Search
Close this search box.

Formal Raises $5.8M to Give Security Teams Control Without Slowing Down Innovation

It’s a testament to the trust we’ve built with early customers, and the confidence investors have in Formal’s vision and ability to execute. We’re excited to continue our work in simplifying and securing data access for enterprises.

At just 24, Mokhtar Bacha’s story is already one of ambition, pivots, and execution in the world of data security. From his early days as a software engineer at Consensys, working on some of the earliest Ethereum projects, to founding Formal—a security startup aimed at tackling the growing complexity of data access in the cloud—Bacha has proven that sometimes, the best solutions come from the most unexpected of journeys.

Formal wasn’t always the company it is today. It began as Maytana, a cash management platform designed for multinational startups. But as Bacha immersed himself deeper into the world of security and data, he realized the problem he truly wanted to solve: how to manage and secure access to sensitive data in a rapidly evolving tech landscape. The problem wasn’t just technical—it was structural. The explosion of modern data stacks, AI, and cloud tools had left security teams scrambling, often relying on outdated systems that failed to keep pace with the growing complexity of the infrastructure they were meant to protect.

So, at just 19, Bacha took a bold step. He applied to Y Combinator as a solo founder and pivoted Maytana into what would become Formal. His vision: a security product that would be both scalable and adaptable, giving security teams the control they needed without slowing down the pace of innovation.

A Reverse Proxy for Modern Data Security

At its core, Formal is a reverse-proxy for data stores and APIs that allows security teams to enforce access policies without disrupting workflows. But what sets it apart is its ability to operate as an abstraction layer, integrating seamlessly with the underlying data infrastructure.

When Formal’s technology is deployed within a company’s virtual private cloud (VPC), it logs every request made to data stores like Postgres, MySQL, or Snowflake, and applies granular security policies at the network layer. This allows security teams to enforce dynamic policies, such as masking data or enforcing row-level restrictions, automatically and without needing to reconfigure each individual tool.

“Formal acts as the middle layer between your applications and your data stores, and that’s where it really shines,” Bacha explains. “With just a single deployment, you can manage all your access policies in one place, and it doesn’t matter if you add or remove a data store—no new configurations are needed. Everything just works.”

A $5.8M Seed Round

After months of refining the product and validating the market, Formal reached a significant milestone: a $5.8 million seed round led by Thrive Capital. This was more than just financial backing—it was a recognition of Formal’s innovative approach to solving one of the most pressing issues in modern enterprise security.

Along with Thrive Capital, the round saw participation from Y Combinator, Abstract Ventures, Kima Ventures, and an impressive list of angel investors, including Alexis Lê-Quôc and Charles Gorintin, co-founders of Datadog, Mathilde Collin (CEO of Front), and Aaron Katz (former Snowflake executive). Formal’s early customers, including Gusto, Notion, and Ramp—companies known for handling sensitive data like HR records and financial statements—further validated the product’s potential. These early adopters showed that Formal wasn’t just another theoretical solution, but one that was already providing tangible value.

“The seed round isn’t just a financial achievement for us,” Bacha says. “It’s a testament to the trust we’ve built with early customers, and the confidence investors have in Formal’s vision and ability to execute. We’re excited to continue our work in simplifying and securing data access for enterprises.”

The Problem Formal Solves

Security teams today face an impossible task: protecting sensitive data while ensuring that employees, engineers, and applications have the access they need to do their jobs. Data is flowing faster than ever, across more applications, systems, and users. What’s more, traditional security tools and manual processes are ill-suited to handle the scale and speed of modern operations.

Formal addresses this issue by decoupling security policies from the underlying infrastructure. Instead of embedding policies directly into each data store or application, Formal places policy enforcement at the network layer, ensuring that every request is checked against a unified set of rules. This allows security teams to focus on setting up the rules once and enforcing them across their entire stack.

What’s more, Formal makes it possible for security teams to define policies in a single language and apply them across an entire organization—no matter how many data stores or tools are in use. It automatically logs all requests, classifies sensitive data, and generates audit logs for compliance and oversight. This visibility is paired with a powerful policy engine, which allows teams to implement fine-grained control over who can access what data and under what conditions.

The Vision for the Future

As Formal continues to grow, its mission remains clear: to give security teams the visibility and control they need over modern data environments, without the headaches of manual configuration and complex, outdated tools. The company is uniquely positioned to capitalize on the increasing complexity of enterprise data, which has become a sprawling web of interconnected services and cloud-based tools.

“Data is no longer just a storage issue—it’s a security issue,” says Bacha. “And we want to solve that. By taking a fresh approach to how access policies are enforced, we’re making it easier for organizations to secure their data while enabling them to innovate at speed.”

Picture of Anshika Mathews
Anshika Mathews
Anshika is an Associate Research Analyst working for the AIM Leaders Council. She holds a keen interest in technology and related policy-making and its impact on society. She can be reached at anshika.mathews@aimresearch.co
Subscribe to our Latest Insights
By clicking the “Continue” button, you are agreeing to the AIM Media Terms of Use and Privacy Policy.
Recognitions & Lists
Discover, Apply, and Contribute on Noteworthy Awards and Surveys from AIM
AIM Leaders Council
An invitation-only forum of senior executives in the Data Science and AI industry.
Stay Current with our In-Depth Insights
The Most Powerful Generative AI Conference for Enterprise Leaders and Startup Founders

Cypher 2024
21-22 Nov 2024, Santa Clara Convention Center, CA

25 July 2025 | 583 Park Avenue, New York
The Biggest Exclusive Gathering of CDOs & AI Leaders In United States
Our Latest Reports on AI Industry
Supercharge your top goals and objectives to reach new heights of success!
Join AIM Research's Annual Subscription Today

Unlock Unlimited AI Insights for Just $9999!

50+ AI and data science reports
All new reports for the next 12 months
Full access to GCC Explorer and VendorAI
Stay ahead with cutting-edge insights