SubImage

Hi! We're SubImage, a YC-backed cybersecurity startup. We use graph theory to map out customer environments, helping them find and fix vulnerabilities before they get hacked.

Our tech is built around an open source tool called Cartography that we created at Lyft and donated to the Linux Foundation. It’s used by over 70 companies - including 7 in the Fortune 100 - to make sense of complex infra across AWS, Okta, GitHub, and more.

We're a small, fast-moving team passionate about security, infra, and AI. Before starting SubImage, we've worked at places like Lyft, Anthropic, and the NSA.

We ingest data from cloud APIs like AWS, Okta, and GitHub into a connected graph, requiring scalable pipelines, access modeling, and evolving our architecture to meet growing customer demands.

On top of the graph, we’ve built a natural language interface that lets users ask questions like:

• “What compute instances are exposed to the internet that I don’t know about?”
• “What attack paths are possible if this engineer’s laptop was stolen?”

Our stack includes:

• Languages: Python, TypeScript
• Databases: Neo4j, DynamoDB
• Infra: Docker, AWS, Terraform
• Core concepts: Graph theory, security engineering, LLM engineering (natural language search)