lema was created with a clear mission: replace static compliance with continuous, intelligence-driven risk assessment.

Rather than asking vendors to describe their security posture once a year, Lema’s platform actively observes how third parties interact with an enterprise environment in real time. The company’s technology focuses on understanding behavior, access, and potential attack paths — the same factors a human threat researcher would analyze during an investigation.

At the core of this approach is Lema’s agentic AI engine, designed to think and reason like an elite security analyst rather than a rules-based automation tool.

Agentic AI: A New Class of Cyber Defense

Unlike traditional security tools that rely on predefined rules or static scoring models, Lema’s agentic AI continuously analyzes:

• How third-party vendors connect to enterprise systems

• What data and resources they can access

• How permissions evolve over time

• Where excessive or risky access accumulates

• Which attack paths could realistically be exploited if a vendor is compromised

This enables security teams to move from asking “Is this vendor compliant?” to answering a far more critical question:
“How could this vendor actually be used to breach us?”

By mapping real attack scenarios rather than hypothetical risks, Lema provides actionable intelligence that security leaders can use to prioritize remediation, reduce exposure, and strengthen resilience across their digital supply chain.

A Major Vote of Confidence: $24 Million in Funding

In February 2026, Lema announced it had raised $24 million in combined seed and Series A funding, marking its official emergence from stealth mode. The round was led by Team8, a well-known cybersecurity venture firm, with participation from F2 Venture Capital and Salesforce Ventures.

The backing of these investors sends a strong signal to the market. Team8’s deep roots in enterprise security, combined with Salesforce Ventures’ strategic interest in securing complex SaaS ecosystems, underscore the growing importance of third-party risk visibility in modern IT environments.

According to industry reports, approximately $17.5 million of the total funding was allocated to Lema’s Series A round, with earlier seed funding laying the groundwork for its agentic AI platform.

How Lema Plans to Use the Capital

The fresh capital positions Lema to scale aggressively in a market that is rapidly gaining executive-level attention. The company plans to deploy the funding across several key areas:

1. Product and AI Innovation

Lema is doubling down on enhancing its autonomous risk engine, expanding its ability to model complex enterprise environments and detect emerging third-party threats in real time.

2. Enterprise Go-to-Market Expansion

As regulatory scrutiny and breach costs rise, demand for advanced third-party risk solutions is accelerating. Lema aims to expand its enterprise footprint across regulated industries such as finance, healthcare, and critical infrastructure.

3. Deeper Forensic Visibility

The company is investing in advanced forensic analysis capabilities, enabling security teams to trace risk exposure across interconnected vendors and services with greater precision.

Why Lema’s Timing Is Strategic

Lema’s launch comes at a pivotal moment for cybersecurity.

Enterprises are facing:

• Explosive growth in SaaS and AI adoption

• Increasing regulatory pressure around vendor risk

• More sophisticated supply-chain attacks

• Overburdened security teams drowning in alerts but lacking context

At the same time, investors are pouring capital into AI-native cybersecurity platforms that promise efficiency, intelligence, and automation at scale. Lema sits squarely at the intersection of these trends, offering a solution tailored to how modern organizations actually operate.

Beyond Funding: A Shift in Cybersecurity Thinking

What makes Lema particularly compelling is not just its funding or technology, but its philosophy. The company is advocating for a fundamental shift — from treating third-party risk as a paperwork problem to managing it as a living, evolving attack surface.

By replacing questionnaires with continuous intelligence and compliance scores with real attack path analysis, Lema is positioning itself as part of cybersecurity’s next evolution — one where AI augments human expertise rather than replacing it.

Looking Ahead

As digital ecosystems grow more complex, the ability to understand and control third-party risk will become a defining factor in enterprise security maturity. With strong investor backing, a differentiated AI platform, and a clear vision, Lema is well-positioned to become a category-defining player in third-party risk management.

This is not just another startup funding story. It’s a signal that the cybersecurity industry is finally confronting one of its most persistent blind spots — and doing so with intelligence, not checklists.