We built Oplane because the old way of security can't keep up
Security expertise built for AI-first engineering teams, by people who lived the problem.
- Founded
- 2022
- HQ
- Malmö, Sweden
- Team
- 8 and growing
Security is moving from periodic to continuous
For decades, security was a project. You did a threat model. You ran a pen test. You wrote a Google Doc. Then you went back to building. The artifact lived on a shelf. The architecture moved on without it.
That model held when releases were rare. It can't hold now. Code merges daily. Agents write more of it than humans do. AI-first products are shipping faster than any security team can review them.
The shift isn't about adding more tools. It's about turning security expertise into something that runs at the speed of the code.
We spent years doing threat modeling manually
Before Oplane, we ran security programs at scale-ups and enterprises. We tried everything to make secure development work: consultants, tons of documentation, Slack threads, ChatGPT prompts, dedicated security architects. None of it scaled.
Security teams blamed developers for not caring enough about security. Developers blamed security for not understanding the system. Both were right, partially.
The real problem was that the tooling everyone needed didn't exist yet. The industry had code-level scanners and compliance checklists, but nothing that could reason about architecture continuously.
So we built it. A system that understands how your software is actually built, keeps the threat model alive as code changes, and gives actionable guidance to the people shipping features every day.
How we think about the problem
These aren't platitudes. They're engineering decisions that shaped the product from day one.
Security expertise should be software
Not a Slack channel. Not a consulting engagement. Software that encodes what the best architects know.
Continuous beats periodic
A threat model that's two weeks old is already wrong. Security analysis must run with the code, not after it.
Architecture is the unit of risk
Code-level scanners catch patterns. Architectural threat modeling catches what scanners structurally cannot.
AI changes the threat model
Agents, MCP servers, and AI-generated code introduce risks that legacy tooling wasn't built for.
Engineering teams are the user
Not the buyer. Not the auditor. The people shipping features every day are who the tool must serve.
The people behind Oplane
Security engineers, product builders, and ML researchers, brought together by the same frustration.
Emil Kvarnhammar
15+ years of entrepreneurial experience in cybersecurity and threat modeling with 50+ organizations. Previously Deputy CEO of TrueSec, helped grow the company from 16 to 100+ employees.
Oscar Andersson
15+ years in cybersecurity development and entrepreneurial experience. StackOverflow #79 of 28M developers.
Anders Söderling
20+ years in tech with 9 years entrepreneurial experience. Tech Co-founder of Position Green, acquired by Norvestor in 2021.
Dag Sonntag
PhD in machine learning with startup founder experience. Previously Data Scientist at ASML working on ML-based SAST.
Peter Kleine
Experienced product designer focused on creating intuitive and beautiful user experiences for complex technical products.
Magnus Robertsson
Experienced system and solution architect with a flair for entrepreneurship. Frequent conference speaker who brings agile methodology and high-quality engineering to every team he works with.
Carl Fagerlin
Deep roots in cloud architecture, IoT, and large-scale distributed systems — from smart homes and smart locks to global cloud governance at IKEA, ASSA ABLOY, and Axis. Has worked with agents since they emerged, and helps customers turn agentic threat modeling into real-world security outcomes.
Ben Hutchison
Application security strategist focused on secure software development programs and maturity assessments. Co-author of multiple BSIMM annual reports and the P-SSCRM framework, with a decade-plus advising security teams on SSDLC, SSDF, and security champions programs.
Backed by investors who back deep-tech for the long run
Backed by Seed Capital and Icebreaker.vc, with private investors who've built and scaled deep-tech companies before.
Private investors
Security that runs at the speed of your code
Built by people who lived the problem. Now it's software.