Conversation
Highlights

From Bootstrap to Venture: How 200 Customer Conversations Shaped Staris AI’s Security Revolution

Most founders with two successful exits and decades of industry experience might coast into their next venture. Adam took the opposite approach—spending months talking to hundreds of security leaders before writing a single line of code for Staris AI.

In a recent episode of Category Visionaries, Adam Cecchetti, CEO and co-founder of Staris AI, shared how his application security company raised $5.7 million by fundamentally rethinking what the market actually needed. The story reveals how extensive customer discovery can completely reshape a product vision, even for experienced founders.

The Bootstrap to Venture Decision

After building and selling two bootstrap companies over a decade, Adam faced a choice familiar to many serial entrepreneurs: stick with the proven bootstrap model or take venture funding for bigger ambitions.

“I had done the bootstrap companies previously, and it’s a fantastic route to take for this one,” Adam explains. “We had a much bigger vision and a much bigger market we wanted to address. And so we started with VC to be able to kind of have a little more runway, be able to build the product, as well as to be able to take on that larger vision.”

The transition from bootstrap founder to venture-backed CEO brought immediate relief. “After crawling across glass for 10 years as the bootstrap founder, yes, it is nice to have a little bit of more expansive breathing room in the process,” Adam reflects.

But funding didn’t mean rushing to build. Instead, Adam and co-founder Austin Fath embarked on one of the most comprehensive customer discovery processes in recent memory.

The Power of 200 Conversations

Before building anything, Adam and Austin conducted over 200 interviews with CISOs, CTOs, and CIOs across the industry. This wasn’t casual market research—it was a systematic effort to understand whether their initial vision aligned with real market needs.

The conversations revealed something unexpected that would completely reshape their approach.

“The number one takeaway was people do not need more to do,” Adam discovered. “They do not need more work, they do not need more bugs. They don’t need bugs cheaper or better or faster. They really need this problem to start shrinking.”

This insight hit at the core of the application security market. While countless tools existed to find vulnerabilities, security teams were drowning in alerts, bugs, and an ever-growing backlog of issues to address.

The Perfect Storm of AI and Security

The timing of these insights aligned with a massive technological shift that would amplify the problem. Adam recognized that AI would fundamentally change how code gets written.

“Our perspective is that AI is going to be writing or rewriting the vast majority of new code in the next five years,” he explains. “Whether it’s you’re vibe coding this awesome thing up on the weekend, or you’re using a co pilot to assist you to make, you know, a senior engineer to make something awesome, we think the amount of code is just going to explode and expand.”

This explosion of AI-generated code would create an unprecedented challenge for security teams already struggling to keep up. “The teams that are barely keeping up or weren’t keeping up before now have this new holistic problem on their hands of like 10x more code coming year after year,” Adam notes.

But Adam saw opportunity where others might see overwhelming complexity. “I do think there is going to be a step function for everyone, for the attackers will be able to do things at scale, faster, better, cheaper than they were previously. But I also think this is the first time in the history of computer security we’ll actually be able to get ahead of the problem.”

Creating the Total Context Security Category

Armed with customer insights and technological understanding, Staris AI began defining what they call “total context security”—a category that goes beyond traditional vulnerability scanning.

“The idea is to be able to take what matters to your business, what actually puts your business at risk, understand that,” Adam explains. “Understand how to find issues in your application such that it’s married with that business risk and the technology stack you’ve built, but then also be able to mitigate that risk with proof at each stage along the way.”

The naming choice was deliberate. After considering options like “next gen pen testing” and “AI security co-pilots,” they chose clarity over complexity. “We spent a lot of time working on figuring out how we could show the unique solution we’re bringing to market was different than a lot of the other things out there,” Adam says.

The Art of Negative Positioning

One of Adam’s most powerful insights came from his previous company experience: sometimes defining what you don’t do is more important than explaining what you do.

“I used to make this joke at my previous company that I sold more work telling people what I didn’t do versus what we did do,” he shares. “Being able to articulate well, like, so we’re not an ASPM, we’re not doing these particular types of things is part of standing out.”

In the crowded security market with thousands of vendors, this negative positioning helps prospects quickly understand Staris AI’s unique value proposition without getting lost in feature comparisons.

Founder-Led Growth and Timing

Despite having venture funding, Adam made a strategic decision to delay broad marketing efforts. Instead, Staris AI operates entirely through founder-led sales, leveraging Adam’s 25 years of industry relationships.

“We’re going back to a lot of our people we had talked to initially when we started the company, as well as some old customers and colleagues and friends to be able to say, hey, let’s do some proof of concepts. Let’s show you how it works. Let’s get your feedback. Make the product better and better.”

This approach reflects a disciplined focus on product-market fit before scaling. “We’ve been really laser-like focused on building a great product, getting a good story for our customers, understanding what truly provides them value before we kind of went out and mass broadcasted that message,” Adam explains.

The company plans to expand their go-to-market efforts in Q4, only after establishing strong customer validation and product refinement.

Building for the Long Term

Perhaps most importantly, Adam emphasized the critical importance of early team alignment—a lesson learned from previous ventures.

“One of the biggest ones was really coming in and having that core team that you wanted to go on a decade or more long adventure with and really understanding that you’re getting on the same page from the very first day about what this company is going to be, what scale you want the company to be, what journey you want to take and what paths you want to take.”

This foundation enables Staris AI to pursue their ambitious long-term vision: creating an immune system for applications on the internet.

The Immune System Vision

Looking ahead, Adam envisions a future where security becomes invisible to developers and organizations. “The big picture vision is we create that immune system,” he explains. “We say, hey, go build this awesome thing and put it on the capital I Internet. And Staris will review it, make it the best version it can from a security perspective and keep it safe so you can go build the next thing and the next thing and the next thing.”

This vision extends beyond traditional applications to encompass the full spectrum of internet-connected devices and systems. “We envision a version of Staris for your cell phone, for your applications, for your battleship, whatever that might be,” Adam says.

Lessons for B2B Founders

Staris AI’s journey offers several key insights for venture-backed B2B founders. Extensive customer discovery can reveal market needs that differ dramatically from initial assumptions. Sometimes the biggest opportunity lies not in creating new solutions, but in making existing problems smaller and more manageable.

The power of negative positioning in crowded markets cannot be understated—clearly articulating what you don’t do helps prospects understand your unique value faster than lengthy feature explanations.

Finally, the discipline to delay marketing expansion until achieving strong product-market fit, even with venture funding available, demonstrates the importance of building solid foundations before scaling.

As AI continues to reshape how software gets built and security threats evolve, companies like Staris AI are positioning themselves at the intersection of these massive technological shifts, ready to solve problems that will only grow more critical in the years ahead.