Today we are announcing that Lorikeet Corp is raising an $885K pre-seed round at a $5M pre-money valuation via SAFE to build AI-powered attack surface management for the modern day. This funding will accelerate the development of our ASM platform, expand our expert team, and scale the infrastructure behind a product that makes security findings understandable and actionable for every team, not just security engineers.
We built Lorikeet because we saw the same pattern in every engagement we ran: organizations had no idea what they were actually exposing to the internet, and the tools that were supposed to help them were built for people who already understood the problem. This round lets us fix that at scale.
The Problem: Current ASMs Are Unintuitive for the People Who Need Them Most
Attack surface management is not a new concept. There are tools on the market that scan your external infrastructure and produce findings. The problem is that those tools were built by security engineers, for security engineers. The output is a wall of CVEs, severity ratings, and technical jargon that means nothing to the product managers, founders, and non-technical stakeholders who are actually responsible for making decisions about risk.
The reality is that most organizations face three compounding problems:
You cannot secure what you cannot see. Shadow IT, abandoned services, and orphaned domains sit live and exploitable. Most organizations have no idea what their actual external attack surface looks like. Infrastructure changes constantly, and nobody is tracking it in real time.
You cannot patch what you do not understand. Assets are poorly classified, misattributed, or completely unlabeled. Security teams lack context around ownership, criticality, and real exposure. Findings are isolated with no understanding of how they chain together into real attack paths.
You cannot reduce risk you cannot measure. Vulnerability data creates noise without business relevance. There is no consistent way to prioritize exposures across the attack surface. Risk decisions end up relying on intuition instead of objective measurement.
The scale of this problem is massive: Over 80% of data breaches result from exploiting the external attack surface (Cybersecurity Insiders, 2024). The average U.S. breach now costs $10.93M (IBM, 2025). The average enterprise has 300+ internet-facing assets (Tenable). And cloud and internet-exposed infrastructure are the top adversary targets (CrowdStrike). This is not a niche problem. It is the central challenge of modern security.
The Solution: AI-Powered Attack Surface Management That Anyone Can Act On
Lorikeet ASM is a continuously learning, AI-powered system for attack surface risk control. We built it to solve the three problems above in a way that works for the entire organization, not just the security team.
Discover: See What You Actually Expose
Lorikeet continuously discovers the full external attack surface: root domains, subdomains, IP addresses, technologies, open ports, and services. It exposes shadow IT and forgotten assets that nobody knew existed and stays current as infrastructure changes. The outcome is that teams finally have real visibility into what they are exposing to the internet.
Understand: AI That Translates Findings into Business Risk
This is where Lorikeet is fundamentally different. Raw vulnerability data creates noise. Our AI correlates assets and exposures into real attack paths and explains why findings matter and how they could be exploited, in plain language that non-technical founders and product managers can understand. Instead of a list of CVEs with no context, teams get clear risk narratives with contextual remediation steps, without linking out to third-party blogs that busy founders and CISOs do not have time to read. The result is fewer alerts, higher confidence, and faster decisions.
Prioritize: Fix What Truly Matters First
Every exposure gets scored by exploitability and business impact. The platform normalizes noise across vulnerabilities and misconfigurations so teams can objectively compare risks and prioritize. Fixing the top issues measurably reduces the organization's overall risk score. Teams stop guessing and start making data-driven decisions about where to spend their remediation effort.
What the Funding Will Accelerate
The $885K is allocated across three areas designed to scale what we have already built and validated with real users.
Expand the Expert Team
We are hiring core engineers to build and scale the Lorikeet ASM platform, security domain experts to guide detection and prioritization logic, and early go-to-market support to validate our sales motion and customer fit. Expert hires require competitive salaries, and we need expert hires to stay on the edge of innovation in this space.
Improve the Product
We are expanding asset discovery, historical indexing, and monitoring coverage. We are improving the AI-driven explanations, prioritization, and overall usability. We are hardening the product for real-world customer environments. And we are growing our compliance partnerships, including our Vanta integration and vCISO partnerships, to create additional revenue streams through client upsells.
Scale Infrastructure and Research
We need to scale our scanning, data processing, and storage infrastructure to keep up with the asset profiling needs of our users. We are also investing in internal security, reliability, and performance tooling, and funding ongoing research into new detection techniques and data sources.
