all case studies

Scaling AppSec Without Scaling Headcount

How Rapyd Used Kodem to Shift from Volume to Impact

Rapyd, a global fintech platform operating in over 100 countries, partnered with Kodem to modernize its application security program. Faced with mounting vulnerabilities and a shortage of specialized AppSec talent, Rapyd needed more than another scanner—it needed a platform that could think like an expert. Kodem delivered measurable reductions in triage time, rework, and risk exposure by focusing on what attackers can actually exploit.

partner
published on
July 10, 2025
topic
Application Security

About Rapyd and Leadership

Rapyd's mission is to simplify global commerce through a single platform for payments, disbursements, and digital wallets across 100+ countries.

Nir Rothenberg, Rapyd's Chief Information Security Officer, leads the company's global security program. Nir brings a rare blend of offensive and enterprise security experience from NSO Group and the Israeli cybersecurity ecosystem. He is recognized for building high‑performance, outcome‑driven security functions in complex, cloud‑native environments.

"Most security tools are gym memberships. Kodem is the personal trainer actually helping us get fit."
Nir Rothenberg
CISO, Rapyd's

Client Context

  • Company: Rapyd
  • Headcount: 800+
  • AppSec Stack (Pre‑Kodem): Wiz, Orca, Arnica, Semgrep, custom PR gating
  • Security Engineering Team Size: Lean, high‑leverage model

The Problem

Traditional AppSec tools assume you have time and talent. Rapyd had neither to spare.

Nir needed to scale security outcomes without scaling headcount. But AppSec required deep language-level understanding, compiler behavior, and security nuance. That combination was rare and hard to hire.

At the same time, Rapyd faced:

  • A flood of low-context CVEs from multiple layers
  • Engineers blocked by generic PR security gates
  • AppSec engineers spending 30–40% of their time on false positives
"AppSec requires you to understand compilers, language internals, and real‑world exploits. That expertise is hard to find. I needed a tool that could share the burden and reduce the burden on the team."
Nir Rothenberg
CISO, Rapyd's

The Kodem Solution

Kodem delivered full‑stack exploit intelligence that absorbed complexity so Rapyd's experts could focus on high‑value work.
eBPF‑powered runtime analysis confirming actual code execution
Attack path modeling across code, container, OS, and memory
Reachability‑based PR gating tied to real exploitability
Unified dashboard and API for shared security and engineering context

Why Kodem Over Other Options

Rapyd evaluated emerging runtime vendors including Oligo and Sweet Security. Those tools surfaced production data but still left engineers to map exploits back to code. Kodem was the only platform that:

  • Connected runtime insight directly to line‑of‑code reachability
  • Automated exploit path mapping across layers without agents
  • Provided actionable context fast enough for developer workflows
Result:
Proof of value in days, not weeks, and lower operational overhead than competing tools.

Outcomes and Measured Value

33–47%

reduction in PR rework due to clearer, contextual enforcement
Developer efficiency

Improved merge velocity and reduced cross-team friction

>90%

of scanner-detected CVEs were proven not exploitable
Risk posture improvement

Runtime monitoring helped mitigate zero-day classes without prior knowledge

>40%

time savings for AppSec team in triage
Operational efficiency

Reduced tool sprawl by consolidating code and runtime context in one platform

Kodem filled gaps in AppSec expertise, automating what once required specialists
Security team leverage

Engineers focused on real issues, not CVSS-driven noise

"Wiz made infra security feel easy. Kodem is doing the same for AppSec—it tells us what attackers can actually reach."
Nir Rothenberg
CISO, Rapyd's

Why It Worked

Kodem didn't just show Rapyd where vulnerabilities were. It showed them which ones could actually be hit and absorbed the technical burden required to figure that out.

  • Simplified workflows for engineers and security
  • Clear prioritization without requiring deep AppSec knowledge
  • Strategic alignment between developers, security, and product
"I did not need another dashboard. I needed a system that could think like my best AppSec hire. Kodem delivered that."
Nir Rothenberg
CISO, Rapyd's

Looking Ahead

Rapyd continues to partner with Kodem to expand into API security and memory-level exploit tracing. Nir plays an active role as a strategic design partner and GTM advisor, helping Kodem shape its roadmap for high-growth, cloud-native security teams.

Platform Overview Video

Watch our short platform overview video to see how Kodem discovers real security risks in your code at runtime.

5.1k
Applications covered
1.1m
False positives eliminated
4.8k
Triage hours reduced

A Primer on Runtime Intelligence

See how Kodem's cutting-edge sensor technology revolutionizes application monitoring at the kernel level.

5.1k
Applications covered
1.1m
False positives eliminated
4.8k
Triage hours reduced

The State of the Application Security Workflow

This report aims to equip readers with actionable insights that can help future-proof their security programs. Kodem, the publisher of this report, purpose built a platform that bridges these gaps by unifying shift-left strategies with runtime monitoring and protection.

Get real-time insights across the full stack…code, containers, OS, and memory

Watch how Kodem’s runtime security platform detects and blocks attacks before they cause damage. No guesswork. Just precise, automated protection.