AppOmni raises $40M for tools to secure enterprise SaaS apps

Enterprises are adopting an ever-wider range of SaaS applications to work and interface with customers, and that is proving to be a major security concern: it’s not just the prospect of phishing, credential stuffing and other malicious tricks to get into systems that are a worry, but the fact that more applications mean more attack surfaces, and more integrations between apps mean more inadvertent holes that get exposed in the process.

And that is leading to surge of interest in security applications that can help. Today, a startup called AppOmni — which has built a platform to help monitor SaaS apps and their activity, provide guidance to warn or block when things might go wrong, and fix problems when they do occur — is announcing some funding to fuel its growth.

The startup has raised $40 million in a Series B round led by Scale Venture Partners, with Salesforce Ventures and ServiceNow Ventures, as well as previous backers ClearSky, Costanoa Ventures, Inner Loop Capital and Silicon Valley Data Capital also participating.

The funding is coming on the back of a huge year for AppOmni. The company grew 900%, co-founder and CEO Brendan O’Connor told TechCrunch, and it has managed to stay at 100% customer retention — that is, AppOmni has yet to lose a single customer since it was founded.

The company today integrates with over 100 connectors, platforms used by developers and IT teams at companies to manage the apps that their businesses use, tools Splunk and Sumo Logic. Through this, AppOmni is able to aggregate and normalize event data around those apps, in addition to deeper monitoring in cases where it can integrate with apps themselves (those integrations to date include some of the most popular apps that enterprises use today, including Salesforce and Slack, Zoom, Microsoft 365, Box and Github).

As O’Connor describes it, the sheer number of apps that enterprise teams use and adopt has made managing security around them very complex. Partly because of how SaaS is set up for usage by as many people in and outside the organization as possible (to make the apps more useful), AppOmni estimates that some 95% of enterprises “overprovision” permissions for external users.

On top of that, some of the biggest problems occur indirectly, specifically when applications are linked up together, creating a flow of sensitive data. AppOmni says that some 55% of companies have sensitive data living in SaaS systems that has been inadvertently exposed to the anonymous internet, sitting there completely unguarded, in this way. (See Zack’s story here for a recent example of how this can play out.)

This is an issue, he said, that is unique to SaaS, which he describes different architecturally to any software that companies might have used in the past. “There is no operating system, no network that is exposed to customers,” he said.

The idea is that AppOmni provides a dashboard to make that monitoring much less murky. “One of our customers described using AppOmni as being akin to turning a light on in a dark room,” O’Connor said.

O’Connor and his co-founder, Brian Soby (the CTO), have first-hand knowledge of the challenges of securing SaaS applications: both spent years at Salesforce — with O’Connor the company’s SVP and “chief trust officer”, a role he left to join ServiceNow as its security CTO, before leaving there to co-found AppOmni with Soby.

It’s partly that track record, along with AppOmni’s own track record, that has given the startup the attention that it has from investors. Interestingly, Scale came to know AppOmni not over a coffee or a pitch deck, but as one of those satisfied customers, which eventually led the VC to offer to invest.

“Scale Venture Partners became an AppOmni customer in 2020. We know firsthand how powerful and differentiated the AppOmni product when it comes to protecting our sensitive SaaS data, and we’re excited to now be both a customer and an investor,” said Ariel Tseitlin, a partner at Scale Venture Partners, in a statement. “AppOmni’s 9x growth last year, driven by the acquisition of customers across a wide range of industries, proves that AppOmni is the market leader in the increasingly important SaaS Security Management market. We expect the momentum to continue in 2021 and beyond as companies accelerate their shift to cloud applications to support their larger remote workforces.”

The company has raised $53 million to date, and it is not disclosing valuation.

Authzed scores $3.9M seed to build permissions API service

Authzed, an early stage startup that wants to make it easier for developers to build permissions in their applications, announced a $3.9 million seed round today. The investment was led by Work-Bench with participation from Y Combinator and Amplify Partners.

CEO and co-founder Jake Moshenko says the service is an API that is designed to help developers quickly add permissions to an application. “Authzed is a platform to store, compute and validate application permissions. So based on our experience at Google and Red Hat and Amazon, we think that this is the proper way that companies should be doing application permissions,” Moshenko told me.

