Work Life Ventures raises $5M for debut enterprise SaaS seed fund

Brianne Kimmel had no trouble transitioning from angel investor to general partner.

Initially setting out to garner $3 million in capital commitments, Kimmel, in just two weeks’ time, closed on $5 million for her debut venture capital fund Work Life Ventures. The enterprise SaaS-focused vehicle boasts an impressive roster of limited partners, too, including the likes of Zoom chief executive officer Eric Yuan, InVision CEO Clark Valberg, Twitch co-founder Kevin Lin, Cameo CEO Steven Galanis, Andreessen Horowitz general partners’ Marc Andreessen and Chris Dixon, Initialized Capital GP Garry Tan and fund-of-funds Slow Ventures, Felicis Ventures and NFX.

At the helm of the new fund, Kimmel joins a small group of solo female general partners. Dream Machine’s Alexia Bonatsos is targeting $25 million for her first fund. Day One Ventures’ Masha Drokova raised an undisclosed amount for her debut effort last year. Sarah Cone launched Social Impact Capital, a fund specializing in impact investing, in 2016, among others.

Meanwhile, venture capital fundraising is poised to reach all-time highs in 2019. In the first half of the year, a total of $20.6 billion in new capital was introduced to the startup market across more than 100 funds.

For most, the process of raising a successful venture fund can be daunting and difficult. For well-connected and established investors in the Bay Area, like Kimmel, raising a fund can be relatively seamless. Given the speed and ease of fund one in Kimmel’s case, she plans to raise her second fund with a $25 million target in as little as 12 months.

“The desire for the fund is to take a step back and imagine how do we build great consumer experiences in the workplace,” Kimmel tells TechCrunch.

Kimmel has been an active angel investor for years, sourcing top enterprise deals via SaaS School, an invite-only workshop she created to educate early-stage SaaS founders on SaaS growth, monetization, sales and customer success. Prior to launching SaaS School, which will continue to run twice a year, Kimmel led go-to-market strategy at Zendesk, where she built the Zendesk for Startups program.

 

View this post on Instagram

 

✔ available offline #google #remote

A post shared by Work Life Ventures (@worklifevc) on

“You start by advising, then you start with very small angel checks,” Kimmel explains. “I reached this inflection point and it felt like a great moment to raise my own fund. I had friends like Ryan Hoover, who started Weekend Fund focused on consumer, and Alexia is one of my friends as well and I saw what she was doing with Dream Machine, which is also consumer. It felt like it was the right time to come out with a SaaS-focused fund.”

Emerging from stealth today, Work Life Ventures will invest up to $150,000 per company. To date, Kimmel has backed three companies with capital from the fund: Tandem, Dover and Command E. The first, Tandem, was amongst the most coveted deals in Y Combinator’s latest batch of companies. The startup graduated from the accelerator with millions from Andreessen Horowitz at a valuation north of $30 million.

Dover, another recent YC alum, provides recruitment software and is said to be backed by Founders Fund in addition to Work Life. Command E, currently in beta, is a tool that facilities search across multiple desktop applications. Kimmel is also an angel investor in Webflow, Girlboss, TechCrunch Disrupt 2018 Startup Battlefield winner Forethought, Voyage and others.

Work Life is betting on the consumerization of the enterprise, or the idea that the next best companies for modern workers will be consumer-friendly tools. In her pitch deck to LPs, she cites the success of Superhuman and Notion, a well-designed email tool and a note-taking app, respectively, as examples of the heightened demand for digestible, easy-to-use B2B products.

“The next generation of applications for the workplace sees people spinning out of Uber, Coinbase and Airbnb,” Kimmel said. “They’ve faced these challenges inside their highly efficient tech company so we are seeing more consumer product builders deeply passionate about the enterprise space.”

But Kimmel doesn’t want to bury her thesis in jargon, she says, so you won’t find any B2B lingo on Work Life’s website or Instagram.

She’s focusing her efforts on a more important issue often vacant from conversations surrounding investment in the future of work: diversity & inclusion.

Kimmel meets with every new female hire of her portfolio companies. Though it’s “increasingly non-scalable,” she admits, it’s part of a greater effort to ensure her companies are thoughtful about D&I from the beginning: “Because I have a very focused fund, it’s about maintaining this community and ensuring that people feel like their voices are heard,” she said.

“I want to be mindful that I am a female GP and I feel honored to have that title.”


By Kate Clark

APIs are the next big SaaS wave

While the software revolution started out slowly, over the past few years it’s exploded and the fastest-growing segment to-date has been the shift towards software as a service or SaaS.

SaaS has dramatically lowered the intrinsic total cost of ownership for adopting software, solved scaling challenges and taken away the burden of issues with local hardware. In short, it has allowed a business to focus primarily on just that — its business — while simultaneously reducing the burden of IT operations.

Today, SaaS adoption is increasingly ubiquitous. According to IDG’s 2018 Cloud Computing Survey, 73% of organizations have at least one application or a portion of their computing infrastructure already in the cloud. While this software explosion has created a whole range of downstream impacts, it has also caused software developers to become more and more valuable.

The increasing value of developers has meant that, like traditional SaaS buyers before them, they also better intuit the value of their time and increasingly prefer businesses that can help alleviate the hassles of procurement, integration, management, and operations. Developer needs to address those hassles are specialized.

They are looking to deeply integrate products into their own applications and to do so, they need access to an Application Programming Interface, or API. Best practices for API onboarding include technical documentation, examples, and sandbox environments to test.

APIs tend to also offer metered billing upfront. For these and other reasons, APIs are a distinct subset of SaaS.

