5Y News | Cloud Security Community "FireLine Security" Closes Two Consecutive Funding Rounds
New Models for Security Products
Cloud security community Huoxian Security (火线安全) announced it has completed two consecutive funding rounds. The rounds were led by Matrix Partners China and 5Y Capital respectively, with total financing in the single-digit millions of US dollars. Yuanhe Capital served as financial advisor to the company.
In the cloud era, network environments are evolving rapidly. The target users, needs, and solutions in cybersecurity are all undergoing transformation. In the US, cloud security companies like Snyk, Wiz, and Axonius continue to grow. For instance, Snyk, which focuses on developer security, announced in September a new funding round co-led by Sands Capital and Tiger Global Management at an $8.5 billion valuation.
Huoxian's positioning is to build a cloud security community that serves as an underlying platform for generating cloud security products at scale. Founder and CEO Wu Di explains that Huoxian first empowers its technical community by developing cloud security tools, helping white-hat hackers on the platform improve their capabilities and efficiency. It then iterates and enriches these tools based on community feedback on real-world scenarios, laying the groundwork for more competitive cloud security products.
Following this approach, Huoxian's first cloud product is Dongtai IAST. Specifically, this product integrates into the development workflow and detects vulnerabilities through dynamic taint tracking. Wu said Dongtai IAST achieved rapid user growth within two months of its official release. On the choice of technical approach, Huoxian selected passive instrumentation out of respect for development workflows, aiming to minimize security's interference with development. Additionally, because Huoxian believes security must be considered from the perspective of the entire CI/CD pipeline, it open-sourced its IAST product this year. The company also gained substantial real-world feature feedback and suggestions from users during this open-source process. Building on this, Huoxian is now planning to launch a commercial version to meet the demands of enterprise customers who came through its open-source channel.
Previously, the market's main impression of Huoxian was as a white-hat platform. Launched in April 2020, this platform primarily operates by collaborating with white-hat experts to provide cloud-based security services for enterprises, automating and standardizing foundational capabilities to dramatically improve security service efficiency. Breaking this down by supply and demand: white-hat hackers can earn income and develop their skills through services on the platform, while enterprises can partner with Huoxian to have more professionals test and improve their security capabilities.
The crowdsourced security testing model has existed for some time, with numerous companies domestically and abroad offering similar services. Wu believes the company's key differentiator lies in genuinely improving white-hat hackers' efficiency and quality through tools and other means, and through maximum transparency ensuring that white-hats not only develop their capabilities during service delivery but also receive fair compensation.
Building a white-hat community core requires attracting quality white-hats through various means and keeping them active. In practice, Huoxian Security first ensures white-hat reliability through invitation-only access combined with facial recognition and real-name verification. Second, upon successful registration, it provides various tools to help white-hats work efficiently. Meanwhile, in daily operations, Huoxian organizes numerous activities to boost white-hat engagement. In client communications, Huoxian uses transparent processes to help clients recognize the actual value of white-hats' work, while ensuring white-hats receive their rewards.
The Huoxian platform empowers white-hats with tools. First, during testing, white-hats must perform basic information gathering, IT asset collection and analysis before they can begin actual detection — but these steps are extremely cumbersome in practice due to voluminous materials and complex assets. Additionally, white-hats need tools to improve efficiency during actual detection work. Addressing these pain points, Huoxian has launched a series of free tools. On transparency, Wu has explained in media interviews that Huoxian launched a security sandbox and sandbox management backend, visualizing processes to enhance client trust in the testing workflow.
On the fundamental business model of crowdsourced security testing, the Huoxian platform directs clients' vulnerability bounties straight to white-hats, affirming their work. Wu previously stated in media interviews that as the security services market expands, clients will increasingly be willing to pay for platforms' operational capabilities, giving platforms independent revenue. A year later, the company has implemented with some clients a model separating platform fees from white-hat compensation — Huoxian helps clients settle payments to white-hats while also charging a platform operations fee based on the client's asset scale. Previously, standalone platform operations fees were rare in the industry. Wu believes this shift stems from both changing client awareness and Huoxian's own transparent operations.
Reflecting on the company's changes over the past year, Wu highlighted several areas of progress in Huoxian's white-hat community: First, the company has continued partnerships with leading clients including Tencent, Baidu, Megvii, KE Holdings, and Kuaishou. Given the high quality of platform white-hats, Huoxian's business recognition among enterprise clients has improved. Additionally, under fairly strict invitation-only requirements, the Huoxian platform now has nearly 10,000 registered white-hats — which Wu described as an industry-leading figure given the invitation-only plus real-name verification prerequisites. On community activity, Wu revealed white-hat monthly active users are around 40%. In terms of product usage, Huoxian's white-hat tools have seen nearly 2 million uses over the past year. These advances result from continuous refinement through systems, products, and awareness-building. More importantly, the company has established a model for building cloud security products through open source, which will bring greater value to clients in the future.
Following this funding round, Huoxian Security will continue platform development and launch additional cloud security products. The company will also continue expanding its client base, aiming to collaborate with more industry-leading clients to refine new models for security products.
5Y Capital (formerly Morningside Venture Capital), currently manages approximately RMB 32 billion in dual-currency USD and RMB funds. 5Y Capital seeks out, supports, and inspires lonely entrepreneurs, providing support from spiritual to all operational aspects. We believe that if the "crazy" you in others' eyes begins to be believed in, the world will become a different place.
BEIJING · SHANGHAI · SHENZHEN · HONG KONG
