Konvu has been selected as one of three finalists for RSAC Launch Pad at the RSAC 2026 Conference. On March 24 in San Francisco, we'll pitch our exploitability engine to a panel of top cybersecurity VCs in a Shark Tank-style format. Three startups, five minutes each, one winner.
Three Startups, Five Minutes, One Stage at Moscone
RSAC Launch Pad is the RSA Conference's competition for early-stage cybersecurity startups with bold ideas. Each year, RSA selects three finalists from a competitive applicant pool. Those three take the stage, pitch live to a panel of judges, and make their case in front of a packed audience of security professionals and investors.
This year's judges are Sarah Guo of Conviction Partners, Barmak Meftah of Ballistic Ventures, and Enrique Salem of Bain Capital Ventures.
Past Launch Pad finalists have collectively raised over $255M in funding. Two have been acquired, and two went on to compete in RSAC's Innovation Sandbox.
The Bet: Exploitability Is the Missing Layer
Security teams are buried under scanner output. Over 85% of flagged vulnerabilities turn out to be false positives, and the investigation work required to figure out which ones actually matter is crushing. AI is making it worse on both sides: more code, more dependencies, more findings, and attackers weaponizing new CVEs within days of publication.
Konvu deploys AI agents that reason about whether a vulnerability is actually exploitable in your environment. We model each vulnerability as a set of conditions, then verify those conditions against your code, configurations, and controls. The output is an evidence-backed verdict: exploitable, false positive, or inconclusive. When we can't make the call automatically, we tell you exactly what context is missing so your team can provide it and close the loop.
We're not replacing your scanners. We plug into whatever you already run and add the exploitability layer on top. Your tools stay, your workflows stay, you just stop spending hours investigating findings that don't matter.
I wrote about the full vision a few months ago if you want the longer story.
Signals the Problem Resonates
A lot has happened in a short time. Earlier this week, Latio named Konvu a Supply Chain Innovator in their 2026 AppSec Market Report. James Berthoty called out Konvu for "combining all aspects of reachability with AI-based prioritization, resulting in some of the most robust false-positive reduction on the market."
On the customer side, a fintech SaaS company with 2,000+ employees flagged 81% of their Snyk findings as false positives and saved 50+ hours per week on triage. That's developers building product instead of chasing alerts.
Now the RSAC Launch Pad selection. These things are converging because the problem is obvious to anyone running a security program at scale, and the existing tooling isn't solving it.
Meet Us in San Francisco at RSA Conference
We'll be at RSA Conference the week of March 24. If you want to meet the team or see a live demo, book a meeting.
Can't make it to San Francisco? Book a demo and we'll walk through your own backlog.