For fast-moving developers building on a global-scale, APIs are no longer a stop-gap to the future—they’re a critical part of their strategy. Why would you dedicate precious resources to recreating something in-house that’s done better elsewhere when you can instead focus your efforts on creating a differentiated product?

Thanks to this mindset shift, APIs are on track to create another SaaS-sized impact across all industries and at a much faster pace. By exposing often complex services as simplified code, API-first products are far more extensible, easier for customers to integrate into, and have the ability to foster a greater community around potential use cases.

Screen Shot 2019 09 06 at 10.40.51 AM

Graphics courtesy of Accel

Billion-dollar businesses building APIs

Whether you realize it or not, chances are that your favorite consumer and enterprise apps—Uber, Airbnb, PayPal, and countless more—have a number of third-party APIs and developer services running in the background. Just like most modern enterprises have invested in SaaS technologies for all the above reasons, many of today’s multi-billion dollar companies have built their businesses on the backs of these scalable developer services that let them abstract everything from SMS and email to payments, location-based data, search and more.

Simultaneously, the entrepreneurs behind these API-first companies like Twilio, Segment, Scale and many others are building sustainable, independent—and big—businesses.

Valued today at over $22 billion, Stripe is the biggest independent API-first company. Stripe took off because of its initial laser-focus on the developer experience setting up and taking payments. It was even initially known as /dev/payments!

Stripe spent extra time building the right, idiomatic SDKs for each language platform and beautiful documentation. But it wasn’t just those things, they rebuilt an entire business process around being API-first.

Companies using Stripe didn’t need to fill out a PDF and set up a separate merchant account before getting started. Once sign-up was complete, users could immediately test the API with a sandbox and integrate it directly into their application. Even pricing was different.

Stripe chose to simplify pricing dramatically by starting with a single, simple price for all cards and not breaking out cards by type even though the costs for AmEx cards versus Visa can differ. Stripe also did away with a monthly minimum fee that competitors had.

Many competitors used the monthly minimum to offset the high cost of support for new customers who weren’t necessarily processing payments yet. Stripe flipped that on its head. Developers integrate Stripe earlier than they integrated payments before, and while it costs Stripe a lot in setup and support costs, it pays off in brand and loyalty.

Checkr is another excellent example of an API-first company vastly simplifying a massive yet slow-moving industry. Very little had changed over the last few decades in how businesses ran background checks on their employees and contractors, involving manual paperwork and the help of 3rd party services that spent days verifying an individual.

Checkr’s API gives companies immediate access to a variety of disparate verification sources and allows these companies to plug Checkr into their existing on-boarding and HR workflows. It’s used today by more than 10,000 businesses including Uber, Instacart, Zenefits and more.

Like Checkr and Stripe, Plaid provides a similar value prop to applications in need of banking data and connections, abstracting away banking relationships and complexities brought upon by a lack of tech in a category dominated by hundred-year-old banks. Plaid has shown an incredible ramp these past three years, from closing a $12 million Series A in 2015 to reaching a valuation over $2.5 billion this year.

Today the company is fueling an entire generation of financial applications, all on the back of their well-built API.

Screen Shot 2019 09 06 at 10.41.02 AM

Graphics courtesy of Accel

Then and now

Accel’s first API investment was in Braintree, a mobile and web payment systems for e-commerce companies, in 2011. Braintree eventually sold to, and became an integral part of, PayPal as it spun out from eBay and grew to be worth more than $100 billion. Unsurprisingly, it was shortly thereafter that our team decided to it was time to go big on the category. By the end of 2014 we had led the Series As in Segment and Checkr and followed those investments with our first APX conference in 2015.

Plaid, Segment, Auth0, and Checkr had only raised Seed or Series A financings! And we are even more excited and bullish on the space. To convey just how much API-first businesses have grown in such a short period of time, we thought it would be useful perspective to share some metrics over the past five years, which we’ve broken out in the two visuals included above in this article.

While SaaS may have pioneered the idea that the best way to do business isn’t to actually build everything in-house, today we’re seeing APIs amplify this theme. At Accel, we firmly believe that APIs are the next big SaaS wave — having as much if not more impact as its predecessor thanks to developers at today’s fastest-growing startups and their preference for API-first products. We’ve actively continued to invest in the space (in companies like, Scale, mentioned above).

And much like how a robust ecosystem developed around SaaS, we believe that one will continue to develop around APIs. Given the amount of progress that has happened in just a few short years, Accel is hosting our second APX conference to once again bring together this remarkable community and continue to facilitate discussion and innovation.

Screen Shot 2019 09 06 at 10.41.10 AM

Graphics courtesy of Accel


By Arman Tabatabai

‘The Operators’: Experts from Airbnb and Carta on building and managing your company’s customer support

Welcome to this transcribed edition of The Operators. TechCrunch is beginning to publish podcasts from industry experts, with transcriptions available for Extra Crunch members so you can read the conversation wherever you are.

The Operators features insiders from companies like Airbnb, Brex, Docsend, Facebook, Google, Lyft, Carta, Slack, Uber, and WeWork sharing their stories and tips on how to break into fields like marketing and product management. They also share best practices for entrepreneurs on how to hire and manage experts from domains outside their own.

This week’s edition features Airbnb’s Global Product Director of Customer and Community Support Platform Products, Andy Yasutake, and Carta’s Head of Enterprise Relationship Management, Jared Thomas.

Airbnb, one of the most valuable private tech companies in the world, has millions of hosts who trust strangers (guests) to come into their homes and hundreds of millions of guests who trust strangers (hosts) to provide a roof over their head. Carta, a $1 Billion+ company formerly known as eShares, is the leading provider of cap table management and valuation software, with thousands of customers and almost a million individual shareholders as users. Customers and users entrust Carta to manage their investments, a very serious responsibility requiring trust and security.

