Enterprises rushing to deploy large language models (LLMs) and AI agents face a growing threat: deeply flawed container base images that introduce inherited security vulnerabilities. Israeli startup Echo has secured $35 million in Series A funding – bringing its total to $50 million – to address this foundational problem by reimagining how cloud infrastructure is built from the ground up.
Зміст
The Invisible Foundation of the Cloud
The modern internet relies on container images – essentially shipping containers for software. These images include application code and the essential “base image” that makes the code run. The base image is akin to an operating system (OS) like Windows or macOS, but unlike those systems, most base images are open-source and maintained by volunteers. This means they often contain unnecessary tools and settings (“bloat”), creating significant security risks.
The problem is critical: downloaded base images can contain over 1,000 known vulnerabilities (CVEs) from the start. Traditional patching is a losing battle for security teams, who inherit infrastructure debt before even writing code.
Echo’s “Enterprise AI Native OS” Approach
Echo’s solution isn’t about scanning for vulnerabilities after they exist; it’s about preventing them entirely. The company operates as a “software compilation factory,” rebuilding images from scratch using a two-step process:
- Compilation from Source: Echo builds images directly from source code, including only essential components to minimize the attack surface.
- Hardening & Provenance (SLSA Level 3): The resulting images are hardened with aggressive security configurations and verified to SLSA Level 3 standards, ensuring every artifact is signed and tested.
This results in a drop-in replacement: developers simply change one line in their Dockerfile to access Echo’s secure registry. The application runs identically, but the underlying OS is mathematically cleaner and free of known CVEs.
AI Defending Against AI
The need for this approach is driven by the escalating “AI vs. AI” security arms race. Exploits are compressed from weeks to days, and AI-powered coding agents are now the primary source of new code—often selecting outdated or vulnerable libraries from open source.
To counter this, Echo employs its own AI agents to continuously monitor vulnerabilities:
- Continuous Monitoring: Tracking the 4,000+ new CVEs added to the National Vulnerability Database (NVD) monthly.
- Unstructured Research: Scouring GitHub comments and developer forums for patches before they are officially published.
- Self-Healing: Automating vulnerability fixes, compatibility testing, and pull request generation for human review.
This automation allows Echo to maintain over 600 secure images—a scale that would traditionally require hundreds of researchers.
Why This Matters for Security Leaders
Echo offers a shift from “mean time to remediation” to “zero vulnerabilities by default.” CISO Dan Garcia of EDB reported that the platform “saves at least 235 developer hours per release” by automating security checks.
Major enterprises like UiPath, EDB, and Varonis already use Echo to secure production workloads. As more companies move toward agentic workflows, the ability to trust underlying infrastructure without managing it may define the next era of DevSecOps.
The core message is clear: securing the cloud’s base layer is no longer optional. Echo is providing a foundational solution for enterprises that need to deploy AI safely and reliably.
