How Terra Security Hit $1M ARR in One Quarter

Shahar Peled went from idea to $30M Series A and 35 employees in under a year. His weapon: an agentic AI pen-testing platform that replaced manual security consultants. Here's the exact playbook he used.

Key Facts

• Time to $1M ARR: Approximately one quarter after launching continuous product (Shahar Peled)
• SQL-to-Close Rate: Over 40% (Shahar Peled)
• Demo-to-Close Rate: Over 75% after proof of value (Shahar Peled)
• Series A Raised: $30M led by Felicis, total funding $38M (Shahar Peled)
• Inbound Pipeline Share: Over 60% inbound or referral introductions (Shahar Peled)

Why Manual Pen Testing Was Broken — And Ready for AI

Pen testing has been manual, point-in-time, and scoped to roughly 7–10% of a company's attack surface for 25 years. Gen AI made the problem worse by accelerating both code creation and adversarial hacking — while human testers couldn't scale to match.

Penetration testing — paying ethical hackers to simulate real attacks on your systems — is a requirement for nearly every company worldwide, whether for security, insurance, or compliance. But the process hasn't fundamentally changed in decades. Human testers work on narrow scopes, produce PDF reports, and can only engage periodically.

Shahar saw the gap clearly from his time at JIT, an application security company. 'When Gen AI came to play, the gap between what you could have tested with manual processes to what you needed to test became much larger,' he explained. Engineers were writing more code faster, often without understanding every dependency. Meanwhile, adversaries adopted AI tools with no compliance constraints slowing them down.

The opportunity Shahar identified was specific: agentic AI — combining deterministic code with real-time AI reasoning — could finally mimic how skilled human pen testers think, at scale. 'This was the first time in history that humans have the technology to mimic how we humans think and operate in real time at scale,' he said. That was the foundation for Terra Security.

"When Gen AI came to play, the first people who became more efficient are engineers. They write more code. You introduce more vulnerabilities. And adversaries, the bad guys, it's much easier for them to adopt AI native tools." — Shahar Peled

"When you bring deterministic aspects of code with the degrees of freedom or reasoning of AI that can make decisions in real time, you can actually create magic." — Shahar Peled

The Ideation Playbook: 100 Conversations and The Wallet Test

Shahar ran ~100 conversations with CISOs in two phases: first asking open-ended questions about their top five pain points, then presenting a thesis and asking for pricing commitment and design partner sign-up — not just a vague 'yes.'

Before writing a line of code, Shahar and co-founder Gal conducted roughly 100 conversations with security leaders. Phase one was deliberately broad — no thesis, just 'what are your top five pain problems today?' Only after pen testing consistently appeared in the top one or two did they move to phase two.

Phase two is where most founders stop too early. Shahar didn't ask, 'Would you use this?' He asked harder questions: How much would you pay? Would you sign something? Are you willing to be a design partner and give us cycles and feedback?

The logic is airtight. As Shahar put it: 'What is it going to cost these security leaders to say yes to us? Pretty much nothing. What is it going to cost them to sign a document or speak to an investor or connect us to their team? The answer is, it's going to cost, so if it's going to cost them — and they still say yes — you're onto something.'

"I think asking these people, would you buy this or would you use this, is too easy of a question. My question was, how much would you pay for it." — Shahar Peled

• Phase 1: Ask about top 5 pain points — no thesis, pure discovery
• Phase 2: Present solution and ask for pricing commitment or design partner agreement
• Require real skin in the game: investor intros, team time, environment access
• Treat each design partner as representing 10,000 future security buyers

Converting Design Partners to Paying Customers

Terra had six design partners who all converted to paying customers. The key was treating design partners as co-creators — building features from their feedback, giving them discounts, and selecting only those who could represent the broader buyer persona.

Design partnerships are standard advice for early-stage founders, but execution separates good outcomes from great ones. Terra's six design partners became paying customers within roughly six months — faster than the year-plus timelines Shahar had seen at other companies.

Three things motivate a strong design partner, according to Shahar: they're early adopters who want to shape the product; they want to be associated with something big ('I was part of building this'); and they get access to cutting-edge technology at a steep discount before it hits the market.

Critically, Terra took design partner feedback seriously enough to build features and UI designs directly from those conversations. 'We took them as those that speak on behalf of ten thousand other security buyers,' Shahar said. This filtering ensured the feedback shaped a product that would scale — not just satisfy one edge case customer.

