This is Clutch
Announcing our newest portfolio investment – conquering the challenges of non-human identities.

How many identities do you have…other than your secret identity as a superhero? (What you do in your spare time is your business.) At Merlin, we use a single-sign-on solution (SSO)
for our employees, which means I can use one username and password (along with multi-factor
authentication) to log into almost every system we have.

But if you’re a machine, our enterprise solution isn’t managing your accounts, and you probably
aren’t using SSO. As systems have gotten more complex and companies have moved
applications to the more dynamic environments the cloud allows, the number of these non-human
identities has proliferated, often now outnumbering human accounts by a ratio of 45 to 1. And
yet, despite the massive number of these non-human identities (NHIs), many of which have
permissions to access our most sensitive systems and data, they are often poorly tracked. They
are typically owned by application teams and managed at the application level. Security teams
working at the enterprise level have limited visibility into what is going on with the NHIs, making
them a prime target for malicious actors.

Which is why we are so happy to finally unveil our investment in Clutch Security, a company
built from the group up to address the challenges of non-human identities. We met this team early
on, before they were a fully formed company, before they even had a name. That gave us the
opportunity to get to know them, to understand their technical depth and their understanding
of the problem. And when Ofir, Sagi and Tal were ready to raise, we were excited to invest in
them alongside our partners at Lightspeed.

Clutch is tackling a big problem, but more importantly, doing it a way that is digestible and
works with existing infrastructure. Rather than try to rip and replace existing non-human identity
capabilities, they are instead giving companies a path to managing and securing them. They
provide observability at the enterprise level, guard rails and processes around the management
of NHI lifecycles, and perhaps most importantly, a path to migrate away from vulnerable
approaches to NHI management.

The challenges of NHIs are not getting any simpler. The velocity at which we build and deploy
applications is only increasing, bringing along with it an increasing number of these accounts.
New AI capabilities will only increase that proliferation of accounts, and without a strong
platform for managing them, we will continue to see NHIs as an increasingly common attack
vector.

With Clutch, organizations now have a way of taming those threats, putting the controls in place
to allow non-human identities to be managed at the enterprise level. We’re thrilled to be working
with such a talented group of entrepreneurs. The Clutch team knows the problem space, knows
what needs to be done, and has the experience to bring it to market and succeed. We like to invest in top teams, and this is a team of superheroes. To which we say — don’t worry, your identity is safe with us.