Ballistic Ventures

Context: Ballistic is a cyber-ONLY mission fund — every dollar is mandated to cybersecurity companies. init.inc is AI-ITSM, not cybersecurity. The init.inc relationship is a DORMANT relationship-track contact (warm via Ross Corey→Ted Schlein). Ballistic’s recent thesis skews to AI-for-security / AI-governance (WitnessAI, Noma, Native Security, Armadin), adjacent to — but distinct from — init’s IT-agent governance story.

Firm Profile

• What they back: Exclusively cybersecurity and cyber-adjacent companies — “the venture capital firm dedicated exclusively to funding and incubating entrepreneurs and innovations in cybersecurity.” A self-described “mission fund” (Perlroth: “Ballistic was not another venture fund; it is a mission fund dedicated to fixing one of the most complex challenges of our digital era”). Heavy incubation DNA — they incubate companies in-house (WitnessAI was their first publicly announced incubation; GetReal Security was incubated with Hany Farid).
• Stage focus: Pre-seed → seed → seed-plus → Series A. Strong early-stage/incubation orientation; they lead. ^[Peony cyber-investor guide pins the sweet spot at pre-seed/seed]
• Typical check: ~$2M–$10M at entry (per Peony 2026 cyber-investor survey) — but with very large follow-on capacity in flagship deals (led Armadin’s seed with “our biggest check ever” per Jake Seid; Armadin total seed+A = $189.9M).
• Fund sizes & vintage:
  • Fund I — $300M (debut; announced/launched 2022; firm founded 2021). Named SC Media “Investor of the Year” 2023.
  • Fund II — $360M, closed March 2024, oversubscribed (TechCrunch: raised in only ~2 years).
  • **New vehicle — ~$100M\ast \ast ,\ast raisingasofApril2025\ast (TechCrunch;Peonycallsita"$100M new vehicle”). ^[in-progress / size is the target, not a confirmed close]
• Portfolio size: ~18–25+ companies since launch (sources range 18 → “over 25”; ~20 is the safe order of magnitude). ^[ambiguous — count varies by source/date]
• Geography: San Francisco HQ; LinkedIn lists firm presence in Spain and Israel (cyber talent hubs). US-centric portfolio.
• Structure: Partnership of five Founding Partners, each an accomplished cyber operator/founder/investor — a deliberately operator-heavy bench. Distinctive model: “every partner is dedicated to supporting every portfolio company” (not the one-partner-per-deal model). BallisticX is their portfolio-services platform + advisory board (launched Sept 2022). Strategic advisors include Gen. Paul Nakasone (ret.) (former NSA/Cyber Command director, OpenAI board member).
• IC dynamics: Not public. Five founding GPs + a few venture/strategic partners → a lean, conviction-driven partnership where the founding GPs decide; small enough that no heavy formal IC gauntlet is implied. ^[inferred from firm size + operator-GP structure]
• TAM framing they cite: Global cybersecurity TAM projected at $1.5–2T (≈10× the current vended market), per McKinsey — the tailwind narrative behind Fund II.

Partners

Link discipline: only roster entities get wikilinks. The other founding partners are cyber operators outside init’s investor roster → plain text (each ^[needs-page] if later added).

• Ted Schlein — Founding GP & Chairman (and concurrent GP at Kleiner Perkins). The marquee cyber VC; the warm-path target. THE relationship node for init.
• Kevin Mandia — Founding GP; founder/ex-CEO of Mandiant (sold to Google for ~$5.4B). Most operationally famous partner; founded Armadin (Ballistic portfolio, 2026). ^[needs-page]
• Barmak Meftah — Co-founder & GP; ex-President of AT&T Cybersecurity / ex-CEO AlienVault. Led Zip Security. ^[needs-page]
• Jake Seid — Co-founder & GP; ex-Lightspeed MD, founder of Stone Bridge Ventures; led Native Security. ^[needs-page]
• Roger Thornton — Co-founder & GP; founder/CTO of Fortify Software and AlienVault (i.e., Roger built Fortify, the company Ted Schlein founded/ran as CEO — a 20+ year partnership). ^[needs-page]
• Nicole Perlroth — Venture Partner (expanded role 2024; advisor since inception); ex-NYT lead cybersecurity reporter, author of “This Is How They Tell Me the World Ends.” ^[needs-page]
• Phil Venables — Venture Partner (joined 2025); ex-Google Cloud CISO, ex-Goldman Sachs CISO; governance/board expertise. ^[needs-page]

