Management Summary

Identity has quietly become the most dangerous attack surface in modern cybersecurity — and most companies don’t even realize it. While enterprises invest billions into firewalls, network hardening, EDR, and endpoint tooling, attackers have shifted to something far simpler: logging in with stolen credentials. In a world where AI agents, LLM-powered automation, and machine-to-machine systems now operate without MFA, passwords or human oversight, identity has become the new perimeter — and the weakest one we have.

In this deep dive, I unpack my full conversation with Santhosh Jayaprakash, founder and CEO of UnoSecur, one of Europe’s most ambitious identity security startups. We explore why credential theft accounts for up to 80% of recent breaches, how AI agents are accelerating risk by 40x, and why agentless, post-login detection is emerging as the next cybersecurity category.

Whether you’re a founder, a CISO, an investor, or someone building in cloud, SaaS or AI — the coming storm will hit you sooner than you think.

Our Sponsor

Quick break for something every founder should hear. One leak on the dark web can mean account takeovers, impersonation, or a board-level crisis. That’s why we partnered with NordStellar — a business-grade threat-exposure platform from the team behind NordVPN. It gives you early signals before attackers escalate — with data-breach and dark-web monitoring, attack-surface discovery, and cybersquatting detection. You’ll spot exposed credentials, shadow IT, and fake domains fast.

Startuprad listeners get an exclusive 20% Black Friday discount — go to nordstellar.com/startupradio and use code blackfriday20 before December 10, 2025. Don’t wait until your data shows up for sale — visit nordstellar.com/startupradio, code blackfriday20.

Table of Contents

1. Identity Is the New Cybersecurity Perimeter

2. Why Attackers Don’t Break In Anymore — They Log In

3. The Exploding Identity Sprawl Crisis

4. AI Agents: The Security Nightmare No One Is Ready For

5. Agentless Identity Security: What UnoSecur Actually Does

6. Real-World Cases: Fintech & Healthcare

7. The Business Model Behind Identity-First Security

8. Why Identity Security Will Be the #1 Budget Line by 2030

9. Founder Lessons from Santhosh Jayaprakash

10. Conclusion + Resources

11. FAQs

Identity Is the New Cybersecurity Perimeter

For years, cybersecurity followed a simple formula:

Network → Infrastructure → Application → Identity

Identity came last — a boring IT checkbox.But in 2025, identity moved to the front of the line.

Why?

Because every SaaS system, every cloud workload, every agent, every API, and every LLM-powered workflow now starts with the same thing:

👉 A login.

And as Santhosh puts it bluntly:

Attackers don’t break in. They log in.

With AI-driven phishing, credential scraping, session hijacking, and machine-identity exploitation, identity security is now:

• the weakest link

• the least defended perimeter

• the fastest-growing risk vector in enterprise security

• the most overlooked area by mid-market SaaS companies

If you’re a founder or operator in 2025, here’s the uncomfortable truth:

Your biggest security risk is not a vulnerability — it’s an identity with too much access.

Why Attackers Don’t Break In Anymore — They Log In

Let’s start with a simple metaphor Santhosh shared in our interview.

Imagine a burglar.He wants to rob your house.Does he try to break the lock?

No.

He finds your keys.

Now translate that to tech:

• stolen passwords

• leaked API keys

• compromised tokens

• browser infostealers

• session cookies

• machine identity drift

• misconfigured permissions

• dormant “zombie” accounts

This is exactly how attackers enter AWS, Google Cloud, Okta, GitHub, Jira, Salesforce, and your entire SaaS stack.

And once inside?

They behave exactly like a normal user.

Which means:

❌ your firewall won’t stop them

❌ your EDR won’t detect them

❌ your SIEM will drown you in noise

❌ your MFA is irrelevant (especially for machines)

The only possible solution is:

👉 detecting malicious identity behavior after login — in real time.

This is where identity-first security becomes essential.

The Exploding Identity Sprawl Crisis

Santhosh drops another bombshell:

This is especially true for:

• mid-market SaaS companies

• scaleups

• AI startups

• compliance-heavy industries

Identity sprawl happens when:

• every engineer spins up a test AWS account

• every team installs a new SaaS tool

• AI agents create machine identities dynamically

• service accounts multiply

• permissions drift

• nobody maintains a proper identity inventory

The result?

A chaotic mess where nobody knows who has access to what.

It creates:

• over-permissioning

• undetected stale accounts

• impossible audits

• non-human identities with admin access

• violation of least privilege

• massive compliance headaches

• huge breach risk

Santhosh points out that regulated industries feel this hardest:

Identity sprawl is no longer a nuisance.It’s an existential risk.

Stat Spotlight

80% of cloud breaches involve compromised identities.40x expected increase in machine identity threats by 2030.200+ SaaS apps used by an average enterprise.90% of audit requirements tied to identity.

AI Agents: The Security Nightmare No One Is Ready For

This is the segment that stunned even me:

Companies are already adopting AI in three ways:

1. Developer tools – Cursor, Copilot, Replit, Windsurf

2. Internal AI systems – built on OpenAI, Anthropic, etc.

3. SaaS agents – Salesforce agent, ServiceNow agent, etc.

The problem?

Machines don’t care about authentication UX.

They don’t do MFA.They don’t wait for SMS codes.They don’t verify identity on mobile apps.

