Minimus launches with USD $51 million to cut 95% of CVEs

Minimus, an application security startup, has launched a platform designed to eliminate over 95% of Common Vulnerabilities and Exposures (CVEs) from software supply chains.

Supported by a seed investment of USD $51 million from YL Ventures and Mayfield, Minimus introduces a system aimed at moving away from traditional methods focused on detection, triage, and remediation by providing secure foundational components for developers and security teams.

The platform offers secure, minimal container images and virtual machines intended to replace existing artefacts within development workflows. This implementation can be achieved with a single change to deployment configuration, which Minimus claims results in an immediate drop in vulnerability exposure and expedites any further remediation activities required.

Ben Bernstein, Chief Executive Officer and Co-Founder of Minimus, stated, "Application security shouldn't be reactive - where the best an organisation can do is respond to a known vulnerability or threat. Organisations need to quickly deliver new features while also maintaining robust security practices. In this environment, vulnerability remediation and developer education are not enough. With Minimus, developers no longer waste hours upon hours on triage and remediation - they have secure building blocks from which to innovate."

Yoav Leitersdorf, Managing Partner at YL Ventures, commented on the company's direction, saying, "As Twistlock's seed investor, we believed in this extraordinary team of cybersecurity experts from day one. With Minimus, they will undoubtedly redefine and lead the application security space by fundamentally changing how vulnerabilities are managed. Minimus directly addresses CISOs' core challenge—dramatically reducing security risk without overwhelming already stretched security teams. We're thrilled to support this visionary approach."

Minimus also integrates updated threat intelligence into its platform, granting developers, security teams, and Chief Information Security Officers (CISOs) access to real-time information on active exploits, as well as EPSS and CISA-KEV metrics affecting their supply chains. This integration aims to assist with prioritisation of the remaining 5% of CVEs that require attention.

Addressing the investment and partnership, Navin Chaddha, Managing Partner at Mayfield, remarked, "At Mayfield, our mantra is People First, and we back founders who transform industries, which is why we're excited to partner with Ben Bernstein and the Minimus team that is redefining application security. Minimus eliminates over 95% of Common Vulnerabilities and Exposures (CVEs) from software supply chains. This advancement in application security enables organizations to innovate faster while drastically reducing risk—making it an essential solution for enterprise CISOs in today's AI-accelerated development landscape."

The platform is built using an AI-first approach and has been developed with a focus on creating intelligent agents for secure image generation. Minimus constructs image artefacts from primary project sources and includes only essential software required for specific applications, which aims to minimise the potential attack surface.

One of the company's objectives is to make secure images easily replaceable for applications already in use by organisations. Deployment can be achieved with minimal changes, which is intended to facilitate a swift implementation and immediate reduction in remediation effort for development teams. The approach is also designed to be compatible with existing operational tools and processes for ease of management and integration.

The founding team of Minimus includes Ben Bernstein, Dima Stopel, and John Morello, who have previous experience in container security and industry standards development.