Ofofo is forging new locks in cybersecurity for SMBs
The Bengaluru-based cybersecurity startup first started as a marketplace, but then pivoted to an agentic AI platform to empower SMBs to combat security and compliance risks.
While cyber attacks are always a matter of concern, their frequency has increased greatly against small and medium-sized businesses (SMBs) after the COVID-19 pandemic. Despite this heightened threat landscape, cybersecurity expert Mohan Gandhi Ponnaganti, who was an ethical hacker in his youth, noticed that most cybersecurity companies cater exclusively to large enterprises, leaving a critical gap in protection for smaller businesses.
To solve this problem, he co-founded in 2022 as its CEO alongside COO Anshika Srivastava and CMO Angad Singh Gill. The startup first began as a marketplace, bringing together cybersecurity professionals and SMBs in a community-driven platform. It achieved $1 million in Gross Merchandise Volume—the total value of all merchandise sold on a marketplace.
But soon, Ponnaganti and his team realised that this was not reducing the cyberthreat to SMBs. The marketplace model, while successful in creating connections, wasn't addressing the fundamental security challenges these businesses faced. So it proceeded to pivot.
"Despite creating a marketplace where everyone was part of a community, we realised that it only solved the distribution problem. But it did not solve the cyberattack issue. So in February 2025, we started to pivot towards becoming an agentic AI company in cybersecurity and finalised it by June. We work on a per-user per-month basis (PUPM) like most SMBs," Ponnaganti tells YourStory.
Now, with ambitious plans to become the "agentic layer for cybersecurity" across multiple operating systems within five years for SMBs, the eight-member Ofofo has raised about $446,000 in an angel round and works with 110 B2B clients.
Building the agentic layer
Ofofo’s agentic AI, called Questionnaire AI, is built to help companies with their compliance requirements. If a company wants to acquire a firm like Apple as a customer, for instance, Questionnaire AI can help prepare it for the kind of security-related due diligence Apple would ask for.
The CEO says Questionnaire AI was built with multiple LLMs to ensure comprehensive coverage of security scenarios. Since most enterprises like Apple require SOC2 or other certifications, Ofofo's compliance AI steps in and implements the required controls to achieve the SOC2 certification. This automated approach significantly reduces the time and expertise traditionally needed for compliance.
"The inference layer is Azure OpenAI. The synthetic data is obtained from all LLMs, and the company's processing uses AI with guardrails. We are also ISO 27001 and ISO 42001 certified. Since we work on a PUPM basis, we charge $55 per person," says Ponnaganti.
Only 0.25% of SMBs that work with enterprises have required certifications, he adds.
The CEO emphasises that true agentic AI should be able to do cybersecurity tasks autonomously and have memory, learning from past interactions to improve future responses. Ofofo provides the whole application out of the box for sensitive customers, eliminating the need for complex integrations.
Presently competing with the Y Combinator-backed Delve, the founder says that Ofofo is becoming the primary due diligence layer for products and applications that work with enterprises. And because of that, Ofofo's data is more real and non-synthetic, containing actual real-world information rather than artificially generated datasets.
Ofofo is part of YourStory’s Tech30 cohort—a selection of India’s most promising startups of 2025—unveiled at TechSparks Bengaluru.
