Dawnguard Bets on Security by Design: Can Dutch-Led Cybersecurity Fix IT’s Flaw at the Root?

‘Hundreds of security tools overwhelm CISOs with promises of better detection, yet few tackle the root issue: design flaws in code that AI-driven threats exploit,’ says Chris Corbishley, Managing Partner at 9900 Capital, which led Dawnguard’s funding round. ‘As attacks grow smarter, defences must shift left – embedding resilience at the codebase.’

How Dawnguard Actually Works

Rather than adding another security scanner to an already crowded field, Dawnguard takes a different approach. The platform helps teams validate cloud infrastructure designs before deployment, automatically generates production-ready Infrastructure as Code from validated designs, and continuously enforces security posture after deployment to prevent configuration drift.

The key difference, according to CTO Kim van Lavieren, is collaboration rather than bureaucracy: ‘We’re giving teams the power to translate security intent into enforceable code so they don’t have to rely on spreadsheets, static docs, or guesswork.’ The platform provides what the company calls a ‘shared canvas’ for engineering and security teams to work together on secure, compliant architecture that balances cost, resilience and sustainability.

This matters because traditional security approaches often create friction between development and security teams. Dawnguard’s method embeds security directly into system architecture from day zero through what it calls day 10,000 – essentially the entire lifecycle of a system.

Why This Approach Matters Now

The timing isn’t coincidental. As AI changes both attack methods and development practices, the window for addressing security flaws continues shrinking. Recent IBM data shows that 13% of organisations reported security incidents involving AI models or applications this year, with 31% of those incidents leading to operational disruption and sensitive data access.

The rise of AI-generated code adds another layer of complexity. While developers increasingly rely on AI coding assistants, these tools can introduce vulnerabilities that traditional security reviews might miss. Dawnguard’s approach of validating architecture at the design stage aims to catch these issues before they become production problems.

Companies are also grappling with how to manage AI systems once deployed. AI trust platforms are emerging to help with oversight, but the fundamental issue remains: security needs to be built in, not bolted on.

The Dutch Connection

Dawnguard’s Amsterdam base puts it at the heart of Europe’s growing cybersecurity sector. The Netherlands cybersecurity market is valued at approximately $2.15 billion this year and expected to reach $3.55 billion by 2030, with Amsterdam housing one-third of Europe’s data centres.

The Dutch government has backed this growth with significant funding. In October 2024, the defence sector launched SecFund, a €100 million investment fund providing early-stage financing up to €5 million per company for Dutch cybersecurity startups.

Dawnguard’s investor roster reflects these local connections. Dimitri van Zantvliet, CISO at Dutch Railways and Chair of the Dutch CISO Community, serves as both investor and advisor. ‘Dawnguard isn’t just building tech – they’re rewriting the DNA of cybersecurity,’ he says. ‘In a world addicted to patching symptoms, they’ve chosen to re-engineer the root.’

What Comes Next

The company plans to expand its platform to support more varied environments and address what Abdulrazak calls the security gap between ‘vibe coding’ – his term for rapid AI-assisted development – and the infrastructure where these applications run.

‘With software moving faster than ever, security can’t be stuck in the past,’ Abdulrazak says. We’re creating the platform that makes secure architecture not just possible, but inevitable.’

For business leaders, the practical takeaway is straightforward: if design-first security becomes a market requirement – and the funding patterns suggest it might – suppliers and partners will need to adapt sooner rather than later. The companies that figure out how to build security in rather than bolt it on will likely have significant advantages in both cost and resilience.

The question isn’t whether the current model of security firefighting is sustainable – the costs and AI-accelerated threats make clear it isn’t. The question is whether approaches like Dawnguard’s can deliver on their promise to fix the problem at its source rather than just managing the symptoms.