They use:

• API keys

• secrets

• tokens

• service accounts

And they get compromised every day.

AI is accelerating identity sprawl and identity-based attacks faster than any security team can keep up.

Santhosh predicts:

Market Lens: The AI Security Gap

• AI agents lack visibility

• Traditional IAM doesn’t apply

• SIEM tools don’t parse agent behavior

• Okta/Auth0 do authentication, not post-login detection

• Machine identities outnumber human identities 20:1

The market is wide open for a category winner.

Agentless Identity Security: What UnoSecur Actually Does

UnoSecur’s value proposition is remarkably simple:

They detect attacks AFTER someone logs in.

This is a brand-new category.

Most security tools protect the front door. UnoSecur monitors what happens inside the house.

How?

• Plug into your cloud

• Plug into your identity providers

• Plug into your SaaS systems

• Collect identity behavior metadata

• Detect anomalies, misuse, and drift in real time

No agents. No installations. No Kubernetes sidecars. No endpoint management.

Santhosh explains:

UnoSecur provides:

• runtime identity risk scoring

• toxic permissions combination detection

• non-human identity governance

• instant breach visibility

• automated identity remediation

• least-privilege enforcement

• compliance & audit reports

• AI/ML correlation across cloud & SaaS

This is precisely what legacy IAM tools cannot do.

Founder's Quote

“We don’t protect the front door — we study what happens after someone walks in.”

Real-World Use Cases: Fintech & Healthcare

UnoSecur has deep traction in the two toughest industries:

1. Fintech / Banking

Why they use UnoSecur:

• DORA compliance

• SOC2 readiness

• real-time identity monitoring

• protection against insider and credential misuse

• automated audit reporting

2. Healthcare

Why they use UnoSecur:

• PHI protection

• access governance

• machine identity monitoring (critical for medical SaaS)

• least-privilege enforcement

In both sectors:

The Business Model Behind Identity-First Security

UnoSecur is a classic high-margin enterprise SaaS:

• SaaS platform for most customers

• Private cloud deployment for heavily regulated banks (2–3× pricing)

• Pricing based on connections, not users(because machine identities scale unpredictably)

Customers range from:

• banks

• healthcare providers

• large retailers

• mid-market SaaS

• AI-driven companies

UnoSecur is built to scale globally — from Berlin.

Why Identity Security Will Be the #1 Budget Line by 2030

Santhosh’s bullish prediction:

Why?

Because:

• AI agents won’t slow down

• Machine identities will explode by 40×

• Identity sprawl grows exponentially

• Cloud-native companies multiply

• Compliance becomes stricter

• Human-centered IAM breaks for machines

• Attackers keep using stolen keys

Companies will shift budgets from:

❌ infrastructure security

❌ endpoint security

❌ network security

to:

👉 identity-first security

👉 AI identity governance

👉 machine-identity visibility

👉 runtime detection

UnoSecur sits at the center of this global shift.

Pro Tip (for Founders)

If you run a SaaS company and don’t know:

• how many service accounts you have

• who created them

• what they access

• whether they violate least privilege

…you are already exposed.

Founder Lessons from Santhosh Jayaprakash

Santhosh has built three companies:India → Singapore → US → Germany.

He’s honest about the challenges:

He also shares:

• the hardest feature was real-time identity processing

• talent scarcity slowed the first two years

• starting in Europe required heavy education

• messaging and positioning needed refinement

• agentless runtime detection was a huge R&D bet

Yet today, UnoSecur is one of Europe’s rising deep-tech players.

Santhosh’s long-term vision:

This is a founder who’s not building a feature — but a category.

Conclusion: The Identity Storm Is Coming

Identity is now the most critical — and most fragile — security layer in modern AI-driven enterprises.

What we learned:

• Attackers don’t break in. They log in.

• AI agents multiply identity risk dramatically.

• Machine identities are ungoverned and unmonitored.

• Identity sprawl is out of control.

• Real-time post-login detection is the only effective defense.

• UnoSecur is building the identity security layer for the AI era.

If you’re a founder, operator, or investor:Identity-first security is no longer optional.

FAQ

1. What is identity security?

   Identity security protects user and machine identities from misuse, theft, and unauthorized access.

2. Why has identity become the new cybersecurity perimeter?

   Because cloud and AI systems rely entirely on logins — attackers simply steal credentials.

3. What makes identity attacks so dangerous?

   They bypass firewalls, EDR, and MFA, and appear as normal user activity.

4. What is an identity security platform?

   A platform monitoring identity behavior after login to detect breaches in real time.

5. Why can’t IAM tools solve identity security?

   IAM manages access; identity security detects misuse.

6. What are machine identities?

   API keys, service accounts, and tokens used by software.

7. Why are AI agents risky?

   They authenticate without MFA and can be easily over-permissioned.

8. What is agentless security?

   Security that requires no installations or agents — just connections to cloud and SaaS.

9. How does UnoSecur detect identity threats?

   Through real-time metadata analysis, anomaly detection, and toxic combination rules.

10. Does UnoSecur replace Okta?

    No. It complements it by monitoring post-login behavior.

11. What industries use identity-first security?

    Fintech, healthcare, retail, and AI-driven companies.

12. How does identity sprawl happen?

    Uncontrolled creation of accounts, API keys, and SaaS tools.

13. What is least-privilege enforcement?

    Ensuring identities only have the permissions they need.

