Oligo Security is a commercial RASP and runtime protection platform built on an eBPF sensor that watches which library functions a Linux workload actually executes.
That single signal drives the product. It proves which vulnerabilities are real, and it blocks exploits at the function and syscall level.
Three childhood friends founded the company in 2022: Gal Elbaz (CTO), Nadav Czerninski (CEO), and Avshalom Hilu (CPO), all from Israeli military cyber units.
Oligo exited stealth in February 2023 with $28M and raised a $50M Series B in January 2025, led by Greenfield Partners.

What is Oligo Security?
Most application security tools reason about code you wrote and can scan. Oligo reasons about processes you are running, which is a different starting point.
The eBPF sensor sits in the Linux kernel and reports library and function executions.
Because it never needs source code, it covers commercial software you bought and OS packages you inherited, alongside your own services.
| Feature | Details |
|---|---|
| Sensor | eBPF, kernel-level, patented; Oligo states it installs in minutes |
| Deployment model | Agent on Linux workloads, hosts, and containers |
| Language coverage | Language-agnostic — reads execution from the kernel, not a per-language runtime agent |
| Blocking | Function and syscall level; no proxy in the request path |
| Rule design | Technique-based, so one rule covers a CWE class rather than one CVE |
| Modules | Cloud Application Detection and Response, Runtime Vulnerability Management, Runtime AI Security |
| Forensics | Call stacks and process trees across apps, workloads, hosts, and cloud |
| Scope | First-party code, third-party commercial software, and OS packages |
| Pricing | Quote-gated; demo request only |
Three consequences follow from that design. Oligo doesn’t score or infer whether a vulnerable function is reachable; it reports whether the function ran, which the vendor states removes 90%+ of vulnerability noise.
Its rules target the attacker technique — the syscall pattern an exploit needs — so a single protection covers a class of vulnerabilities, including ones not yet disclosed.
And kernel-level visibility puts vendor-purchased applications and OS packages in scope, which source-code-based AppSec never reaches.
What are Oligo Security’s key features?
Runtime vulnerability management
The dashboard funnel is the clearest expression of what the sensor buys you.
Oligo separates every dependency present in the image from the subset actually loaded and executed, then narrows again to cases where the vulnerable function itself ran.
Cresta’s Head of Security and Compliance, Robert Kugler, is quoted by Oligo saying the team cut its vulnerability numbers by over 99% by focusing only on findings with an executed vulnerable function.
That is a customer-reported figure on one estate, not a benchmark. Treat it as a directional claim and reproduce it on your own backlog during a trial.
Runtime exploit blocking
Blocking happens inside the workload at the function and syscall level. There is no reverse proxy, so there is no inspection hop to add latency or fail open.
Oligo frames the design goal as blocking the malicious action rather than containing the whole application.
The practical consequence: a blocked attack doesn’t take the service down with it.
Ask any runtime vendor how many rules they ship and how those rules map to CVEs.
Oligo’s answer is a different shape from a signature count: technique-based rules covering CWE classes, with 80 system and 17 custom rules visible in its own dashboard.
That’s the more interesting question to press on during a POC.
Detection, response, and forensics
Oligo positions this module as CADR, Cloud Application Detection and Response. The pitch leans on a gap it describes bluntly: when attackers exploit applications, teams detect it an average of six months later.

The intrusion graph traces a chain from the attacker IP through the pod, container, and process down to the specific dependency, function, and syscall.
Call stacks and process trees come with it. That’s the part incident responders usually reconstruct by hand.
Oligo also claims coverage for exploitation that scanners can’t represent: misconfiguration, zero-days, and disputed vulnerabilities that never got a usable CVE record.
Runtime AI security
In November 2025 Oligo extended the platform to AI models and agents, adding AI security posture management and AI detection and response.
The same sensor watches the inference process, rather than a separate AI-specific stack.
Scope this one carefully in an evaluation. It is the newest module, and the AI security field is moving faster than any vendor’s roadmap.
Research track record
Oligo publishes vulnerability research at a volume that is unusual for a company its size, and that research is a fair proxy for whether the runtime thesis holds up.
| Year | Finding |
|---|---|
| 2023 | ShellTorch — RCE in PyTorch/TorchServe |
| 2024 | ShadowRay — exploited flaw in the Ray AI framework |
| 2024 | 0.0.0.0 Day — an 18-year-old browser flaw affecting macOS and Linux |
| 2024 | Critical flaws in the Ollama AI framework |
| 2025 | RCE in Meta’s Llama framework via pickle deserialization |
| 2025 | AirBorne — 23 AirPlay vulnerabilities, including zero-click RCE |
| 2025 | Critical vulnerability in Anthropic’s MCP implementation |
| 2025 | Fluent Bit flaws exposing cloud workloads |
The team also publishes the Application Attack Matrix , an ATT&CK-style taxonomy for application-layer techniques.
It is vendor-authored, so read it as a well-informed argument for Oligo’s worldview rather than a neutral standard. It is also free, public, and useful regardless of what you buy.
Oligo has been named to the Fortune Cyber 60 for two consecutive years and won SC Media’s 2024 award for Best Supply Chain Security Solution.
Getting started
Oligo is quote-gated with no free tier and no published price list, so a demo request is the only public entry point.
The eBPF sensor then installs on Linux workloads. Oligo states deployment takes hours rather than weeks, with no code changes or redeploys.
The part worth planning is the trial itself. Run in observe mode first and let the sensor build the execution picture before you enable blocking.
While it observes, point it at a backlog you already know and count how many findings survive the executed-function filter. That number is what your renewal will be argued on.
When to use Oligo Security
Oligo fits teams running containerized Linux workloads who have a vulnerability backlog they cannot patch their way out of, and who need to cover software they didn’t write.
It also fits a specific organizational shape: security teams that want application-layer detection and response without standing up a separate SOC function.
Oligo says a single security professional can maintain it in a few hours per week.
It is a weaker fit if your estate is Windows-heavy or non-containerized, since eBPF is a Linux kernel technology.
It also sits at a different layer than perimeter HTTP filtering, and it is not in-process instrumentation of a single language runtime. The other RASP and runtime tools cover those needs.
The trade Oligo asks you to make is per-language depth for kernel-level breadth. Whether that works depends on how much of your risk lives in software you never compiled.