In this episode, Andy and Jared share with Neil how companies like Airbnb, Carta, and LinkedIn think about customer service, how to get into and succeed in the field and tech generally, and how founders should think about hiring and managing the customer support. With their experiences at two of tech’s trusted companies, Airbnb and Carta, this episode is packed with broad perspectives and deep insights.

image1 2

Neil Devani and Tim Hsia created The Operators after seeing and hearing too many heady, philosophical podcasts about the future of tech, and not enough attention on the practical day-to-day work that makes it all happen.

Tim is the CEO & Founder of Media Mobilize, a media company and ad network, and a Venture Partner at Digital Garage. Tim is an early-stage investor in Workflow (acquired by Apple), Lime, FabFitFun, Oh My Green, Morning Brew, Girls Night In, The Hustle, Bright Cellars, and others.

Neil is an early-stage investor based in San Francisco with a focus on companies building stuff people need, solutions to very hard problems. Companies he’s invested in include Andela, Clearbit, Kudi, Recursion Pharmaceuticals, Solugen, and Vicarious Surgical.

If you’re interested in starting or accelerating your marketing career, or how to hire and manage this function, you can’t miss this episode!

The show:

The Operators brings experts with experience at companies like Airbnb, Brex, Docsend, Facebook, Google, Lyft, Carta, Slack, Uber, WeWork, etc. to share insider tips on how to break into fields like marketing and product management. They also share best practices for entrepreneurs on how to hire and manage experts from domains outside their own.

In this episode:

In Episode 5, we’re talking about customer service. Neil interviews Andy Yasutake, Airbnb’s Global Product Director of Customer and Community Support Platform Products, and Jared Thomas, Carta’s Head of Enterprise Relationship Management.


Neil Devani: Hello and welcome to the Operators, where we talk to entrepreneurs and executives from leading technology companies like Google, Facebook, Airbnb, and Carta about how to break into a new field, how to build a successful career, and how to hire and manage talent beyond your own expertise. We skip over the lofty prognostications from venture capitalists and storytime with founders to dig into the nuts and bolts of how it all works here from the people doing the real day to day work, the people who make it all happen, the people who know what it really takes. The Operators.

Today we are talking to two experts in customer service, one with hundreds of millions of individual paying customers and the other being the industry standard for managing equity investments. I’m your host, Neil Devani, and we’re coming to you today from Digital Garage in downtown San Francisco.

Joining me is Jared Thomas, head of Enterprise Relationship Management at Carta, a $1 billion-plus company after a recent round of financing led by Andreessen Horowitz. Carta, formerly known as eShares, is the leading provider of cap table management and valuation software with thousands of customers and almost a million individual shareholders as users. Customers and users trust Carta to manage their investments, a very serious responsibility requiring trust and security.

Also joining us is Andy Yasutake, the Global Product Director of Customer and Community Support Platform Products at Airbnb, one of the most valuable private tech startups today. Airbnb has millions of hosts who are trusting strangers to come into their homes and hundreds of millions of guests who are trusting someone to provide a roof over their head. The number of cases and types of cases that Andy and his team have to think about and manage boggle the mind. Jared and Andy, thank you for joining us.

Andy Yasutake: Thank you for having us.

Jared Thomas: Thank you so much.

Devani: To start, Andy, can you share your background and how you got to where you are today?

Yasutake: Sure. I’m originally from southern California. I was born and raised in LA. I went to USC for undergrad, University of Southern California, and I actually studied psychology and information systems.

Late-90s, the dot com was going on, I’d always been kind of interested in tech, went into management consulting at interstate consulting that became Accenture, and was in consulting for over 10 years and always worked on large systems of implementation of technology projects around customers. So customer service, sales transformation, anything around CRM, as kind of a foundation, but it was always very technical, but really loved the psychology part of it, the people side.

And so I was always on multiple consulting projects and one of the consulting projects with actually here in the Bay Area. I eventually moved up here 10 years ago and joined eBay, and at eBay I was the director of product for the customer services organization as well. And was there for five years.

I left for Linkedin, so another rocket ship that was growing and was the senior director of technology solutions and operations where I had all the kind of business enabling functions as well as the technology, and now have been at Airbnb for about four months. So I’m back to kind of my, my biggest passion around products and in the customer support and community experience and customer service world.


By Arman Tabatabai

Cybereason raises $200 million for its enterprise security platform

Cybereason, which uses machine learning to increase the number of endpoints a single analyst can manage across a network of distributed resources, has raised $200 million in new financing from SoftBank Group and its affiliates. 

It’s a sign of the belief that SoftBank has in the technology, since the Japanese investment firm is basically doubling down on commitments it made to the Boston-based company four years ago.

The company first came to our attention five years ago when it raised a $25 million financing from investors, including CRV, Spark Capital and Lockheed Martin.

Cybereason’s technology processes and analyzes data in real time across an organization’s daily operations and relationships. It looks for anomalies in behavior across nodes on networks and uses those anomalies to flag suspicious activity.

The company also provides reporting tools to inform customers of the root cause, the timeline, the person involved in the breach or breaches, which tools they use and what information was being disseminated within and outside of the organization.

For co-founder Lior Div, Cybereason’s work is the continuation of the six years of training and service he spent working with the Israeli army’s 8200 Unit, the military incubator for half of the security startups pitching their wares today. After his time in the military, Div worked for the Israeli government as a private contractor reverse-engineering hacking operations.

Over the last two years, Cybereason has expanded the scope of its service to a network that spans 6 million endpoints tracked by 500 employees, with offices in Boston, Tel Aviv, Tokyo and London.

