The Rise Of AI Identity Security: Why The Next Cyber Crises Starts With A Login

What Is This About?

UnoSecur detects AI-driven identity threats in real time, targeting what may be the next major cyber crisis: compromised logins. Machine identity management is becoming critical as AI systems proliferate — and this startup is building the detection layer that organizations desperately need.

Introduction

The next major cyber crisis may not start with a network breach — it could start with a compromised identity. This episode examines the rise of AI-powered identity security, exploring why traditional authentication and access management systems are failing against increasingly sophisticated AI-driven attacks. For startups building security products and enterprises managing digital identities, the conversation maps where the threat landscape is heading and which defensive technologies are emerging.

Executive Summary

AI-powered identity attacks represent the next frontier of cybersecurity threats, potentially bypassing traditional authentication and access management systems entirely. Current defenses were designed for human adversaries, not AI agents capable of social engineering at scale. Emerging defensive technologies include behavioral biometrics, continuous authentication, and AI-powered anomaly detection. The article maps the threat evolution timeline and identifies which security investments will matter most in the coming 2-3 years.

Discover how UnoSecur detects AI-driven identity threats in real time and why machine identities are exploding.

Discover how UnoSecur detects AI-driven identity threats in real time and why machine identities are exploding. Startuprad.io brings you independent coverage of the key developments shaping the startup and venture capital landscape across Germany, Austria, and Switzerland.

This founder interview is part of our ongoing coverage of Scaleup Founder Interviews from Germany, Austria, and Switzerland.

Key Takeaways

Atomic Answer

Management Summary

Identity has quietly become the most dangerous attack surface in modern cybersecurity — and most companies don’t even realize it. While enterprises invest billions into firewalls, network hardening, EDR, and endpoint tooling, attackers have shifted to something far simpler: logging in with stolen credentials. In a world where AI agents, LLM-powered automation, and machine-to-machine systems now operate without MFA, passwords or human oversight, identity has become the new perimeter — and the weakest one we have.

In this deep dive, I unpack my full conversation with Santhosh Jayaprakash, founder and CEO of UnoSecur, one of Europe’s most ambitious identity security startups. We explore why credential theft accounts for up to 80% of recent breaches, how AI agents are accelerating risk by 40x, and why agentless, post-login detection is emerging as the next cybersecurity category.

Whether you’re a founder, a CISO, an investor, or someone building in cloud, SaaS or AI — the coming storm will hit you sooner than you think.

Our Sponsor

Quick break for something every founder should hear. One leak on the dark web can mean account takeovers, impersonation, or a board-level crisis. That’s why we partnered with NordStellar — a business-grade threat-exposure platform from the team behind NordVPN. It gives you early signals before attackers escalate — with data-breach and dark-web monitoring, attack-surface discovery, and cybersquatting detection. You’ll spot exposed credentials, shadow IT, and fake domains fast.

Startuprad listeners get an exclusive 20% Black Friday discount — go to nordstellar.com/startupradio and use code blackfriday20 before December 10, 2025. Don’t wait until your data shows up for sale — visit nordstellar.com/startupradio, code blackfriday20.

Table of Contents

1. Identity Is the New Cybersecurity Perimeter

2. Why Attackers Don’t Break In Anymore — They Log In

3. The Exploding Identity Sprawl Crisis

4. AI Agents: The Security Nightmare No One Is Ready For

5. Agentless Identity Security: What UnoSecur Actually Does

6. Real-World Cases: Fintech & Healthcare

7. The Business Model Behind Identity-First Security

8. Why Identity Security Will Be the #1 Budget Line by 2030

9. Founder Lessons from Santhosh Jayaprakash

10. Conclusion + Resources

11. FAQs

Identity Is the New Cybersecurity Perimeter

For years, cybersecurity followed a simple formula:

Network → Infrastructure → Application → Identity

Identity came last — a boring IT checkbox.But in 2025, identity moved to the front of the line.

Why?

Because every SaaS system, every cloud workload, every agent, every API, and every LLM-powered workflow now starts with the same thing:

👉 A login.

And as Santhosh puts it bluntly:

Attackers don’t break in. They log in.

With AI-driven phishing, credential scraping, session hijacking, and machine-identity exploitation, identity security is now:

• the weakest link

• the least defended perimeter

• the fastest-growing risk vector in enterprise security

• the most overlooked area by mid-market SaaS companies

If you’re a founder or operator in 2025, here’s the uncomfortable truth:

Your biggest security risk is not a vulnerability — it’s an identity with too much access.

Why Attackers Don’t Break In Anymore — They Log In

Let’s start with a simple metaphor Santhosh shared in our interview.

Imagine a burglar.He wants to rob your house.Does he try to break the lock?

No.

He finds your keys.

Now translate that to tech:

• stolen passwords

• leaked API keys

• compromised tokens

• browser infostealers

• session cookies

• machine identity drift

• misconfigured permissions

• dormant “zombie” accounts

This is exactly how attackers enter AWS, Google Cloud, Okta, GitHub, Jira, Salesforce, and your entire SaaS stack.

And once inside?

They behave exactly like a normal user.

Which means:

❌ your firewall won’t stop them

❌ your EDR won’t detect them

❌ your SIEM will drown you in noise

❌ your MFA is irrelevant (especially for machines)

The only possible solution is:

👉 detecting malicious identity behavior after login — in real time.

This is where identity-first security becomes essential.

The Exploding Identity Sprawl Crisis

Santhosh drops another bombshell:

This is especially true for:

• mid-market SaaS companies

• scaleups

• AI startups

• compliance-heavy industries

Identity sprawl happens when:

• every engineer spins up a test AWS account

• every team installs a new SaaS tool

• AI agents create machine identities dynamically

• service accounts multiply

• permissions drift

• nobody maintains a proper identity inventory

The result?

