AI has quietly moved the center of gravity of software.
Products now start life in documents, tickets, chats, and AI-assisted editors. System behavior is sketched in Confluence, refined in Jira, debated in Slack, and then turned into code at a pace that would have been unthinkable a few years ago.
But product security is still anchored somewhere else entirely: at the end.
Scan the code. Triage the findings. Open tickets. Repeat.
That mismatch is exactly where Clover Security steps in.
Clover is building design-led product security for the AI era—bringing AI agents into tools like Confluence, Jira, GitHub, Cursor, and Slack so teams can catch design flaws early and ship products that are secure by design, not by cleanup.
Today, Clover Security is coming out of stealth with $36M in total funding – combining a seed round led by Team8 and a Series A led by Notable Capital, with participation from SVCI and a remarkable group of industry leaders, including the founders of Wiz, Cato Networks, and executives from Snyk, CrowdStrike, Palo Alto Networks, Atlassian, and Google.
We’ve been proud to lead Clover’s seed round and partner with the team from the earliest days.
Product security is stuck downstream
If you look at how modern products are actually built, most of the important decisions happen long before a scanner ever runs.
Architectures, flows, and integrations are drafted in Confluence. Scope, dependencies, and edge cases are captured in Jira. Clarifications and trade-offs play out in Slack. Code lands in GitHub, often with AI-assisted tools like Cursor in the loop.
By the time traditional product security tooling is involved, the design has hardened. When an issue appears, it’s rarely a single bad line of code; it’s a symptom of earlier choices about how systems interact, how data is handled, and where trust boundaries sit. Fixing it means negotiating changes across teams, reworking flows, and reopening questions everyone thought were closed.
Meanwhile, AI-native development is increasing speed and complexity at the same time. Teams generate more code, connect more services, and push more changes with fewer people. Product security teams are not growing at the same rate. Asking them to manually review every architecture diagram, every new integration, and every major feature simply doesn’t scale.
Downstream controls will always be necessary. But if risk is designed in, relying only on downstream controls will never be enough.
From “find the bug” to “shape the design”
Clover starts from a simple observation: most of the real risk enters the system when you decide how it should work, not when you write the last line of code.
Design-led product security treats system design as a first-class security asset. It brings security into the moment where teams decide what data moves where, who can do what, how services interact, and what assumptions they’re willing to make about trust.
Instead of waiting for code, Clover’s AI agents read the same artifacts product and engineering teams use every day. They replicate the thinking of experienced product security engineers, but they do it continuously and at scale.
When Clover looks at a new design, it isn’t searching for patterns in syntax. It is reasoning about behavior. Where does sensitive information actually flow? Which components sit on critical paths? What happens if a user, or an attacker, deliberately pushes the system in the wrong way? Which controls are assumed but never specified?
The goal is not to turn security into another approval gate. The goal is to influence the design while it is still inexpensive—and politically easy—to change.
How Clover works: AI agents inside the product workflow
Clover is built to sit inside the modern product workflow, not outside it. Instead of asking teams to open a separate security console, Clover’s AI agents work across the systems where design and delivery already happen—Confluence, Jira, GitHub, Cursor, Slack and more. They read the same specs, tickets, discussions and code that product and engineering teams use every day, and layer security reasoning directly on top.
The result is simple to describe and hard to replicate: design and architecture decisions get a security review while they’re still being shaped, and that context follows the work all the way into implementation. For product security teams, Clover becomes a force multiplier that lets a small group influence hundreds of engineers. For developers, it turns “secure by design” from a slogan into a default behaviour, without adding new rituals or slowing delivery.
What we’re seeing in the field
Clover isn’t launching from a deck. It’s launching from live, demanding environments.
The platform is already deployed at dozens of companies across banking, enterprise technology, and fintech, including Fortune 500 organizations. Its customers include public leaders such as Udemy, ServiceTitan, Lemonade, and Virgin Money, and high-growth innovators such as Plaid, Notion, PROS, Neo4j, Clari, and Lead Bank.
It is rare for a security startup to reach millions in ARR while still in stealth and at seed stage. That kind of trajectory doesn’t come from hype; it comes from solving a problem that customers feel every quarter and building a product that fits how their teams actually operate.
In conversations with these customers, a pattern emerges. Clover is not “yet another scanner.” It becomes part of how they design and ship, a way to make “secure by design” more than a slide in a board presentation.
Why now: the AI-native product wave
AI is not just speeding up development. It is changing its shape.
More of the logic in a product comes from glue code, orchestration, and integration. More of the implementation is generated or refactored by AI assistants. Teams snap together services, APIs, and models into systems that are harder to fully see, let alone manually review.
At the same time, expectations are rising. Regulators, customers, and boards are asking tougher questions about how products are designed, not just how they are patched. “Secure by design” is moving from a slogan to an expectation.
Trying to respond with more manual reviews and more late-stage gates is a dead end. Product security teams will not suddenly triple in size.
What allows scale is moving security to where decisions are made and giving those teams more leverage in the form of AI agents that understand designs, not just code.
At Team8, we’ve been investing around this broader shift: intelligent, context-aware systems that sit inside critical workflows. In security operations, that logic led us to Mate. In product security, it leads naturally to Clover: a platform that treats design as the first security control and uses AI to make that practical in fast-moving organizations.
The founders
Our conviction in Clover is ultimately rooted in the founders.
Clover was founded in 2023 by Alon Kollmann and Or Chen, product security veterans who have spent their careers working alongside engineering teams, trying to help them move fast without accumulating unacceptable risk.
They’ve seen the same story play out repeatedly: security invited into the process only when the roadmap is locked, designs scattered across tools security rarely touches, and a small product security team asked to “cover everything” with no real leverage upstream. They understand both the technical challenge and the human one: if security wants to matter, it has to meet developers where they are and speak in the language of their day-to-day tools and trade-offs.
From our earliest conversations, it was clear they were not interested in marginally improving existing scanners or review processes. They wanted to relocate product security to the actual sources of truth for modern products—design docs, tickets, conversations, and code—and to use AI to scale the best of what great product security engineers already do.
The traction Clover has achieved in stealth, the caliber of customers who have already adopted it, and the group of industry leaders who chose to back them all speak to the same point: Alon and Or are exactly the kind of founders who can redefine how an entire function works.
Looking ahead
Clover is still at the beginning of its journey, but the direction is clear.
With $36M in funding across its seed and Series A, backed by Notable Capital, Team8, SVCI, and an outstanding group of strategic investors, Clover is uniquely positioned to turn design-led product security from an aspiration into a norm.
As AI continues to reshape how products are built, the organizations that stand out on security won’t be the ones that bolt on the most tools at the end of the pipeline. They will be the ones that treat design as the first opportunity to get security right, and that give their teams systems capable of reasoning about complex architectures at the speed of modern development.
That is the future Clover is working toward.
We’re proud to have been part of the journey from the seed stage, and we’re excited to keep building alongside the Clover team as they define what product security looks like for the AI-native era.
Learn more about Clover here.
Co-Founder & Managing Partner
Liran Grinberg is the Co-founder and Managing Partner of Team8, where he invests in Cyber and Software Infra companies.
