The logic of cyber deception is almost disarmingly simple. You leave something valuable-looking in a place where it has no legitimate reason to be touched. When someone touches it, you know they shouldn't be there. No false positives. No alert fatigue. Just a clean, high-confidence signal that your environment has been compromised.
Tracebit, founded in 2023, has built a business on that logic, and on Tuesday it closed a $20M Series A led by FirstMark Capital, according to co-founder and CEO Andy Smith. The round comes roughly 18 months after the company raised a $5M seed to build out its cloud-native deception platform, and marks a significant step up in ambition and scale.
The platform deploys what it calls canaries across cloud environments: decoy files, credentials, configurations, and endpoints that look real enough to attract an attacker but serve no operational purpose. The moment one of those canaries is touched, queried, opened, clicked, Tracebit fires an alert. The signal-to-noise ratio, the company claims, is near-perfect because legitimate users never need to interact with assets that don't exist in any workflow.
The 💜 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
Current clients include Snyk, Docker, and Riot Games, all of which operate large, complex cloud environments where traditional signature-based detection tools struggle to keep pace with attacker sophistication. Tracebit says it has deployed millions of canaries protecting thousands of environments since launch.
The Series A will fund expansion of the platform's canary library, adding more asset types across more cloud providers, as well as growth in the go-to-market team. Smith declined to share revenue figures at this stage.
Deception technology is not new. Honeypots have existed in various forms for decades, and several vendors have built dedicated deception platforms over the years.
What Tracebit is pitching is the cloud-native, turnkey version: low operational overhead, automated canary deployment, and integrations with the SIEM and incident response tools that security teams already use. The question for the Series A is whether that simplicity argument holds up at enterprise scale, and whether the high-signal promise survives the complexity of large, multi-cloud environments.
For a sector drowning in alert noise, the pitch is hard to dismiss.