A chaotic mess where nobody knows who has access to what.

It creates:

• over-permissioning

• undetected stale accounts

• impossible audits

• non-human identities with admin access

• violation of least privilege

• massive compliance headaches

• huge breach risk

Santhosh points out that regulated industries feel this hardest:

Identity sprawl is no longer a nuisance.It’s an existential risk.

Stat Spotlight

80% of cloud breaches involve compromised identities.40x expected increase in machine identity threats by 2030.200+ SaaS apps used by an average enterprise.90% of audit requirements tied to identity.

AI Agents: The Security Nightmare No One Is Ready For

This is the segment that stunned even me:

Companies are already adopting AI in three ways:

1. Developer tools – Cursor, Copilot, Replit, Windsurf

2. Internal AI systems – built on OpenAI, Anthropic, etc.

3. SaaS agents – Salesforce agent, ServiceNow agent, etc.

The problem?

Machines don’t care about authentication UX.

They don’t do MFA.They don’t wait for SMS codes.They don’t verify identity on mobile apps.

They use:

• API keys

• secrets

• tokens

• service accounts

And they get compromised every day.

AI is accelerating identity sprawl and identity-based attacks faster than any security team can keep up.

Santhosh predicts:

Market Lens: The AI Security Gap

• AI agents lack visibility

• Traditional IAM doesn’t apply

• SIEM tools don’t parse agent behavior

• Okta/Auth0 do authentication, not post-login detection

• Machine identities outnumber human identities 20:1

The market is wide open for a category winner.

Agentless Identity Security: What UnoSecur Actually Does

UnoSecur’s value proposition is remarkably simple:

They detect attacks AFTER someone logs in.

This is a brand-new category.

Most security tools protect the front door. UnoSecur monitors what happens inside the house.

How?

• Plug into your cloud

• Plug into your identity providers

• Plug into your SaaS systems

• Collect identity behavior metadata

• Detect anomalies, misuse, and drift in real time

No agents. No installations. No Kubernetes sidecars. No endpoint management.

Santhosh explains:

UnoSecur provides:

• runtime identity risk scoring

• toxic permissions combination detection

• non-human identity governance

• instant breach visibility

• automated identity remediation

• least-privilege enforcement

• compliance & audit reports

• AI/ML correlation across cloud & SaaS

This is precisely what legacy IAM tools cannot do.

Founder's Quote

“We don’t protect the front door — we study what happens after someone walks in.”

Real-World Use Cases: Fintech & Healthcare

UnoSecur has deep traction in the two toughest industries:

1. Fintech / Banking

Why they use UnoSecur:

• DORA compliance

• SOC2 readiness

• real-time identity monitoring

• protection against insider and credential misuse

• automated audit reporting

2. Healthcare

Why they use UnoSecur:

• PHI protection

• access governance

• machine identity monitoring (critical for medical SaaS)

• least-privilege enforcement

In both sectors:

The Business Model Behind Identity-First Security

UnoSecur is a classic high-margin enterprise SaaS:

• SaaS platform for most customers

• Private cloud deployment for heavily regulated banks (2–3× pricing)

• Pricing based on connections, not users(because machine identities scale unpredictably)

Customers range from:

• banks

• healthcare providers

• large retailers

• mid-market SaaS

• AI-driven companies

UnoSecur is built to scale globally — from Berlin.

Why Identity Security Will Be the #1 Budget Line by 2030

Santhosh’s bullish prediction:

Why?

Because:

• AI agents won’t slow down

• Machine identities will explode by 40×

• Identity sprawl grows exponentially

• Cloud-native companies multiply

• Compliance becomes stricter

• Human-centered IAM breaks for machines

• Attackers keep using stolen keys

Companies will shift budgets from:

❌ infrastructure security

❌ endpoint security

❌ network security

to:

👉 identity-first security

👉 AI identity governance

👉 machine-identity visibility

👉 runtime detection

UnoSecur sits at the center of this global shift.

Pro Tip (for Founders)

If you run a SaaS company and don’t know:

• how many service accounts you have

• who created them

• what they access

• whether they violate least privilege

…you are already exposed.

Founder Lessons from Santhosh Jayaprakash

Santhosh has built three companies:India → Singapore → US → Germany.

He’s honest about the challenges:

He also shares:

• the hardest feature was real-time identity processing

• talent scarcity slowed the first two years

• starting in Europe required heavy education

• messaging and positioning needed refinement

• agentless runtime detection was a huge R&D bet

Yet today, UnoSecur is one of Europe’s rising deep-tech players.

Santhosh’s long-term vision:

This is a founder who’s not building a feature — but a category.

Conclusion: The Identity Storm Is Coming

Identity is now the most critical — and most fragile — security layer in modern AI-driven enterprises.

What we learned:

• Attackers don’t break in. They log in.

• AI agents multiply identity risk dramatically.

• Machine identities are ungoverned and unmonitored.

• Identity sprawl is out of control.

• Real-time post-login detection is the only effective defense.

• UnoSecur is building the identity security layer for the AI era.

If you’re a founder, operator, or investor:Identity-first security is no longer optional.

Relationship Map

• Santhosh Jayaprakash → CEO & Co-Founder → Unosecur Joe

• Jörn "Joe" Menninger → Host of → Startuprad.io

Automated Transcript

1 In this episode of Startup Rate IO we dive into AI 2 powered future of identity and access management where 3 real time cloud security, agentless deployment and 4 non human identity protection are becoming essential 5 for enterprises. If you found a 6 CISO investor or enterprise IT leader 7 navigating the zero trust area, this conversation with 8 unosecore CEO will give you a front row 9 seat to how the next wave of identity threat detection, 10 cloud compliance and SaaS security innovation is 11 being built in Berlin and where every B2B SaaS startup 12 should be paying attention. 13 Welcome to startup Rad IO, 14 your podcast and YouTube blog covering the German 15 startup scene with news interviews and 16 live events. 17 Today I'm joined by Santos how to pronounce your family 18 name? I would say Y. Yaya Prakash. 19 No, it's. It's Jaya Prakash.

