Onit Security is building an agentic exposure management platform that closes the gap between finding a vulnerability and actually fixing it. Traditional vulnerability management has been stuck on the same losing math for thirty years: security teams average 32 days to remediate a given issue, nearly half of vulnerabilities go unresolved after a full year, and enterprise backlogs routinely exceed 100,000 open exposures. Attackers, meanwhile, weaponize disclosed vulnerabilities in minutes. With the number of CVEs projected to surpass one million by 2030, the gap between detection and response is widening rather than closing. Onit's AI agents attack the bottleneck directly: they prioritize exposures against real business context rather than generic CVSS scores, automatically map asset ownership across fragmented data sources, and execute remediation without the manual hand-offs that typically stall response. Once a security team defines a resolution strategy, the platform applies it to every similar exposure going forward, so progress compounds rather than resets.

‍

The company was founded in 2025 by Elad Ben-Meir (CEO), Ofer Amitai (CPO), and Tom Winter (CTO), a team with three prior acquisitions between them: SCADAfence (Honeywell), Portnox (private equity), and For-Each (Autodesk). The idea for Onit came out of a state-sponsored Iranian cyberattack on Amitai's previous company, where the attackers exploited a known vulnerability that had been deprioritized inside an unmanageable backlog. That incident made the structural problem concrete: the industry has gotten very good at telling defenders what is wrong, and not much better at helping them fix it. Onit is already deployed with Fortune 1000 customers and has reduced mean time to remediation by up to 87%.

‍