“Cybereason’s big data analytics approach to mitigating cyber risk has fueled explosive expansion at the leading edge of the EDR domain, disrupting the EPP market. We are leading the wave, becoming the world’s most reliable and effective endpoint prevention and detection solution because of our technology, our people and our partners,” said Div, in a statement. “We help all security teams prevent more attacks, sooner, in ways that enable understanding and taking decisive action faster.”

The company said it will use the new funding to accelerate its sales and marketing efforts across all geographies and push further ahead with research and development to make more of its security operations autonomous.

“Today, there is a shortage of more than three million level 1-3 analysts,” said Yonatan Striem-Amit, chief technology officer and co-founder, Cybereason, in a statement. “The new autonomous SOC enables SOC teams of the future to harness technology where manual work is being relied on today and it will elevate  L1 analysts to spend time on higher value tasks and accelerate the advanced analysis L3 analysts do.”

Most recently the company was behind the discovery of Operation SoftCell, the largest nation-state cyber espionage attack on telecommunications companies. 

That attack, which was either conducted by Chinese-backed actors or made to look like it was conducted by Chinese-backed actors, according to Cybereason, targeted a select group of users in an effort to acquire cell phone records.

As we wrote at the time:

… hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts of call records — including times and dates of calls, and their cell-based locations — on at least 20 individuals.

Researchers at Boston-based Cybereason, who discovered the operation and shared their findings with TechCrunch, said the hackers could track the physical location of any customer of the hacked telcos — including spies and politicians — using the call records.

Lior Div, Cybereason’s co-founder and chief executive, told TechCrunch it’s “massive-scale” espionage.

Call detail records — or CDRs — are the crown jewels of any intelligence agency’s collection efforts. These call records are highly detailed metadata logs generated by a phone provider to connect calls and messages from one person to another. Although they don’t include the recordings of calls or the contents of messages, they can offer detailed insight into a person’s life. The National Security Agency  has for years controversially collected the call records of Americans from cell providers like AT&T and Verizon (which owns TechCrunch), despite the questionable legality.

It’s not the first time that Cybereason has uncovered major security threats.

Back when it had just raised capital from CRV and Spark, Cybereason’s chief executive was touting its work with a defense contractor who’d been hacked. Again, the suspected culprit was the Chinese government.

As we reported, during one of the early product demos for a private defense contractor, Cybereason identified a full-blown attack by the Chinese — 10,000 thousand usernames and passwords were leaked, and the attackers had access to nearly half of the organization on a daily basis.

The security breach was too sensitive to be shared with the press, but Div says that the FBI was involved and that the company had no indication that they were being hacked until Cybereason detected it.


By Jonathan Shieber

Uber envisions Uber Air will one day be cheaper than owning a car

Uber has big dreams for Uber Air, the flying taxi service it’s wanting to launch in 2023. At the third annual Uber Elevate, head of Elevate Eric Allison said the company expects Uber Air to be cheaper than driving a car. It surely won’t be that way on day one, but once Uber deploys fully electric, autonomous shared vehicles, Allison said it will be more economical than driving a car.

“Our vision is that on a daily basis it’ll be more economically rational for you to fly than for you to drive,” he said.

At launch, Uber Air will be cheaper than a helicopter ride. This is a worthy comparison, given Uber unveiled its costly Uber Copter service last week as phase one of Uber Air. In the near term, Uber predicts Air will be comparable to the cost of Uber X and Uber Pool. Long term, which is probably at least more than five years from now, Uber Air will be more economical than owning a car, Allison said.

This, of course, is Uber’s best-case scenario for Air. In order for Uber Air to become a reality, it needs approval from the Federal Aviation Administration, the cities where it wants to land its electric vertical take-off and landing vehicles, help from real estate developers, customer trust and so much more. If all goes according to Uber’s plan, it will start testing this service next year and deploy it to the public in 2023.


By Megan Rose Dickey

Uber and AT&T team up for always-on connectivity for Uber Copter and Uber Air

Uber is partnering with mobile network operator AT&T on the always-on connectivity it’ll require for its aerial transportation service network. The on-demand mobility company announced the team-up at its annual Elevate Summit, which brings together a number of key players working toward making affordable, accessible in-city aerial transit a reality.

Uber said that it’s already working with AT&T on the network it’ll use for Uber Copter, the Manhattan-to-JFK helicopter-based service that it’s launching in New York in July. The service is promising connection with ground transportation at both ends, and it’s also anticipating travel times and working backwards to provide transportation on-demand as needed to get passengers to their destination at the time they request. So, for instance, Uber Copter customers could say they need to be at JFK by 5 PM and the app will figure out when they need to get a car to get to the heliport to make that work.

This is just the first step in a broader-ranging partnership Uber Elevate Head of Product Nikhil Goel described that will eventually scale to cover all of its needs for Uber Air, the service it aims to provide that will provide on-demand short-distance air travel within cities, with a targeted launch time frame of 2023. Goel noted that this will also include leveraging AT&T’s 5G network as it rolls out, which should provide exactly the kind of high-bandwidth, always-on reliability needed for this kind of aerial and ground-based integrated transportation network.


By Darrell Etherington

Over 1,400 self-driving vehicles are now in testing by 80+ companies across the US

In a talk at the Uber Elevate Summit in Washington, D.C., today, U.S. Department of Transportation Secretary Elaine Chao shared a total overall figure for ongoing testing of autonomous vehicles on U.S roads: More than 1,400 self-driving cars, trucks and other vehicles are currently in testing by more than 80 companies across 36 U.S. states, plus DC itself.