20 Jaya Prakash. Sorry for butchering your name. The 21 founder and COO of unosecure, a Berlin based 22 cybersecurity startup that's really rethinking identity 23 security in the age of AI because every AI can 24 more or less impersonate a person. Santosh is no stranger to 25 the challenge of cloud security. Before Uno Secure 26 he built and scaled anchor cloud, helping 27 enterprises transition to the public cloud. But it was 28 during those engagements that he spotted a critical 29 vulnerability. Nearly every company clawed 30 the chaotic sprawl of user identities 31 across cloud environments with no unified system 32 to manage them securely. That realization led to 33 unosecure, an agentless identity security 34 platform that now helps companies detect 35 real time threats, manage non human identities 36 and automate AIM risk remediation 37 across AWS, Azure, Azure and beyond. 38 Backed by 5 million seed round and already trusted by major

39 enterprises customer Uno Secure is quickly 40 becoming one of Europe's most exciting deep tech security 41 startups and Santosh is the visionary leading the 42 charge. Welcome. Thank you so much for the kind 43 invitation Jo. Totally my pleasure. We already heard a 44 lot about you. Let me start with the first question. How 45 did your can you tell us a little bit about your personal 46 journey and how did this 47 as a founder lead to the creation of Uno 48 Secure? We had a little bit teaser in. The intro so yeah, I'm 49 Santosh Jay Prakash and I'm from India but been in 50 Germany for the last seven years. This is my third venture so I'm 51 not a rookie entrepreneur I should say. This is 52 18 years in ID infrastructure. I started my 53 first company in 2015 was called PowerUp Cloud, very early

54 in the game of cloud data AI. So I built a company called 55 PowerUp Cloud based out of India, scaled it to Singapore, then to us, 56 then to Netherlands and then got acquired by a Large 57 NASDAQ listed company. This was my first 58 entrepreneur experience. Build a 200 people team in three years. So that was 59 built something like Datadog, maybe you heard of this platform, which is in 60 cloud observability. So pretty early in the game then. My wife is 61 Deutsch, so that brings me to Germany. We lived in India for five years, 62 2013-18, and she invited me to come here. 63 So I came here. Then I started another company called Ankar Cloud, 64 which I still own. As of today it's 140 people, does 65 15 million in revenues, profitable runs by itself. I have a leadership team who run

66 the company during this process. I always 67 wanted to build something global, ambitious, and I thought, okay, why not 68 a security company coming from Germany, based out of Berlin. So that's how 69 Unuse was born. And I started this couple of years ago as a 70 research project. It came out of Anka Cloud when we worked with a lot of 71 customers migrating to the cloud. And then the whole 72 curiosity was how do you stop evil while it's happening 73 in the cloud? You know, that's kind of the hook, that's the hypothesis 74 I started chasing and which led to the company. It's also 75 interesting because you could start human hackers with 76 human speed, but in the age of AI, I think that that's something 77 completely different. But before we move on with our questions, I 78 have two less serious questions. I want your honest opinion

79 of the state of Indian food in Germany. 80 Indian food in Germany. I think I 81 should say the answer is no. Comments. Yeah, I mean, not even remotely 82 close, but still. There are some good spots in Berlin and I'm in 83 South Germany in Frankfurt. It's too good. I've tasted some good food even in 84 Munich. Yeah, big cities. Actually what I like here 85 in Germany, in Frankfurt especially, is Savanna 86 Bavan. Yeah, exactly. That's where I was going to. Right. So that 87 was a good one in Frankfurt. Strong recommendation, very small hidden place. 88 Metamasala. But before 89 we get into the next serious question, what more I usually do? When you moved 90 here from India, did you bring warm socks? 91 Yeah, that's a good question. Right. I had funny jackets rather than bad 92 socks. Right. So I had to throw away all my funny jackets and

93 then I had to get it. And funnily enough, I've never seen snow in my 94 life. So only in Germany I get to see first time when I was like 95 26 or 27. Right. How do you like driving in snow and 96 ice? Oh, that's a good question. So 97 definitely not enjoyable or relaxing. Right. 98 So I think my Wife still does those duties, Right? So I'm 99 still a bad driver in Germany. 100 I think it's the same case for many people. When you are ice on snow, 101 usually your smartwatch watch sounds the alarm, right? I know that 102 feeling. For those in our audience 103 unfamiliar with what exactly do you 104 guys as UNO secure do and why is 105 it relevant now? Can you do a little bit of explaining here? 106 Can you break it down Bonnie style? Awesome, Joe? So

107 the simplest way I can explain is there are bad guys 108 everywhere, right? So let's take the scenario of somebody 109 has got keys to your house. He's a bad guy, he will find hundred 110 ways to get keys to your house, right? So if he wants to rob your 111 house, they find ways to find the keys. So as 112 a, as a bad guy or an adversary, what 113 do I do? I take the keys, I come to your home, put it in 114 the door, open the door, and then, yeah, I do my job of cleaning the 115 house and take all the valuables and run away. So this is typically how it 116 works. So now apply the same scenario in the context 117 of technology, right? So your passwords, your keys are stored in different 118 systems. There are hacker groups who are looking for these keys and

119 credentials, and that's all they need, right? So they log into your 120 systems and then they steal your data. So there's like bitcoin 121 mining, data theft, or ransomware attacks. So the whole 122 idea is, what is your defense mechanism is how soon can you 123 detect, or like, let's say in your home you have a security system which 124 detects. So in 10 minutes, if you're able to get the robber run away 125 or chase him out, or make some noise, or the neighbors help you somehow, 126 you have some mechanism that you can safeguard your property. But 127 in technology we apply the same. So there's no system which 128 is able to detect this in real time and what these guys are doing inside 129 a system. And that's the best analogy I can give you. It's like somebody 130 has keys to your house. How soon can you detect and respond?

