Backing QIZ Security: cryptographic posture management for the post-quantum era
Bessemer Venture Partners leads QIZ Security's $17 million seed round to help enterprises address and govern their cryptography ahead of “Q-Day.”
Every digital interaction an enterprise has, including every login, transaction, API call, and stored record, depends on its cryptography. Yet ask a security team where encryption actually lives across their environment, which algorithms protect which systems, and whether any of it complies with policy, and the honest answer at most organizations is: nobody fully knows. Cryptography is the most widely deployed security control in the enterprise, yet the least managed. It accumulates silently over decades with no inventory, no owner, and no system of governance.
Quantum computing makes that blind spot a ticking time bomb. Adversaries are already running "harvest now, decrypt later" campaigns: intercepting encrypted data today with the intent of decrypting it once cryptographically relevant quantum computers arrive. The NIST finalized its first post-quantum encryption standards in 2024 and set the clock on classical public-key cryptography: deprecated by 2030, disallowed by 2035.
But we’ve seen a shift toward an earlier timeline. In June 2026, the White House compressed that timeline further with Executive Order 14412, which requires federal agencies to move high-value systems to post-quantum cryptography (PQC) by the end of 2030, enforcing federal contractors to meet PQC standards on the same timeline, and directing every agency to appoint a migration lead responsible for cryptographic inventory management. Regulators worldwide are moving in parallel, from CNSA 2.0 for national security systems to DORA, NIS2, and the Cyber Resilience Act in Europe.
The mandate is now unambiguous, but the mechanics are brutal. Migrating an enterprise’s cryptographic estate isn’t a project with an end date. It’s a continuous discipline, and it’s impossible to harness without first answering a deceptively simple question: what cryptography do we have, and where?
This is where QIZ Security steps in. QIZ is building the cryptographic posture management platform for the post-quantum era. The platform continuously discovers cryptographic assets across the full enterprise stack: cloud and on-premises, data in motion and at rest, applications, code, and networks. The platform then correlates findings with business context to separate the handful of critical exposures from hundreds of thousands of raw findings. From there, QIZ enforces policy against frameworks like NIST and CNSA 2.0 and drives remediation and ongoing governance. Where existing tools stop at one-time scans of a single protocol layer, QIZ delivers continuous visibility and action across every layer where encryption is used; not just a system of record for cryptography, but a system of action.
That approach is already resonating across the ecosystem. QIZ has announced a crypto-agility collaboration with Google Cloud, which is available on the Google Cloud Marketplace, and has partnered with SafeLogic to connect discovery directly to quantum-safe remediation. Beyond the industry proof, we’re proud to lead QIZ Security’s $17 million seed round for several reasons:
- The first is the team and our history with them. QIZ is the fourth of CEO Ben Volkow’s companies that Bessemer has backed. Ben previously founded Otonomo, which went public in 2021, and Traffix Systems, acquired by F5 Networks. Few founders have his pattern recognition for building companies in markets that are forming rather than formed. CTO Lenny Ridel co-founded Traffix with Ben and is one of the strongest technologists we’ve worked with. And CSO Itan Barmes built and led Deloitte’s global quantum cyber readiness practice for six years. Itan has spent more time than most in the rooms where enterprises and governments actually make PQC decisions, and QIZ’s product philosophy is a direct distillation of that experience. Overall, the team is made up of a rare combination: repeat builders paired with someone who has seen this problem from inside numerous organizations.
- Second is pattern-based. The largest outcomes in security have repeatedly come from taking an unmanaged, invisible surface and making it visible and governable. We saw it with our portfolio company Axonius in asset management, and the market saw it when cloud security posture management produced Wiz. Cryptography is the next unmanaged surface, and arguably the most foundational one, as it underpins every other control. We believe cryptographic posture management will become a standing line item in the enterprise security stack, with the quantum transition as the driving force.
- Finally, timing. For years, post-quantum readiness was a conference topic. Standards are now final, federal deadlines are set, boards are asking questions, and enterprise conversations have shifted from education to inventory, readiness assessment, and migration planning. Markets like this reward the teams who are present with a working product before the urgency becomes universal. That is exactly the bet we like to make at seed.
The quantum transition starts with posture
Every major platform shift in security began the same way, with organizations discovering they couldn’t protect themselves from what they couldn’t see. The post-quantum transition will be no different. We believe the enterprises that navigate it well will be the ones that treat cryptography as a managed, governed asset, and QIZ will be the platform they’ll use to do so.
We’re proud to partner with Ben, Lenny, Itan, and the entire QIZ team as they define this category. The journey to quantum-safe cryptography starts now. Learn more at qizsecurity.com.