14. Is identity security required for compliance?

    Yes — SOC2, ISO, DORA heavily depend on identity governance.

15. How does AI increase identity risk?

    Through automated credential theft, impersonation, and machine drift.

16. Can small startups afford identity security?

    Yes — identity security platforms scale with usage.

17. What is task-based access control?

    Giving AI agents only the permissions needed for specific tasks.

18. Will identity be the top security investment by 2030?

    Yes — driven by AI adoption and machine-identity explosion.

19. Can UnoSecur detect insider threats?

    Yes — via behavioral identity analysis.

20. Why does real-time detection matter?

    Because attackers move within seconds, not hours.

Internal & External Linking

Internal

• How Host-Read Ads Became Germany’s Most Trusted Format

• This Month in DACH Startups - October 2025 | Deep Dive

• Founder Burnout Recovery — The Hidden Cost of Startup Success

Authority Sources

• https://www.unosecur.com/

• Unosecur's case studies

Give us Feedback!

Let us know who you are and what you do. Give us feedback on what we do and what we could do better. Happy to hear from each and every one of you guys out there! 

https://forms.gle/Qp53eVuc9P1RMqWj8

The Video Podcast Will Go Live on Thursday November 20th 2025

The video is available up to 24 hours before to our channel members in what we call the Entrepreneur’s Vault.

The Audio Podcast Will Go Live  Thursday November 20th 2025

You can subscribe to our podcasts here. Find our podcast on your favorite podcasting app or platform. Here are some of the links to subscribe.

• Spotify

• Apple Podcasts

• Castbox

• Global Podcast Network (Formerly NY City Podcast Network)

• Good Pods

The audio and video is available up to 24 hours before to our substack members in what we call the Entrepreneur’s Vault.

Tune in to our Internet Radio Station here:

Be one of the people smartening up with our content, as well as that of many media partners, including but not limited to Tech.eu and Stanford University Radio Show Laptop Radio

www.startup.radio

Get Our Content to Your Inbox 

Decide what you want to read and when. Subscribe to our monthly newsletter here: https://startupradio.substack.com/ 

Find All Other Channels Here

Find all options to subscribe to our newsletter, podcast, YouTube channel or listen to our internet radio station here: https://linktr.ee/startupradio 

Interested in Working with us?

Welcome to Startuprad.io™, your premier source for news and insights into the vibrant world of German, Austrian, and Swiss tech innovation! As a decision-maker, you’re invited to dive into our content, featuring Emmy award winners, New York Times bestsellers, and Forbes top lists luminaries. Our platform offers a curated selection of interviews with industry leaders, game-changing entrepreneurs, and influential investors. Our focus on startups around Series A funding ensures that you get exclusive insights into the rising stars of tomorrow. By advertising with us, you tap into an audience that values forward-thinking and impactful partnerships. Join us at Startuprad.io and let your message reach the innovators shaping the future: partnerships@startuprad.io

Subscribe & Follow

Don’t miss out on our latest episodes and updates! Follow us on social media and subscribe to our newsletter for more exclusive content: https://linktr.ee/startupradio

The Host & Guest

The host in this interview is Jörn “Joe” Menninger, startup scout, founder, and host of Startuprad.io. And guest is Santhosh Jayaprakash, CEO & Co-Founder of Unosecur

Joe on LinkedIn

Santhosh on LinkedIn

📝 About the Author

Jörn “Joe” Menninger is the founder and host of Startuprad.io — one of Europe’s top startup podcasts. Joe's work is featured in Forbes, Tech.eu, and more. He brings 15+ years of expertise in consulting, strategy, and startup scouting.

Automated Transcript

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:00:00]:

In this episode of Startup Rate IO we dive into AI powered future of identity and access management where real time cloud security, agentless deployment and non human identity protection are becoming essential for enterprises. If you found a CISO investor or enterprise IT leader navigating the zero trust area, this conversation with unosecore CEO will give you a front row seat to how the next wave of identity threat detection, cloud compliance and SaaS security innovation is being built in Berlin and where every B2B SaaS startup should be paying attention. Welcome to startup Rad IO, your podcast and YouTube blog covering the German startup scene with news interviews and live events. Today I'm joined by Santos how to pronounce your family name? I would say Y. Yaya Prakash.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:01:11]:

No, it's. It's Jaya Prakash.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:01:16]:

Jaya Prakash. Sorry for butchering your name. The founder and COO of unosecur, a Berlin based cybersecurity startup that's really rethinking identity security in the age of AI because every AI can more or less impersonate a person. Santosh is no stranger to the challenge of cloud security. Before Uno Secure he built and scaled anchor cloud, helping enterprises transition to the public cloud. But it was during those engagements that he spotted a critical vulnerability. Nearly every company clawed the chaotic sprawl of user identities across cloud environments with no unified system to manage them securely. That realization led to unosecur, an agentless identity security platform that now helps companies detect real time threats, manage non human identities and automate AIM risk remediation across AWS, Azure, Azure and beyond.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:02:23]:

Backed by 5 million seed round and already trusted by major enterprises customer Uno Secure is quickly becoming one of Europe's most exciting deep tech security startups and Santosh is the visionary leading the charge. Welcome.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:02:40]:

Thank you so much for the kind invitation Jo.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:02:43]:

