About Runtimekindle
We built the tool we kept wishing existed while working on K8s security at scale.
In late 2022 and into 2023, Yael Cohen watched engineering teams lose entire sprints to runtime incidents that eBPF-based instrumentation could have surfaced in minutes — but every available tool required a sidecar in every pod, a kernel module that scared off platform teams, or both. Runtimekindle exists to close that gap without the deployment tax.
The origin
Static analysis counts packages. The kernel counts what actually runs.
Yael Cohen spent four years building security infrastructure at a cloud platform team. The pattern she kept seeing in late 2022 and 2023: growing SaaS teams migrating to Kubernetes would deploy a container scanner, get back 400 findings, and spend a sprint triaging — only to discover that most of the flagged libraries were never executed by a running process. The tooling that could have resolved this in minutes required either a sidecar injected into every pod or a kernel module that required privileged access and triggered a platform team security review. Neither was acceptable for the engineering teams she worked with.
She left to build Runtimekindle in early 2023: an eBPF-based security agent that installs with a Helm chart, has no sidecar, requires no kernel module, and correlates kernel-level runtime signals with CI-generated SBOMs. The product launched in October 2023. We are not a compliance automation platform that wraps existing scanners — we are an AppSec tool that gives your engineers deterministic, kernel-sourced answers about what is actually reachable in production.
Runtimekindle is based in San Francisco at 535 Mission Street. In October 2025, we closed a $925K angel round to accelerate product development and expand our early engineering team. We are building deliberately, focused on the teams who need runtime clarity.
Team
The people behind Runtimekindle
Yael Cohen
Founder & CEO
Spent four years building security infrastructure at a cloud platform team before founding Runtimekindle in 2023. eBPF contributor and kernel security researcher. Founded Runtimekindle to solve the runtime blind-spot problem she kept running into at growing SaaS companies.
Marcus Webb
VP Engineering
10 years building distributed systems at infrastructure companies. Joined Runtimekindle to work on the eBPF scalability challenges that make most runtime agents impractical beyond 50 nodes — high-frequency syscall capture with sub-2ms P99 overhead at production carriage loads.
Priya Nair
Head of Security Research
Former security researcher focused on container escape techniques and supply-chain attack vectors. Leads threat intelligence and detection rule development at Runtimekindle. Contributor to CycloneDX specification working group.
David Scharfe
Head of Customer Engineering
Spent 8 years in platform engineering at SaaS companies before joining Runtimekindle. Owns the technical onboarding experience — most customers reach their first runtime detection event in under 20 minutes using his Helm guides and cluster preflight checks.
What We Are — and What We're Not
AppSec for engineering teams who operate K8s in production
We are not a compliance automation SaaS that wraps existing scanners behind a dashboard. We are not a network security product. We do not sell endpoint detection and response (EDR) for desktops or virtual machines. We are not SIEM.
Runtimekindle is an AppSec platform built specifically for cloud-native engineering teams running Kubernetes workloads. Our data plane is an eBPF agent that reads kernel syscall events without modifying your applications or your kernel module policy. Our value is the correlation layer: runtime-time reachability data applied to CI-time SBOM findings, so your engineers fix the vulnerabilities that are actually exploitable in your production environment.
Company Facts
Quick overview
San Francisco, CA 94103
Want to talk to us directly?
Reach Yael at [email protected] or use the contact form for a technical conversation about your environment.