131 So that's exactly when you apply in the technology world these 132 days. All attacks, 80% of all the attacks that you see 133 in the last two years are credential theft. Somebody 134 has keys to your kingdom. They just log in. They don't break 135 in or write cryptography or exploits anymore. 136 We are kind of the layer which comes in which can detect and 137 stop those attacks and avoid those bad guys 138 to harm anything that's happening into your system. Before we get into 139 the next question, I was wondering, you have 140 somebody who for whatever reason lost or got his 141 credentials stolen. Could be as simple as a 142 trojan on their home computer or in the network or something. 143 How can you as unicecore 144 detect that it's not the person that is supposed to log in? 145

Because I would assume if the alarms are 146 raised, if those credentials are stolen, they wouldn't work. But 147 if you have working credentials, how does the intuo alarm bell 148 ring? Cool. So we connect to all these core 149 systems like your cloud, your on premise, 150 your identity providers like Microsoft Entra or 151 Okta, and also to your SaaS platforms. So based on which 152 we've done a lot of threat hunting, based on which we detect. So there's a 153 framework called mitre, ATT and ck. So where we detect like credential theft, 154 initial access, privilege escalation, privilege refund, 155 all those things and we take a bunch of signals which is based on 156 ip, based on where this identity is 157 accessing things from. There are multiple signals that we create 158 or we call it the risks. And based on all those combinations

159 we create an issue. So that's the R and D we did for two years 160 during the early days of unasecore. We have this 161 unique research driven approach where we build toxic 162 combinations or we call it conflicting combinations based on which we detect. 163 And we do that. And now maybe I can also give an add on. So 164 now with AI, so with humans you can have like a single sign on system 165 or an mfa. Like for example, like you log into a system, there's 166 a second alert where you have to confirm, right. But when it comes to machines 167 or AI, you cannot protect the front door so you're fully exposed. 168 Right. So the problem becomes like crazy big when it comes to non human 169 identities or AI agents and all those kind of modern day systems. Right. For

170 everybody who's not like a technical 171 genius, like obviously you are, basically 172 the issue is that now you do have programs, 173 computer software that are talking to each other. Plus you 174 have also increasingly, I think we're just at the 175 first step of that AI agent that doing something on 176 behalf of their coders, of their 177 owners, however you want to call it. That's basically the problem when you 178 need to distinguish between a proper AI agent 179 from client X and a non proper AI 180 agent from hacker Y. Right? Kind 181 of. Right. So maybe I'll also try to simplify things. Joe. So it's like, 182 let's take, I mean how do a company consume AI today? 183 Right. There are three different ways, right? One, they buy 184 coding tools which is like, you know, which you come across like cursor

185 replit, windsurf, Google, GitHub, copilot, 186 these kind of tools, that's one way they consume it. And second, 187 they buy 188 their internal teams built using anthropic or OpenAI 189 frameworks. So basically Claude or all those kind of tools. And the 190 third way is all the SaaS platforms selling their own agents like Salesforce 191 Agent or ServiceNow Agent. So these are the only three different ways today 192 companies consume AI or like, you know, there's no other way they do it. Now 193 if you speak to a security team or the C level folks 194 now how do they authenticate between each other? What are they doing? 195 There's absolutely no clue. Right, so that's where we come in. Right. 196 So now how do they authenticate? How? What kind of permissions they get, 197 what kind of access they have so that they can. This is the future, right?

198 So this is. We are building it for the future. Right. So these are some 199 of the problems we solve with AI because currently there's no mechanism existing for. 200 And even if companies like Okta and others are coming up with 201 authentication protocols, but then you have MCP or from 202 a layman's standpoint, how do you even have view 203 into what these identities are doing? What are these agents doing? How are they 204 authenticating with each other, what kind of access they have? Are they over 205 privileged? Do they have more access than what they need to do their 206 jobs? If an attacker 207 comes in, how do you even detect that? Okay, it's really Joe or somebody 208 behaving like Joe. So all those kind of scenarios is what 209 we kind of do with uno. Yeah. 210 And thing is, I do

211 see the challenge for the future for everybody. 212 I was wondering what was your aha moment 213 when you realized identity was the new security 214 parameter here? Yeah. So 215 in the realm of the modern day. So if you look at back in the 216 day, it was network was the perimeter. So some years ago, then it 217 became all the infrastructure and now it's the identity. 218 Because almost every system all you do is log in. So 219 now logging into a system is just like 220 you use some kind of, let's say an authentication mechanism to get 221 into the system. The wall factor here is that, 222 okay, if you're a big company, you have different 223 systems. Now for a ciso, I don't know what I don't 224 know, that's their problem. They don't have a vantage point visibility of what's going on

225 in all these different systems though. They have different tools doing different 226 jobs like app security, product security, identity was 3 227 years ago still an IT teams problem. Not A security problem. 228 Now identity is a security team's problem. So these are 229 kind of the things that, the kind of things that you can uncover connecting a 230 system like us or like, you know, platforms which can 231 communicate or authenticate between each other. So that's where 232 like, you know, same day ROI, you just connect within 15 233 minutes engineless deployment. And you can connect even like find an AWS 234 accounts or like, you know, all your different systems and you're able to get a 235 vantage point view of what are these identities, what are they 236 doing and are they over police or not? Are 237 they accessing? Is it really me or

