9 Game-Changing Cybersecurity Startups to Watch in 2025

The cybersecurity landscape is shifting faster than most security teams can keep up with. Every morning brings a new threat category, every afternoon announces a fresh vulnerability, and somewhere in between, enterprises are scrambling to patch, monitor, and defend against attacks that yesterday didn't exist.

That's where the next generation of startups comes in.

TechCrunch's Startup Battlefield competition attracts thousands of ambitious founders each year, all convinced they've found a better way to solve hard problems. In the cybersecurity category, the selection process is brutal. Hundreds of companies apply. Only 200 make the cut for Startup Battlefield 200, and a smaller subset compete for the coveted Startup Battlefield Cup and the $100,000 grand prize.

But here's what most people don't realize: the companies that make it to the final 200 aren't just good startups. They represent the bleeding edge of where security is heading. These founders have identified gaps in the market that weren't obvious three years ago. They're building solutions to threats that enterprise security teams know are coming but haven't figured out how to defend against yet.

We spent time analyzing the cybersecurity cohort from this year's competition, and nine startups stood out. Not because they had the slickest pitch decks or the most polished demos, but because they're solving real problems in ways that feel genuinely different from what incumbents are doing.

Some are tackling AI-enabled attacks before they become mainstream. Others are automating security tasks that still require painful manual intervention at most organizations. A few are addressing entirely new categories of risk that most enterprises haven't even classified as a threat yet.

Here are the nine cybersecurity startups that caught our attention, and more importantly, why they matter.

TL; DR

• AI is reshaping attack and defense strategies: Companies like AIM and Corgea are using artificial intelligence to both simulate advanced attacks and automatically remediate code vulnerabilities at scale
• Unmanaged AI is becoming a critical security blind spot: Mill Pond detected an entire new risk category: unauthorized AI tools accessing sensitive corporate data without oversight
• Hardware-software convergence is solving ransomware: Cyntegra's approach demonstrates that some security problems require physical isolation, not just software firewalls
• Real-time deepfake detection is now practical: Tru Sources' ability to verify identity and detect synthetic media in real time opens new use cases beyond security
• Vulnerability management is becoming intelligent: Modern tools like Zest are moving beyond inventory and moving toward automated prioritization and cross-cloud visibility

AIM: AI-Powered Defense Against AI-Enabled Attacks

AIM represents a fascinating inflection point in cybersecurity. Most security teams are still trying to defend against traditional attacks using traditional tools. AIM is building for the next era: defending against attacks orchestrated by artificial intelligence itself.

The premise is straightforward but profound. If attackers start using AI to discover vulnerabilities, craft exploits, and adapt attacks in real time, then defenders need AI too. But not just any AI. They need AI that understands the specific risks posed by AI-optimized attacks.

What makes AIM different is their dual approach. On the offensive side, they use AI to conduct penetration tests that specifically simulate what an AI-powered attacker might do. This isn't a traditional pentest where a human security researcher manually probes your systems. Instead, AIM's platform autonomously runs attack scenarios that an intelligent adversary would attempt.

On the defensive side, they've built guardrails specifically for AI systems. As enterprises deploy large language models, machine learning pipelines, and other AI infrastructure, that infrastructure becomes a new attack surface. It can be poisoned, manipulated, or exploited in ways that traditional security tools don't understand. AIM's guardrails intercept and validate inputs to AI systems, detect when models are being manipulated, and provide visibility into what data your AI infrastructure is processing.

Perhaps most useful is their AI safety planning tool. This isn't just another compliance checklist. It's a framework that helps security teams think through the specific risks their AI systems face, then maps those risks to mitigations and ongoing monitoring.

The timing here is crucial. We're about two years into the generative AI era, and enterprises are just now realizing that deploying a Chat GPT competitor without thinking about security implications is a terrifying idea. Teams are asking questions they don't have answers to: What happens if someone poisoned the training data? What if someone tricks the model into exposing training data? What if an insider uses the model to extract proprietary information?

AIM is building the answers to these questions into their platform.

Why Traditional Security Tools Miss AI-Specific Threats

Your existing firewall, IDS, and EDR tools are good at catching known attack signatures and suspicious process behavior. But they weren't designed for the specific properties of AI systems. An AI model can be compromised in ways that leave zero suspicious activity logs. Prompt injection attacks look like normal user input. Data poisoning happens during training, often weeks before anyone notices the model's behavior changed.

