QIZ Security's $17M seed puts enterprise crypto inventory ahead of Q-Day
Ben Volkow's startup announced a $17 million seed round today as regulators and CISOs move from PQC theory into migration work.
By Ryan Merket · Published
Why it matters
QIZ is chasing the first spend in post-quantum security: inventory and governance before enterprises commit to full cryptographic migrations.

Axios Pro had the exclusive on QIZ Security's $17 million seed round, putting Ben Volkow's startup in the enterprise software deal flow as post-quantum cryptography moves from standards work into procurement and migration planning.
The company also announced the financing today in a PR Newswire release. QIZ is building software that helps enterprises find, rank, and remediate cryptographic exposure before quantum computers make current public-key systems unsafe.
That timing matters. The market QIZ is entering has moved from standards debate to implementation work. On August 13, 2024, NIST released its first three finalized post-quantum cryptography standards, including ML-KEM for key establishment and ML-DSA and SLH-DSA for digital signatures. The hard part for large organizations is finding every place where vulnerable cryptography is embedded, then deciding which systems to migrate first without breaking production software.
Ben Volkow, QIZ's co-founder and CEO, is familiar territory for investors buying founder pattern recognition. His ONUG profile says he co-founded Otonomo, Traffix, and Sedona Systems, with Traffix acquired by F5 and Sedona acquired by Cisco. QIZ's other co-founders are CTO Lenny Ridel and CSO Itan Barmes, according to the company's team page. Barmes brings the quantum security domain depth: an ETSI speaker profile says he previously led cryptography and quantum security at Deloitte Netherlands and served as a World Economic Forum quantum security project fellow.
QIZ is selling what the security market now calls crypto-agility: the ability to know which algorithms, certificates, keys, protocols, libraries, and dependencies an organization uses, then change them as standards, policies, and threats change. QIZ says its platform handles discovery, prioritization, remediation, and governance, mapping cryptographic assets against policy and ranking risks by context, impact, and remediation effort. That is a narrower claim than saying QIZ can make an enterprise quantum-safe on its own. The product pitch is that the migration starts with inventory, because CISOs cannot replace what they cannot find.
QIZ's company page says the startup has more than six years of PQC field experience across its management team and has worked with more than 100 organizations on PQC readiness. Those figures come from QIZ, so they should be read as company claims rather than independently audited traction.
The buyer pressure is coming from both sides. NIST has given vendors and security teams algorithms they can standardize around. The U.S. national security apparatus has added deadlines and procurement gravity. The NSA's CNSA 2.0 guidance tells National Security Systems owners and vendors to move toward quantum-resistant algorithms, and later NSA resources tie the migration to a 2035 completion target for National Security Systems. Commercial banks, telecom providers, healthcare companies, cloud software vendors, and infrastructure operators are watching those government timelines because their own compliance requirements tend to follow.
QIZ is entering a market that already has funded specialists and large-company attention. PQShield raised $37 million in Series B funding in June 2024 to push post-quantum cryptography into hardware and software supply chains. QuSecure said in February 2025 that additional funding brought its Series A to $28 million. IBM, Microsoft, MITRE, PQShield, SandboxAQ, and the University of Waterloo were founding members of a post-quantum cryptography coalition announced in 2023, according to a PQShield release.
QIZ's wedge is the enterprise control plane rather than a single cryptographic primitive. That is the part of the market where a security buyer can spend before every application team is ready to swap algorithms. A bank or government contractor can start by discovering exposed TLS, PKI, certificate, database, API, and application dependencies, then sequence remediation around risk and operational cost. QIZ is betting that this organizational layer becomes a budget line before Q-Day becomes an event.
The investor lineup fits that wedge. Merlin Ventures is a cybersecurity-focused investor with close ties to CISOs and federal-facing security go-to-market. Bessemer gives QIZ a broad enterprise software network and Israeli cyber credibility; QIZ lists Bessemer partner Amit Karp as a board member. Qbeat Ventures adds quantum-specific focus, and QIZ lists Qbeat co-founder Dorit Dor as an adviser.
What remains undisclosed is the valuation and the customer mix behind QIZ's readiness claims. The company names no paying customers on its accessible site. It also does not say how much of the $17 million round is being spent on product engineering versus U.S. sales. A recent LinkedIn job post from Volkow, visible in search results, points to a Senior Sales Engineer role in North America, which suggests QIZ is already trying to convert the standards-driven PQC window into enterprise pipeline.
For Volkow, Ridel, and Barmes, the fundraise buys time to prove that crypto inventory can become a durable platform rather than a one-time assessment project. For CISOs, the pitch is simpler: the first post-quantum standards are here, the migration window is long, and the weakest link is likely to be the forgotten cryptography inside old software rather than the headline algorithm choice.