The Team
Lorikeet Corp was founded by Ryan Wilke (Founder & CEO), and the company has been operating since 2021 with zero debt and no prior outside investment. Everything the company has today was built with consulting revenue and sweat equity.
Ryan is the founder of Parrot CTFs Events, a global offensive security training and pentesting platform, with 7+ years of industry experience. He has built large-scale pentesting, red team, and SOCaaS infrastructures, has deep hands-on expertise across web, API, cloud, and adversary simulation, and has designed 50+ real-world attack labs and security certification programs. He leads the company's technical methodology and product direction from the perspective of someone who has spent years breaking into systems and knows exactly what findings matter and what is noise.
Ryan has delivered security work for organizations including Citi, Nasdaq, Fortinet, Motorola Solutions, and Cointelegraph, among others.
Current Traction
We are early-stage, but the signals are strong and the momentum is real:
- MVP shipped and iterating with real user feedback. Multiple product iterations shipped in the first three weeks of the fundraise
- $10K committed from an offensive security industry leader (Director of Innovation)
- 5-person advisory board spanning offensive security, enterprise sales, product, and GTM
- VC pitch invitations and warm introductions in progress
- 300+ market research conversations completed with angel investors, validating the problem and approach
- Built on 7+ years of offensive security infrastructure and training platform experience through Parrot CTFs Events, Cointelegraph, and Prescient Security
- Strategic compliance partnerships with Accorp Partners CPA LLC and Anchorpoint Partners for SOC 2, ISO 27001, and PCI-DSS audits, plus Vanta MSP Partner status for compliance automation
The Market
The global ASM market sits at $6-7B TAM, driven by widespread cloud adoption, SaaS sprawl, and increasing external exposure. Our serviceable addressable market is $1.5-2B, focused on mid-sized, cloud-first organizations with complex internet-facing assets that require continuous discovery and monitoring. Our serviceable obtainable market targets $100-150M/year in ARR over four years through targeted enterprise adoption, representing roughly 1-2% market share.
The ASM market is projected to reach $12.69 billion by 2033 (Straits Research). Cybercrime is projected to cost the world $1 trillion USD per month by 2031 (Cybersecurity Ventures). ASM is becoming table stakes for SOC 2 compliance and enterprise deals. This is not a nice-to-have anymore. It is a requirement.
Why Now
Two macro shifts make this the right moment to build an AI-native ASM platform.
AI has shifted from a feature to a force multiplier. AI now makes large, noisy attack surfaces measurable and actionable at scale. What security teams could not process manually is now automated and continuous. The technology is finally good enough to deliver real risk narratives, not just more alerts.
Security spend is moving from tools to outcomes. Security buyers care about risk reduction and outcomes, not more dashboards. CISOs and boards want defensible, business-aligned decisions. Platforms that reduce noise and prioritize action are replacing point solutions. ASM is becoming mandatory for SOC 2, ISO 27001, and enterprise vendor assessments.
The Vision
We built an AI-Powered Attack Surface Manager that helps non-technical founders and teams understand their security exposure and fix what matters before attackers do. That is the one-line version.
The longer version is that we believe every organization, regardless of whether they have a dedicated security team, deserves to know what they are exposing to the internet, what the real risk is, and exactly what to do about it. Not in the language of CVE scores and CVSS vectors, but in the language of business impact and clear next steps.
Lorikeet ASM sits alongside our existing consulting services: penetration testing, secure code review, red team operations, compliance testing, and managed security. The ASM platform is the recurring-revenue product layer that complements the project-based services business. Pentest clients become ASM subscribers. ASM subscribers need compliance testing. Each revenue stream reinforces the others.
Our pre-seed round is open. If you are a CISO, offensive security operator, MSSP/MDR operator, or cybersecurity-focused angel investor, we want to hear from you. Not just for capital. For conviction.
Get Involved
If you are a company that needs attack surface management, penetration testing, or compliance support, we would love to talk. You can explore our full range of services, check out our pricing, sign up for the platform, or book a consultation directly.
Ready to secure your attack surface?
Get started with Lorikeet's AI-powered attack surface management. Book a call or sign up for the platform today.