The way the service works is by helping to define groups of users, and based on the membership of a given group, defining what data they can see and what functions they have permissions to access. While it may rely on Active Directory or LDAP as the basis of permissions groups, he says that it simplifies the actual permissions implementation.

“So, by itself Active Directory doesn’t actually fully solve the problem. You still have to bind to that group membership to a set of permissions that it implies. With our system, you can actually unify the way that you talk about both the permissions and group members,” Moshenko said.

The company has built out the framework for the service, But Moshenko says the links to Active Directory and other directory services are on the road map. For now, they have been working with design partners to get the basics of the product down, and today the company is opening the service for any developer who wants to use it.

For starters, it will be free, but over time he expects they will have pricing tiers. He likens his service to other API companies like Twilio for communications or Stripe for payments and expects the cost will be low when an application is just starting out and then go up over time as it gets more popular and needs to check the permissions more regularly.

It’s early days for the company and other than the three co-founders, they have just one employee. The plan is to hire additional engineers using the money from this round, while trying to build traction in the developer community for the product. He says that the number of new employees they add this year will really depend on how well the product is doing in the market.

The founders previously founded Quay, a private registry for Docker containers, which they sold to CoreOS in 2014. Red Hat bought CoreOs in January 2018 for $250 million. IBM then bought Red Hat for $34 billion later in the year.

Cadillac’s all-electric Lyriq flagship to start just below $60,000

The Cadillac Lyriq, the all-electric crossover and flagship of GM’s luxury brand, will start at a skosh under $60,000 when it comes to the U.S. market in early 2022.

The price, which doesn’t include destination charges, is one of the last remaining details to be shared about the production version of the Lyriq. GM first revealed a showcar version of the Lyriq back in August. On Wednesday, the automaker announced the pricing along with the final specifications of the production vehicle.

The Lyriq is just one in a roster of 30 electric vehicles that GM plans to bring to market by 2025. It will be a critical one for Cadillac and aims to set the benchmark for the brand that has seen lagging sales. The big message from GM: this car is coming soon, messaging that includes an invitation to customers to place order reservations beginning in September 2021.

The Cadillac Lyriq was supposed to go into production in the U.S. in late 2022, but executives said that virtual development tools and along with the underlying flexible Ultium platform used in the vehicle allowed the brand to speed up development.

The Ultium electric architecture and Ultium batteries will be used in a broad range of products across GM’s Cadillac, Buick, Chevrolet and GMC brands, as well as the Cruise Origin autonomous shuttle. This modular architecture will be capable of 19 different battery and drive unit configurations, 400-volt and 800-volt packs with storage ranging from 50 kWh to 200 kWh, and front, rear and all-wheel drive configurations.

2023 Cadillac Lyric

The 2023 Cadillac Lyric charge port.

The rear-wheel drive Lyriq will be equipped with a 100 kilowatt-hour battery pack that can travel more than 300 miles based on Cadillac’s internal estimates. The EPA estimates have yet to be shared. The Lyriq will be able to handle fast charging at 190 kW, which translates to an estimated 76 miles of range in about 10 minutes of charging time. For home charging, there’s a 19.2 kW charging module, which can add up to 52 miles of range per hour of charge, the company said.

The vehicle aims to ooze luxury, a look that GM tries to achieve with exterior and interior touches like the “black crystal” grille, 33-inch vertical LED touchscreen display and AKG sound system. The vehicle has fast roofline and wide stance that is meant to give it a modern and even aggressive-looking look. That “black crystal” grille is a dynamic feature with “choreographed” LED lighting that greets the owner as they approach the vehicle. The LED lighting continues in the rear with a split taillamp design.

The vehicle will be offered in two exterior and interior colors. On the outside, the vehicle can come in satin steel metallic or stellar black metallic paint and sky cool gray or noir for the interior. Cadillac adds in laser etched patterns through wood over metal décor to complete the interior look.

2023 Cadillac Lyric

Image Credits: Cadillac

The Lyriq will also offer Super Cruise, GM’s hands-free driver assistance system, which combines lidar map data, high-precision GPS, cameras and radar sensors, as well as a driver attention system, which monitors the person behind the wheel to ensure they’re paying attention. Unlike Tesla’s Autopilot driver assistance system, users of Super Cruise do not need to have their hands on the wheel. However, their eyes must remain directed straight ahead.