Traditional penetration testers are also limited by human cognitive bandwidth. A skilled security researcher can try maybe five hundred attack variations in a day. An automated AI system can try fifty thousand variations per day, exploring attack paths that humans would never think to try.

AIM's insight is that if AI is going to be part of your attack surface, then AI needs to be part of your defense. Their penetration testing tool simulates AI-orchestrated attacks continuously, not once a year during your annual pentest.

The Enterprise Adoption Challenge

AIM faces a timing problem. Most enterprises haven't yet deployed proprietary AI systems at scale. Many don't have dedicated AI security teams. The market for "AI security" still feels premature to decision makers.

But that's exactly the opportunity. The companies that solve AI security challenges first will have tremendous moats around their offerings. Once enterprises build their AI infrastructure around security assumptions, switching costs become massive. This is the kind of problem where arriving six months early can mean ten years of market leadership.

Corgea: Automated Code Security Without Human Developers

Every security organization has the same problem: there are far more code vulnerabilities than there are developers to fix them. A typical large enterprise might have tens of thousands of known security issues across their codebase. Their developers are already overloaded with feature work, technical debt, and production firefighting.

Security teams ask developers to fix vulnerabilities. Developers deprioritize them. Something in between tries to track the conflict. Nobody's happy, and the vulnerabilities remain unfixed.

Corgea's insight is radical: what if developers aren't the bottleneck? What if you could just have AI fix the vulnerabilities automatically?

Corgea scans your codebase for security flaws, sure. But then it does something most traditional SAST tools don't: it writes the fix. It creates pull requests with remediation code that can be reviewed and merged rather than handed back to developers as a list of problems to solve themselves.

This is a fundamental shift in how remediation works. Instead of telling developers "you have a SQL injection vulnerability on line 847 of user.py," Corgea says "here's the fixed version of that function." The developer still reviews it, still understands the change, but the cognitive load of figuring out the fix is gone.

What's particularly clever is that Corgea can also detect and remediate issues in security controls themselves. It's one thing to find vulnerabilities. It's another thing to find places where security controls are broken. A developer might have implemented authentication checking, but the check is missing on one code path. Corgea catches these inconsistencies across the entire codebase.

The platform claims to work with any popular language and their libraries. In practice, this means Python, JavaScript, Java, C#, Go, and Rust, plus their common frameworks and packages. This breadth matters because real enterprises aren't monorepos. They have financial systems in COBOL, web apps in Node, data pipelines in Python, and nobody can agree on which language to use for new projects.

The AI-as-Developer Shift

Corgea represents something bigger than just a more convenient scanning tool. It signals the beginning of AI taking on routine development work. If AI can reliably fix security vulnerabilities, what else can it fix? Configuration issues? Performance bottlenecks? The entire category of "work that developers know how to do but find tedious" is now in play.

This creates interesting dynamics in the enterprise. Security teams get faster remediation. Development teams feel slightly threatened by automated code changes, even helpful ones. Finance teams see opportunities to reduce headcount. All of this tension plays out around tools like Corgea.

But the practical impact is significant. A large financial institution running Corgea could potentially reduce their average time to fix known vulnerabilities from six months to six weeks. That's not because developers are working faster. It's because AI removed the friction between "we found a bug" and "we fixed it."

Bridging the Remediation Gap

One of the persistent challenges in security is the gap between vulnerability discovery and vulnerability remediation. Most organizations have excellent tools for finding problems. They have terrible processes for fixing them.

Corgea sits at that inflection point. They're not replacing your scanning tools, they're completing the feedback loop. Scan, identify, remediate, verify. All in one workflow.

The question that remains is governance. As organizations start accepting automated code fixes, they need policies about which fixes to accept, which to review carefully, and which to reject. Corgea's success may depend less on technical capabilities and more on their ability to fit into mature security governance frameworks.

Cy Deploy: The Foundation of Everything Else (Asset Discovery and Mapping)

You can't defend what you don't know exists. This simple truth underlies every other security problem in large enterprises.

Cy Deploy focuses on a frustratingly unsexy part of cybersecurity: finding all the assets on your network and mapping what they're running. Unsexy, but fundamental. An enterprise might have thousands of applications, hundreds of thousands of devices, countless cloud resources, and nobody has a complete picture of what exists.

