Tomas Brown Wants RiskFront Lab to Own the Moment Between Build and Production
For RiskFront Lab CEO Tomas Brown, the opportunity is not simply to sell another security product. It is to claim a specific operating moment in the mobile software lifecycle: after an ap...
Full Story
For RiskFront Lab CEO Tomas Brown, the opportunity is not simply to sell another security product. It is to claim a specific operating moment in the mobile software lifecycle: after an app is built, before and during production exposure, when security teams must decide what protections, policies, evidence, and response paths are attached to a real release.
RiskFront Lab has raised $3M from MANTIS Venture Capital, Sequoia Capital, Original Capital, and Next Play Ventures to build around that moment. The company is focused on post-build mobile app protection for Android and iOS releases, combining runtime defense with AI-assisted review workflows for AppSec, mobile engineering, risk, support, and audit teams.
"Mobile teams are being asked to ship faster while attackers keep moving closer to the runtime," Brown said in a draft statement prepared for the announcement. "RiskFront Lab is built to help teams protect the app package, understand the signals coming from real devices, and turn those signals into evidence without taking control away from the people responsible for the release."
That positioning is deliberately operational. RiskFront Lab is not presenting mobile defense as a one-time scan or a dashboard of abstract risk. The platform is designed around build intake, policy selection, runtime controls, protected release records, event routing, and review evidence tied to specific app versions.
Its runtime controls can address tampered packages, patched libraries, unexpected signatures, debugger activity, hooking frameworks, root and jailbreak states, emulators, automation, risky proxy conditions, and sensitive screen behavior. Its response model allows teams to decide when an event should warn a user, block a session, limit a feature, create a review task, or escalate to a human team.
The AI layer is meant to make that workflow easier to operate. It can group related events, draft release-ready notes, suggest severity and ownership, and highlight policy gaps. RiskFront Lab's materials emphasize that AI suggestions remain connected to customer-approved rules and human review, which is important for companies handling payments, identity, healthcare access, or paid content.
The go-to-market path is likely to start with teams that already know mobile runtime abuse is not theoretical. A single high-risk app, release review, or protected workflow can serve as the first use case. From there, the company can expand into production coverage, telemetry routing, portfolio governance, and deeper enterprise integrations.
With investors including MANTIS Venture Capital, Sequoia Capital, Original Capital, and Next Play Ventures, RiskFront Lab now has fresh capital to turn that wedge into a repeatable motion.