Source: Magnitude | GlobeNewswire Inc.
Founded by AI pioneers from Amazon, Abnormal AI, Proofpoint, and Pandora, the Ballistic Ventures–backed company brings a new autonomous governance and defense system for managing third- and Nth-party risk at machine speed while enabling faster adoption of third-party AI
SAN FRANCISCO, June 16, 2026 (GLOBE NEWSWIRE) — Magnitude today emerged from stealth with $10M in seed funding led by Ballistic Ventures to launch the world’s first autonomous AI workforce for third-party risk management (TPRM) teams. Built by a team of AI and security leaders from Amazon, Abnormal AI, Proofpoint, and Pandora, the company is redefining third-party risk management for the Mythos era, where autonomous offense can expose weaknesses across vendors, products, AI agents, and downstream dependencies faster than humans can respond.
Magnitude deploys AI risk agents that continuously assess vendor risk and govern AI agents across third- and Nth-party ecosystems by gathering and validating evidence, making risk decisions, and driving remediation. These digital workers operate in line with each enterprise’s policies and improve their reasoning over time, creating an autonomous governance and defense system for managing third-party risk. As AI-powered supply chain attacks accelerate, driven by emerging frontier models, organizations require an equally autonomous approach to defense that helps them adopt third-party AI faster.
“Today’s third-party risk model was built for a different era. As autonomous offense becomes a reality, organizations need autonomous defense to keep pace,” said Rami Habal, CEO and founder of Magnitude. “Modern organizations rely on deeply interconnected ecosystems of vendors, products, and AI agents, creating external dependencies that traditional governance and third-party risk programs were never designed to manage continuously. Magnitude delivers a new autonomous governance and defense system for managing third- and Nth-party risk, where assessment, monitoring, correlation, and remediation operate continuously across all external dependencies, enabling high-confidence decisions at scale.”
A Model That No Longer Scales
Third-party risk management has reached an inflection point. What was once treated largely as a compliance function has now become a core security requirement, as vendors, products, AI agents, and downstream dependencies evolve faster than periodic assessments can track. An assessment completed in January may be obsolete by March. At the same time, teams struggle to monitor even their most critical vendors, while Nth-party risks remain largely invisible. This leaves organizations without a scalable way to govern risk across their expanding supply chain ecosystem, especially as AI-driven threats evolve at machine speed.
The Mythos era adds a new level of urgency to this challenge. AI-powered tools can identify weaknesses across large software ecosystems in minutes, creating a parallel third-party and Nth-party risk problem that most enterprises are unprepared to manage. Security teams may be focused on defending their own environments, but the same speed and scale of AI-driven vulnerability discovery now applies to vendors, products, and AI agents across the broader supply chain.
Organizations also lack a scalable way to understand and act on changing supply chain risk. When new vulnerabilities emerge, teams often cannot quickly determine which vendors may be exposed, which are prepared to respond, and which vendors should be prioritized based on risk, readiness, and potential business impact. Vendors rely on other vendors, creating Nth-party exposure that most organizations do not monitor at all, even as breaches increasingly originate from these upstream dependencies. As frontier models such as Mythos accelerate autonomous offensive capabilities, threats can propagate across interconnected ecosystems faster than traditional remediation processes can respond. When issues are identified, closing the loop is slow and inconsistent. Decisions vary, remediation lags, and outcomes are rarely tied back to policy, turning what should be a continuous system into a series of disconnected tasks.
Autonomous Governance and Defense System for Third-Party Risk
Magnitude is designed to operate at the same speed and scale as modern AI-driven threats, providing an autonomous defense layer for third- and Nth-party ecosystems. It solves these challenges by operating as an autonomous workforce for third-party risk management. Instead of relying on manual workflows, its AI risk agents handle the manual, mundane-but-critical, and error-prone work, continuously gathering and validating evidence, assessing risk across vendors and products, and governing AI agents in the context of each enterprise’s policies. They generate high-confidence decisions and remediations in real time, delivering an autonomous governance and defense system for all external dependencies.
These digital workers continuously evolve, tailoring remediations to each enterprise’s risk posture and learning from decisions, feedback, and real-world outcomes to refine how risk is assessed and managed. Magnitude’s AI risk agents act as a coordinated workforce, reasoning against each enterprise’s governance standards, interpreting evidence in context, and continuously refining their judgment. This enables consistent, explainable decisions that get smarter over time across every vendor and use case.
