Highly sought-after federal software contracts frequently come with a hidden cost: Achieving government SaaS security compliance, known as FedRAMP, can take years and require substantial resources.
Achieving this certification typically takes up to three years and costs more than $3 million, covering everything from security operations engineer salaries to security audits, according to Irina Denisenko, CEO of Knox.
Denisenko (pictured above, second from right) launched Knox, a federal managed cloud provider, last year with a mission to help software vendors speed through this security authorization process in just three months, and at a fraction of what it would cost to do it on their own.
On Thursday, Knox said it has raised a $6.5 million seed round led by Felicis, with participation from Ridgeline and FirsthandVC.
Denisenko decided to embark on this journey after she learned firsthand the challenges of obtaining FedRAMP. Class, an education startup where she served as COO, had secured a contract to sell its software to the U.S. Air Force. And instead of waiting three years and spending millions, Denisenko helped Class.com buy CoSo Cloud, a company that was already FedRAMP certified and was managing Adobe’s federal cloud.
The acquisition helped Class receive FedRAMP certification in just six months. “Class would still be getting FedRAMP today” if it had tried to obtain the clearance on its own, Denisenko told TechCrunch.
And late last year, when it became clear that the proliferation of AI agents was becoming a national security concern, Denisenko decided to spin out the managed cloud solution into a standalone startup, Knox.
Companies that can afford FedRAMP certification include large software vendors like CrowdStrike, Palo Alto Networks, and Salesforce, Denisenko told TechCrunch. And as the government increasingly adopts more software, she hopes Knox can help SaaS vendors gain FedRAMP to access government contracts more easily.
Knox, named after a giant gold-storage fort in Kentucky, essentially provides a compliance management platform via a managed cloud that customers can connect their codebase to. The company’s software runs a continuous series of tests and audits to identify where the customer’s infrastructure, code, and security controls are falling short of FedRAMP standards, and either remediates those issues itself or flags them to the customer. It also offers some non-software tools to track and verify policies like personnel training and vendor management.
“This stuff is legitimately very hard and very risky,” she said. “We will bear the risk.”
Knox is already handling security and compliance for Adobe, Class, Spacelift, and an LLM provider. “We’ll end the year with well north of a dozen customers live in the cloud,” Denisenko said.
While FedRAMP authorization management may seem like a niche offering, Knox has one large competitor: Palantir.
Palantir’s offering, called FedStart, was introduced only two years ago, and since then, the giant data analysis platform has brought on the likes of Anthropic and Windsurf as clients.
For Denisenko, Palantir’s early success with FedRAMP only validates Knox’s mission.
“Even Anthropic couldn’t figure this out on their own,” she said, adding that going forward, software companies will want to outsource their FedRAMP compliance to a company like Knox.