238 somebody? So all those kind of perspectives 239 or the visibility aspects that we uncover creates those aha 240 moments for customers. So that's one of the reasons why this problem 241 is becoming more increasing. And with more and more 242 systems and tools moving to the cloud and companies adopting 243 AI, we don't see this. This 244 becomes the only perimeter that companies will have to invest in protecting. 245 I was wondering what makes your agentless 246 identity security platform stand out from all the other 247 identity and access management tools. Great. 248 So traditionally identity is one word 249 overused. There are like 200 different variations within that. Like 250 there are three different scenarios. Authentication, authorization and accounting. 251 So we come in after somebody logs in. So 252 we don't protect the front door. So there are companies like Microsoft, 253 Okta and others who really master the game. So the biggest

254 USP is we come in 255 after somebody logs into the system. We study kind of like 256 we do something called as activity based access control. And for AI we do 257 task based access control. So these are the kind of scenarios that we come in. 258 So we do agentless. The reason because no attacker waits 24 hours. If 259 you have to achieve right, you have to get 260 runtime visibility. You need to be fast, you need to be there to make sure 261 that you get customers the visibility into what's going on. So 262 getting runtime at that scale, that needs a lot of technology 263 and you need to be novel and technically defensible. So 264 that's how we operate. So you connect and then you get going. 265 That's you just make connections to the platform and then 266 you're able to get the visibility and start solving your first problems.

267 And you just said you 268 detect the potential threat 269 after the login. And how do you detect 270 that in real time without completely overloading the 271 security team or the systems? Yeah, so we kind of 272 connect to. An average enterprise will 273 have thousands of AWS accounts or at least 200 274 SaaS applications from Salesforce to all these differences, 275 they have at least two Identity providers. Now 276 we connect to all these different systems and 277 it's completely agentless. No installations, no sidecars, you 278 just connect. So we have those onboarding workflows built in. So 279 we set up a tenant for a customer and they can make connections. We 280 take only read only writes if they use our SaaS platform 281 and immediately the data starts coming in so we consume only the 282 metadata so we don't get into the PI or the sensitive side of things.

283 We kind of consume those logs so through which we are able to bring those 284 correlations and visibility for the customers. So you just makes 285 connections through different onboarding workflows that we have 286 built and there is no installations, no sidecars, 287 there's nothing that customers will have to do other than that. So we set up 288 a tenant. So getting started is super fast. We made that very easy for our 289 customers. Very fortunate, especially for the non 290 technical guys like me. For our audience I was 291 wondering do you think identity sprawl across 292 platforms is the number one security risk and prices 293 face right now or are we overestimating it? 294 Drop your take in the comments. Have you seen this problem in 295 your organization or portfolio companies? We've been talking 296 a little bit about theory here Santosh, even though a lot

297 went already over my head. But can you walk us through 298 a real world use case perhaps in Fintech or healthcare that 299 do protect especially sense sensitive 300 data where unisecure made a critical impact. 301 Cool. So we have a lot of customers in the financial 302 services, a lot of banks, some of our banks, we 303 have even production banking customers. We work with a lot of healthcare 304 and these are the two most regulated industries. So with 305 finance and health, when it comes to and for them 306 regulators are not fun. So if 307 you speak to any CISO and then how do you manage the data? 308 So it's not the easiest jobs they have. Now 309 in all the scenarios, 80% of any kind 310 of issues they come across is all identity related. 311 So every auditor wants to know how is Santos using his access? What did

312 he do in the last six months? Did he have access to this or not? 313 How do you get all this information? So this is a tedious work 314 and I'm just giving you one simple example of what's going on in such 315 companies. So we have a lot of customers especially when it comes to healthcare 316 or like banking, like ISO, SoC2, NASC now 317 these days, Dora and all those kind of compliances that comes up with 318 80, 90% of the questions are identity related. And there is 319 a like if you look at OWASP top 10, I don't want to go 320 super technical but you know, OWASP top 10 is like the, like 321 the top security issues, right. So the number 322 one spot has been identity for I think at least for the last seven years. 323 Right. So it's still not solved. So that's, that's kind of the

324 opportunity we go after. Right? Because it's, it's 325 the pain is so big, customers face it day in 326 and day out and then skill gap is also big. Right. 327 So big companies, if you look at them, how do you. It 328 becomes a siloed problem. They have like different tools currently they, everybody 329 has invested in authentication and identity management but the missing piece 330 is identity security. They don't have toolings which helps them achieve the 331 identity security that protects their sensitive data. 332 All the PII and all the different kinds of data. That's 333 where we come in. We have customers who use us 334 for multiple purposes. We have more than 40, 45 different use cases that you can 335 achieve out of it. Starting from a simple visibility 336 to even auto remediation. Right. So all these kind of different

337 scenarios, we help customers, we have achieved them actually reduce their identity 338 sprawl. We have increased some of their 339 engineering and feature velocity because they could 340 govern just in time access, just enough privileges for their engineers. 341 Nobody needs admin rights. You come across multiple scenarios 342 in different customers. So yeah, healthcare and 343 financial services, banking are some of us from Uno 344 Sekur sweet spot. And these are the kind of customers that we work with currently 345 as well. Before we move into market 346 and the business model. I was wondering how often do people or 347 AIs attempt to hack you? A week. 348 Yeah. So I mean he's smiling, he's smiling. A lot of people 349 will just listen to it. That's why I need to tell them he's 350 smiling. So I think AI. So 351 AI is good. I mean but there are also bad guys using

