Governance, risk management and compliance — GRC for short — remains one of the most active startup areas in terms of VC investments. According to Tracxn, the private market data tracker, the roughly 1,500 vendors selling GRC software had received $28.7 billion in funding as of 2021.
It’s no wonder there’s such high interest. GRC helps organizations better manage risk while staying in compliance with regulations — and there’s an increasing number of regulations to worry about.
One of the latest ventures to benefit from the boom is Anecdotes, which aims to streamline GRC tasks through automated workflows, plugins and app integrations. Anecdotes today announced that it raised $25 million in a Series B funding round led by Glilot Capital Partners with participation from Vertex, DTCP, Red Dot Capital Partners, Vintage Investment Partners and Shasta Ventures.
Bringing Anecdotes’ total raised to $55 million, the tranche, which the company described as “oversubscribed,” will be put toward expanding into new markets and doubling Anecdotes’ 60-person team in the next 12 to 24 months, co-founder and CEO Yair Kuznitsov said.
Kuznitsov and co-founder Roi Amior met while working at cybersecurity startup IntSights before it was acquired by Rapid7. While there, they ran into GRC-related challenges, including repetitive and time-consuming audits.
Inspired to create a better solution, Kuznitsov and Amior co-launched Anecdotes.
“[We wanted to] reinvent the enterprise GRC as offered today — data-oriented, automated, efficient, customized and meaningful for GRC and other stakeholders,” Kuznitsov said. “Anecdotes is redefining compliance and risk management by transforming it from a labor-intensive task with skyrocketing associated costs into data-oriented processes.”
Image Credits: Anecdotes
Anecdotes’ platform automatically collects GRC-related “artifacts” (i.e., data and logs) from sources, including a company’s public clouds, on-premise data centers, private clouds and software-as-a-service tools. The data gets placed in a central hub where users can kick off compliance activities (e.g., policy management, user access reviews).
One relatively new addition to the hub is AI Toolkit, which delivers a list of risks, controls and policies for deploying generative AI apps into production environments. AI Toolkit is open source and, Kuznitsov claims, created in collaboration with “industry-leading” experts.
“The toolkit aims to equip organizations, specifically GRC teams, with the framework to enable the use of GenAI tools while ensuring they’re still compliant and avoiding exposure to risks,” Kuznitsov explained.
Anecdotes’ competitors include VComply, a risk and compliance management startup that’s raised over $10 million in venture capital so far, and Cypago, which aims to automate compliance and governance for companies. There’s also larger players like Certa, which landed a $35 million investment from Fin Capital, Vertex Ventures and others earlier in 2023.
Kuznitsov asserts that Anecdotes is well-positioned, though, with around 100 customers, including Snowflake, Coinbase SoFi, Grafana and Payscale.
“We have healthy software-as-a-service gross margin,” he added. “[We’re] selling millions of dollars with 3x year-over-year growth . . . Anecdotes proved to find product-market fit and its ability to serve enterprise customers. The next growth phase requires additional capital to further accelerate global expansion and product innovation.”