Archives: News

Hush Security Launches Runtime Certificate Intelligence with Post-Quantum Readiness Detection

Table of Contents

Tel Aviv, Israel – October 10, 2025 – Hush Security today announced a powerful new capability as part of its Secretless Access Management Platform: runtime certificate intelligence. The capability continuously detects certificate usage in runtime, validates encryption posture, and determines whether certificates are post-quantum ready. Teams can now improve their machine identity posture, proactively prevent service outages, and avoid misconfigurations.

This new certificate intelligence module is built into Hush’s secretless machine identity access platform, giving organizations a single control plane to govern and secure all machine identities. As AI agents, automation, and infrastructure complexity accelerate, Hush provides the visibility and preventative controls security and operation teams need to stay ahead.

“Certificates are often trusted long after they’ve outlived their cryptographic strength,” said Shmulik Ladkani, CTO and Co-founder of Hush Security. “Our new runtime certificate intelligence lets teams see exactly how certs are used, check for post-quantum compliance, and eliminate blind spots, without the manual overhead.”

Runtime Certificate Intelligence: What It Delivers

  • Live Detection & Usage Mapping
    Continuously scans all environments (cloud,on‑premises, hybrid) for certificates in use by workloads, services, AI agents, and microservices.
  • Production Stability & Compliance
    Keep production running with continuous,enterprise-grade certificate inspection and automatic detection of expired, weak, non-PQC, or PCI-noncompliant certificates.
  • Automatic Replacement & Hardening
    When non-compliant certificates are found, Hush triggers automated replacement with a stronger, quantum-resistant certificate, without downtime, manual rotation, or human intervention.
  • Unified Machine Identity Governance
    Certificate intelligence integrates with Hush’s existing runtime secretless access management platform, unifying credential and certificate oversight.

“Certificates were always a weak spot; tracking them across environments, knowing which are active, expired, or compliant, was nearly impossible. Seeing certificate usage lets us clean up outdated certs, catch risky ones early, and start planning for quantum-safe encryption without adding extra work.”

Director of Infrastructure Security, Fortune 500 Software

Why This Matters Now

Certificates are foundational to machine trust, yet many organizations rely on outdated, vulnerable cryptography without realizing it. Without runtime insight, expired, unused, or weak certificates silently remain active, creating open attack vectors and operational landmines.

  • Security Driver:
    Attackers exploit weak or misused certificates to impersonate services, escalate privileges, or intercept traffic. Hush closes these blind spots before they’re breached.
  • Operational Driver:
    Certificate-related outages cost time and trust. Runtime intelligence reduces service downtime by ensuring valid, compliant certificates are always in place, automatically.
  • Compliance Driver:
    Frameworks like NIST’s Post-Quantum Cryptography guidance, PCI DSS 4.0 and others are increasing pressure to track and assess cryptographic assets. Hush enables teams to meet these standards continuously.

This new module empowers security teams to:

✔️ Detect weak or non-compliant certificates before they cause damage
✔️ Reduce cryptographic blind spots current tools ignore
✔️ Enforce least-privilege access and Zero Trust for certificate-based authentication
✔️ Meet post-quantum and compliance mandates faster and with less effort

GetStarted

Hush offers organizations a and a comprehensive report to help establish a secure machine identity baseline.

About Hush Security

Founded in 2024, Hush Security set out to disrupt the traditional secret-based access model for machines by eliminating static secrets and replacing them with just-in-time, policy-based access. Led by industry veterans with decades of experience, Hush’s mission is to bring true Zero Trust principles to machine-to-machine access. The company is backed by Battery Ventures and YL Ventures and is headquartered in Tel Aviv.

Still Using Secrets?

Let's Fix That.

