Overview

SafeBase was a San Francisco-based B2B SaaS company founded in 2020 by Al Yang and Adar Arnon through Y Combinator's Summer 2020 batch. The company built the "Smart Trust Center" — a platform that allowed software vendors to proactively publish their security and compliance posture to prospective customers, replacing the slow, manual back-and-forth of security questionnaires that routinely stalled enterprise sales cycles.

This is not a failure story. SafeBase identified a genuine, structurally underserved pain point, built a product with an embedded viral loop, and scaled to over 1,000 customers — including one-third of the Cloud 100 — before being acquired by compliance automation platform Drata for $250 million in February 2025. The outcome is a textbook category-creation exit.

On $51.1 million in total funding and 55 employees at its peak disclosed headcount, SafeBase achieved a 98% gross retention rate and grew from zero to 1,000+ enterprise customers in under five years. The acquisition validated the "Trust Center" as a distinct, defensible product category rather than a feature that larger platforms would absorb for free — and it rewarded founders who stayed lean, moved fast on AI, and named a market before anyone else did.

Founding Story

Al Yang came to the security review problem through direct experience, not market research. At his prior company Medumo — a healthcare communication platform that was acquired by Philips Health — Yang encountered the same friction that plagues nearly every B2B software vendor: enterprise prospects demanding detailed security documentation before signing contracts, and no efficient way to provide it. The process was entirely manual. Security teams assembled spreadsheets, legal teams negotiated NDA terms, and sales cycles stretched for weeks over paperwork that should have taken hours. ^[1]

Yang brought that frustration into his next venture. He had spent five years in Wall Street technology M&A before turning to entrepreneurship, and by the time he founded SafeBase, he had already seen two companies through to acquisition. ^[2] The pattern recognition was clear: security reviews were a tax on every B2B sales cycle, and no one had built a purpose-built solution to eliminate it.

His co-founder Adar Arnon brought a complementary profile. Arnon had led R&D in IDF Unit 8200 — Israel's elite signals intelligence unit, which has produced a disproportionate share of enterprise security founders — and held a joint MS/MBA from Harvard, where the two met. ^[3] Arnon's framing of the problem was direct: "Implementing good security controls as you're a growing company is very hard, and it's always under-invested." ^[4] The traditional review process, he said, was "super manual, and that's what we decided is worth solving." ^[5]

The two entered Y Combinator's Summer 2020 batch during the pandemic — a cohort that ran entirely remotely. The timing proved fortuitous: COVID-19 had accelerated enterprise software adoption and, with it, the volume of security reviews that vendors faced. Companies that had previously conducted in-person security audits were suddenly demanding digital documentation at scale.

A third co-founder, Stan Chang, is listed in third-party databases but is absent from all official press releases, the YC company profile, and every subsequent funding announcement. ^[6] His departure date, equity stake, and circumstances are not publicly known.