"All of them became paying customers. We gave them design partner discounts. They believed in us. They had a pain problem in what we're solving. They knew we were going to solve it." — Shahar Peled

"Cybersecurity people are always understaffed, overworked, spread too thin. If these busy people are willing to really stand behind the work and spend time with you, it means you're on to something." — Shahar Peled

Service-as-Software: The AI Business Model That Changes Everything

Service-as-Software means replacing expensive, manual outsourced services with an AI-first product that keeps humans in the loop where needed. It unlocks existing budget lines, shortens sales cycles, and builds toward SaaS margins over time.

Terra doesn't just sell software — it delivers outcomes. Customers pay for continuous pen testing as a service, not a tool they have to run themselves. This is what Shahar calls the Service-as-Software model: starting closer to a services margin profile but building toward SaaS margins as automation deepens.

The go-to-market advantage is significant. Shahar noted that customers already have a pen-testing budget line item. 'You have this budget item — let me help you do much more,' he said. That's a fundamentally stronger pitch than asking someone to add a new software expense. In one case, Terra replaced four separate budget line items for a single customer.

On why he didn't just sell AI tooling to existing pen-test firms: 'We wanted to start selling direct because this is the best way to get the right friction with the buyers and build the best products. You can also increase your revenue and ARR much faster.' Selling to services companies would slow market education and cede control of the customer relationship.

"You have this budget item, let me help you do much more. And then I can also be the third party vendor and also give you software. So it gives us so many opportunities for growth." — Shahar Peled

• Targets existing outsourced service budgets — no new line item required
• Humans stay in the loop for safety, accuracy, and compliance acceptance
• Margins start below SaaS but scale toward SaaS as AI deepens
• One customer replaced four budget line items with Terra alone

40% SQL-to-Close: What Strong Conversion Rates Signal About PMF

Terra's SQL-to-close rate exceeded 40% and demo-to-close rate exceeded 75% after proof of value. These ratios are leading indicators of product-market fit — high close rates signal genuine demand, not just polite interest.

Sales conversion ratios aren't just operational metrics — they're early signals of product-market fit. When Terra launched its continuous agentic pen-testing product, something clicked. First-call-to-demo conversion ran well above 90%. SQL-to-close exceeded 40%. Demo-to-close, after a proof of value, exceeded 75%.

Shahar attributes this to qualification discipline: 'Once you qualify the potential buyers, and once you see that they have this pain and believe in your approach, I think it is a matter of just the right implementation.' High conversion rates mean the product earns its close — not that sales is papering over weak fit.

He also shared his personal PMF litmus test: 'My question about product market fit is, when you turn the solution off, how long is it going to take people to call you.' Today, Terra's customers need the product enough that Shahar is confident the phones would ring fast — the clearest possible signal.

"From SQL to close, it is currently over forty percent. It's very, very, very high. I believe this number could be higher for us." — Shahar Peled

"My question about product market fit is, when you turn the solution off, how long is it going to take people to call you." — Shahar Peled

Raising a $30M Series A from Felicis — Without a Formal Process

Terra's Series A was inbound. Felicis partners reached out after meeting Shahar at a conference, ran a rapid demo cycle, and issued a term sheet — before Terra was even trying to raise. The company tripled ARR in the quarter following the raise.

Most Series A stories involve a curated process: deck, roadshow, 20 meetings, term sheet. Terra's was different. 'It was inbound, basically,' Shahar said. Felicis partners Jake and Nancy contacted Terra, met at a conference, ran one more meeting with a demo, and issued a term sheet. Terra wasn't actively fundraising.

The reason VCs moved fast was visible traction: real customers, real revenue, and a team that shipped quickly. 'What Jake and Nancy saw is a very strong team that executes and delivers with real customers and a real product that is going to move very fast,' Shahar explained. The $30M round was led by Felicis alongside Dell Capital, SPCI, and existing investors.

The outcome validated the timing. Since the Series A, Terra tripled its ARR in a single quarter — growing from a team of roughly 10 to 35, on its way to 40.

"We weren't trying to raise funding. We had a lot more to prove. But they saw we were on the path to a very good Series A. Let's just do it right now and double down earlier." — Shahar Peled

"We tripled the ARR since the Series A in one quarter." — Shahar Peled

Service-as-Software vs. Pure SaaS vs. Selling to Service Providers