Totally my pleasure. We already heard a lot about you. Let me start with the first question. How did your can you tell us a little bit about your personal journey and how did this as a founder lead to the creation of Uno Secure? We had a little bit teaser in.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:03:02]:

The intro so yeah, I'm Santosh Jay Prakash and I'm from India but been in Germany for the last seven years. This is my third venture so I'm not a rookie entrepreneur I should say. This is 18 years in ID infrastructure. I started my first company in 2015 was called PowerUp Cloud, very early in the game of cloud data AI. So I built a company called PowerUp Cloud based out of India, scaled it to Singapore, then to us, then to Netherlands and then got acquired by a Large NASDAQ listed company. This was my first entrepreneur experience. Build a 200 people team in three years. So that was built something like Datadog, maybe you heard of this platform, which is in cloud observability.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:03:47]:

So pretty early in the game then. My wife is Deutsch, so that brings me to Germany. We lived in India for five years, 2013-18, and she invited me to come here. So I came here. Then I started another company called Ankar Cloud, which I still own. As of today it's 140 people, does 15 million in revenues, profitable runs by itself. I have a leadership team who run the company during this process. I always wanted to build something global, ambitious, and I thought, okay, why not a security company coming from Germany, based out of Berlin.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:04:19]:

So that's how Unuse was born. And I started this couple of years ago as a research project. It came out of Anka Cloud when we worked with a lot of customers migrating to the cloud. And then the whole curiosity was how do you stop evil while it's happening in the cloud? You know, that's kind of the hook, that's the hypothesis I started chasing and which led to the company.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:04:40]:

It's also interesting because you could start human hackers with human speed, but in the age of AI, I think that that's something completely different. But before we move on with our questions, I have two less serious questions. I want your honest opinion of the state of Indian food in Germany.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:05:00]:

Indian food in Germany. I think I should say the answer is no. Comments. Yeah, I mean, not even remotely close, but still. There are some good spots in Berlin and I'm in South Germany in Frankfurt. It's too good. I've tasted some good food even in Munich. Yeah, big cities.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:05:16]:

Actually what I like here in Germany, in Frankfurt especially, is Savanna Bavan.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:05:23]:

Yeah, exactly. That's where I was going to. Right.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:05:25]:

So that was a good one in Frankfurt. Strong recommendation, very small hidden place. Metamasala. But before we get into the next serious question, what more I usually do? When you moved here from India, did you bring warm socks?

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:05:42]:

Yeah, that's a good question. Right. I had funny jackets rather than bad socks. Right. So I had to throw away all my funny jackets and then I had to get it. And funnily enough, I've never seen snow in my life. So only in Germany I get to see first time when I was like 26 or 27. Right.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:05:58]:

How do you like driving in snow and ice?

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:06:01]:

Oh, that's a good question. So definitely not enjoyable or relaxing. Right. So I think my Wife still does those duties, Right? So I'm still a bad driver in Germany.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:06:15]:

I think it's the same case for many people. When you are ice on snow, usually your smartwatch watch sounds the alarm, right? I know that feeling. For those in our audience unfamiliar with what exactly do you guys as UNO secure do and why is it relevant now? Can you do a little bit of explaining here? Can you break it down Bonnie style?

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:06:39]:

Awesome, Joe? So the simplest way I can explain is there are bad guys everywhere, right? So let's take the scenario of somebody has got keys to your house. He's a bad guy, he will find hundred ways to get keys to your house, right? So if he wants to rob your house, they find ways to find the keys. So as a, as a bad guy or an adversary, what do I do? I take the keys, I come to your home, put it in the door, open the door, and then, yeah, I do my job of cleaning the house and take all the valuables and run away. So this is typically how it works. So now apply the same scenario in the context of technology, right? So your passwords, your keys are stored in different systems. There are hacker groups who are looking for these keys and credentials, and that's all they need, right? So they log into your systems and then they steal your data. So there's like bitcoin mining, data theft, or ransomware attacks. So the whole idea is, what is your defense mechanism is how soon can you detect, or like, let's say in your home you have a security system which detects.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:07:44]:

So in 10 minutes, if you're able to get the robber run away or chase him out, or make some noise, or the neighbors help you somehow, you have some mechanism that you can safeguard your property. But in technology we apply the same. So there's no system which is able to detect this in real time and what these guys are doing inside a system. And that's the best analogy I can give you. It's like somebody has keys to your house. How soon can you detect and respond? So that's exactly when you apply in the technology world these days. All attacks, 80% of all the attacks that you see in the last two years are credential theft. Somebody has keys to your kingdom.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:08:22]:

They just log in. They don't break in or write cryptography or exploits anymore. We are kind of the layer which comes in which can detect and stop those attacks and avoid those bad guys to harm anything that's happening into your system.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:08:40]:

Before we get into the next question, I was wondering, you have somebody who for whatever reason lost or got his credentials stolen. Could be as simple as a trojan on their home computer or in the network or something. How can you as unicecore detect that it's not the person that is supposed to log in? Because I would assume if the alarms are raised, if those credentials are stolen, they wouldn't work. But if you have working credentials, how does the intuo alarm bell ring?

