Theodosian

High-Level Overview

Theodosian is a UK-based cybersecurity startup founded in 2025 that builds an enterprise-grade platform for file-level encryption and access control. It provides a persistent data protection layer that travels with files across devices and cloud storage, enabling per-file permissions, 20–30 compliance-aligned checks per document, and support for standards like the UK’s Defence Cyber Certification (DCC) and US Cybersecurity Maturity Model Certification (CMMC).[1][2][4] The product serves enterprises in sectors such as defence, intelligence, banking, and healthcare, solving the problem of data breaches caused by human error or cyberattacks by embedding granular controls directly into files, beyond traditional encryption.[1][2] With $1.3 million in pre-seed funding raised in October 2025 from Fuel Ventures (lead), D11Z Ventures, 1818 Venture Capital, Heartfelt, Startup Wise Guys, and angels, Theodosian is completing v1 of its platform and gearing up for commercial scaling, showing strong early momentum.[1][2][3]

Origin Story

Theodosian was founded in 2025 in London by cybersecurity practitioners Andy Johnson and Brendan Diaz, who bring over a decade of combined experience from defence, intelligence, banking, and healthcare.[1][2][4] The idea emerged to address a critical gap in enterprise security: protecting individual files persistently wherever they are shared or stored, rather than relying on perimeter-based defenses.[1][2] Early traction came swiftly with the $1.3M pre-seed round in October 2025, validating their practitioner-led approach and enabling product completion and market entry.[1][3]

Core Differentiators

• Persistent File-Level Protection: Unlike traditional encryption, Theodosian's platform embeds dynamic access controls, detailed permissions, and continuous verification directly into files, ensuring security follows data across any environment.[1][2][5]
• Compliance-First Design: Performs 20–30 automated checks per document, supporting multi-framework standards like DCC and CMMC, simplifying preparation for emerging regulations.[1][2]
• Invisible, Effortless Operation: Runs seamlessly across devices and cloud storage, enforcing policies, monitoring activity, and sending alerts without disrupting workflows, reducing human error.[2][5]
• Practitioner-Built Expertise: Developed by ex-defence and industry pros, prioritizing granular control and reliability for security teams in high-stakes sectors.[1][2]

Role in the Broader Tech Landscape

Theodosian rides the wave of escalating data breach risks and stricter global compliance mandates, amplified by rising cyberattacks and regulations like DCC and CMMC. Its timing aligns perfectly with enterprises shifting from perimeter security to zero-trust, data-centric models amid cloud proliferation and remote work.[1][2] Market forces favoring it include surging demand for granular tools in regulated industries (defence, finance, healthcare) and investor enthusiasm for cybersecurity, as seen in its quick pre-seed raise.[1][3] By influencing the ecosystem, Theodosian enables secure collaboration, potentially setting a new standard for "second-layer" defenses that reduce breach risks enterprise-wide.[2]

Quick Take & Future Outlook

Theodosian is poised to disrupt enterprise cybersecurity with its file-centric approach, using fresh funding to launch v1 and scale commercially in 2026. Trends like AI-driven threats and evolving regulations (e.g., expanded DCC/CMMC) will propel demand, while partnerships with investors like Fuel Ventures could accelerate enterprise adoption. Its influence may grow by becoming the go-to persistent layer for compliance-heavy sectors, evolving from startup to essential infrastructure as data mobility intensifies—reinventing security at the file level where breaches begin.[1][2]