352 AI. So definitely bad guys. You see AI 353 is these days more than less. So it's easy 354 for them as I said. So if you go a lot of 355 companies suffer. Like for example there's this concept called info 356 stealers. I mean if you Google it, you'll see it. That's a very common way 357 that people use. And then they use AI for social engineering 358 phishing kind of attacks to grab credentials so they can get into 359 system. So there are 360 AI security companies helping with prompt 361 injection, LLM jacking and these kind of like if you look at Israel 362 US or India US there are a lot of companies which are doing that. 363 But still identity takes the front seat, right? So 364 with AI again, it's going to be identity. Yeah, AI can be used for 365

good and for bad, but offlet there's a lot of bad guys using it 366 and they've been pretty successful with it. Maybe I'll put it that way. 367 You didn't give us a number. So 368 I mean it sounds like I would say at least 40, 369 50% of attacks that you come across are like some kind 370 of like, you know, like even these days we came across one 371 scenario where there was a DDoS attack. They tried using AI 372 so like pumping IPs and creating these repeated models. 373 So yeah, there's a lot of many studies. I mean 374 OWASP is a very good place to look at those 375 metrics. So OWASP has also released 376 quite a lot of AI driven threads and stuff. I'm happy 377 to share more there. And actually 378 Sandosh, you know what, I think at one point there will be a

379 hacker dark AI and it will be called 380 Darth GPT. 381 Probably somebody already bought those domains, right? 382 I'm very confident. Confident. Let's talk a little bit about the market and the business 383 model. So what was the hardest feature to build and what 384 trade offs did you face in building it? So 385 definitely achieving runtime capabilities, 386 which is real time by doing it in real time is one of the 387 hardest because static scanning. Yeah, I mean 388 a lot of companies do that. I mean as I said, no attacker waits 24 389 hours. Now if I'm not able to find things 390 while it's happening, the curiosity of how do I stop it. And 391 processing that level of data, that scale and still your 392 system capturing all those different things, 393 correlating all the information and doing that. So achieving that

394 we did something called as test driven development. We tested 395 based on last 90 days of data for 12 years and that's how we 396 actually I would say that's the most hardest feature. But then everything else 397 building on top of it first, much easier. So that's why 398 the first 2, 3 year of formation was more about how 399 do we get to runtime, how do we get to real time, how can we 400 get those visibility of risks at that speed. So those were kind 401 of the difficult features I would say. 402 Guys, we will be back after short ad break but stay tuned. 403 Right after we'll dive into how Unosecure's B2B SaaS 404 model scales fast without friction, where enterprise 405 buyers are betting on their agentless identity fabric 406 even in a cautious market. And how new innovations like

407 UNO Copilot and UNO Board are 408 redefining what real time identity control looks like. 409 You won't want to miss how they're turning compliance into Live 410 Dashboard and why their 5 million seed round is just the 411 beginning. 412 Welcome back from the ad break and I still have Santosh here with me. 413 And let's dive in straight into the question because 414 we've been teasing your B2B SaaS business model. How 415 do you scale that with customers and what's your core 416 GTM strategy? Yeah, so currently we 417 offer it AS a security SaaS platform because it's easy to 418 onboard. But with regulated business we also do private instance deployments 419 within their environments. Sometimes then we charge them 2x3x 420 because we are sharing our IP. But typically 421 the SaaS model works and even if you look at AI companies, all

422 the AI ones are also subscription models. 423 So this model is scalability to be charged based on 424 number of accounts they connect to the platforms like number of connections they make 425 instead of number of identities. Because humans you can measure, non 426 humans you cannot because some engineer will create something 427 and then it's there in the system. So there's no way. So our pricing works 428 based on the number of connections organizations make to the 429 platform and it's scalable. I mean even the 430 largest retailer in the world is one of our biggest 431 reference. So if we are able to handle that scale, I think we can handle 432 anybody's scale. You know we have achieved those kind of 433 capabilities already. That helps customers to like it's fully 434 enterprise ready. We already have all the credentials that's needed like a

435 Soc2 ISO and also GDPR like all the 436 different kind of penetration testing reports. We went through so many vendor 437 questionnaires with already our large customers. 438 So yeah, so we offer it in SaaS but for case to 439 case for large banking and very regulated businesses, we 440 also do private instance deployments in their 441 environments. It's not necessarily that they are boring 442 but as you said, the regulators, they don't understand any fun in 443 this area. You have very high hurdles to jump over in 444 order to do some security, some 445 AI or any other stuff. So 446 the main focus of banks is security, security, security. 447 That explains a lot of the on premise stuff. 448 What makes you appealing to enterprise buyers in 449 today's cautious funding climate? 450 Good question. Again we try our best. 451

So like, I mean I think 452 security investments I think every company has to make 453 because and they all carry budgets and identity 454 security is in every boardroom these days. There's approvals for 455 everybody. So so far we've not come across a 456 customer who said okay, I don't have budget for this platform. Usually it's 457 Even if they don't have its rolling budgets, they try to find budgets in the 458 next budget runs. With enterprises especially they have 12 month 459 financial ratio. So you start a POE and then 460 if they, I mean based on the ROA and like you know the business 461 case that we could build, they always find budgets for the next years. 462 And when it comes to identity security, I mean even two 463 years ago it was a lot of education that I had to do.

