RSS

What it's like being the only security company in your YC batch

alexchantavy1 pts0 comments

What it’s like being the only security company in your YC batch

Venture in Security

SubscribeSign in

What it’s like being the only security company in your YC batch<br>A guest post from Alex Chantavy about participating in Y Combinator as a security company.

Alex Chantavy<br>Jun 18, 2026

12

Share

This is a guest post from a friend, Alex Chantavy, who is the co-founder & CEO of SubImage. Alex went through Y Combinator, and I have been asking him (or, as he rightfully calls it, nagging him) to share his story. Many people are familiar with the story of Vanta, which also participated in YC, but Vanta is unique because it actually sells to startups, so Y Combinator was also a great distribution channel for them. Most security companies don’t get to sell to other startups, so their YC experience is going to be very different.

We’ve spoken about this at BSides before and have been nagged (thanks Ross) to put it into written form, so here it is.<br>Kunaal and I got into Y Combinator in January of 2025 to create SubImage, and these first 17 months of the journey have been crazy. This is our story as a YC-backed security company, showing what worked for us and what we’d do differently knowing what we know now. If you work in information security and have ever dreamed about quitting your corporate job to become an entrepreneur, this post is for you.<br>Our main takeaways are that a YC batch is built to help you raise your seed round as fast as possible, and that the YC playbook and the security startup playbook pull in almost opposite directions. It can work, but most of the job is reconciling the two.<br>A little bit about us

I’ve worked in infosec for over 15 years (By YC standards, I’m very old). I started my career at the NSA, eventually moving to Microsoft on the Azure Red Team, and then Lyft’s security team, where I met Kunaal and open sourced a tool called Cartography that grew a real community with dozens of companies using it. Kunaal left Lyft at some point to join a little startup called Anthropic.<br>I knew I wanted to keep working on Cartography, and Matt Klein, creator of Envoy, gave me the advice that my options were to stay at Lyft, go somewhere else that used it, or build my own company. Kunaal was my first and only pick for a cofounder because I knew what it was like to build something huge with him (Lyft’s vuln mgmt program).<br>A little bit about the company

This explanation took us a very long time to come to, and it still needs improvement. But! SubImage makes maps of your infrastructure so that you can better secure it; you can think of us as an open-core alternative to Wiz.

We were the only company that didn’t use the word “LLM” in our pitch

We applied to YC mostly as an exercise to gain clarity on what we wanted to do. Fast forward, we got a video interview with Gustaf where he asked me a very simple question: “So, what are you building?” I absolutely fumbled it. It was a mix of nerves and being in the weeds with Cartography for 6+ years that made it difficult for me to have a crisp answer. I mumbled something about cloud security and open source. I honestly don’t remember much of what happened in that call, but Kunaal kept it together and helped me keep some semblance of composure.<br>We had a follow-up call the next morning, where Gustaf said “I just have one question: Kunaal, you live in New York City. Are you willing to move to San Francisco and do YC?” There was also a fun tidbit where Gustaf said “You’re the first company we’ve accepted that did not use the word ‘LLM’ in their pitch”. Go us.

We were absolutely beside ourselves. This was the best Christmas present I could have imagined. Not to be too cheesy, but that night I went to dinner and drove home, and I’m pretty damn sure I saw a shooting star driving on I-80. Anyways.

The batch began

in January of 2025. We received YC’s $500k investment, and it was 12 weeks until Demo Day. We needed to get real customers to show the best investors in Silicon Valley that our company was worth investing in.<br>We immediately looked around for other companies in our batch building in security. We found two: one doing workflows, another building an AI reverser (I thought it was super cool). At various points, they both pivoted to, get this, commercial real estate. Nothing against that (I love you guys, you know who you are but I gotta roast you a bit<br>This is because building in security as a startup is very hard.<br>Companies don’t need security until they are much more mature. In particular, lots of other YC companies in areas like dev tools or agent tools can almost immediately sell these smaller $100/month or $1,000/month contracts. They were talking about self-serve products, or landing dozens of customers at a few hundred dollars per month. We were mapping out org charts up and down from decision-makers to champions, procurement, compliance reviews. It felt like a completely different sport.<br>YC is just 12 weeks long and you have to show traction in the form...

security company like batch kunaal companies

Related Articles

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

German ruling declares Google liable for false answers in AI Overviews

ahlCVA15 ptsgoogle court search overviews content users

Britain Became as Poor as Mississippi

SanjayMehta15 ptsbritain mississippi next financial crisis self
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.