Security compliance has always carried a bad reputation. For many companies, it feels like a box-ticking exercise, something you do because auditors require it, not because it makes the business safer. Oneleet, a fast-rising cybersecurity startup, believes that mindset is broken. This week, the company announced a $33 million Series A funding round led by Dawn Capital, with participation from Y Combinator and a roster of heavyweight angels, to scale its vision of security-first compliance.

Founded in 2022 by Bryan Onel, Ora Onel, and Erik Vogelzang, Oneleet was born out of a frustration with what its team calls “compliance theater.” Bryan Onel’s background as a penetration tester meant he had seen how companies that passed compliance checks could still be dangerously vulnerable. The company’s pitch is straightforward: if security is handled properly from the start, compliance becomes a natural outcome rather than a forced ritual.

Building a Unified Security Platform

Oneleet’s product combines tools that are often scattered across multiple vendors. The platform integrates penetration testing, cloud security posture management, code scanning, attack surface monitoring, and SaaS integrations into one system. On top of that, it provides compliance frameworks for SOC 2, ISO 27001, HIPAA, PCI DSS, and GDPR, along with policy management, evidence collection, and access reviews.

Rather than leaning only on automation, Oneleet blends AI with human expertise. Automated scans and monitoring detect issues at scale, while security experts validate critical findings. This “pentester mindset” is a key part of the company’s value proposition, setting it apart from competitors who focus mainly on compliance automation.

Market Traction and Momentum

The traction is already visible. Oneleet reports more than 750 customers, including a large number of Y Combinator-backed startups, and annual recurring revenue in the $7–9 million range. Remarkably, the company achieved profitability before this Series A raise, a rare feat for a security compliance startup at this stage.

Investors backing the round include Dropbox co-founder Arash Ferdowsi and former Snowflake and ServiceNow CEO Frank Slootman, signaling strong belief in the team’s ability to scale. Dawn Capital, the lead investor, emphasized the importance of combining technical depth with compliance readiness, a gap Oneleet appears determined to close.

Oneleet’s Position in a Crowded Market

The security compliance market is already crowded, with players like Vanta, Drata, and Secureframe dominating headlines. Oneleet’s bet is that compliance-only platforms will not be enough in an era of increasingly sophisticated cyberattacks. Its narrative is that companies should not just aim to “pass the audit,” but instead build a resilient security foundation that automatically satisfies regulators and auditors.

The $33 million funding will go toward expanding its engineering team, building out more AI-driven capabilities, and extending its reach beyond its current early adopter base. The challenge will be scaling its human-intensive services, such as penetration testing and virtual CISO offerings, without diluting quality.

Still, if Oneleet can balance growth with technical rigor, it could reshape how businesses think about compliance and security. For now, it stands out as a startup pushing against the grain of an industry that too often rewards appearances over actual resilience.