This puts some sense of overall scale to the work being done to test and develop self-driving car tech in the U.S. For context, note that California, one of the first states to have implemented AV testing on public roads, currently has 62 companies registered to perform testing — which represents a significant chunk of that 80-plus figure provided by Secretary Chao.

Chao also shared that there are more than 1.59 million registered drones currently in the U.S., of which more than 372,000 are classified as commercial, with more than 136,000 registered commercial drone operators also on the books. That represents a net new job category, Chao noted.

The secretary also later emphasized that the DoT over which she presides and the current administration aim to be “tech neutral, and not command and control” and that the department is not “in the business of picking winners and losers,” something she said the assembled audience of mostly private-sector attendants would be “so pleased to hear.”

Under Chao, the DoT has introduced and continues to overhaul guidelines, rules and programs that favor and unblock industry and commercial access to autonomous driving, drone operation and spacecraft launch capabilities. Recently, Chao has come under fire for potential conflict of interest related to use of her position.


By Darrell Etherington

Under the hood on Zoom’s IPO, with founder and CEO Eric Yuan

Extra Crunch offers members the opportunity to tune into conference calls led and moderated by the TechCrunch writers you read every day. This week, TechCrunch’s Kate Clark sat down with Eric Yuan, the founder and CEO of video communications startup Zoom, to go behind the curtain on the company’s recent IPO process and its path to the public markets.

Since hitting the trading desks just a few weeks ago, Zoom stock is up over 30%. But the Zoom’s path to becoming a Silicon Valley and Wall Street darling was anything but easy. Eric tells Kate how the company’s early focus on profitability, which is now helping drive the stock’s strong performance out of the gate, actually made it difficult to get VC money early on, and the company’s consistent focus on user experience led to organic growth across different customer bases.

Eric: I experienced the year 2000 dot com crash and the 2008 financial crisis, and it almost wiped out the company. I only got seed money from my friends, and also one or two VCs like AME Cloud Ventures and Qualcomm Ventures.

nd all other institutional VCs had no interest to invest in us. I was very paranoid and always thought “wow, we are not going to survive next week because we cannot raise the capital. And on the way, I thought we have to look into our own destiny. We wanted to be cash flow positive. We wanted to be profitable.

nd so by doing that, people thought I wasn’t as wise, because we’d probably be sacrificing growth, right? And a lot of other companies, they did very well and were not profitable because they focused on growth. And in the future they could be very, very profitable.

Eric and Kate also dive deeper into Zoom’s founding and Eric’s initial decision to leave WebEx to work on a better video communication solution. Eric also offers his take on what the future of video conferencing may look like in the next five to 10 years and gives advice to founders looking to build the next great company.

For access to the full transcription and the call audio, and for the opportunity to participate in future conference calls, become a member of Extra Crunch. Learn more and try it for free. 

Kate Clark: Well thanks for joining us Eric.

Eric Yuan: No problem, no problem.

Kate: Super excited to chat about Zoom’s historic IPO. Before we jump into questions, I’m just going to review some of the key events leading up to the IPO, just to give some context to any of the listeners on the call.


By Arman Tabatabai

OpenFin raises $17 million for its OS for finance

OpenFin, the company looking to provide the operating system for the financial services industry, has raised $17 million in funding through a Series C round led by Wells Fargo, with participation from Barclays and existing investors including Bain Capital Ventures, J.P. Morgan and Pivot Investment Partners. Previous investors in OpenFin also include DRW Venture Capital, Euclid Opportunities and NYCA Partners.

Likening itself to “the OS of finance”, OpenFin seeks to be the operating layer on which applications used by financial services companies are built and launched, akin to iOS or Android for your smartphone.

OpenFin’s operating system provides three key solutions which, while present on your mobile phone, has previously been absent in the financial services industry: easier deployment of apps to end users, fast security assurances for applications, and interoperability.

Traders, analysts and other financial service employees often find themselves using several separate platforms simultaneously, as they try to source information and quickly execute multiple transactions. Yet historically, the desktop applications used by financial services firms — like trading platforms, data solutions, or risk analytics — haven’t communicated with one another, with functions performed in one application not recognized or reflected in external applications.

“On my phone, I can be in my calendar app and tap an address, which opens up Google Maps. From Google Maps, maybe I book an Uber . From Uber, I’ll share my real-time location on messages with my friends. That’s four different apps working together on my phone,” OpenFin CEO and co-founder Mazy Dar explained to TechCrunch. That cross-functionality has long been missing in financial services.

As a result, employees can find themselves losing precious time — which in the world of financial services can often mean losing money — as they juggle multiple screens and perform repetitive processes across different applications.

Additionally, major banks, institutional investors and other financial firms have traditionally deployed natively installed applications in lengthy processes that can often take months, going through long vendor packaging and security reviews that ultimately don’t prevent the software from actually accessing the local system.

OpenFin CEO and co-founder Mazy Dar. Image via OpenFin

As former analysts and traders at major financial institutions, Dar and his co-founder Chuck Doerr (now President & COO of OpenFin) recognized these major pain points and decided to build a common platform that would enable cross-functionality and instant deployment. And since apps on OpenFin are unable to access local file systems, banks can better ensure security and avoid prolonged yet ineffective security review processes.

And the value proposition offered by OpenFin seems to be quite compelling. Openfin boasts an impressive roster of customers using its platform, including over 1,500 major financial firms, almost 40 leading vendors, and 15 out of the world’s 20 largest banks.

Over 1,000 applications have been built on the OS, with OpenFin now deployed on more than 200,000 desktops — a noteworthy milestone given that the ever popular Bloomberg Terminal, which is ubiquitously used across financial institutions and investment firms, is deployed on roughly 300,000 desktops.