464 Customers didn't understand because they'll say hey, I have cloud security platforms, why 465 do I need you? But since last year the things have changed, right? So 466 it's much more easier now. It's not, I should say it's not 467 that difficult to explain to a customer why it's needed. And since 468 a platform like us is not a replacement sale where we are not kicking out 469 platform X and getting in, it's more an educational sale. 470 Usually we are in addition to their existing security 471 stack. So it's always finding budgets. 472 Definitely the funding climate 473 is difficult in the market but generally 474 customers have budgets for security because they have to invest. 475 That's why after AI security is the hottest market in the world. 476 If you look at all the VC funding, probably not in Europe and 477

Dach, but if you look at US and Israel, almost 478 like security companies raise the. Most after AI companies 479 totally makes sense if you have seen once the damage a 480 hack could inflict on any company and if you're a smaller company 481 that can mean the end of your existence as a company. Let's talk a 482 little bit. If you look at, I mean the recent one I can share is 483 Salesforce, right? So I mean there was a sales loft attack 484 few six, seven weeks ago even a lot of big companies 485 across the Globe. There were 700 companies affected because of this 486 one single issue. This was based on a non human 487 identity and this was, this is something that 488 Unusuku covers by itself as a feature. 489 I don't want to know how much damages and 490

missed revenue this generated. But let us go into growth 491 and vision. As we already said, you 492 raised US$5 million. What 493 are your immediate priorities and where will you 494 be as a company in 12 to 18 months? So I mean 495 we are doing like, so I mean we did a 496 seed round early this year, right? Somewhere around March. Since then 497 we've been focusing on hiring and sales. Right. So we are purely 498 doubling on everything that we are doing. So we have at least we 499 have onboarded a lot of new customers and we have a clear GTA plan. 500 So the immediate goal is that we raise the cdc. I 501 think we are close to getting there to kind of 502 raising our next funding round. And our biggest 503 vision is how can we become a category winner. There's no clear

504 category winner in this space yet and why not that be us. 505 So that's kind of the big vision we carry and 506 yeah, and we are a Berlin based, 507 Germany based security company and not many have pulled this off. 508 So our goal is to already go consecutive markets 509 and big vision. Right. So we are 510 nothing pretty ambitious. We already have international customers 511 and we are going consecutive markets. The end goal would 512 be how can we be the category winner. Right. So that's, that's kind of the 513 big vision. Santos, you've hinted at AI 514 Copilots and UNO board. How do these 515 innovations change the security game? Oh great. 516 So this is the future of UNO Seqo. Right. So I mean with 517 more and more companies and organizations and 518 everybody using AI and with so much

519 push in enterprises towards adoptic AI though it's all at 520 POCS today, in the future we expect this to go 521 mainstream for us. We need to stay relevant 522 and we are building for the future. These kind of 523 futures are going to help customers to secure their AI and 524 especially from an identity angle. As I said before, 525 agents to agent authentication and task based access 526 control. Just in time permissioning for these kind of agents 527 and what kind of access do they need to do their tasks Rather than giving 528 them an admin. Right. Which they would easily leverage 529 all these kind of scenarios. That's what we 530 are working on. We are also working on converting a SaaS platform 531 into an agentic platform so it can be more conversational for customers 532 as well. But when it comes to security, it's still a lot more visibility

533 that customers need rather than just conversations. 534 We have something called as a findings database that we have built where 535 we bring all this vantage point view and there are a lot of AI 536 features that we have planned. For example, in the future we are expecting 537 we will launch an agent which will automate an IAM engineer's 538 task. And these profiles are very sparsely found 539 in the market and companies struggle to hire these talent. For example, how can an 540 agent do the task of enforcing least privilege? 541 How can an agent do lifecycle management of an identity? 542 So you'll be lodging all those independent agents which will be doing separate 543 tasks and helping those IAM engineers 544 and security analysts to improve their identity security 545 posture. For 546 our audience, Santosh is talking a lot about 547

AI in cybersecurity, but our audience, I would be 548 curious guys, do you think AI will solve more 549 problems or create more problems in 550 cybersecurity. Comment down here in the show notes. 551 Santos, what's your long term vision for Uno 552 Secure? Could this become the next 553 category defining security company? 554 Yes, as a founder, that's my ambition. Right. So 555 definitely, I mean we have all the 556 right, we have the right team, we have the right structure, we have the right 557 kind of audience that we are going after. So I personally 558 think, and also the team believes that if we are able 559 to execute and the speed of execution that we 560 are focusing on currently, I think we have 561 all the foundations that's needed for us to become a large player in 562 the industry. But at the same time, like any startup,

563 you'll have to go through those journey. You cannot skip those steps. It's like playing 564 a video game. Right. So you need to hit certain levels. But 565 yeah, I mean becoming an independent identity layer 566 as a company for all the large, all the 567 customers that we are working with, definitely. Yes. And 568 the big goal is how to get to like you know, 80, 80 to 100 569 million in the next four to five years. Right. So that's, that's kind of 570 what we are chasing. 571 Looking back, what's one thing you 572 would do completely different as a founder? I 573 think entrepreneurship is like a disease, right. You do once and I think you 574 always want to do it again. So. And I think with my previous 575 two stints, I had some experience. I think if I have to, if you

576 specifically ask me from a Nuno Singer angle, what I would have done 577 differently. I think we were ahead of the game with 578 our research and what we did. So probably 579 like, you know, we had to do a lot of education with very less resources 580 in the industry compared to most other peers from other markets. 581 So some of those messaging and positioning 582 exercises would have been different. And I 583 rushed to start, probably, I would say, I mean, starting in Europe is hard, 584 but I think starting in Germany is painful. Right. So I think. 585 So that's all those kind of red tape and bureaucracy stuff that you go 586 through could have been a bit more easier had I 587 had a bit more like, you know, some more 588 experiences or like, you know, I would say rather a bit more

589 setup changes that I had that could have helped me. 590 Yeah. But otherwise I think the market is big, opportunity is big. 591 So I would do, I wouldn't do a lot of things differently, 592 probably, you know, I would say 593 those two points that I mentioned. Right. So I would have done it differently. But 594 then initially I was also a talent was 595 another problem. Right. So initially when I was looking for people here 596 to especially in these areas, skill sets 597 like cloud security and as well as development, finding somebody with 598 all these three skills was very hard. So that also delayed a lot of 599 R and D that I wanted to do. Then I started a team in India, 600 in Bangalore. That kind of accelerated some of my stuff as well. 601 So a lot of learnings. Right. So if I start again,

