At Infosecurity Europe 2026, in front of a live audience of potential customers, partners and investors, five startups competed at the inaugural Infosecurity Europe Cyber Startup competition.
After pitching the idea to a judging panel which included pioneering cybersecurity investor Shlomo Kramer, founder of Check Point, Imperva and Cato Networks, AI-native vulnerability triage platform startup Konvu won the competition.
The prize package includes exhibition space at Infosecurity Europe 2027, PR support from cybersecurity PR agency Origin Communications and a future-brand workshop package from Dusted brand consultancy.
Konvu automates vulnerability investigation. At a time when attackers are at weaponizing issues and probing complex environments faster than ever before, Konvu looks to aid organizations stay on top of the bottleneck.
The company was established in 2024 by co-founder and CEO Lucas Masson. In this conversation with Infosecurity he discussed what it means to have won the inaugural Infosecurity Europe Cyber Startup competition and what’s next for Konvu.
Infosecurity Magazine: How does it feel to have the backing of the judging panel at Infosecurity Europe?
Lucas Masson: If I take Schlomo as an example, he has built generational companies like Check Point and Imperva. He understands the problems in the cybersecurity space better than probably anyone else in the world, so it’s a privilege to have validation from someone like him.
IM: What does mean for Konvu?
LM: In early-stage startups, particularly in security, it’s all about trust. I think that this win builds trust for potential buyers. We’re excited to get the products in the hands of new companies. And hopefully this win will help us on this journey.
IM: What do you think it was about Konvu that helped you win the competition?
LM: I think we’re living in a very specific moment right now. Mythos and all of the other LLM products have created a lot of strain on the vulnerability management programs that were already overflowing with vulnerabilities.
We see that Mythos and other similar products are going to trigger massive spikes of vulnerabilities detected, creating downstream problems in vulnerability management programs.
You need dedicated people to investigate vulnerabilities, decide which ones matter and how to fix them. But that’s a human component that’s hard to scale, especially around false positives which need to be triaged by dedicated teams: we help specifically with that.
All the companies here address very significant problems for organizations. We’ve probably benefited from the fact that is a lot of spotlight on this problem now.
IM: How does Konvu help companies solve this problem?
LM: Most enterprise companies today have a lot of different scanners that find hundreds of thousands – and sometimes millions – of vulnerabilities. Those millions of vulnerabilities need to be prioritized because you can’t remediate a million vulnerabilities. That’s the current state of the problem.
What we do is sit on top of the scanners. We don’t require an enterprise to replace their anything, we integrate nicely into their investigation process.
We help augment the existing security teams with AI agents which help them automate the very repetitive and manual part of their jobs, collecting information on vulnerabilities and understanding what is vulnerable and needs fixing and then remediation.
The goal for us for enterprises which are using us is cut down the backlog, but more importantly, speed up the time it takes from a vulnerability to be detected to for that vulnerability to be triaged and remediated.
IM: What’s next? Where do you see Konvu in a year?
LM: We’ve started with a very specific niche in the role of security and vulnerability management, with application security as an initial sector and the triage-as-a-platform functionality.
Right now, we are at the stage where we’ve built initial traction on that and want to start expanding to other areas.
The goal is that in a year or two that the whole program will become more autonomous than it is today. Today we still have a human in the loop to validate the results but based on the confidence of the output the algorithm produces, they won’t need to touch it anymore.
Then, in two or three years, if we do our jobs well, 90% of vulnerabilities get triaged and remediated without humans in the loop. There’s still 10% where you will need deep expertise to be able to make it work, but we can envision a whole vulnerability management system where teams can constantly scale.
We test every single new model based on our evaluations to see how it impacts the quality of the result, trust in the results, so we stay at the frontier.
We’re building a product that solves problems for our customers. A lot of the work we’re doing sees Konvu embedded as a team within the customers we are working with, this ensures we can solve more of the problems better and faster.