Like the GM’s Chevy Bolt, the Lyriq will offer what it describes as one pedal driving. Electric vehicles typically have a regenerative braking feature. In the Lyriq, drivers are able to control how quickly the vehicle slows down or comes to a complete stop using a pressure-sensitive paddle located on the steering wheel.

The vehicle will be produced at GM’s Spring Hill, Tennessee assembly facility. GM has said it is investing $2 billion into the plant to support electric vehicle production. The automaker and its joint venture partner LG energy Solution also announced in April plans to invest $2.3 billion to build a battery cell manufacturing plant at next to the Spring Hill assembly plant.

Europe lays out plan for risk-based AI rules to boost trust and uptake

European Union lawmakers have presented their risk-based proposal for regulating high risk applications of artificial intelligence within the bloc’s single market.

The plan includes prohibitions on a small number of use-cases that are considered too dangerous to people’s safety or EU citizens’ fundamental rights, such as a China-style social credit scoring system or certain types of AI-enabled mass surveillance.

Most uses of AI won’t face any regulation (let alone a ban) under the proposal but a subset of so-called “high risk” uses will be subject to specific regulatory requirements, both ex ante and ex post.

There are also transparency requirements for certain use-cases — such as chatbots and deepfakes — where EU lawmakers believe that potential risk can be mitigated by informing users that they are interacting with something artificial.

The overarching goal for EU lawmakers is to foster public trust in how AI is implemented to help boost uptake of the technology. Senior Commission officials talk about wanting to develop an excellence ecosystem that’s aligned with European values.

“Today, we aim to make Europe world-class in the development of a secure, trustworthy and human-centered Artificial Intelligence, and the use of it,” said EVP Margrethe Vestager, announcing adoption of the proposal at a press conference.

“On the one hand, our regulation addresses the human and societal risks associated with specific uses of AI. This is to create trust. On the other hand, our coordinated plan outlines the necessary steps that Member States should take to boost investments and innovation. To guarantee excellence. All this, to ensure that we strengthen the uptake of AI across Europe.”

Under the proposal, mandatory requirements are attached to a “high risk” category of applications of AI — meaning those that present a clear safety risk or threaten to impinge on EU fundamental rights (such as the right to non-discrimination).

Examples of high risk AI use-cases that will be subject to the highest level of regulation on use are set out in annex 3 of the regulation — which the Commission said it will have the power to expand by delegate acts, as use-cases of AI continue to develop and risks evolve.

For now cited high risk examples fall into the following categories: Biometric identification and categorisation of natural persons; Management and operation of critical infrastructure; Education and vocational training; Employment, workers management and access to self-employment; Access to and enjoyment of essential private services and public services and benefits; Law enforcement; Migration, asylum and border control management; Administration of justice and democratic processes.

Military uses of AI are specifically excluded from scope as the regulation is focused on the bloc’s internal market.

The makers of high risk applications will have a set of ex ante obligations to comply with before bringing their product to market, including around the quality of the data-sets used to train their AIs and a level of human oversight over not just design but use of the system — as well as ongoing, ex post requirements, in the form of post-market surveillance.

Commission officials suggested the vast majority of applications of AI will fall outside this highly regulated category. Makers of those ‘low risk’ AI systems will merely be encouraged to adopt (non-legally binding) codes of conduct on use.

Penalties for infringing the rules on specific AI use-case bans have been set at up to 6% of global annual turnover or €30M (whichever is greater). While violations of the rules related to high risk applications can scale up to 4% (or €20M).

Enforcement will involve multiple agencies in each EU Member State — with the proposal intending oversight be carried out by existing (relevant) agencies, such as product safety bodies and data protection agencies.

That raises immediate questions over adequate resourcing of national bodies, given the additional work and technical complexity they will face in policing the AI rules; and also how enforcement bottlenecks will be avoided in certain Member States. (Notably, the EU’s General Data Protection Regulation is also overseen at the Member State level and has suffered from lack of uniformly vigorous enforcement.)

There will also be an EU-wide database set up to create a register of high risk systems implemented in the bloc (which will be managed by the Commission).

A new body, called the European Artificial Intelligence Board (EAIB), will also be set up to support a consistent application of the regulation — in a mirror to the European Data Protection Board which offers guidance for applying the GDPR.

In step with rules on certain uses of AI, the plan includes measures to co-ordinate EU Member State support for AI development — such as by establishing regulatory sandboxes to help startups and SMEs develop and test AI-fuelled innovations — and via the prospect of targeted EU funding to support AI developers.