Recent pre-seed/seed activity (Pass-1 sketch — ≤5 deals; exhaustive pull is Pass 2)

Ballistic leads/co-leads early-stage cyber rounds, frequently in AI-native security (the cluster most thematically adjacent to init’s would-be governance angle):

• Armadin — $189.9M combined Seed + Series A, Mar 2026. Ballistic led the Seed (their biggest-ever check); Series A led by Accel; participation Kleiner Perkins, GV, Menlo, In-Q-Tel, 8VC. Largest combined early-stage raise in cyber history. Kevin Mandia’s own AI red-teaming co. (signature deal). ✅
• WitnessAI — **$27.5MSeriesA\ast \ast ,May2024,\ast \ast co-ledbyBallistic+GV.\ast \ast Ballisti{c}^{\prime }s\ast \ast firstpubliclyannouncedincubation\ast \ast ;AIsecurity/governance("secureAIusage,"agenticAIgovernance).\ast \ast Mostinit-relevantdeal\ast \ast —seeCross-check.(Laterraised$58M led by Sound Ventures, Jan 2026.) ✅
• Native Security — $42M, Mar 2026, Ballistic-led (blog by Jake Seid). Secure-by-design multi-cloud; thesis = security as business enablement, AI attacking “at machine-scale and speed.” ✅
• Noma Security — $32M combined Seed + Series A, exited stealth Oct 2024; Ballistic led the Series A. Secures the AI development lifecycle / AI-SPM. ✅
• Zip Security — $13.5M Series A, Jul 2025, Ballistic-led (Barmak Meftah). “Rippling/Square for cybersecurity” for SMB/mid-market — automated, AI-powered security for the long tail. (Co-investors: General Catalyst, Human Capital, Silver Buckshot, Mantis, BoxGroup.) ✅

Full source-tagged data → /Users/sazzad14/seed-market-scan/firms/ballistic-ventures.csv.

Best data channels for this firm

• Ballistic’s own site (ballisticventures.com/why-we-invested-in-… “Why we invested” blog posts + /team/) — best primary source. They publish a named-partner thesis post per deal (states lead/co-lead, amount, the actual investing partner). Highest-signal channel.
• PR Newswire / Business Wire — Ballistic announces fund closes + portfolio rounds via wire; reliable on amount/date/lead set (Armadin, RSAC).
• TechCrunch (Schlein-beat) — best for fund-level news (Fund II $360M,the$100M new vehicle).
• LinkedIn (Ballistic company page + partner posts) — gold for who-led + co-investor sets, often before press (Armadin, Zip).
• Peony / Cybersecurity Ventures who’s-who — useful for check-size + stage positioning framing, not per-deal facts.
• Weak: generic aggregators understate Ballistic’s incubation/lead role; cross-check role against the firm’s own “Why we invested” post.

Fundraise Relationship (init.inc)