602 definitely I'll apply all these learnings. And when you come to 603 Germany, bring warm socks. 604 Absolutely. Getting into 605 one of the last questions here. What's your bullish prediction for 606 identity security by 2030? Something 607 few people right now see coming. 608 So I think this will be the number one security investment that companies 609 will make in the coming years and I think this is going to be the 610 biggest. So identity is taking over and now 611 when agents like protocols like MCP or Google's 612 agent to agent, kind of all those things become more 613 mainstream. I think the investments in this space 614 has to happen. So I think 615 this is now currently the number one investment 616 customers are making. I think in the future it will be the same. Right. So 617 by 20 to 30 this will still remain an unsolved

618 problem. Right. So that's kind of the prediction that 619 I can make. And I think there are 620 studies that say with agents this problem is going to be 621 40x more. So 2030 is not very far. 622 Right. So that gives us 623 a lot of problem solving and a mission that people should 624 chase to solve. 625 Let us get to the conclusion with the usual 626 questions. Are you open to talk to new investors? 627 Definitely yes. Definitely yes. 628 We link down here in the show notes your LinkedIn profile so people can reach 629 out to you directly. And of course the second question, are 630 you looking for smart people to join unusecure also? Yes, 631 definitely. We are hiring currently for different roles 632 across Europe and we will also enter 633 us. So there's a lot of open positions that we want

634 to fill. Awesome. Santosh, 635 thank you very much. Was a pleasure having you as a guest. Hope to have 636 you back soon. Thanks Gio. Likewise. And thanks for hosting me. 637 My pleasure. 638 That's all folks. Find more news, streams, 639 events and interviews at 640 www.startuprat IO or 641 remember, Sherry is caring.

Partner with Startuprad.io

Startuprad.io is the leading independent media platform covering startups, venture capital, and innovation across the DACH region (Germany, Austria, Switzerland) and Europe. We offer B2B partnership opportunities for companies looking to reach startup decision-makers, founders, and investors.

• Become a Partner — Learn about sponsorship and partnership opportunities

• Contact us: partnerships@startuprad.io

• AI & LLM Identity Page

• Editor-in-Chief: Jörn "Joe" Menninger on LinkedIn

• Share your feedback

Subscribe to the Podcast

• Spotify

• Apple Podcasts

• YouTube

All podcast links: https://linktr.ee/startupradio

Frequently Asked Questions

What are the key insights from "The Rise Of AI Identity Security: Why The Next Cyber Crises Starts With A Login"?

What is identity security?Identity security protects user and machine identities from misuse, theft, and unauthorized access.Why has identity become the new cybersecurity perimeter?Because cloud and AI systems rely entirely on logins — attackers simply steal credentials.What makes identity attacks so dangerous?They bypass firewalls, EDR, and MFA, and appear as normal user activity.What is an identity security platform?A platform monitoring identity behavior after login to detect breaches in real time.Why can’t IAM tools solve identity security?IAM manages access; identity security detects misuse.What are machine identities?API keys, service accounts, and tokens used by software.Why are AI agents risky?They authenticate without MFA and can be easily over-permissioned.What is agentless security?Security that requires no installations or agents — just connections to cloud and SaaS.How does UnoSecur detect identity threats?Through real-time metadata analysis, anomaly detection, and toxic combination rules.Does UnoSecur replace Okta?No. It complements it by monitoring post-login behavior.What industries use identity-first security?Fintech, healthcare, retail, and AI-driven companies.How does identity sprawl happen?Uncontrolled creation of accounts, API keys, and SaaS tools.What is least-privilege enforcement?Ensuring identities only have the permissions they need.Is identity security required for compliance?Yes — SOC2, ISO, DORA heavily depend on identity governance.How does AI increase identity risk?Through automated credential theft, impersonation, and machine drift.Can small startups afford identity security?Yes — identity security platforms scale with usage.What is task-based access control?Giving AI agents only the permissions needed for specific tasks.Will identity be the top security investment by 2030?Yes — driven by AI adoption and machine-identity explosion.Can UnoSecur detect insider threats?Yes — via behavioral identity analysis.Why does real-time detection matter?Because attackers move within seconds, not hours.

What are the main takeaways from this discussion?

Internal & External Linking

How does this topic relate to startups in Germany, Austria, and Switzerland?

How Host-Read Ads Became Germany’s Most Trusted FormatThis Month in DACH Startups - October 2025 | Deep DiveFounder Burnout Recovery — The Hidden Cost of Startup Success

What can founders and investors learn from this episode?

https://www.unosecur.com/Unosecur's case studies

Who is The video and what is their role?

The video is available up to 24 hours before to our channel members in what we call the Entrepreneur’s Vault.

What are the key insights from "The Rise Of AI Identity Security: Why The Next Cyber Crises Starts With A Login"?

The host in this interview is Jörn “Joe” Menninger, startup scout, founder, and host of Startuprad.io. And guest is Santhosh Jayaprakash, CEO & Co-Founder of Unosecur

About the Host

Joern "Joe" Menninger is the host of the Startuprad.io podcast and covers founders, investors, and policy developments across the DACH startup ecosystem. Through more than 1,300 interviews and nearly a decade of reporting, he documents the evolution of the European startup landscape. Follow Joern on LinkedIn.

Support Startuprad.io

Identity security is becoming the most critical layer in enterprise cybersecurity. Companies building in AI, cybersecurity, and trust infrastructure use Startuprad.io to reach founders, operators, and decision-makers across the DACH ecosystem. If that fits your goals, explore partnerships here: Partner with Startuprad.io