Internal market commissioner Thierry Breton said investment is a crucial piece of the plan.

“Under our Digital Europe and Horizon Europe program we are going to free up a billion euros per year. And on top of that we want to generate private investment and a collective EU-wide investment of €20BN per year over the coming decade — the ‘digital decade’ as we have called it,” he said. “We also want to have €140BN which will finance digital investments under Next Generation EU [COVID-19 recovery fund] — and going into AI in part.”

Shaping rules for AI has been a key priority for EU president Ursula von der Leyen who took up her post at the end of 2019. A white paper was published last year, following a 2018 AI for EU strategy — and Vestager said that today’s proposal is the culmination of three years’ work.

Breton added that providing guidance for businesses to apply AI will give them legal certainty and Europe an edge. “Trust… we think is vitally important to allow the development we want of artificial intelligence,” he said. [Applications of AI] need to be trustworthy, safe, non-discriminatory — that is absolutely crucial — but of course we also need to be able to understand how exactly these applications will work.”

A version of today’s proposal leaked last week — leading to calls by MEPs to beef up the plan, such as by banning remote biometric surveillance in public places.

In the event the final proposal does treat remote biometric surveillance as a particularly high risk application of AI — and there is a prohibition in principal on the use of the technology in public by law enforcement.

However use is not completely proscribed, with a number of exceptions where law enforcement would still be able to make use of it, subject to a valid legal basis and appropriate oversight.

Today’s proposal kicks off the start of the EU’s co-legislative process, with the European Parliament and Member States via the EU Council set to have their say on the draft — meaning a lot could change ahead of agreement on a final pan-EU regulation.

Commissioners declined to give a timeframe for when legislation might be adopted, saying only that they hoped the other EU institutions would engage immediately and that the process could be done asap. It could, nonetheless, be several years before the AI regulation is ratified and in force.

This story is developing, refresh for updates… 

Hive raises $85M for AI-based APIs to help moderate content, identify objects and more

As content moderation continues to be a critical aspect of how social media platforms work — one that they may be pressured to get right, or at least do better in tackling — a startup that has built a set of data and image models to help with that, along with any other tasks that require automatically detecting objects or text, is announcing a big round of funding.

Hive, which has built a training data trove based on crowdsourced contributions from some 2 million people globally, which then powers a set of APIs that can be used to identify automatically images of objects, words and phrases — a process used not just in content moderation platforms, but also in building algorithms for autonomous systems, back-office data processing, and more — has raised $85 million in a Series D round of funding that the startup has confirmed values it at $2 billion.

“At the heart of what we’re doing is building AI models that can help automate work that used to be manual,” said Kevin Guo, Hive’s co-founder and CEO. “We’ve heard about RPA and other workflow automation, and that is important too but what that has also established is that there are certain things that humans should not have to do that is very structural, but those systems can’t actually address a lot of other work that is unstructured.” Hive’s models help bring structure to that other work, and Guo claims they provide “near human level accuracy.”

The funding is being led by Glynn Capital, with General Catalyst, Tomales Bay Capital, Jericho Capital, and Bain & Company, and other unnamed investors participating. The company has now raised $121 million, making this latest round a particularly big leap. 

The company has been somewhat under the radar since it was founded in 2017, in what appears to have been a pivot from founder Kevin Guo’s previous startup, a Q&A platform that was called Kiwi, which itself was a product of a project out of his time at Stanford. But since then it has quietly picked up some interesting customers, including Reddit, Yubo, Chatroulette, Omegle, and Tango, along with NBCUniversal, Interpublic Group, Walmart, Visa, Anheuser-Busch InBev, and more. In all it has some 100 customers and has grown more than 300% in the last year.

Hive had its start with image identification, and working with companies building autonomous systems. In fact, if you talk with Guo over Zoom, chances are you’ll get a screenshot of some of that work as a background, with cars darting across Golden Gate Bridge.

These days, however, most of Hive’s activity (pardon the pun) comes around moderation, some of which includes images, but others including text and streamed audio — which is converted into text and then moderated as that would be. (The autonomous car modelling is still used as a backdrop, I believe, because it’s a little less disturbing than a content moderation image, as you can see below.)

In part because it’s a very classic problem that you can imagine will be solved or helped with the use of AI, and in part because it’s such a big issue on the internet today, there are a number of other startups building platforms to help manage online abuse, including harassment, and to help with content moderation.