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:09:16]:

Cool. So we connect to all these core systems like your cloud, your on premise, your identity providers like Microsoft Entra or Okta, and also to your SaaS platforms. So based on which we've done a lot of threat hunting, based on which we detect. So there's a framework called mitre, ATT and ck. So where we detect like credential theft, initial access, privilege escalation, privilege refund, all those things and we take a bunch of signals which is based on ip, based on where this identity is accessing things from. There are multiple signals that we create or we call it the risks. And based on all those combinations we create an issue. So that's the R and D we did for two years during the early days of unasecore.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:10:02]:

We have this unique research driven approach where we build toxic combinations or we call it conflicting combinations based on which we detect. And we do that. And now maybe I can also give an add on. So now with AI, so with humans you can have like a single sign on system or an mfa. Like for example, like you log into a system, there's a second alert where you have to confirm, right. But when it comes to machines or AI, you cannot protect the front door so you're fully exposed. Right. So the problem becomes like crazy big when it comes to non human identities or AI agents and all those kind of modern day systems.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:10:34]:

Right.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:10:35]:

For everybody who's not like a technical genius, like obviously you are, basically the issue is that now you do have programs, computer software that are talking to each other. Plus you have also increasingly, I think we're just at the first step of that AI agent that doing something on behalf of their coders, of their owners, however you want to call it. That's basically the problem when you need to distinguish between a proper AI agent from client X and a non proper AI agent from hacker Y.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:11:14]:

Right? Kind of. Right. So maybe I'll also try to simplify things. Joe. So it's like, let's take, I mean how do a company consume AI today? Right. There are three different ways, right? One, they buy coding tools which is like, you know, which you come across like cursor replit, windsurf, Google, GitHub, copilot, these kind of tools, that's one way they consume it. And second, they buy their internal teams built using anthropic or OpenAI frameworks. So basically Claude or all those kind of tools.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:11:48]:

And the third way is all the SaaS platforms selling their own agents like Salesforce Agent or ServiceNow Agent. So these are the only three different ways today companies consume AI or like, you know, there's no other way they do it. Now if you speak to a security team or the C level folks now how do they authenticate between each other? What are they doing? There's absolutely no clue. Right, so that's where we come in. Right. So now how do they authenticate? How? What kind of permissions they get, what kind of access they have so that they can. This is the future, right? So this is. We are building it for the future.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:12:19]:

Right. So these are some of the problems we solve with AI because currently there's no mechanism existing for. And even if companies like Okta and others are coming up with authentication protocols, but then you have MCP or from a layman's standpoint, how do you even have view into what these identities are doing? What are these agents doing? How are they authenticating with each other, what kind of access they have? Are they over privileged? Do they have more access than what they need to do their jobs? If an attacker comes in, how do you even detect that? Okay, it's really Joe or somebody behaving like Joe. So all those kind of scenarios is what we kind of do with uno.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:13:01]:

Yeah. And thing is, I do see the challenge for the future for everybody. I was wondering what was your aha moment when you realized identity was the new security parameter here?

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:13:19]:

Yeah. So in the realm of the modern day. So if you look at back in the day, it was network was the perimeter. So some years ago, then it became all the infrastructure and now it's the identity. Because almost every system all you do is log in. So now logging into a system is just like you use some kind of, let's say an authentication mechanism to get into the system. The wall factor here is that, okay, if you're a big company, you have different systems. Now for a ciso, I don't know what I don't know, that's their problem.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:13:57]:

They don't have a vantage point visibility of what's going on in all these different systems though. They have different tools doing different jobs like app security, product security, identity was 3 years ago still an IT teams problem. Not A security problem. Now identity is a security team's problem. So these are kind of the things that, the kind of things that you can uncover connecting a system like us or like, you know, platforms which can communicate or authenticate between each other. So that's where like, you know, same day ROI, you just connect within 15 minutes engineless deployment. And you can connect even like find an AWS accounts or like, you know, all your different systems and you're able to get a vantage point view of what are these identities, what are they doing and are they over police or not? Are they accessing? Is it really me or somebody? So all those kind of perspectives or the visibility aspects that we uncover creates those aha moments for customers. So that's one of the reasons why this problem is becoming more increasing.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:15:00]:

And with more and more systems and tools moving to the cloud and companies adopting AI, we don't see this. This becomes the only perimeter that companies will have to invest in protecting.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:15:14]:

I was wondering what makes your agentless identity security platform stand out from all the other identity and access management tools.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:15:25]:

Great. So traditionally identity is one word overused. There are like 200 different variations within that. Like there are three different scenarios. Authentication, authorization and accounting. So we come in after somebody logs in. So we don't protect the front door. So there are companies like Microsoft, Okta and others who really master the game.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:15:49]:

So the biggest USP is we come in after somebody logs into the system. We study kind of like we do something called as activity based access control. And for AI we do task based access control. So these are the kind of scenarios that we come in. So we do agentless. The reason because no attacker waits 24 hours. If you have to achieve right, you have to get runtime visibility. You need to be fast, you need to be there to make sure that you get customers the visibility into what's going on.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:16:19]:

So getting runtime at that scale, that needs a lot of technology and you need to be novel and technically defensible. So that's how we operate. So you connect and then you get going. That's you just make connections to the platform and then you're able to get the visibility and start solving your first problems.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:16:42]:

And you just said you detect the potential threat after the login. And how do you detect that in real time without completely overloading the security team or the systems?

