Underdog Startup - Sublime Security 🍋🟩
A NEW AGE FOR CYBER 🚀
Intro + Sublime background & team
Sublime Security’s founders know their stuff when it comes to cybersecurity, and they’ve built a product people actually want to use. The company just crossed $10M in ARR and is on pace to hit $18–$20M by the end of the year. Now they’re raising a Series C, only seven months after pulling in a $60M Series B (raised from IVP). What’s crazy is they’ve done this with basically no outbound marketing. Most of their growth has come from word of mouth. That’s just awesome.
Most hacks still start the same way, a phishing email. Over 90% of successful breaches begin in the inbox, and in 2023 alone, BEC scams cost businesses almost $3B. With AI, attackers can create realistic phishing attempts at scale, which makes the problem even scarier. That’s exactly what Sublime Security is built for, they’re not just another spam filter they built an email security platform that’s way different from the legacy players.
Old-school vendors like Proofpoint or Mimecast are basically “black boxes.” They block what they block, and you rarely know why. If something slips through, you file a ticket and wait. Sublime flips that whole setup. It’s the first open, configurable email security platform. Open means you can deploy it for free and actually see how the detections work. Configurable means you can tweak the rules or even write your own, almost like building custom YARA rules for email. And community driven means users share new detections with each other, so if one company spots a clever new phishing trick, everyone else benefits.
Sublime just added a heavy hitter to the team who is Colin Jones, the former CRO of Wiz, and is now their President leading GTM. For context, Colin helped take Wiz from zero to $100M ARR in two years, one of the fastest SaaS climbs ever. When someone with that track record signs on, it’s a strong signal they see massive upside ahead. And the founding team already bring serious firepower. Josh has the deep security experience from his DoD days, while Ian brings sharp product growth experience. Dmitri Alperovitch, who co-founded CrowdStrike, compared Sublime’s approach to how CrowdStrike flipped the script on endpoint security. He didn’t just invest, he also joined their board. Pretty awesome.
Market outlook:
The demand for stronger email security isn’t slowing down, it’s heating up. Hackers are constantly leveling up with AI generated phishing and other clever tricks, and companies are under pressure from regulators and insurers to tighten defenses. We’ve already seen what happens when a startup cracks a big security challenge: Abnormal Security is now worth $5.1B with $200M+ ARR, and Wiz is reportedly being acquired by Google for $32B just five years after launch. Those kinds of outcomes show just how massive the upside can be, and Sublime is positioned to ride the same wave if they keep executing.
Of course, the space isn’t empty. Giants like Microsoft bundle security into O365, and newer players like Abnormal are well-funded. But Sublime’s open, flexible model stands out. If they can keep proving they stop attacks others miss (one customer reported a 100% catch rate in a trial), then even in tighter budgets, their value prop is hard to ignore.
Bold predictions:
I predict Sublime will lean heavily into its community as a moat. Imagine a marketplace for detection rules and pluginscontributed by researchers and customers. This could make the platform increasingly valuable over time, as no single vendor (especially a closed one) can match the collective intelligence of a passionate community. The more people share threat intel on Sublime, the better it gets a network effect that newcomers will find hard to replicate.
With the new funding and sales leadership, Sublime could double or triple its ARR in the next 18 months. Hitting $50M ARR by the end of 2025 isn’t out of the question if they execute well.
For the sake of a bold call in 2-3 years, if Sublime maintains its trajectory, I could see a cloud giant or large security company attempting an acquisition north of several billion.