The challenge isn’t differentiation, it’s proving the value of that differentiation in a crowded market where most vendors sound the same but can’t deliver.
1. HackerNoon: What is your company in 2–5 words?
Bruno Kurtic: Ubiquitous data security and management
2. Why is now the time for your company to exist?
The industry is at an inflection point where data growth, cloud modernization, and AI adoption have created data security and visibility challenges that pose huge risks to enterprises. With 53% of security teams lacking comprehensive data risk visibility, and most requiring days or weeks to locate sensitive data assets, organizations are operating in environments where threats can materialize in minutes.
For decades, traditional security approaches focused on perimeters and infrastructure—locking down endpoints, networks, and systems—but these models can’t keep pace with the scale and sprawl of data across IaaS, PaaS, SaaS, and now AI pipelines. The next frontier will be autonomous AI agents operating independently on enterprise data, communicating with one another, and making decisions. Governing access in this world, based on data sensitivity, entitlements, and usage context, remains unsolved.
Bedrock Security exists to meet this shift. By combining cloud-scale architecture with AI-powered data context, our metadata lake provides the visibility and control needed to secure data across its lifecycle and prepare organizations for the operational demands of AI-driven systems.
3. What do you love about your team, and why are you the ones to solve this problem?
What I value most about our team is a shared mindset—deep technical expertise combined with a bias for action. We’ve built a meritocratic culture where people are encouraged to make bold decisions, move quickly, and learn from what doesn’t work.
My co-founders, Pranava and Ganesh, bring strong product, systems, and data security backgrounds that shape how we think about building at scale. Our team comes from companies like Cohesity, Rubrik, Sumo Logic, AWS, and Crowdstrike, where we saw how hard it is to manage and secure data in fast-moving, complex environments.
We also have a bias for learning and adapting, especially important as the AI space evolves quickly. We’re not afraid to experiment or change direction when needed, as long as it helps us get to the right outcome. That flexibility, paired with experience, is what makes this team well-suited to solving a problem that isn’t standing still.
4. If you weren’t building your startup, what would you be doing?
I’m a builder—it’s how I’ve always operated. I don’t sit still, and I’m not at my best without a project to chase. If I weren’t building Bedrock Security, I’d be building something else—not another company, because Bedrock is the company—but something. In my free time, I make wine, brew beer, work with wood, and get outside whenever I can—offroading, camping, kayaking. I also build and tinker with my two daughters: we code, 3D print, and study languages together. I’m wired to create, whether it’s software or something physical.
5. At the moment, how do you measure success? What are your metrics?
Success metrics evolve with every stage of the company. Right now what I’m looking for and measuring are indicators of product market fit, traction in early GTM, and talent.
Product
- Release velocity
- Product market fit (gaps in RFPs, etc)
- NPS (customer delight)
GTM
- Pipeline growth and pipeline health
- ARR growth
- Net Dollar Retention
Talent
-
Employee NPS
-
Referral rate
6. In a few sentences, what do you offer to whom?
We help enterprises discover, classify, and contextualize data across cloud, SaaS, and on-prem environments. Our metadata lake provides an open foundation that supports cross-functional collaboration, giving security, data, and governance teams shared visibility into data sensitivity, access, usage, and lineage. It integrates with third-party tools and supports multiple use cases, including DSPM, AI model training, Copilot rollout readiness, agentic AI governance, and compliance. The result is a unified layer of context that enables policy enforcement and risk reduction without creating operational friction or another silo.
7. What’s most exciting about your traction to date?
Our customers aren’t just looking to solve DSPM—they’re preparing for the next decade of data challenges, much of it driven by AI. DSPM is a relevant starting point, but what matters most is having a comprehensive, open, and scalable data risk context that applies across functions and use cases. We’re seeing some sophisticated examples of this already—like a biotech company using us to track DNA sequences as they move through their cloud environment to protect customer IP. While we handle PII, PHI, and other standard categories of sensitive data, our AI models also go further—they can be trained on specific datasets to recognize and contextualize complex assets like genomic data, chip designs, trade secrets, and other forms of high-value intellectual property.
8. Where do you think your growth will be next year?
We expect growth to come from the expanding use of enterprise data by autonomous systems—AI agents, copilots, and models that require controlled access to sensitive information without direct human oversight. As this shift accelerates and data volumes continue to grow, organizations are looking for a way to move beyond one-off DSPM projects and toward broader, continuous data governance. Use cases often start with discovery and classification but quickly expand into access control, tagging, lifecycle management, and compliance automation. A key part of our value is feeding contextual data—sensitivity, usage, entitlements—into existing cybersecurity tools like SIEM, DLP, and CNAPP, helping those systems prioritize risk and operate more effectively. Our open architecture supports this kind of expansion without creating new operational silos.
9. Tell us about your first paying customer and revenue expectations over the next year.
One of our most interesting customers is a large SaaS provider that’s using us across ten petabytes of data in their environment across IaaS, PaaS, and SaaS. They are a very technical shop and are using Bedrock Security in an API-first mode to integrate it into multiple data stores and workflows. For example, they have a large security data lake and automatically decorate data in the lake with sensitivity and risk context in the metadata lake that Bedrock builds. They also built a DLP-like solution on top of the metadata lake via a custom Slack bot that monitors changes in GDrive and correlates those changes to risk context in the metadata lake to notify users who expose sensitive data.
10. What’s your biggest threat?
The challenge isn’t differentiation, it’s proving the value of that differentiation in a crowded market where most vendors sound the same but can’t deliver. Many customers start with a single use case like DSPM, but struggle to expand or support broader enterprise needs. Our focus is on helping customers avoid that trap by giving them an open, extensible foundation that can scale across teams and functions. The real threat is that buyers end up stuck in another silo, with a multi-year contract, getting budget constrained, solving one problem but creating more downstream.
This startup founder interview template is based on HackerNoon Founder & CEO David Smooke’s ten questions for startup founders.