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:16:59]:

Yeah, so we kind of connect to. An average enterprise will have thousands of AWS accounts or at least 200 SaaS applications from Salesforce to all these differences, they have at least two Identity providers. Now we connect to all these different systems and it's completely agentless. No installations, no sidecars, you just connect. So we have those onboarding workflows built in. So we set up a tenant for a customer and they can make connections. We take only read only writes if they use our SaaS platform and immediately the data starts coming in so we consume only the metadata so we don't get into the PI or the sensitive side of things. We kind of consume those logs so through which we are able to bring those correlations and visibility for the customers.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:17:49]:

So you just makes connections through different onboarding workflows that we have built and there is no installations, no sidecars, there's nothing that customers will have to do other than that. So we set up a tenant. So getting started is super fast. We made that very easy for our customers.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:18:06]:

Very fortunate, especially for the non technical guys like me. For our audience I was wondering do you think identity sprawl across platforms is the number one security risk and prices face right now or are we overestimating it? Drop your take in the comments. Have you seen this problem in your organization or portfolio companies? We've been talking a little bit about theory here Santosh, even though a lot went already over my head. But can you walk us through a real world use case perhaps in Fintech or healthcare that do protect especially sense sensitive data where unisecure made a critical impact. Cool.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:18:51]:

So we have a lot of customers in the financial services, a lot of banks, some of our banks, we have even production banking customers. We work with a lot of healthcare and these are the two most regulated industries. So with finance and health, when it comes to and for them regulators are not fun. So if you speak to any CISO and then how do you manage the data? So it's not the easiest jobs they have. Now in all the scenarios, 80% of any kind of issues they come across is all identity related. So every auditor wants to know how is Santos using his access? What did he do in the last six months? Did he have access to this or not? How do you get all this information? So this is a tedious work and I'm just giving you one simple example of what's going on in such companies. So we have a lot of customers especially when it comes to healthcare or like banking, like ISO, SoC2, NASC now these days, Dora and all those kind of compliances that comes up with 80, 90% of the questions are identity related. And there is a like if you look at OWASP top 10, I don't want to go super technical but you know, OWASP top 10 is like the, like the top security issues, right.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:20:09]:

So the number one spot has been identity for I think at least for the last seven years. Right. So it's still not solved. So that's, that's kind of the opportunity we go after. Right? Because it's, it's the pain is so big, customers face it day in and day out and then skill gap is also big. Right. So big companies, if you look at them, how do you. It becomes a siloed problem.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:20:34]:

They have like different tools currently they, everybody has invested in authentication and identity management but the missing piece is identity security. They don't have toolings which helps them achieve the identity security that protects their sensitive data. All the PII and all the different kinds of data. That's where we come in. We have customers who use us for multiple purposes. We have more than 40, 45 different use cases that you can achieve out of it. Starting from a simple visibility to even auto remediation. Right.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:21:07]:

So all these kind of different scenarios, we help customers, we have achieved them actually reduce their identity sprawl. We have increased some of their engineering and feature velocity because they could govern just in time access, just enough privileges for their engineers. Nobody needs admin rights. You come across multiple scenarios in different customers. So yeah, healthcare and financial services, banking are some of us from Uno Sekur sweet spot. And these are the kind of customers that we work with currently as well.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:21:39]:

Before we move into market and the business model. I was wondering how often do people or AIs attempt to hack you? A week.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:21:50]:

Yeah.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:21:50]:

So I mean he's smiling, he's smiling. A lot of people will just listen to it. That's why I need to tell them he's smiling.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:21:58]:

So I think AI. So AI is good. I mean but there are also bad guys using AI. So definitely bad guys. You see AI is these days more than less. So it's easy for them as I said. So if you go a lot of companies suffer. Like for example there's this concept called info stealers.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:22:20]:

I mean if you Google it, you'll see it. That's a very common way that people use. And then they use AI for social engineering phishing kind of attacks to grab credentials so they can get into system. So there are AI security companies helping with prompt injection, LLM jacking and these kind of like if you look at Israel US or India US there are a lot of companies which are doing that. But still identity takes the front seat, right? So with AI again, it's going to be identity. Yeah, AI can be used for good and for bad, but offlet there's a lot of bad guys using it and they've been pretty successful with it. Maybe I'll put it that way.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:22:59]:

You didn't give us a number.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:23:02]:

So I mean it sounds like I would say at least 40, 50% of attacks that you come across are like some kind of like, you know, like even these days we came across one scenario where there was a DDoS attack. They tried using AI so like pumping IPs and creating these repeated models. So yeah, there's a lot of many studies. I mean OWASP is a very good place to look at those metrics. So OWASP has also released quite a lot of AI driven threads and stuff. I'm happy to share more there.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:23:39]:

And actually Sandosh, you know what, I think at one point there will be a hacker dark AI and it will be called Darth GPT.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:23:54]:

Probably somebody already bought those domains, right?

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:24:00]:

I'm very confident. Confident. Let's talk a little bit about the market and the business model. So what was the hardest feature to build and what trade offs did you face in building it?