You'll find a database server running an old version of SQL Server that nobody knew was there. You'll discover that five different teams deployed the same application with five different configurations, some secure and some not. You'll find devices that were provisioned three years ago, assigned to someone who quit four years ago, and have never been patched.

Cy Deploy's asset discovery engine crawls your infrastructure, identifies devices and applications, and builds a complete map. More importantly, it maintains that map as your infrastructure changes, new applications are deployed, and old ones get decommissioned.

Digital Twins and Sandboxed Testing

Here's where Cy Deploy gets interesting. Once they've mapped all your assets, they create digital twins: virtual replicas of your infrastructure that exist in a sandbox. This might sound like a neat demo, but the implications are significant.

With digital twins, your security team can test changes, apply patches, or run security controls without risking production systems. You can simulate deploying a new firewall rule and see exactly what breaks before you actually deploy it. You can test backup restore procedures without interrupting live services.

Digital twins also provide a playground for security testing. Penetration testers can use your digital twin to map attack paths without anyone noticing. Threat researchers can use them to understand how attacks would propagate through your actual infrastructure.

AI-Powered Security Automation

Once Cy Deploy has mapped your infrastructure and created digital twins, they've unlocked possibilities for other types of automation. Security teams can use AI to identify which systems pose the highest risk, which need patches most urgently, which should be decommissioned rather than maintained.

The platform essentially becomes a foundation for other security automation. Your incident response team can use the digital twin to test their response procedures. Your compliance team can use it to understand your real infrastructure rather than trusting what's in your documentation (which is usually outdated).

For Cy Deploy to win, they need to solve the hardest problem in infrastructure security: getting an accurate, up-to-date view of what exists. If they do that well, other capabilities follow naturally.

Cyntegra: Hardware-Software Synergy Against Ransomware

Most security conversations happen at the software level. Firewalls, endpoint detection, backup software, encryption. All important, all running in software, all susceptible to the same attacks that target the rest of your system.

Cyntegra takes a different approach. They built a hardware-plus-software solution that assumes ransomware will eventually succeed at something most defenders try to prevent entirely: encrypting your data.

Rather than trying to prevent every ransomware attack before it happens, Cyntegra focuses on surviving them. They lock away a secure backup of your system outside of the normal network. When ransomware hits and encrypts everything, your sensitive data is safe somewhere that the attacker can't reach.

The magic is that recovery is fast. Not "restore from backup over the weekend" fast, but "restore the operating system, applications, data, and credentials in under an hour" fast. This matters because the difference between a four-hour recovery and a forty-eight hour recovery is the difference between a contained incident and a company-threatening catastrophe.

The Paradigm Shift

Cyntegra's approach represents a fundamental shift in ransomware strategy. Traditional defense assumes you'll stop all attacks. Cyntegra assumes some attacks will succeed and focuses on being unaffected by them.

This matters because it's honest. Organizations spend millions on ransomware prevention, and ransomware still succeeds at some percentage of targets. Once you accept that prevention isn't foolproof, you can design systems that don't catastrophically fail when prevention fails.

Hardware as the Boundary

What makes Cyntegra's solution work is that the secure backup is stored on hardware that's physically isolated or logically protected in ways that software alone can't protect. A backup stored on a network share can be encrypted or deleted by ransomware. A backup stored on hardware that's managed differently has a better chance of surviving an attack.

This is the opposite of cloud-only thinking. It's saying that some security problems are genuinely solved better by physical architecture than by clever software. You can't ransomware a backup if you can't reach it, and you can't reach it if it's on hardware that's outside your normal network.

HACKERverse: Automated Security Testing That Verifies Vendors Actually Work

Enterprise security tools are expensive and supposedly great at their jobs. Your organization spends hundreds of thousands of dollars annually on endpoint detection and response, threat intelligence, intrusion prevention systems, and a dozen other security products.

How do you actually know they work?

HACKERverse answers this question with a provocative approach: they deploy autonomous AI agents that attack your infrastructure in ways designed to test your security tools. They call it an "isolated battlefield" because the testing happens in controlled sandbox environments.

The agents execute known attack techniques that hackers actually use in the wild. They try to establish persistence, move laterally, exfiltrate data, establish command and control channels, and all the other steps in a real intrusion. Your security tools see these attacks and either catch them or miss them.

