In a conversation with GEC Media, Nir Valtman, CEO of Arnica, discusses how the company is redefining application security with a unique free platform and real-time scanning designed to engage developers and enhance security team productivity.
Can you walk us through the innovations you’re showcasing at GISEC this year?
Our solution is quite unique in the application security space. Unlike traditional scanners that focus on vulnerabilities like SAST, SCA, secrets, and so on, we offer our platform for free—unlimited time, unlimited users. What we sell is productivity for security teams and adoption.
Typically, developers are forced to install plugins or integrate tools into pipelines, which creates friction. Security teams end up chasing developers. With Arnica, you get full adoption from day one. Developers actually fix vulnerabilities without being chased, and that’s the real value.
The more automation and productivity we deliver to security teams, the more value they derive—and that’s where our pricing kicks in.
Now that we’re midway through GISEC, how has the event measured up to what you anticipated?
This is my first time at GISEC, and honestly, it’s been a pleasant surprise. I had heard a lot about the event, but experiencing it first-hand is something else.
It’s very busy, well-organized, and packed with vendors and prospects from across the region. There’s strong interest not just from buyers but also from potential partners—which is key for me.
Of course, I’m here to connect with customers, but I’m also looking to build long-term, scalable business relationships, and this has been a great environment for that.
Is there a key message you’d like to share with the CISO community attending GISEC?
Yes. I’d encourage CISOs to not only visit the partners they already work with but also explore the startup zone. Innovation often comes from new players doing things better, faster, and more affordably.
Also, these events offer access to new minds and fresh perspectives—people you may not usually interact with through your existing account managers.
What differentiates Arnica from other application security vendors?
The application security market is crowded—with over 150 vendors. Everyone has their own specialty, whether it’s scanning, prioritization, or reachability.
Arnica is different in several key ways:
- Free Platform, Pay for Productivity – Our platform is free. What customers pay for is the productivity gains for their security teams.
- Real-Time Scanning – We scan code in real-time and offer immediate feedback. This is essential in the age of AI code assistants, which introduce vulnerabilities from open-source training data.
- Developer-Friendly Approach – We engage developers privately via Slack or Teams in what we call a “blameless and shameless” way. No one is embarrassed, and it encourages faster remediation.
- Expertise-Based Remediation – After analyzing millions of vulnerabilities, we found that 82% were written by developers no longer at the company. Our solution identifies current team members with domain expertisewho can fix those issues—because when someone else tries, it can take 143 days on average, versus 1 day if the original author does it.
So, we’re solving a major challenge for CISOs: how to tackle the growing backlog of vulnerabilities with limited resources.
