Shauli Zacks
Published on: August 27, 2025
SafetyDetectives recently sat down with Itai Goldman, Co-Founder and CTO of Miggo Security, to discuss his journey in cybersecurity and the company’s pioneering work in Application Detection and Response (ADR). With a background in elite military cyber units and a passion for building next-generation defenses, Itai shared insights into Miggo’s mission, how ADR is changing the game, and why runtime application security has never been more critical.
Can you tell us a bit about your background and what led you to join Miggo?
I’m the Co-Founder and CTO of Miggo Security, the first Application Detection and Response (ADR) platform. I’ve spent over a decade in elite information security units, and I’ve always been passionate about securing applications across infrastructure, networks, and cloud environments.
Before starting Miggo, I served 11 years in the IDF, where I led the cybersecurity research unit. I’m also a graduate of the IDF’s Talpiot program, which played a big role in shaping my approach to problem-solving and innovation. Outside of cybersecurity, I love exploring new countries through trekking, combining adventure with my constant drive to learn and discover.
How would you describe Miggo’s mission, and what makes the platform stand out in the crowded application security space?
Miggo is on a mission to secure every application, everywhere. Miggo enables security teams to proactively defend their organizations with runtime visibility, predictive threat modeling, preemptive mitigation and proactive detection and response, closing the gap between detection and protection.
Applications have become the backbone of modern businesses, but also the biggest blind spot in modern security. As applications grow more complex, containerized, cloud-native, and increasingly powered by LLMs and AI agents, they no longer follow static logic. They adapt, compose, and evolve at runtime, often in unpredictable ways. The risk is no longer just in deployed code, but in the behavior that the application generates after deployment.
Traditional security tools were designed for deterministic systems. They rely on static scans, pre-known patterns, and developer-driven remediation, missing the emergent behavior, dynamic chaining, and inference-based logic that now defines modern applications. The result: security teams now have thousands of vulnerabilities in their backlog, many of them false positives, while remaining blind to threats that don’t have conventional patterns.
Meanwhile, attackers are evolving faster. They use AI to simulate user flows, map logical behaviors, and test for exploitable conditions, even without known vulnerabilities. Modern attacks now exploit behavior, not just code – from prompt injection and behavioral drifts to context-specific abuse. This new threat surface is emergent, explorable, and invisible to legacy tools.
The existing defense model is too reactive: by the time something is flagged, the damage is done. Security teams need more than better detection – they need foresight combined with action. The ability to understand how applications behave in the real world, predict how they could be attacked, and defend them before exploits occur.
Application Detection and Response” is still a relatively new concept. How do you explain ADR to someone unfamiliar with it—and why is it critical now more than ever?
At the core of Application Detection and Response is the elimination of runtime visibility blindspots that enables security teams to detect and stop attacks that other tools can’t detect altogether or are too slow to detect, and with the lowest false positive rate. At the heart of Miggo’s ADR is AppDNA.
Unlike code scanners that analyze what applications should do, AppDNA maps what they actually do in production.This technology provides significant advantages to security teams by shifting from theoretical analysis to real-world, real-time, runtime visibility, eliminating blind spots in live environments.
Cloud-native architectures have transformed how apps are built and deployed. What unique risks come with these environments, and how does Miggo help mitigate them in real time?
Cloud-native architectures and increasingly AI-native architectures have created new blindspots in application environments. Modern applications are distributed, built on multiple APIs, leveraging open source packages and third-party components.
The existing tools are creating a barrage of alerts and detections, which is hard to distill due to the lack of context. When Miggo identifies an active attack path in the application, it doesn’t just generate alerts. It offers a tiered, actionable response: fix the root logic, apply real-time mitigation, or dynamically enforce runtime controls.
For each response level, Miggo provides security teams with a unique advantage. First, security teams gain detailed evidence for active attack paths to show developers the exact source of the issue and reduce the time spent going back and forth on whether the issue is actually exploitable.
Second, unlike other runtime and ADR/ CADR vendors, Miggo has a WAF Copilot which can automatically generate custom WAF rules, allowing teams to preemptively neutralize any threat at runtime.
Finally, using Miggo’s DeepTracing and patent-pending Smart Triggering process, Miggo can detect application level attacks in real time and use in-application blocking to stop them.
There’s growing fatigue around security tools that generate excessive noise. How does Miggo ensure that its alerts are actionable and not just more clutter in a crowded SIEM dashboard?
Miggo ensures its alerts are actionable by cutting through the noise with runtime application context. We identify whether a vulnerability is truly internet-reachable and if the specific function is ever executed. This precision reduces false positives and typically eliminates up to 99% of the noise. Beyond detection, we recently introduced the Miggo WAF Copilot that instantly generates effective, surgical preemptive controls, empowering security teams to stay proactive rather than waiting for long and risky patch cycles. The result is clear, actionable security insights paired with immediate protection.
From a marketing perspective, what trends are you watching closely in the AppSec world?
From a marketing perspective, we’re watching three big shifts shaping the AppSec world.
First, AppSec is no longer siloed, because of the continuous delivery model, security must be woven into every stage, bringing developers, DevSecOps, operations, and AppSec teams together to move at the speed of modern software. This requires tools that enable and foster this kind of collaboration between teams.
Second, runtime context is now essential. What used to be fragmented across code scanning, testing, and production is converging, with runtime visibility becoming the key to focusing on the threats that actually matter.
Finally, can’t miss mentioning AI. AI is transforming the entire landscape, from the velocity that developers need to deliver and how they are actually building applications, to speed and capabilities of attackers.
The average time to exploit a new CVE was around 60 days 10 years ago. Today it’s under 22 hours – that’s how AI is arming attackers with speed and nation state capabilities. This means that security teams are under increasing pressure to be proactive and solutions need to meet the moment.