HACKERverse shows you the results: which attacks your tools detected, which ones slipped through, and which techniques your existing defenses are blind to.

Trust But Verify

This is genuinely valuable because vendors make claims about their tools that don't always match reality. An EDR tool claims to detect 99% of intrusions. But 99% of intrusions in their lab, against attack techniques they've seen before. Against novel techniques or slightly modified variations, the detection rate might be much lower.

HACKERverse provides evidence. Real attacks, against your real infrastructure, with your real tools, and you see exactly how your defenses perform.

The competitive implications are significant too. If you're a security vendor and a customer runs HACKERverse and finds that your tool misses common attacks, you have a problem. That's pressure to improve detection capabilities, something the entire industry benefits from.

Closing the Assurance Gap

One of the persistent challenges in cybersecurity is the gap between what vendors claim their tools do and what they actually do. This gap isn't always due to deception. Sometimes it's just that vendor testing labs look different from real-world infrastructure. Sometimes new attacks come out that vendors haven't calibrated their tools against.

HACKERverse closes this gap by introducing a continuous verification process. Rather than trusting a vendor's claims or relying on your own manual testing (which is expensive and infrequent), you get automated, continuous verification that your security tools are actually working.

Mill Pond: Detecting the Shadow AI Problem

Here's a scenario that's probably happening right now at your organization: an employee in marketing is using Chat GPT to draft email campaigns. Someone in sales is using Claude to prepare for customer calls. A data analyst is using a lesser-known AI tool to help analyze spreadsheets. A developer just tried some new AI coding assistant.

None of these tools were approved by IT. None of them went through security review. Most of them have access to company data that they've never been trained on and shouldn't have access to.

Mill Pond detects this problem. They identify AI tools that are accessing your networks or your data, whether authorized or not, and they flag the security implications.

This is an entirely new category of security risk. Three years ago, "an employee is using unauthorized software" was annoying and maybe violated licensing agreements. Today, "an employee is uploading sensitive data to an unauthorized AI service" is a potential breach.

Mill Pond's value is in visibility. Most organizations don't know that this shadow AI usage is happening. They have no policies around it because nobody anticipated the problem. Mill Pond shows them the gap.

The Insider Threat Angle

Mill Pond also catches a subset of insider threat cases. An employee uploading large volumes of proprietary data to an external AI service might be malicious, or they might be naive. Either way, it's a security problem that needs attention.

The challenge for Mill Pond is that they're not just selling a security product. They're changing how organizations think about AI. This requires customer education, policy development, and internal conversations that many enterprises aren't ready for.

Governing the AI Workforce

As AI tools become more integrated into daily work, governance becomes essential. Mill Pond is positioning themselves as part of that governance framework. But full adoption might require changes to how security teams think about their role.

Traditionally, security says "no" to unauthorized software. With AI tools, the answer is more nuanced: "yes, but with guardrails." Mill Pond enables that nuance by providing visibility and then letting organizations make policy decisions.

Polygraf AI: Small Language Models Purpose-Built for Security

Large language models are amazing at general-purpose tasks. But they're also expensive, slow, and often overkill for specific problems. Polygraf took a different approach: build small language models tuned specifically for cybersecurity tasks.

What makes this interesting is that smaller models can run locally, on-premise, which matters for organizations that can't send sensitive data to cloud APIs. Polygraf's models can run in your infrastructure, process your internal data, and never leave your environment.

The models are trained on cybersecurity-specific data: threat intelligence, vulnerability reports, attack techniques, logs, and other security-relevant information. This means they understand the context and nuance that a general-purpose model would miss.

Enterprises can use Polygraf models to enforce compliance requirements, protect sensitive data, detect when employees are using unauthorized AI services (interesting synergy with Mill Pond), and even detect deepfakes in security contexts like authentication.

The Efficiency Argument

Small, specialized models have practical advantages beyond just privacy. They're faster than massive general-purpose models. They require less computational resources. They can run on your existing infrastructure without provisioning GPU clusters.

For a security team analyzing thousands of alerts per day, shaving 100 milliseconds off response time per alert actually matters. That's the difference between responding immediately and responding after a backlog builds up.

Compliance and Control

Organizations in regulated industries have strong requirements around data governance. They can't send customer data or proprietary information to cloud AI services, no matter how secure those services claim to be. Polygraf's on-premise models solve this constraint.

