With the rapid deployment of LLMs and agentic workflows, enterprises are encountering a significant bottleneck in their infrastructure: the security vulnerabilities inherited in the container base images that power these applications.
Echo, a startup based in Israel, has secured $35 million in Series A funding today, bringing its total funding to $50 million. The company aims to address this issue by reimagining the construction of cloud infrastructure.
The funding round was led by N47, with participation from Notable Capital, Hyperwise Ventures, and SentinelOne. However, the focus is not just on the financial investment, but on Echo’s mission to replace the disorganized open-source supply chain with a managed, “secure-by-design” operating system.
The Foundation of the Cloud
To grasp the significance of Echo’s work, one must first understand the essential role of container base images in the modern internet.
Containers act as a vessel for software, containing both the application code and the necessary components for its operation, known as the “base image.” This base image can be likened to the Operating System (OS) in a new laptop, handling fundamental tasks such as data storage, connectivity, and program execution.
Within the cloud environment, the base image serves as the Operating System. Companies like Netflix and Uber rely on pre-built layers like Alpine, Python, or Node.js to define the underlying frameworks and dependencies for their applications.
However, the risk arises from the fact that most base images are open-source and community-driven, resulting in excess features and tools that are often unnecessary for specific companies.
Eylam Milner, CTO of Echo, highlights the dangers of this approach, comparing it to plugging a random sidewalk-found computer into a network.
Traditionally, companies attempt to address these vulnerabilities by scanning and patching the base images. However, Echo’s research reveals that official Docker images can contain over 1,000 known vulnerabilities upon download, creating a continuous challenge for security teams.
The Evolution of AI Infrastructure
Eilon Elhadad, co-founder and CEO of Echo, draws parallels between the current situation and the historical shift from Linux to Enterprise Linux. Just as Red Hat transformed open-source Linux for corporate use, Echo aims to be the “enterprise AI native OS” for the AI era.
“We see ourselves as the foundation of the AI native era,” Elhadad emphasizes.
The Innovative Approach
Unlike traditional scanning tools, Echo operates as a “software compilation factory,” rebuilding images from scratch to eliminate vulnerabilities.
According to Milner, Echo’s process involves two key steps for each workload:
- Compilation from Source: Echo starts with a clean slate, compiling binaries and libraries directly from source code to reduce the attack surface.
- Hardening & Provenance (SLSA Level 3): The resulting images undergo rigorous security configurations, adhering to SLSA Level 3 standards for signed and verifiable artifacts.
The outcome is a seamless replacement for developers, with applications running identically while benefiting from a cleaner, vulnerability-free underlying OS layer.
AI-Powered Security
In response to the escalating “AI vs. AI” security challenges, Echo has developed a network of AI agents to manage vulnerability research autonomously.
- Continuous Monitoring: Echo’s agents track over 4,000 new CVEs added monthly to the National Vulnerability Database.
- Unstructured Research: These agents scour various sources to identify patches before widespread publication.
- Self-Healing: Upon confirming a vulnerability, the agents apply fixes, run tests, and generate pull requests for review.
This automated infrastructure enables Echo’s team to secure over 600 images efficiently, a task that would typically require a large security workforce.
Impact on CISOs
Echo represents a shift towards “zero vulnerabilities by default,” benefiting technical decision-makers by saving time and resources previously spent on manual investigations and patching.
Notably, Dan Garcia, CISO of EDB, highlighted that Echo’s platform saves significant developer hours per release, streamlining security processes.
With major enterprises like UiPath, EDB, and Varonis already benefiting from Echo’s solution, the company’s focus on securing infrastructure for agentic workflows is set to redefine the future of DevSecOps.
Pricing details for Echo’s solution are available on their website, tailored to scale based on image consumption for software development and deployment.