They include the likes of Sentropy, Block Party, L1ght, and Spectrum Labs, not to mention a lot of tools being built in-house by big technology companies themselves. (Instagram for example launched its latest tools to help users combat abuse in DMs just today: it built the whole thing in-house, the company told me.)

But as Kevin Guo describes it, what has set Hive apart from the crowd has been the crowd, so to speak. Over the last several years, the company has slowly been building up a trove of data by crowdsourcing feedback from some 2 million users, who get paid — either in ‘normal’ money or Bitcoin — to go through various images and items of text in order to identify “abuse” or other things. (Bitcoin started as a fringe offering and now accounts for the majority of how contributors get paid, Guo said.)

That database in turn powers a set of APIs used by Hive’s customers to help them run their own moderation tools, or whatever workflow requires frequent and rapid identification.

Most of the language learning in the system right now is based around English and several other popular global languages such as Spanish and French. Some of the funding will be used to help expand its reach and global coverage, including into a wider set of tongues. This is also leading to a wider set of use cases for the data and technology that Hive has built.

One of these, Guo said, includes a new approach to advertising that is based around serving ads associated with something you may have just read or seen on the screen. Very GDPR friendly because it involves absolutely no involvement of data based you or your online browsing activities (anonymised or not), this is picking up traction with brands who initially may have come to Hive to help protect their IP or reputation management, and are now considering how they can use the tool to spread the word about themselves in more effective ways.

The possibilities for how Hive’s AI can be used in the future, is part of what attracted the investment today. The focus on how it has been built in the cloud underscores that extensibility.

“Cloud computing has seen tremendous adoption in recent years, but only a small fraction of companies currently leverage cloud-based machine learning solutions,” said Charlie Friedland, principal at Glynn Capital, in a statement. “We believe cloud-hosted machine learning models will represent one of the most significant components of cloud growth in the years to come, and Hive is well-positioned as an early leader in the space.”

Logitech updates Combo Touch keyboard for new iPad Pro models

Logitech has released a new version of its Combo Touch iPad Pro keyboard case that has been revamped to fit the slighter thicker dimensions of the new models.

Following its well-reviewed Logitech Combo Touch for the iPad Pro, the company has now updated this keyboard case for Apple’s latest models. It’s a third-party equivalent to Apple’s Magic Keyboard for iPad, but is significantly cheaper, starting at $199.99 instead of $299.00.

“Last year, we introduced a trackpad to our signature laptop-like typing experience for iPad, offering improved levels of control and precision to create and work seamlessly,” Michele Hermann, Logitech vice president of mobility, said in a statement.

“We’ve made this experience even better with Combo Touch by adding the largest trackpad we’ve ever created for a keyboard case,” she continued, “…but is still protective for the new iPad Pro [models].”

Logitech has not detailed any specific alterations or improvements for the new Combo Touch. However, Apple’s latest iPad Pro models are slightly thicker than the previous ones.

The Logitech Combo Touch for the 11-inch iPad Pro is now available and costs $199.99. A 12.9-inch iPad Pro version will reportedly be available soon, and will cost $229.99.

Stay on top of all Apple news right from your HomePod. Say, “Hey, Siri, play AppleInsider,” and you’ll get latest AppleInsider Podcast. Or ask your HomePod mini for “AppleInsider Daily” instead and you’ll hear a fast update direct from our news team. And, if you’re interested in Apple-centric home automation, say “Hey, Siri, play HomeKit Insider,” and you’ll be listening to our newest specialized podcast in moments.

Running apps still lag behind on privacy and security

Some of the most popular running apps are still lagging behind on security and privacy. That’s the verdict from security researchers who examined the leading running apps five years apart and found only a few apps had improved — and not by much.

Running apps know and learn a lot about you as you use them. Your health data, like your height and weight, are used to calculate how many calories you burn, and your location data can track your workout route from door-to-door.

But in the wrong hands, this data can identify where you live or where you work. In 2018, Strava said it would simplify its privacy features to allow its users greater control over their data, after researchers found Strava app users were inadvertently sharing their workout data and revealing military bases and secret government facilities.

Now, researchers at U.K. cybersecurity firm Pen Test Partners say many of the top apps — Strava, Runkeeper, MapMyRun, Nike Run Club, and Runtastic — still don’t use basic security measures to prevent hackers from breaking in, or health and fitness data spilling out.