For security teams, this means they can deploy AI assistance without violating data governance policies. They can accelerate threat analysis, evidence gathering, and response without needing special approval for each use of an external AI service.

Tru Sources: Real-Time Deepfake Detection and Identity Verification

Deepfakes are getting better faster than defenses are improving. Organizations need to verify that the voice on a call is actually who they claim to be, that a video of a CEO wasn't synthetically created, that an image hasn't been manipulated.

Tru Sources is building detection capabilities that work in real time. Audio deepfakes, video deepfakes, image manipulation, all in a format that integrates into authentication systems and identity verification workflows.

The use cases extend beyond pure security. You could use Tru Sources to verify age in an online transaction, to authenticate identity for sensitive operations, or to detect when synthetic media is being used in fraud.

The Authenticity Crisis

We're approaching a moment where video evidence might not be trustworthy. Where audio recordings can be fabricated by someone with a few minutes of sample audio. Where images can't be assumed to be real.

In this world, tools that can verify authenticity become fundamental. Tru Sources is building that verification layer.

The Technology Challenge

Deepfake detection is genuinely hard because the attackers are using AI to create fakes and defenders are using AI to detect them. It's an arms race where the tools keep improving on both sides.

Tru Sources' advantage is that they're building detection for real-time scenarios. It's one thing to run forensic analysis on a video after the fact. It's another thing to verify authenticity while the video is being transmitted, or to authenticate a user in under a second.

Zest: Intelligent Vulnerability Management Across Clouds and Applications

Vulnerability management sounds simple. Find bugs, patch them, done. In reality, it's chaotic. You have thousands of vulnerabilities across hundreds of applications. Some are critical and need immediate patching. Others are low-risk or don't affect your actual infrastructure. You need to prioritize, but prioritization requires understanding context that's scattered across multiple tools and teams.

Zest approaches vulnerability management as an intelligence problem rather than an inventory problem. They help teams detect cloud security issues, yes, but more importantly, they help teams understand which issues matter most.

This involves understanding your actual infrastructure and applications, not just scanning results. A vulnerability in a database you don't use isn't urgent. A vulnerability in a service that's exposed to the internet is critical. Zest brings this context to bear.

They also unify vulnerability management across clouds and across different applications. Most organizations have vulnerabilities tracked in multiple systems: AWS Security Hub, Azure Security Center, their own SAST tools, their own DAST tools, third-party scanners. Information sprawl makes prioritization nearly impossible.

Zest consolidates this into a single source of truth and applies intelligence to surfacing the issues that actually need attention.

The Prioritization Problem

Most vulnerability scanners have the same design flaw: they find everything and treat everything as equally important. In reality, some vulnerabilities are exploitable and dangerous, others are theoretical and low-risk.

Zest uses data about your infrastructure, your threat model, and active threat intelligence to prioritize. A zero-day vulnerability in a tool you don't use should be lower priority than a known, weaponized vulnerability in something you do use. But your SAST tool doesn't know that distinction.

Scaling Vulnerability Management

At scale, vulnerability management becomes overwhelming. A security team at a large company might get alerts about hundreds of new vulnerabilities per day. They can't investigate all of them manually. They need AI to say "these ten matter, investigate those."

Zest is building that intelligence layer. More mature organizations will be able to operationalize vulnerability management at the scale that modern infrastructure demands.

The Bigger Picture: What These Startups Tell Us About Security's Future

Looking across these nine companies, some patterns emerge about where security is heading.

First, artificial intelligence has moved from "interesting adjacent technology" to "foundational to defense." Not all of these companies are AI-focused, but most of them use AI as a core component. This is because attackers are using AI, and defenders need AI to keep up.

Second, the scope of security is expanding. It's no longer just about malware and network attacks. Security teams now need to think about AI systems, unmanaged shadow tools, deepfakes, and entire new categories of risk that didn't exist three years ago.

Third, automation and autonomy are becoming table stakes. Security teams are overwhelmed with alerts and scanning results. Tools that can autonomously investigate, prioritize, and sometimes even remediate are becoming essential infrastructure.

Fourth, the center of gravity is shifting from prevention to resilience. Perfect prevention is impossible, so organizations are increasingly focused on detecting breaches quickly and recovering from them faster. Cyntegra's ransomware recovery approach is emblematic of this shift.