Since raising their Series B in February 2017, OpenFin’s deployments have more than doubled. The company’s headcount has also doubled and its European presence has tripled. Earlier this year, OpenFin also launched it’s OpenFin Cloud Services platform, which allows financial firms to launch their own private local app stores for employees and customers without writing a single line of code.

To date, OpenFin has raised a total of $40 million in venture funding and plans to use the capital from its latest round for additional hiring and to expand its footprint onto more desktops around the world. In the long run, OpenFin hopes to become the vital operating infrastructure upon which all developers of financial applications are innovating.

Apple and Google’s mobile operating systems and app stores have enabled more than a million apps that have fundamentally changed how we live,” said Dar. “OpenFin OS and our new app store services enable the next generation of desktop apps that are transforming how we work in financial services.”


By Arman Tabatabai

Slack aims to be the most important software company in the world, says CEO

Slack this morning disclosed estimated preliminary financial results for the first quarter of 2019 ahead of a direct listing planned for June 20.

Citing an addition of paid customers, the workplace messaging service posted revenues of about $134 million, up 66 percent from $81 million in the first quarter of 2018. Losses from operations increased from $26 million in Q1 2018 to roughly $39 million this year.

In addition to filing updated paperwork, the Slack executive team gathered on Monday to make a final pitch to potential shareholders, emphasizing its goal of replacing email within enterprises across the world.

“People deserve to do the best work of their lives,” Slack co-founder and chief executive officer Stewart Butterfield said in a video released alongside a livestream of its investor day event. “This desire of feeling aligned with your team, of removing confusion, of getting clarity; the desire for support in doing the best work of your life, that’s universal, that’s deeply human. It appeals to people with all kinds of roles, in all kinds of industries, at all scales of organization and all cultures.”

“We believe that whoever is able to unlock that potential for people … is going to be the most important software company in the world. We aim to be that company,” he added.”

Slack, valued at more than $7 billion with its last round of venture capital funding, plans to list on the NYSE under the ticker symbol “SK.”

The business filed to go public in April as other well-known tech companies were finalizing their initial public offerings. Following Uber’s disastrous IPO last week, public and private market investors alike will be keeping a close-eye on Slack’s stock market performance, which may determine Wall Street’s future appetite for Silicon Valley’s unicorns.

Though some of the recent tech IPOs performed famously, like Zoom, Uber and Lyft’s performance has served as a cautionary tale for going out in poor market conditions with lofty valuations. Uber began trading last week at below its IPO price of $45 and is today down significantly at just $36 per share. Lyft, for its part, is selling for $47.5 apiece today after pricing at $72 per share in March.

Slack isn’t losing billions per year like Uber but it’s also not as close to profitability as expected. In the year ending January 31, 2019, Slack posted a net loss of $138.9 million and revenue of $400.6 million. That’s compared to a loss of $140.1 million on revenue of $220.5 million for the year ending January 31, 2018. In its S-1, the company attributed its losses to scaling the business and capitalizing on its market opportunity.

Workplace messaging startup Slack said Monday, February 4, 2019 it had filed a confidential registration for an initial public offering, becoming the latest of a group of richly valued tech enterprises to look to Wall Street. (Photo by Eric BARADAT / AFP) (Photo credit should read ERIC BARADAT/AFP/Getty Images)

Slack currently boasts more than 10 million daily active users across more than 600,000 organizations — 88,000 on the paid plan and 550,000 on the free plan.

Slack has been able to bypass the traditional roadshow process expected of an IPO-ready business, opting for a path to Wall Street popularized by Spotify in 2018. The company plans to complete a direct listing, which allows companies to forgo issuing new shares and instead sell existing shares held by insiders, employees and investors directly to the market, in mid-June. The date, however, is subject to change.

Slack has previously raised a total of $1.2 billion in funding from investors, including Accel, Andreessen Horowitz, Social Capital, SoftBank, Google Ventures and Kleiner Perkins.


By Kate Clark

The right way to do AI in security

Artificial intelligence applied to information security can engender images of a benevolent Skynet, sagely analyzing more data than imaginable and making decisions at lightspeed, saving organizations from devastating attacks. In such a world, humans are barely needed to run security programs, their jobs largely automated out of existence, relegating them to a role as the button-pusher on particularly critical changes proposed by the otherwise omnipotent AI.

Such a vision is still in the realm of science fiction. AI in information security is more like an eager, callow puppy attempting to learn new tricks – minus the disappointment written on their faces when they consistently fail. No one’s job is in danger of being replaced by security AI; if anything, a larger staff is required to ensure security AI stays firmly leashed.

Arguably, AI’s highest use case currently is to add futuristic sheen to traditional security tools, rebranding timeworn approaches as trailblazing sorcery that will revolutionize enterprise cybersecurity as we know it. The current hype cycle for AI appears to be the roaring, ferocious crest at the end of a decade that began with bubbly excitement around the promise of “big data” in information security.

But what lies beneath the marketing gloss and quixotic lust for an AI revolution in security? How did AL ascend to supplant the lustrous zest around machine learning (“ML”) that dominated headlines in recent years? Where is there true potential to enrich information security strategy for the better – and where is it simply an entrancing distraction from more useful goals? And, naturally, how will attackers plot to circumvent security AI to continue their nefarious schemes?

How did AI grow out of this stony rubbish?

The year AI debuted as the “It Girl” in information security was 2017. The year prior, MIT completed their study showing “human-in-the-loop” AI out-performed AI and humans individually in attack detection. Likewise, DARPA conducted the Cyber Grand Challenge, a battle testing AI systems’ offensive and defensive capabilities. Until this point, security AI was imprisoned in the contrived halls of academia and government. Yet, the history of two vendors exhibits how enthusiasm surrounding security AI was driven more by growth marketing than user needs.


