Saporo, helping security teams reduce attack paths, enforce least privilege, and prevent breaches, led by Olivier Eyries, Guillaume Eyries, and Dr. Eric Blavier, has secured €7 million in Series A funding led by TIN Capital, with participation from G+D Ventures, CDP Venture Capital through its Corporate Partners I – ServiceTech fund, XAnge, Lightbird VC, and Session VC.

Each investor will play a targeted role in Saporo’s expansion: TIN Capital in Northern Europe, G+D Ventures in Germany, and CDP Venture Capital in Italy, with Trachet advising on the transaction.

Identity-based attacks account for the majority of cyber incidents, with over-permissions, misconfigurations, and shadow administrators creating vulnerabilities across systems like Active Directory, Entra ID, AWS, and Okta. Stronger identity controls could prevent most breaches, yet many organisations still face critical gaps.

Saporo is a graph-native identity security platform that maps and analyzes millions to billions of potential attack paths across hybrid identity systems, including Active Directory, cloud directories, and machine identities. By revealing the relationships, misconfigurations, and excessive permissions that enable lateral movement and privilege escalation, the platform provides a clear view of an environment from an attacker’s perspective.

Since a single viable route is enough for compromise, Saporo computes all potential identity attack paths and identifies the smallest set of changes that deliver the greatest reduction in risk. Large enterprises can face hundreds of millions of such paths, and few solutions can scan, model, and prioritise identity risk at this scale.

Saporo’s co-founder and CEO, Olivier Eyries, highlighted that much of the identity security market creates a false sense of safety, with ITDR tools and access graphs often failing to capture systemic risks or mirror an attacker’s view. In large enterprises, identity graphs can reveal more than a billion attack paths, an unmanageable volume to resolve individually. Saporo’s customers typically eliminate around 80% of these paths within the first year, achieving rapid, meaningful risk reduction with significantly less remediation effort.

Saporo uses graph databases and graph theory to reveal the most critical attack paths and the smallest configuration changes needed to break them. It continuously monitors identity and configuration shifts, enforces long-term segregation of duties, and aligns environments with frameworks like ANSSI and MITRE. This approach drives strong adoption across financial services, healthcare, government, manufacturing, and technology, reflected in customer retention above 140%.

Guillaume Eyries, co-founder and Chief Product Officer at Saporo, highlights the rise of identity-led attacks, where adversaries log in rather than break in. Saporo gives defenders an attacker’s view of their hybrid identity fabric, allowing them to eliminate risky paths before incidents occur. The new funding will accelerate automation and expand multi-cloud and developer-ecosystem coverage across Microsoft, Google, AWS, Okta, and GitHub.

Saporo will use the funding to grow its R&D, sales, and marketing teams through 2026, aided by internal AI tools that have already boosted engineering productivity. The capital will also enhance one-click remediation, extend identity coverage to Google Workspace/Cloud and GitHub, and strengthen the company’s presence across Europe with selective expansion in the U.S.