Skip to content
Oligo Security

Oligo Security

NEW
Category: RASP
License: Commercial
Suphi Cankurt
Suphi Cankurt
+8 Years in AppSec
Updated July 16, 2026
6 min read
Key Takeaways
  • Oligo’s eBPF sensor reads library and function execution from the Linux kernel, so it works on software you buy and run — not just code you build and can scan.
  • Blocking happens at the function and syscall level rather than through a proxy, and Oligo’s rules target attack techniques so one rule covers a CWE class instead of a single CVE.
  • Oligo has raised $80M in total outside funding, including a $50M Series B in January 2025 led by Greenfield Partners and a $28M stealth exit in February 2023.
  • The research team published ShellTorch, ShadowRay, 0.0.0.0 Day, and AirBorne — an unusually visible track record for a company of this size, and the source of the Application Attack Matrix.

Oligo Security is a commercial RASP and runtime protection platform built on an eBPF sensor that watches which library functions a Linux workload actually executes.

That single signal drives the product. It proves which vulnerabilities are real, and it blocks exploits at the function and syscall level.

Three childhood friends founded the company in 2022: Gal Elbaz (CTO), Nadav Czerninski (CEO), and Avshalom Hilu (CPO), all from Israeli military cyber units.

Oligo exited stealth in February 2023 with $28M and raised a $50M Series B in January 2025, led by Greenfield Partners.

Oligo Security dashboard showing the vulnerability focus funnel narrowing 4,829 dependencies down to 4 with an executed vulnerable function
The vulnerability focus funnel narrows 4,829 dependencies to the 4 with a vulnerable function actually executed at runtime.

What is Oligo Security?

Most application security tools reason about code you wrote and can scan. Oligo reasons about processes you are running, which is a different starting point.

The eBPF sensor sits in the Linux kernel and reports library and function executions.

Because it never needs source code, it covers commercial software you bought and OS packages you inherited, alongside your own services.

FeatureDetails
SensoreBPF, kernel-level, patented; Oligo states it installs in minutes
Deployment modelAgent on Linux workloads, hosts, and containers
Language coverageLanguage-agnostic — reads execution from the kernel, not a per-language runtime agent
BlockingFunction and syscall level; no proxy in the request path
Rule designTechnique-based, so one rule covers a CWE class rather than one CVE
ModulesCloud Application Detection and Response, Runtime Vulnerability Management, Runtime AI Security
ForensicsCall stacks and process trees across apps, workloads, hosts, and cloud
ScopeFirst-party code, third-party commercial software, and OS packages
PricingQuote-gated; demo request only

Three consequences follow from that design. Oligo doesn’t score or infer whether a vulnerable function is reachable; it reports whether the function ran, which the vendor states removes 90%+ of vulnerability noise.

Its rules target the attacker technique — the syscall pattern an exploit needs — so a single protection covers a class of vulnerabilities, including ones not yet disclosed.

And kernel-level visibility puts vendor-purchased applications and OS packages in scope, which source-code-based AppSec never reaches.

What are Oligo Security’s key features?

Runtime vulnerability management

The dashboard funnel is the clearest expression of what the sensor buys you.

Oligo separates every dependency present in the image from the subset actually loaded and executed, then narrows again to cases where the vulnerable function itself ran.

Cresta’s Head of Security and Compliance, Robert Kugler, is quoted by Oligo saying the team cut its vulnerability numbers by over 99% by focusing only on findings with an executed vulnerable function.

That is a customer-reported figure on one estate, not a benchmark. Treat it as a directional claim and reproduce it on your own backlog during a trial.

Runtime exploit blocking

Blocking happens inside the workload at the function and syscall level. There is no reverse proxy, so there is no inspection hop to add latency or fail open.

Oligo frames the design goal as blocking the malicious action rather than containing the whole application.

The practical consequence: a blocked attack doesn’t take the service down with it.

Note
Why technique-based rules matter for procurement

Ask any runtime vendor how many rules they ship and how those rules map to CVEs.

Oligo’s answer is a different shape from a signature count: technique-based rules covering CWE classes, with 80 system and 17 custom rules visible in its own dashboard.

That’s the more interesting question to press on during a POC.

Detection, response, and forensics

Oligo positions this module as CADR, Cloud Application Detection and Response. The pitch leans on a gap it describes bluntly: when attackers exploit applications, teams detect it an average of six months later.

Oligo Security incident view with an intrusion graph tracing an attacker IP through pod, container, Java process, dependency, function, and syscall
The intrusion graph traces a critical XSLT exploit from the attacker IP through the pod, container, and Java process down to the vulnerable dependency and syscall.

The intrusion graph traces a chain from the attacker IP through the pod, container, and process down to the specific dependency, function, and syscall.