Only Runtastic had set a stronger password policy over the past five years, while the other apps still allow some of the most basic passwords like “123456” and “password,” the researchers found in their testing. Malicious hackers often automate their attacks by targeting user accounts with known or easy-to-guess passwords. Worse, none of the apps allow users to set up two-factor authentication, a feature that puts an additional barrier in place to prevent malicious hackers from reusing stolen passwords. Data from Google shows even the simplest form of two-factor authentication can prevent most automated password reuse attacks.

We asked each of the app makers why they had not implemented two-factor authentication. None of the companies commented.

The researchers also found that while Runtastic, Nike Run Club, and MapMyRun had improved their privacy controls, Strava had seen “no significant change.”

From their report: “Strava and Runkeeper are configured to publicly share user data by default. It is possible to change these settings in the application, but it takes some time to find them and set them correctly, which is probably not the first consideration for a regular user.”

“Nike Run Club, Runtastic and MapMyRun [were] found to have better privacy policy settings enabled, which means they do not share users’ data by default, like the other applications do. They only share your training information with friends or followers,” the report said.

Expenses startup Pleo preps $100M Series C funding, launches new bill payments service

Late-stage Fintech startup Pleo, which offers expense management tools and ‘smart’ company Mastercards, says it plans to raise a Series C round of funding this summer. It’s also launching a B2B bill payments service this week.

Co-founder and CEO Jeppe Rindom told me via a call: “We have money until 2022, but we’ve seen incredible momentum in the past couple of quarters, and we are getting a lot of inbound interest so we will be fundraising a Series C round in the Summer and will be raising around $100 million.”

Pleo has raised $78.8 million to date. Its last funding round was $56M in May 2019. Its main investors include Speedinvest, Creandum, Kinnevik, Stripes and Founders.

The startup competes on some levels with Dext, Soldo, Spendesk and Expensify.

Pleo is today launching Bills, a platform to consolidate, track and pay business-to-business bill payments and a supplier’s terms of service. It will offer free-of-charge domestic transfers.

Bills are automatically processed using Pleo’s OCR technology and cross-referenced for duplication and validated for authenticity before being approved for payment

In addition, it will offer approval control for admins and free domestic transfers.

Rindom added: “Since 66% of admins told us that they spent half their time on processing bills as well as authenticating the validity of them, it became our mission to simplify this complicated process and provide an end-to-end overview of it.”

Pleo was founded in Copenhagen in 2015 by Rindom and Niccolo Perra, who were early team members Tradeshift.

Foxconn negotiates radically reduced Wisconsin plant deal

Apple iPhone assembler Foxconn has signed a new deal with the state of Wisconsin in which it will pay less than 10% of its original $10 billion commitment.

In 2018, Foxconn broke ground on a $10 billion factory in Wisconsin, which was due to create up to 13,000 jobs around making iPhone screens for Apple. It had yet to fulfil the commitment, reportedly leaving Wisconsin suffering, but has now renegotiated the deal.

According to The Wall Street Journal, Foxconn has signed a new contract in which it will invest up to $672 million, and create 1,454 jobs by the year 2025.

“I made a promise to work with Foxconn to cut a better deal for our state,” Wisconsin Governor Tony Evers. “The last deal didn’t work for Wisconsin.”

Reportedly, the new contract does include incentive payments covering “economic investment activities related to locating and operating a technology and manufacturing ecosystem.”

Evers says that the deal will protect existing public investments, which includes the state having invested hundreds of millions of dollars in roads and infrastructure.

Foxconn has not commented. Having originally announced the plant would produce LCD iPhone screens, however, it has previously said that project had been slowed by many factors. Specifically “cultural assimilation, changing business demands, tariffs, a pandemic, and a presidential election year.”

In late 2020, a Wisconsin state report concluded that the Foxconn plant was “more of a showcase than a business viable for the long term.”

Stay on top of all Apple news right from your HomePod. Say, “Hey, Siri, play AppleInsider,” and you’ll get latest AppleInsider Podcast. Or ask your HomePod mini for “AppleInsider Daily” instead and you’ll hear a fast update direct from our news team. And, if you’re interested in Apple-centric home automation, say “Hey, Siri, play HomeKit Insider,” and you’ll be listening to our newest specialized podcast in moments.

