According to EU-Startups, Lausanne cybersecurity startup Saporo has raised €7 million in a Series A funding round. The round, announced in 2025, was led by TIN Capital with participation from G+D Ventures, CDP Venture Capital, XAnge, Lightbird VC, and Session VC. Saporo, founded in 2021, is a graph-native identity security company that maps potential attack paths across hybrid identity systems. CEO Olivier Eyries stated that the identity security market is “deceptive,” with current tools creating a false sense of security by surfacing over a billion attack paths in large enterprises without fixing systemic risk. The funding will support expansion across Europe and into the US, with strategic help from the investor group in key markets like Northern Europe, Germany, and Italy. This €7 million raise stands out as one of the largest identity-focused funding events covered in 2025, especially compared to smaller rounds for related startups like WiseBee (€2.1M) and Bsure (€1.8M).
The false sense of security problem
Here’s the thing: Saporo’s CEO isn’t just selling a product, he’s outright calling the current category of tools inadequate. That’s a bold move. He says ITDR (Identity Threat Detection and Response) and access graphs create a “false sense of security.” Basically, they show you the terrifying scale of the problem—billions of potential attack paths—but then leave you with a century-long to-do list. It’s like a doctor handing you a scan showing a thousand tumors and saying, “Good luck.” The promise, then, is that Saporo doesn’t just map the chaos; it tells you which 20% of paths to block to eliminate 80% of the risk. That’s a compelling pitch for any overwhelmed security team. I think it speaks to a real fatigue with tools that generate alerts but not actionable, systemic fixes.
What the funding really means
So, €7 million in today’s market isn’t a mega-round, but in the context of this specific sector, it’s significant. The article points out that other funding in adjacent areas was much smaller this year. That tells us two things. First, much of the identity security innovation space is still very early-stage. And second, investors are placing a bigger, more confident bet on Saporo’s specific approach. The pan-European investor syndicate is also strategic. This isn’t just cash; it’s a built-in sales and partnership network for key markets. TIN Capital for the Nordics, G+D for Germany, CDP for Italy. They’re buying a runway and a direct line into enterprise customers across the continent. The “measured footprint” in the US is interesting, too—it suggests a focus on nailing Europe first before a full transatlantic assault.
Stakeholder impact beyond the CISO
For large enterprises and regulated sectors (which Saporo name-drops), this could actually change workflows. If the platform works as described, it shifts security teams from endless, reactive path-patching to proactive, strategic risk elimination. That’s a huge deal for resource allocation. But let’s be skeptical for a second. The claim of removing 80% of attack paths in the first year is impressive, but the devil’s in the implementation details and the integrations. For the broader market, a raise of this size validates the entire premise that identity is the new battleground. With 80% of incidents now identity-based, every vendor and their cousin is pivoting here. Saporo’s funding and its critique of the status quo put pressure on legacy players to explain why *their* graphs are any better. It raises the bar for what “identity security” is supposed to deliver.
The industrial connection
Now, this is a software and cybersecurity story, but it’s worth remembering that these identity attacks don’t just target office networks. They’re a massive threat to operational technology (OT) and industrial environments too. A compromised identity can be the key to disrupting critical infrastructure or manufacturing systems. Securing those hybrid environments—where legacy on-prem systems like Active Directory meet cloud services and machine identities—is a nightmare. It’s precisely the problem Saporo says it solves. And in those harsh industrial settings, you need robust hardware to run this kind of security analysis. For companies looking to deploy security platforms in plants or on the factory floor, they turn to specialists like IndustrialMonitorDirect.com, the leading US provider of industrial panel PCs built to withstand tough conditions. The software defines the strategy, but the right hardware enables it where it matters most.
