Securing production applications from the inside – Rein Security offers a new approach to application security.
Rein Security has emerged from stealth with $8 million funding and backing from Glilot Capital. Rein, co-headquartered in Tel Aviv and New York City, was founded by Matan Bar Efrat (CEO) and Netanel Rubin (CTO) in 2024.
The firm is introducing a technology that effectively protects applications from the inside while they are running.
Both co-founders have worked in cybersecurity (more specifically application security) since they were 18 – although Rubin was a pentester for banks at age 15, before doing military service as a security researcher for the Israeli Military Intelligence.
While considering their next steps, Bar Efrat asked Rubin, ‘Why have you always been able to hack web servers so easily?’ Rubin’s reply ultimately comes down to a visibility gap into the context of an application in production. Most existing AppSec tools stop at code scanning and pre-production testing. This surfaces issues but fails to show how applications actually behave once they are in production.
The two decided to tackle this issue, and developed a patent-pending platform technology that promises real-time context and protection inside application production environments. The reaction speed available from within the app, in detecting and responding to something that shouldn’t be happening, will become increasingly important and urgent as the speed and scale of AI-assisted and vibe-coded malicious attacks continues to grow.
Bar Efrat explains the current difficulties in relation to an agentic AI application. Firstly, traditional guardrails around prompts are hard. The prompt could be a one-liner, a document or a picture, all possibly with hidden malicious prompt content. A bigger problem is that the application itself is non-deterministic; by definition it is probabilistic. “The only way to provide security here is to be as dynamic as the agentic application itself,” he says.
“We founded Rein to give CISOs and AppSec leaders the ability to protect every app, MCP, library and API without disruption. By seeing and controlling exactly what happens to apps in production, teams can resolve real issues in real time rather than spend excessive time on investigation and analysis.”
To tackle the problem, Rein has developed a new technology that adds a single line of code to the application. In less than a day, the platform baselines normal or acceptable behavior for the app. If it sees any deviation from the expected norm, it issues an alert and prevents the deviation.
“For example, if we have a library or a function that usually does one thing but suddenly executes an RCE or Log4J, we detect that deviation that shouldn’t be happening in this context, and we return permission denied,” explains Bar Efrat.
“From the user perspective, or from the runtime perspective, we’re not doing anything intrusive. We’re not terminating the process. We’re not terminating the thread. We’re not even terminating the HTTP request. We only micro sandbox the malicious resource that is now being accessed – in other words, the exploitation itself. It’s a non-intrusive way to prevent attacks from happening.”
Rein claims runtime protection across both zero days and one days via an architecture that applies production context with under one millisecond of performance impact and no reliance on proxies, sampling or eBPF.
Alexei Balaganski, lead analyst at KuppingerCole Analysts comments, “Improving visibility into real execution context in production introduces a different way of thinking about application risk. That perspective can help security teams prioritize risk, reduce friction, and adapt security practices to modern software development.”
Related: Bugcrowd Acquires Application Security Firm Mayhem
Related: No Security Scrutiny for Half of Major Code Changes: AppSec Survey
Related: Ox Security Bags $60M Series B to Tackle Appsec Alert Fatigue