ActiveCampaign raises $240M at a $3B valuation as marketing and sales automation come into focus for SMBs

As businesses continue to adopt new digital tools to get their names out into the world, a startup that’s built a sales and marketing platform specifically for small and medium businesses is announcing a big round of funding. ActiveCampaign, which has built what it describes as a “customer experience automation” platform — providing a way not just to run digital campaigns but to follow up aspects of them automatically to make sales and marketing work more efficiently — has closed a $240 million round of funding. The Series C values the Chicago startup at over $3 billion.

The round is being led by a new, big-name investor, Tiger Global, with participation from another new backer Dragoneer, along with Susquehanna Growth Equity and Silversmith Capital Partners, which had both invested previously.

This funding round represents a huge leap for ActiveCampaign. It was only in January 2020 that it raised $100 million, and before that, the company, which was founded in 2003, had only raised $20 million.

But as we have seen in many other ways, the pandemic resulted in a surge of interest among businesses to do more — a lot more — online than ever before, not least because so many people were spending more time at home, carrying out their consumer lives over the internet. That led to ActiveCampaign growing to a customer base of 145,000 customers, up from 90,000 16 months ago.

That points not just to the company already growing at a decent clip before the pandemic, but how it capitalized on that at a time when companies were looking for more tools to run their businesses in the new world.

The growth was not about ActiveCampaign throwing more money into business development, founder and CEO Jason VandeBoom said in an interview. “It was the network effect of people finding success. Even today, organic word of mouth is our primary driver.”

The company’s tools fit into a wider overall trend in the world of business: automation, built on the back of new, cloud-based technology, is being adopted to carry out some of the less interesting and repetitive aspects of running a business.

In the case of sales, an example of what ActiveCampaign might provide is a way for an e-commerce business to identify when a logged-in customer (that is, a user who has an account already and is signed in) might have ‘abandoned’ a visit to a site before buying a product that had already been searched for, or clicked on, or even added to a cart. In these cases, it sends an email to customers reminding them of those items, with options for other follow-ups, in the event that the choice was due to being distracted or having second thoughts that might be persuaded otherwise.

Users can opt-out of these, but they can be useful given the genuine distraction exercise that is browsing online — with all of the unrelated notifications, plus other options for considering a purchase. Tellingly, ActiveCampaign integrates with 850 different apps, a measure of just how fragmented the online landscape is, and also how many ways your attention might be distracted, or snagged depending on your perspective.

Abandoned carts can cost a company, in aggregate, a lot of lost revenue, yet chasing those down is not the kind of task that a company would typically assign to a valuable employee to carry out. And that’s where companies like ActiveCampaign come in.

This, plus some 500 other actions like it around sales and marketing campaigns — Vandenboom calls them “recipes” — some of which have been contributed by ActiveCampaign’s own users, form the basis of the company’s platform.

The marketing and sales automation market is estimated to be worth billions of dollars today, and, thanks to the rise of social media and simply more places to spend time online (and more time spent online) is expected to be worth more than $8 billion by 2027, so it’s going after a lucrative and much-used tool for doing business online. (And others are looking at it as well, of couse, including newer entrants like Shopify coming from a different angle to the same problem. Shopify today is a valued partner of the company, Vandeboom said when I asked him about it.)

That gives ActiveCampaign not just a big opportunity to continue targeting, but possibly also makes it a target itself, for an acquisition.

The other key aspect of ActiveCampaign’s growth that is worth watching is related to its customers. While the company has a client base that includes recognized names like the Museum of Science and Industry based out of ActiveCampaign’s hometown, it also has some 145,000 others across nearly 200 countries with a big emphasis on small and medium businesses.

SMBs form the vast majority of all businesses globally, collectively representing a huge win for tech companies that can capture them as customers. But traditionally, they have proven to be a challenging sector, given that they cover so many different verticals, are in many ways more price-sensitive than their enterprise-sized counterparts, among other factors.

So for ActiveCampaign to have found successful traction with SMBs — including with pricing that works for many of them (using it starts at $9 for accounts with less than 500 contacts) — is likely another reason why the startup has caught the eye of investors keen to back winning horses.

While the company did not need to raise money, Vandeboom said he “saw it as an opportunity to bring in more partners, saying that investors like how it purposely went after the idea of customer experience not on vertical or locale.”