By Arman Tabatabai

On balance, the cloud has been a huge boon to startups

Today’s startups have a distinct advantage when it comes to launching a company because of the public cloud. You don’t have to build infrastructure or worry about what happens when you scale too quickly. The cloud vendors take care of all that for you.

But last month when Pinterest announced its IPO, the company’s cloud spend raised eyebrows. You see, the company is spending $750 million a year on cloud services, more specifically to AWS. When your business is primarily focused on photos and video, and needs to scale at a regular basis, that bill is going to be high.

That price tag prompted Erica Joy, a Microsoft engineer to publish this Tweet and start a little internal debate here at TechCrunch. Startups, after all, have a dog in this fight, and it’s worth exploring if the cloud is helping feed the startup ecosystem, or sending your bills soaring as they have with Pinterest.

For starters, it’s worth pointing out that Ms. Joy works for Microsoft, which just happens to be a primary competitor of Amazon’s in the cloud business. Regardless of her personal feelings on the matter, I’m sure Microsoft would be more than happy to take over that $750 million bill from Amazon. It’s a nice chunk of business, but all that aside, do startups benefit from having access to cloud vendors?


By Ron Miller

Microsoft gives 500 patents to startups

Microsoft today announced a major expansion of its Azure IP Advantage program, which provides its Azure users with protection against patent trolls. This program now also provides customers who are building IoT solutions that connect to Azure with access to 10,000 patents to defend themselves against intellectual property lawsuits.

What’s maybe most interesting here, though, is that Microsoft is also donating 500 patents to startups in the LOT Network. This organization, which counts companies like Amazon, Facebook, Google, Microsoft, Netflix, SAP, Epic Games, Ford, GM, Lyft and Uber among its well over 150 members, is designed to protect companies against patent trolls by giving them access to a wide library of patents from its member companies and other sources.

“The LOT Network is really committed to helping address the proliferation of intellectual property losses, especially ones that are brought by non-practicing entities, or so-called trolls,” Microsoft  CVP and Deputy General Counsel Erich Andersen told me. 

This new program goes well beyond basic protection from patent trolls, though. Qualified startups who join the LOT Network can acquire Microsoft patents as part of their free membership and as Andresen stressed, the startups will own them outright. The LOT network will be able to provide its startup members with up to three patents from this collection.

There’s one additional requirement here, though: to qualify for getting the patents, these startups also have to meet a $1,000 per month Azure spend. As Andersen told me, though, they don’t have to make any kind of forward pledge. The company will simply look at a startup’s last three monthly Azure bills.

“We want to help the LOT Network grow its network of startups,” Andersen said. “To provide an incentive, we are going to provide these patents to them.” He noted that startups are obviously interested in getting access to patents as a foundation of their companies, but also to raise capital and to defend themselves against trolls.

The patents we’re talking about here cover a wide range of technologies as well as geographies. Andersen noted that we’re talking about U.S. patents as well as European and Chinese patents, for example.

“The idea is that these startups come from a diverse set of industry sectors,” he said. “The hope we have is that when they approach LOT, they’ll find patents among those 500 that are going to be interesting to basically almost any company that might want a foundational set of patents for their business.”

As for the extended Azure IP Advantage program, it’s worth noting that every Azure customer who spends more than $1,000 per month over the past three months and hasn’t filed a patent infringement lawsuit against another Azure customers in the last two years can automatically pick one of the patents in the program’s portfolio to protect itself against frivolous patent lawsuits from trolls (and that’s a different library of patents from the one Microsoft is donating to the LOT Network as part of the startup program).

As Andresen noted, the team looked at how it could enhance the IP program by focusing on a number of specific areas. Microsoft is obviously investing a lot into IoT, so extending the program to this area makes sense. “What we’re basically saying is that if the customer is using IoT technology — regardless of whether it’s Microsoft technology or not — and it’s connected to Azure, then we’re going to provide this patent pick right to help customers defend themselves against patent suits,” Andersen said.

In addition, for those who do choose to use Microsoft IoT technology across the board, Microsoft will provide indemnification, too.

Patent trolls have lately started acquiring IoT patents, so chances are they are getting ready to making use of them and that we’ll see quite a bit of patent litigation in this space in the future. “The early signs we’re seeing indicate that this is something that customers are going to care about in the future,” said Andersen.


By Frederic Lardinois

Dozens of companies leaked sensitive data thanks to misconfigured Box accounts

Security researchers have found dozens of companies inadvertently leaking sensitive corporate and customer data because staff are sharing public links to files in their Box enterprise storage accounts that can be easily discovered.

The discoveries were made by Adversis, a cybersecurity firm, which found major tech companies and corporate giants had left data inadvertently exposed. Although data stored in Box enterprise accounts is private by default, users can share files and folders with anyone, making data publicly accessible with a single link. But Adversis said these secret links can be discovered by others. Using a script to scan for and enumerate Box accounts with lists of company names and wildcard searches, Adversis found over 90 companies with publicly accessible folders.

Not even Box’s own staff were immune from leaking data.

The company said while much of the data is legitimately public and Box advises users how to minimize risks, many employees may not know the sensitive data they share can be found by others.

Worse, some public folders scraped and indexed by search engines, making the data found more easily.

In a blog post, Adversis said Box administrators should reconfigure the default access for shared links to “people in your company” to reduce accidental exposure of data to the public.