• Status: ⚠️ DORMANT. Ballistic’s mandate is cyber-only; init.inc is AI-ITSM — a thesis mismatch. The relationship is via Ross Corey’s personal connection to Ted Schlein. Ted is a storied, well-networked cyber operator (CISO/CIO relationships, intelligence-community ties).
  • Conditions that would make engagement relevant: (1) init develops a security/governance narrative for IT agents — agent identity & scope, least-privilege/permissioning, audit trails, blast-radius containment, change-control safety (the WitnessAI / agent-governance turf Ballistic funds); or (2) a future round has room for a strategic cyber-credentialed backer where Ted’s network/brand is the value-add. Ballistic’s own framing: security as business enablement, machine-speed risk.
• Conversation log (newest first):
  • 2026-05 (status: New) — Ross Corey has a personal connection to Ted Schlein; logged as a warm contact, not yet engaged. No touchpoint made. (From CRM seed.)
• Mutual connections / warm path: Ross Corey → Ted Schlein (personal connection; the only edge). Secondary: Ted’s dual role at Kleiner Perkins means he sits inside a firm init is already engaging (via the Kushal→Leigh→Nadia thread) — but do not conflate: Ted is KP’s security legacy partner, not on init’s live KP thread, and KP and Ballistic are separate vehicles.
• Personal & rapport notes (firm-level): Mission-driven (“moral responsibility,” “digital sovereignty”), operator-led, urgency-coded culture. They prize founders who built in cyber. Every-partner-on-every-deal model means a relationship with Ted ≈ access to the whole bench (Mandia, Meftah, etc.).
• Live stage: tracked in the CRM (DORMANT / New) — not duplicated here.

Cross-check vs existing wiki

• Competitor cap-table status: ✅ CLEAN. A vault-wide grep finds no Ballistic Ventures exposure on any init.inc competitor cap table (Ballistic appears only in ross-corey.md, the connector stub — expected). Cyber-only mandate ≠ AI-ITSM, so this clean result is consistent with thesis. No conflict flag.
• Ted Schlein / Kleiner Perkins overlap: Kleiner Perkins’s page already lists Ted Schlein as “Partner & advisor (security legacy)” and “founders/senior partners incl. … Ted Schlein.” ✅ Consistent — Ted is a current GP at BOTH firms. No contradiction; the two firms are distinct vehicles and Ted is not on init’s live KP thread (that’s Leigh/Nadia).

Related

• Ted Schlein (founding GP & Chairman — the warm-path node)
• Ross Corey (connector — personal tie to Ted)
• Kleiner Perkins (Ted’s concurrent firm; init’s separate live thread runs through Leigh/Nadia, not Ted)

Pass 2 deal pattern (2026-05-25)

Verified 18–24mo deal list (Nov 2024 → May 2026): 7 in-window deals (CSV holds 10 rows; 3 — Mimic, SpecterOps, Reach — are pre-window context rows kept for pattern continuity). Net-new this pass: 4 (Above Security, BreachRx, Root Evidence, Gomboc AI); the SpecterOps row was also upgraded ❓→✅ via firm post. WitnessAI was removed from the in-window set (its Ballistic-co-led round was May 2024, pre-window; the later $58M was not Ballistic-led).

Pattern / cadence / check. Steady ~one lead deal every 1–2 months, cyber-only, and Ballistic almost always leads or co-leads the early round (often the seed, sometimes a Series A or an A-extension tranche). Entry checks cluster in the $8M–$50M band — small seeds (Gomboc $8Mtranche,RootEvidence$12.5M) up to large category-defining rounds (Native $42M,Above$50M), with the outlier Armadin $189.9M combined seed+A (their own GP’s company). The thesis visibly skews AI-native security / AI-governance: insider-risk + agentic behavior (Above), incident response (BreachRx), AI cloud remediation (Gomboc), vuln prioritization (Root Evidence) — the cluster that rhymes with init’s IT-agent governance angle but is still squarely cyber. Each founding partner sources their own deals (Roger Thornton → Root Evidence/Gomboc; Phil Venables → Above; Barmak Meftah → Zip/Reach; Kevin Mandia → BreachRx board/Armadin) under the “every partner on every company” model.

Best data channel. The firm’s own ballisticventures.com/why-we-invested-in-… “Why we invested” posts are the single highest-signal source — each names the investing partner, the amount, and lead-vs-co-lead, usually on announcement day. Cross-corroborated by PR Newswire / Business Wire / Axios for amount/date/co-investor set. Generic aggregators understate Ballistic’s incubation/lead role → always trust the firm post on role.

⚠️ Off-thesis / DORMANT for init — this deal pattern confirms a hard cyber-only mandate; recorded for relationship-track reference only, consistent with the fit verdict above. No new competitor cap-table exposure surfaced.