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:24:10]:

So definitely achieving runtime capabilities, which is real time by doing it in real time is one of the hardest because static scanning. Yeah, I mean a lot of companies do that. I mean as I said, no attacker waits 24 hours. Now if I'm not able to find things while it's happening, the curiosity of how do I stop it. And processing that level of data, that scale and still your system capturing all those different things, correlating all the information and doing that. So achieving that we did something called as test driven development. We tested based on last 90 days of data for 12 years and that's how we actually I would say that's the most hardest feature. But then everything else building on top of it first, much easier.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:25:00]:

So that's why the first 2, 3 year of formation was more about how do we get to runtime, how do we get to real time, how can we get those visibility of risks at that speed. So those were kind of the difficult features I would say.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:25:16]:

Guys, we will be back after short ad break but stay tuned. Right after we'll dive into how Unosecur's B2B SaaS model scales fast without friction, where enterprise buyers are betting on their agentless identity fabric even in a cautious market. And how new innovations like UNO Copilot and UNO Board are redefining what real time identity control looks like. You won't want to miss how they're turning compliance into Live Dashboard and why their 5 million seed round is just the beginning. Welcome back from the ad break and I still have Santosh here with me. And let's dive in straight into the question because we've been teasing your B2B SaaS business model. How do you scale that with customers and what's your core GTM strategy?

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:26:12]:

Yeah, so currently we offer it AS a security SaaS platform because it's easy to onboard. But with regulated business we also do private instance deployments within their environments. Sometimes then we charge them 2x3x because we are sharing our IP. But typically the SaaS model works and even if you look at AI companies, all the AI ones are also subscription models. So this model is scalability to be charged based on number of accounts they connect to the platforms like number of connections they make instead of number of identities. Because humans you can measure, non humans you cannot because some engineer will create something and then it's there in the system. So there's no way. So our pricing works based on the number of connections organizations make to the platform and it's scalable.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:27:02]:

I mean even the largest retailer in the world is one of our biggest reference. So if we are able to handle that scale, I think we can handle anybody's scale. You know we have achieved those kind of capabilities already. That helps customers to like it's fully enterprise ready. We already have all the credentials that's needed like a Soc2 ISO and also GDPR like all the different kind of penetration testing reports. We went through so many vendor questionnaires with already our large customers. So yeah, so we offer it in SaaS but for case to case for large banking and very regulated businesses, we also do private instance deployments in their environments.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:27:46]:

It's not necessarily that they are boring but as you said, the regulators, they don't understand any fun in this area. You have very high hurdles to jump over in order to do some security, some AI or any other stuff. So the main focus of banks is security, security, security. That explains a lot of the on premise stuff. What makes you appealing to enterprise buyers in today's cautious funding climate?

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:28:20]:

Good question. Again we try our best. So like, I mean I think security investments I think every company has to make because and they all carry budgets and identity security is in every boardroom these days. There's approvals for everybody. So so far we've not come across a customer who said okay, I don't have budget for this platform. Usually it's Even if they don't have its rolling budgets, they try to find budgets in the next budget runs. With enterprises especially they have 12 month financial ratio. So you start a POE and then if they, I mean based on the ROA and like you know the business case that we could build, they always find budgets for the next years.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:29:06]:

And when it comes to identity security, I mean even two years ago it was a lot of education that I had to do. Customers didn't understand because they'll say hey, I have cloud security platforms, why do I need you? But since last year the things have changed, right? So it's much more easier now. It's not, I should say it's not that difficult to explain to a customer why it's needed. And since a platform like us is not a replacement sale where we are not kicking out platform X and getting in, it's more an educational sale. Usually we are in addition to their existing security stack. So it's always finding budgets. Definitely the funding climate is difficult in the market but generally customers have budgets for security because they have to invest. That's why after AI security is the hottest market in the world.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:30:01]:

If you look at all the VC funding, probably not in Europe and Dach, but if you look at US and Israel, almost like security companies raise the.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:30:10]:

Most after AI companies totally makes sense if you have seen once the damage a hack could inflict on any company and if you're a smaller company that can mean the end of your existence as a company. Let's talk a little bit.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:30:26]:

If you look at, I mean the recent one I can share is Salesforce, right? So I mean there was a sales loft attack few six, seven weeks ago even a lot of big companies across the Globe. There were 700 companies affected because of this one single issue. This was based on a non human identity and this was, this is something that Unusuku covers by itself as a feature.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:30:50]:

I don't want to know how much damages and missed revenue this generated. But let us go into growth and vision. As we already said, you raised US$5 million. What are your immediate priorities and where will you be as a company in 12 to 18 months?

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:31:12]:

So I mean we are doing like, so I mean we did a seed round early this year, right? Somewhere around March. Since then we've been focusing on hiring and sales. Right. So we are purely doubling on everything that we are doing. So we have at least we have onboarded a lot of new customers and we have a clear GTA plan. So the immediate goal is that we raise the cdc. I think we are close to getting there to kind of raising our next funding round. And our biggest vision is how can we become a category winner.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:31:46]:

There's no clear category winner in this space yet and why not that be us. So that's kind of the big vision we carry and yeah, and we are a Berlin based, Germany based security company and not many have pulled this off. So our goal is to already go consecutive markets and big vision. Right. So we are nothing pretty ambitious. We already have international customers and we are going consecutive markets. The end goal would be how can we be the category winner. Right.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:32:19]:

So that's, that's kind of the big vision.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:32:21]:

Santos, you've hinted at AI Copilots and UNO board. How do these innovations change the security game?