Adversis said it found passport photos, bank account and Social Security numbers, passwords, employee lists, financial data like invoices and receipts, and customer data were among the data found. The company contacted Box to warn of the larger exposures of sensitive data, but noted that there was little overall improvement six months after its initial disclosure.

“There is simply too much out there and not enough time to resolve each individually,” he said.

Adversis provided TechCrunch with a list of known exposed Box accounts. We contacted several of the big companies named, as well as those known to have highly sensitive data, including:

  • Amadeus, the flight reservation system maker, which left a folder full of documents and application files associated with Singapore Airlines. Earlier this year, researcher found flaws that made it easy change reservations booked with Amadeus.
  • Apple had several folders exposed, containing what appeared to be non-sensitive internal data, such as logs and regional price lists.
  • Television network Discovery had more than a dozen folders listed, including database dumps of millions of customers names and email addresses. The folders also contained some demographic information and developer project files, including casting contracts and notes and tax documents.
  • Edelman, the global public relations firm, had an entire project proposal for working with the New York City mass transit division, including detailed proposal plans and more than a dozen resumes of potential staff for the project — including their names, email addresses, and phone numbers.
  • Nutrition giant Herbalife left several folders exposed containing files and spreadsheets on about 100,000 customers, including their names, email addresses and phone numbers.
  • Opportunity International, a non-profit aimed at ending global poverty, exposed a list of donor names, addresses and amount given exposed in a massive spreadsheet.
  • Schneider Electric left dozens of customer orders accessible to anyone, including sludge works and pump stations for several towns and cities. Each folder had an installation “sequence of operation” document, which included both default passwords and in some cases “backdoor” access passwords in case of forgotten passwords
  • Pointcare, a medical insurance coverage management software company, had thousands of patient names and insurance information exposed. Some of the data included the last four-digits of Social Security numbers.
  • United Tissue Network, a whole-body donation non-profit, exposed a body donor information and personal information of donors in a vast spreadsheet, including the prices of body parts.

Box, which initially had no comment when we reached out, had several folders exposed. The company exposed signed non-disclosure agreements on their clients, including several U.S. schools, as well as performance metrics of its own staff, the researchers said.

Box spokesperson Denis Ron said in a statement: “We take our customers’ security seriously and we provide controls that allow our customers to choose the right level of security based on the sensitivity of the content they are sharing. In some cases, users may want to share files or folders broadly and will set the permissions for a custom or shared link to public or ‘open’. We are taking steps to make these settings more clear, better help users understand how their files or folders can be shared, and reduce the potential for content to be shared unintentionally, including both improving admin policies and introducing additional controls for shared links.”

The cloud giant said it plans to reduce the unintended discovery of public files and folders.

Amadeus, Apple, Box, Discovery, Herbalife, Edelman and Pointcare all reconfigured their enterprise accounts to prevent access to their leaking files after TechCrunch reached out.

Amadeus spokesperson Alba Redondo said the company decommissioned Box in October and blamed the exposure on an account that was “misconfigured in public mode” which has now been corrected and external access to it is now closed. “We continue to investigate this issue and confirm there has been no unauthorized access of our system,” said the spokesperson, without explanation. “There is no evidence that confidential information or any information containing personal data was impacted by this issue,” the spokesperson added. We’ve asked Amadeus how it concluded there was no improper access, and will update when we hear back.

Pointcare chief executive Everett Lebherz confirmed its leaking files had been “removed and Box settings adjusted.” Edelman’s global marketing chief Michael Bush said the company was “looking into this matter.”

Herbalife spokesperson Jennifer Butler said the company was “looking into it,” but we did not hear back after several follow-ups. (Butler declared her email “off the record,” which requires both parties agree to the terms in advance, but are printing the reply as we were given no opportunity to reject the terms.)

When reached, an Apple spokesperson did not comment by the time of publication.

Discovery, Opportunity International, Schneider Electric, and United Tissue Network did not return a request for comment.

Data “dumpster diving” is not a new hobby for the skilled, but it’s a necessary sub-industry to fix an emerging category of data breaches: leaking, public, and exposed data that shouldn’t be. It’s a growing space that we predicted would grow as more security researchers look to find and report data leaks.

This year alone, we’ve reported data leaks at Dow Jones, Rubrik, NASA, AIESEC, Uber, the State Bank of India, two massive batches of Indian Aadhaar numbers, a huge leak of mortgage and loan data, and several Chinese government surveillance systems.

Adversis has open-sourced and published its scanning tool.


By Zack Whittaker

Workplace messaging platform Slack has confidentially filed to go public

Slack, the provider of workplace communication and collaboration tools, has submitted paperwork with the Securities and Exchange Commission to go public later this year, the company announced on Monday.

This is its first concrete step toward becoming a publicly-listed company, five years after it launched.

Headquartered in San Francisco, Slack has raised more than $1 billion in venture capital investment, including a $427 million funding round in August. The round valued the business at $7.1 billion, cementing its position as one of the most valuable privately-held businesses in the U.S.

The company counted 10 million daily active users around the world and 85,000 paying users as of January 2019.

Slack’s investors include SoftBank’s Vision Fund, Dragoneer Investment Group, General Atlantic, T. Rowe Price Associates, Wellington Management, Baillie Gifford, Social Capital and IVP, as well as early investors Accel and Andreessen Horowitz.

Slack is one of several tech unicorns on deck to go public this year. Uber and Lyft have both similarly filed confidentially to go public in what are expected to be traditional initial public offerings. Slack, however, is expected to pursue a direct listing, following in Spotify’s footsteps. Instead of issuing new shares, Slack will sell existing shares held by insiders, employees and investors directly to the market, a move that will allow it to bypass a roadshow and some of Wall Street’s exorbitant IPO fees.


By Kate Clark