TL;DR

Apono was acquired by 1Password, becoming 33N’s first exit. The transaction further validates the strong demand for Cyber & AI companies building the next tech fabric. For 33N, it strengthens our thesis and responsibility ahead: backing the strongest Cybersecurity, Defence & AI companies, building the platform to support them and driving value creation.

What Apono built and why it mattered

From our first conversations with Rom Carmel and Ofir Stein, it was clear they were building for a future most hadn’t yet imagined: one where cloud infrastructure, machines and AI agents would demand a fundamentally new approach to access governance. They saw it early. They built it right.

We wrote about why we invested in Apono just six months ago. Today we want to share what the acquisition confirms — about the technology, the market and what it takes for a cybersecurity company to become genuinely indispensable.

The core problem Apono solved is deceptively simple to describe and deeply difficult to fix: enterprises accumulate standing privileges — permanent access rights granted to engineers, service accounts, pipelines and increasingly AI agents — that outlast the need for them. Over time, that accumulation becomes a structural liability. Every dormant credential is a potential attack vector. Every overpermissioned account widens the blast radius of a breach.

Apono’s answer was a Zero Standing Privilege architecture: access granted only when needed, scoped precisely to the task and automatically revoked when done. What made this more than an architectural idea was the execution. The platform unified human identity, machine identity and agentic access under a single Access Engine, integrated directly into the workflows engineers already used — and deployed in minutes where legacy solutions historically required months.

That combination of structural correctness and practical usability is rare. It is what creates customer dependency — the kind where a company doesn’t just prefer your product but organises its access posture around it.

The market context: PAM at an inflection point

When we invested in Apono in December, we described the identity and access management market as large and consolidating. What has happened since has validated that framing more decisively than we expected.

As Francis Odum of Software Analyst Cyber Research noted in his January 2026 deep-dive on the PAM market, privileged access is undergoing a structural shift — from a compliance point solution to a foundational control layer at the centre of the modern identity stack. The major acquisitions of the past twelve months — most notably the acquisition of CyberArk — were not feature gap fills; they were assertions that whoever controls privileged identity controls the security control plane.

Crucially, Odum’s report explicitly identified Apono as one of the up-and-coming startups within the next generation of PAM, representing a new class of cloud-native solutions built for cloud-native and engineering-led environments. It also made a point that bears directly on this outcome: privileged access is the hardest capability to build in identity security and increasingly the one on which agentic access governance depends. When a capability is both hard to build and structurally central, acquiring proven technology beats replicating it. The category was being watched. The question was whether the product would be defensible enough to be acquired rather than replicated.

Meanwhile, machine and agentic identities have become the fastest-growing and least-governed class of privileged users. AI agents that retrieve data, execute workflows and provision resources require access governance frameworks that were never designed with them in mind. Apono’s single Access Engine — spanning human, machine and agentic identity — was built precisely for this future.

Why 1Password makes sense

1Password has grown from consumer password management into a serious enterprise platform for credential and secrets management, trusted by more than 180,000 businesses. Their strategic rationale for acquiring Apono is articulated clearly — and in the first person — by 1Password CEO David Faugno in his announcement post: credential security and access governance are two sides of the same problem.

1Password manages what people and systems know — credentials, secrets, tokens. Apono governs what they are allowed to do and for how long. Together, as 1Password puts it, they extend trust from securing a credential to governing an identity’s actions — covering the full access lifecycle in a way neither could offer alone.

There is also a natural fit at the level of who uses these products. Apono was built for engineering teams operating in highly regulated environments — exactly the developer-led, compliance-heavy organisations that need just-in-time access most. 1Password, in turn, is trusted by more than a million developers. Apono’s governance layer lands directly in the hands of the audience 1Password has already earned, which is precisely the kind of distribution advantage that makes an acquisition compound rather than merely add.

The combination also makes sense in the context of 1Password’s newly announced Credential Broker: a product that keeps credentials protected in a zero-knowledge vault and releases only an approved credential to a verified requester at the moment of need. With Apono’s JIT access governance alongside it, 1Password now closes the loop from credential storage through to runtime access control — bringing its identity platform, in its own words, to the runtime layer where access decisions are made and where most security incidents begin. That is a complete platform story.

What it signals for the market

There is a persistent narrative that exits in venture are scarce, that strategic M&A is subdued, that the path from early-stage investment to liquidity has lengthened indefinitely. That narrative contains truth at the aggregate level. But it obscures something important: the companies that exit are overwhelmingly the ones that built something genuinely difficult to replace.

More broadly, this acquisition is evidence of something we believe deeply at 33N: there is strong and durable demand for the cybersecurity and AI companies building the new technology fabric that the AI era requires.

Looking ahead

Apono’s acquisition is the first exit for 33N — a milestone we are proud of and one that reinforces our conviction in the spaces we focus on. Identity, access governance and the management of non-human and agentic identities remain among the most structurally important problems in enterprise security. The work is far from done.

Congratulations to Rom, Ofir and the entire Apono team. We are proud to have been part of the journey and excited to watch what comes next.

33N Portfolio Updates 🚀

Apono

• Joining 1Password — as covered above 🎉

Acoru

• Featured in EU-Startups’ roundup of 10 European fraud-prevention startups stopping scams before they strike 👉 Read more

• Welcomed Ian Newns to lead UK & Nordics sales (decade+ in fraud prevention) 👉 Read more

DataGalaxy

• CEO Sébastien Thomas op-ed in Les Echos on Gartner’s “AI velocity gap” — reliable data as the real bottleneck for enterprise AI 👉 Read more

• Hosted the annual DataGalaxy Summit in Paris (11 June) with data leaders from LVMH, Louis Vuitton and SNCF, plus a product roadmap preview 👉 Read more

Exein

• Named a Strategic Partner of the EDGE AI Foundation 👉 Read more

• Selected for Balderton’s #BuiltInEurope campaign (100 European-founded tech companies) 👉 Read more

• Launched the “Secured by Exein” Technical Partner Program 👉 Read more

StrikeReady

• Welcomed John Waldner as Sales Director, Central Region (20+ years across IBM Security, BeyondTrust, Sophos, Cybersixgill) 👉 Read more

• Welcomed Kris Wayman to StrikeReady as Deputy CTO 👉 Read more

• Powered STC Bahrain’s launch of the MEA region’s first AI-enabled Autonomous Cyber Defence Centre, built on StrikeReady’s AI SOC platform 👉 Read more

Upcoming Events for 33N 🤝

• AI Security Summit and Raise Summit, Paris, 8-9Jul

• Black Hat, Las Vegas, 1-6Aug