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:32:31]:

Oh great. So this is the future of UNO Seqo. Right. So I mean with more and more companies and organizations and everybody using AI and with so much push in enterprises towards adoptic AI though it's all at POCS today, in the future we expect this to go mainstream for us. We need to stay relevant and we are building for the future. These kind of futures are going to help customers to secure their AI and especially from an identity angle. As I said before, agents to agent authentication and task based access control. Just in time permissioning for these kind of agents and what kind of access do they need to do their tasks Rather than giving them an admin.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:33:16]:

Right. Which they would easily leverage all these kind of scenarios. That's what we are working on. We are also working on converting a SaaS platform into an agentic platform so it can be more conversational for customers as well. But when it comes to security, it's still a lot more visibility that customers need rather than just conversations. We have something called as a findings database that we have built where we bring all this vantage point view and there are a lot of AI features that we have planned. For example, in the future we are expecting we will launch an agent which will automate an IAM engineer's task. And these profiles are very sparsely found in the market and companies struggle to hire these talent.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:34:02]:

For example, how can an agent do the task of enforcing least privilege? How can an agent do lifecycle management of an identity? So you'll be lodging all those independent agents which will be doing separate tasks and helping those IAM engineers and security analysts to improve their identity security posture.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:34:25]:

For our audience, Santosh is talking a lot about AI in cybersecurity, but our audience, I would be curious guys, do you think AI will solve more problems or create more problems in cybersecurity. Comment down here in the show notes. Santos, what's your long term vision for Uno Secure? Could this become the next category defining security company?

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:34:54]:

Yes, as a founder, that's my ambition. Right. So definitely, I mean we have all the right, we have the right team, we have the right structure, we have the right kind of audience that we are going after. So I personally think, and also the team believes that if we are able to execute and the speed of execution that we are focusing on currently, I think we have all the foundations that's needed for us to become a large player in the industry. But at the same time, like any startup, you'll have to go through those journey. You cannot skip those steps. It's like playing a video game. Right.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:35:32]:

So you need to hit certain levels. But yeah, I mean becoming an independent identity layer as a company for all the large, all the customers that we are working with, definitely. Yes. And the big goal is how to get to like you know, 80, 80 to 100 million in the next four to five years. Right. So that's, that's kind of what we are chasing.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:35:59]:

Looking back, what's one thing you would do completely different as a founder?

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:36:06]:

I think entrepreneurship is like a disease, right. You do once and I think you always want to do it again. So. And I think with my previous two stints, I had some experience. I think if I have to, if you specifically ask me from a Nuno Singer angle, what I would have done differently. I think we were ahead of the game with our research and what we did. So probably like, you know, we had to do a lot of education with very less resources in the industry compared to most other peers from other markets. So some of those messaging and positioning exercises would have been different.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:36:43]:

And I rushed to start, probably, I would say, I mean, starting in Europe is hard, but I think starting in Germany is painful. Right. So I think. So that's all those kind of red tape and bureaucracy stuff that you go through could have been a bit more easier had I had a bit more like, you know, some more experiences or like, you know, I would say rather a bit more setup changes that I had that could have helped me. Yeah. But otherwise I think the market is big, opportunity is big. So I would do, I wouldn't do a lot of things differently, probably, you know, I would say those two points that I mentioned. Right.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:37:25]:

So I would have done it differently. But then initially I was also a talent was another problem. Right. So initially when I was looking for people here to especially in these areas, skill sets like cloud security and as well as development, finding somebody with all these three skills was very hard. So that also delayed a lot of R and D that I wanted to do. Then I started a team in India, in Bangalore. That kind of accelerated some of my stuff as well. So a lot of learnings.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:37:55]:

Right. So if I start again, definitely I'll apply all these learnings.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:38:00]:

And when you come to Germany, bring warm socks.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:38:06]:

Absolutely.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:38:08]:

Getting into one of the last questions here. What's your bullish prediction for identity security by 2030? Something few people right now see coming.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:38:21]:

So I think this will be the number one security investment that companies will make in the coming years and I think this is going to be the biggest. So identity is taking over and now when agents like protocols like MCP or Google's agent to agent, kind of all those things become more mainstream. I think the investments in this space has to happen. So I think this is now currently the number one investment customers are making. I think in the future it will be the same. Right. So by 20 to 30 this will still remain an unsolved problem. Right.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:38:58]:

So that's kind of the prediction that I can make. And I think there are studies that say with agents this problem is going to be 40x more. So 2030 is not very far. Right. So that gives us a lot of problem solving and a mission that people should chase to solve.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:39:26]:

Let us get to the conclusion with the usual questions. Are you open to talk to new investors?

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:39:34]:

Definitely yes.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:39:35]:

Definitely yes. We link down here in the show notes your LinkedIn profile so people can reach out to you directly. And of course the second question, are you looking for smart people to join unusecure also?

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:39:48]:

Yes, definitely. We are hiring currently for different roles across Europe and we will also enter us. So there's a lot of open positions that we want to fill.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:40:02]:

Awesome. Santosh, thank you very much. Was a pleasure having you as a guest. Hope to have you back soon.

Santhosh Jayaprakash | Founder & CEO at Unosecur [00:40:07]:

Thanks Gio. Likewise. And thanks for hosting me.

Jörn "Joe" Menninnger | Founder, Editor in Chief | Startuprad.io [00:40:10]:

My pleasure. That's all folks. Find more news, streams, events and interviews at www.startuprat IO or remember, Sherry is caring.

📝 Copyright: All rights reserved — Startuprad.io™