Call stacks and process trees come with it. That’s the part incident responders usually reconstruct by hand.

Oligo also claims coverage for exploitation that scanners can’t represent: misconfiguration, zero-days, and disputed vulnerabilities that never got a usable CVE record.

Runtime AI security

In November 2025 Oligo extended the platform to AI models and agents, adding AI security posture management and AI detection and response.

The same sensor watches the inference process, rather than a separate AI-specific stack.

Scope this one carefully in an evaluation. It is the newest module, and the AI security field is moving faster than any vendor’s roadmap.

Research track record

Oligo publishes vulnerability research at a volume that is unusual for a company its size, and that research is a fair proxy for whether the runtime thesis holds up.

YearFinding
2023ShellTorch — RCE in PyTorch/TorchServe
2024ShadowRay — exploited flaw in the Ray AI framework
20240.0.0.0 Day — an 18-year-old browser flaw affecting macOS and Linux
2024Critical flaws in the Ollama AI framework
2025RCE in Meta’s Llama framework via pickle deserialization
2025AirBorne — 23 AirPlay vulnerabilities, including zero-click RCE
2025Critical vulnerability in Anthropic’s MCP implementation
2025Fluent Bit flaws exposing cloud workloads

The team also publishes the Application Attack Matrix , an ATT&CK-style taxonomy for application-layer techniques.

It is vendor-authored, so read it as a well-informed argument for Oligo’s worldview rather than a neutral standard. It is also free, public, and useful regardless of what you buy.

Oligo has been named to the Fortune Cyber 60 for two consecutive years and won SC Media’s 2024 award for Best Supply Chain Security Solution.

Getting started

Oligo is quote-gated with no free tier and no published price list, so a demo request is the only public entry point.

The eBPF sensor then installs on Linux workloads. Oligo states deployment takes hours rather than weeks, with no code changes or redeploys.

The part worth planning is the trial itself. Run in observe mode first and let the sensor build the execution picture before you enable blocking.

While it observes, point it at a backlog you already know and count how many findings survive the executed-function filter. That number is what your renewal will be argued on.

When to use Oligo Security

Oligo fits teams running containerized Linux workloads who have a vulnerability backlog they cannot patch their way out of, and who need to cover software they didn’t write.

It also fits a specific organizational shape: security teams that want application-layer detection and response without standing up a separate SOC function.

Oligo says a single security professional can maintain it in a few hours per week.

Tip
Best for
Cloud-native teams on Linux who need runtime proof of exploitability across first-party, third-party, and OS-packaged software, and who want blocking that doesn’t sit in the request path.

It is a weaker fit if your estate is Windows-heavy or non-containerized, since eBPF is a Linux kernel technology.

It also sits at a different layer than perimeter HTTP filtering, and it is not in-process instrumentation of a single language runtime. The other RASP and runtime tools cover those needs.

The trade Oligo asks you to make is per-language depth for kernel-level breadth. Whether that works depends on how much of your risk lives in software you never compiled.

Note: Founded 2022 by Gal Elbaz, Nadav Czerninski, and Avshalom Hilu. $80M total funding. Extended to AI workloads November 2025.

Frequently Asked Questions

Is Oligo Security a RASP tool?
Not in the classic sense. Traditional RASP instruments the application runtime with a per-language agent, so it needs a JVM or .NET agent for each stack. Oligo runs an eBPF sensor in the Linux kernel instead, which is why it also sees third-party and OS-packaged software you never compiled. Oligo describes the category as CADR — Cloud Application Detection and Response.
Does Oligo Security publish pricing?
No. Oligo is commercial and quote-gated, with a demo request as the only public entry point. The vendor states that CADR deploys in hours and can be maintained by a single security professional in a few hours per week, but it publishes no list price.
What does Oligo's eBPF sensor actually see?
Library and function executions, read from the Linux kernel. That is what powers the vulnerability funnel: Oligo separates dependencies that are merely present from those loaded and executed, and finally from those where the vulnerable function itself ran. Oligo states this cuts vulnerability noise by 90% or more.
What has Oligo's research team found?
ShellTorch in PyTorch/TorchServe (2023), ShadowRay in the Ray AI framework (2024, with a cryptojacking follow-up in 2025), the 18-year-old 0.0.0.0 Day browser flaw (2024), RCE in Meta’s Llama framework (2025), 23 AirPlay vulnerabilities branded AirBorne (2025), and Fluent Bit flaws affecting major clouds (2025).
How does Oligo block an exploit without a proxy?
It blocks the malicious function call or syscall inside the workload, so there is no inspection hop in front of the application. Oligo says the application keeps running normally during and after a blocked attack, and that the rules target attacker techniques reused across many CVEs rather than individual vulnerabilities.