Get a Demo

Hush Security Emerges from Stealth with Secretless Machine Access Platform, Ending the Need for Vaults

Table of Contents

TEL AVIV, Israel – September 10, 2025 – Hush Security, the first comprehensive secretless, policy-based access platform for securing machine identities, today announced it has raised $11 million in seed funding led by Battery Ventures and YL Ventures. As agentic AI surges, Hush replaces legacy vaults and secrets across the enterprise with just-in-time, policy-driven access controls that are enforced at runtime. This novel approach eliminates the operational and security risks of traditional vaults and secrets managers, delivering a faster, safer way to secure machine-to-machine access.
Gartner predicts that 40% of organizations will adopt a secretless approach by 2027 as the traditional secrets access model becomes a liability, unable to keep pace with today’s dynamic cloud environments, automated workflows, and the rise of agentic AI. Vaults and secret managers, used by the vast majority of organizations globally, were built for the pre-agentic era and simply store the risk instead of eliminating it. Other non-human identity (NHI) solutions offer limited, point-in-time visibility without prevention measures, leaving blind spots and overburdening developers and organizations with operational overhead.
Founded by the team behind Meta Networks (acquired by Proofpoint in 2019), Hush is now leading a policy-centric industry shift, enabling least privileged access based on what identities do instead of just what they’re allowed to do and allowing teams to quickly grant just-in-time, right-size access that is validated at runtime.
Chasing secrets or watching dashboards doesn’t stop attacks,” said Micha Rave, CEO and co-founder of Hush Security. “Vaults were built for an era where environments changed slowly and AI was not part of the equation. That era is over. AI agents, ephemeral workloads, and automation have changed the game, and the vault model can’t keep up. We’ve eliminated the need for credentials entirely, introducing a groundbreaking new model for machine access.”
Hush Security delivers three integrated capabilities in cloud and on-prem, unlike any other solution on the market:
  • Runtime Visibility & Discovery: Continuously discover and map every workload, service, and AI agent, from code to runtime
  • Runtime Posture Analysis: Detect, assess, and prioritize risks and compliance based on runtime behavior, criticality and potential blast radius, not static assumptions
  • Prevention & Management: Replace static secrets with right-sized, just-in-time access policies that adapt dynamically, reducing overhead while blocking credential-based threats at the source
“We’re at a critical inflection point. Static secrets simply can’t keep pace with modern infrastructure, rapid development cycles, and the demands of AI-driven workloads,” said Barak Schoster, Partner at Battery Ventures. “Hush Security’s seasoned team and cutting-edge technology offer the right approach to replace secrets with dynamic policies, and we believe this is the beginning of the end for credential-based attacks.”
Hush’s patent-pending technology removes fragmented responsibility between security, DevOps, and developers by offering a transparent, unified and zero-trust access model built on the SPIFFE (Secure Production Identity Framework For Everyone). It streamlines compliance, eliminates secret sprawl, and protects everything from AI agents to microservices, without the ops burden or security blind spots of secret-based models.
“Machine identity security is entering a new era, and we see Hush Security leading the shift to a secure, policy-based future, especially as AI agents and LLMs proliferate,” said Yoav Leitersdorf, Managing Partner at YL Ventures. “They’ve built the right technology at the right time. With bold vision and strong execution, Hush is ready to redefine how machine identities are protected.”
Despite being in stealth, Hush has already secured paying enterprise customers, including multiple Fortune 500 companies. The team will use the funding to expand engineering and accelerate global GTM efforts.
To help organizations get started, Hush’s free assessment detects secrets, including API keys, credentials, and service accounts in code, identifies their owners, and maps how they’re used at runtime between applications, services, and AI agents across all environments. It delivers a clear, end-to-end ‘code-to-cloud-to-AI’ access story. With a single click, organizations can migrate to a secretless architecture in the enterprise edition, eliminating secret sprawl for good.
About Hush Security
Founded in 2024, Hush Security set out to disrupt the traditional secret-based access model for machines by eliminating static secrets and replacing them with just-in-time, policy-based access. Led by industry veterans with decades of experience, Hush’s mission is to bring true Zero Trust principles to machine-to-machine access. The company is backed by Battery Ventures and YL Ventures and is headquartered in Tel Aviv.
Still Using Secrets?

Let's Fix That.

Get a Demo