For example, when a Mythos-scale vulnerability emerges, Magnitude helps organizations quickly understand their risk exposure across their third- and Nth-party ecosystem. The platform can immediately assess which vendors, products, AI agents, and downstream dependencies might be exposed, determine which vendors are better prepared to respond, and prioritize the actions security and risk teams should take first. This gives organizations a more operational way to manage the risk window between vulnerability discovery and potential breach, helping them identify the highest-risk vendors first, prioritize response based on exposure and readiness, and coordinate internal and vendor remediation before third-party weakness translates to business impact.
By connecting assessment, monitoring, and remediation into a single autonomous system, Magnitude solves the drawbacks in traditional TPRM programs. The result is a shift from point-in-time reviews to continuous assurance, with faster vendor onboarding, improved decision quality, and the ability to manage risk at machine speed across thousands of third- and Nth-party vendors without adding headcount.
“A core thesis for us at Ballistic is that the most important security companies will both help companies be more secure and help enable them to move faster,” said Jake Seid, co-founder and General Partner at Ballistic Ventures. “Magnitude fits this thesis directly. With every third-party vendor adding AI capability, you need AI to help you adopt AI quickly and safely. But with the adversary using AI to attack the third-party enterprise surface at machine scale and speed, you need AI to help you defend against the new reality of autonomous offense. People think Mythos, but any adversary can do this today with openweight models for 20x less cost than the closed-weight models. Magnitude redefines TPRM for the agentic era.”
Customers are already putting this model into production. Enterprises are using Magnitude to move from months-long assessments and limited monitoring to continuous assurance, reducing manual effort while improving speed, coverage, and decision quality.
“Frontier AI models like Mythos and GPT-5.5-Cyber are changing the speed and scope of third-party risk,” said Phil Harris, Research Director, Governance, Risk, and Compliance Solutions at IDC. “As autonomous systems expose weaknesses across vendors, products, AI agents, and downstream dependencies, organizations need more than periodic assessments. They need a continuous way to understand which external dependencies are exposed, which are prepared to respond, and where action should be prioritized based on security, operational, and business impact. Magnitude’s approach reflects the market need for more autonomous, intelligence-driven systems for managing third- and Nth-party risk at scale.”
For more perspective on the Magnitude origin story, please visit: https://magnitude.ai/blog/introducing-magnitude-the-autonomous-governance-and-defense-system-for-third-party-risk. To learn how Magnitude works, please visit: https://magnitude.ai/platform.
About Magnitude
Magnitude provides the world’s first autonomous AI workforce for Third Party Risk Management (TPRM) teams, built to defend against Mythos-scale attacks. Its AI risk analysts continuously assess vendors and products across organizations’ entire supply chain, from direct relationships to Nth-party dependencies, delivering high-confidence risk decisions and remediations using enterprise-specific reasoning that improves over time. Because autonomous offense now operates at machine scale, Magnitude replaces the static TPRM model with an autonomous governance and defense system for all external dependencies, continuously assessing vendors and products, governing AI agents and prioritizing risk across third- and Nth-party ecosystems.
Magnitude is backed by Ballistic Ventures and based in San Francisco. Learn more at https://magnitude.ai.
About Ballistic Ventures
Ballistic Ventures is a venture capital firm solely dedicated to early-stage cybersecurity and cyber-related companies. The partners have spent their entire careers defending against every cyber threat conceivable. Members of the firm have founded, operated, and funded over 100 successful cybersecurity firms – including Abnormal Security, AlienVault, ArcSight, Fortify, Mandiant, and Shape Security – led over 10,000 security professionals globally, and have 40+ years of experience in venture capital. The Ballistic portfolio includes Aembit, Alethea, Armadin, ArmorCode, AuthMind, BreachRx, Codezero, Concentric AI, GetReal, Gomboc AI, Hypernative, Mimic, Native Security, Noma, Nudge Security, Oligo, Pangea (CRWD), OverAI, Reach, Reveal Technology, Root Evidence, SpecterOps, Talon (PANW), Veza (NOW), WitnessAI, and Zip Security. Our experience provides entrepreneurs impactful support from people focused on the same mission. Our networks and relationships open doors for our founders. Learn more at ballisticventures.com.
Media contact:
Ted Weismann for Magnitude
Magnitude@marketbridge.com
A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/52038c89-a5cd-4179-8879-55b2f0fe2300