Fifth, visibility remains the foundation. Cy Deploy's unglamorous asset discovery is as important as any of the more sophisticated tools because you can't defend what you don't see.

The Consolidation Question

One thing most of these startups will face is the question of whether to stay independent or be acquired. Larger security vendors will look at each of these and think about how it fits into their platform. Some founders will want independence and the opportunity to build their own empire. Others will recognize that security tools are increasingly integrated and that the acquirer's distribution network is worth more than staying standalone.

History suggests that some of these companies will be acquired, others will go public, and a few will disappear. The ones that survive will be those that solve problems urgent enough and valuable enough that enterprises will reorganize their security operations around them.

The Market Timing

There's something interesting about the timing of these startups. They're all building for problems that are either just emerging or becoming too big to ignore. Mill Pond's shadow AI problem barely existed two years ago. AIM's focus on AI-enabled attacks might seem premature until you remember that major nations are investing in AI-powered cyberwarfare.

Timing matters enormously in security startups. Too early and the problem isn't real enough yet. Too late and incumbents have already solved it. These nine companies seem to have timed their entry well.

How to Evaluate These Solutions for Your Organization

If you're a security leader considering whether any of these startups' solutions fit your needs, here are some questions to ask.

First, does the startup solve a problem that's actually costing you time or money today? If you're already handling asset discovery fine, Cy Deploy might be less urgent than if you're struggling to maintain an accurate inventory.

Second, does the solution require organizational change? Some of these tools require new processes, new skills, or new governance frameworks. Corgea requires developers to review AI-generated fixes. Mill Pond requires new policies around shadow AI. Make sure you're prepared for that organizational lift.

Third, does the startup play well with your existing tools? An integration-friendly approach will get faster adoption than a tool that requires ripping out everything you're currently using.

Fourth, what's the sustainability of the business model? Security startups sometimes struggle with unit economics. If the startup is charging per asset scanned and you have millions of assets, costs can spiral. Understand the pricing model and project forward.

The Importance of Startup Velocity in Security

One reason these startups are competitive with incumbent vendors is pure velocity. A startup can iterate on a problem and release improvements every two weeks. Larger vendors have slower release cycles, more complex approval processes, and more legacy code to maintain.

For a startup tackling an emerging problem like AI security or shadow AI detection, that velocity matters tremendously. By the time a major vendor has a solution for the problem, the startup might already have customers and data and feedback that makes their solution substantially better.

The question for enterprises is whether they're willing to adopt newer, smaller vendors in favor of feature velocity and fit. As problems become more specialized and more important, the answer increasingly seems to be yes.

Conclusion: Building Toward the Next Era of Cybersecurity

The nine startups highlighted here represent different approaches to different problems, but they share a common insight: security needs to evolve faster than it's currently evolving at established vendors.

The threat landscape is changing dramatically. Attackers are smarter, better funded, and increasingly using artificial intelligence. The attack surface is expanding with cloud adoption, microservices architecture, and employee use of unauthorized tools. The problems that dominated security in 2015 (stopping malware, patching known vulnerabilities) are still problems, but they're no longer the only problems or even the most pressing problems.

New companies are emerging to address the gaps where incumbents are slow to move. Some will succeed. Others will be acquired. A few might even become the vendors that smaller startups disrupt in fifteen years.

For security leaders, the key takeaway is that the market is actively innovating on the hardest problems you face. Asset discovery, code remediation, vendor verification, AI security, deepfake detection, intelligent vulnerability management, ransomware recovery, and detecting shadow AI usage are all problems that startups are now solving better than the market previously could.

This doesn't mean you should adopt every new startup solution. But it does mean you should pay attention to what they're building, understand whether their solutions address gaps in your current security program, and be willing to integrate new approaches when the value is clear.

The best security programs are usually hybrids: foundational infrastructure from larger, stable vendors combined with specialized solutions from startups solving specific problems in innovative ways. These nine cybersecurity startups represent the future of that hybrid approach.

The question isn't whether to adopt startups or stick with vendors. The question is which specific problems matter most to your organization, and where are the best solutions being built today. For cybersecurity in 2025, more and more of the best solutions are coming from founders who left larger companies, saw a problem nobody was solving well, and decided to build something better.