Security teams have more data than ever to stop attacks – but almost no way to use it. Detections are generic, investigations are manual, and attackers move faster than any human workflow can match. autonomous threats at enterprise scale
Dan and I built Artemis to help security teams detect and respond to threats dramatically faster. Today, we’re excited to share Artemis publicly for the first time. The company is emerging from stealth with $70 million in seed and Series A funding, with the Series A led by Felicis and the seed round co-led by First Round Capital and Brightmind. The rounds included participation from Theory VC, Lockstep, and prominent cybersecurity industry leaders, including founders of Abnormal AI and Demisto, the former CEO and CTO of Splunk, and senior executives from CrowdStrike, Palo Alto Networks, Microsoft, and Okta.
We’re grateful to the investors, angels, partners, and early customers who believed in this direction from the moment we started the company seven months ago.
The gap between knowing and understanding
Security has always been a story of adapting faster than the threat.
The first era of defense was about digital walls. Firewalls. Perimeter controls. VPNs. The assumption was that threats could be stopped at the boundary.
The second era acknowledged that walls weren’t enough and built watchtowers: SIEMs, detection rules, alert pipelines. A watchtower can see that someone is at the gate. It can’t tell if they’re supposed to be there.
Modern organizations are messy, interconnected systems, and traditional tools only capture fragments, not the full picture. Identity systems see authentication events, cloud platforms see infrastructure changes, endpoint tools see processes.
We are now entering a third era of cyber defense, driven by a fundamentally different threat landscape. An attacker with access to frontier AI can probe a target continuously. Once inside, they move laterally across clusters, clouds, and applications – performing thousands of actions in ways that look harmless if you only see one piece of the activity
While the industry has gotten very good at generating signals, it is still surprisingly bad at understanding them. That gap between having data (knowing) and having context (understanding) is what is required for modern defense. This is where Artemis comes in.
Delivering Protection Instead of Chasing Alerts
The human body’s defense system doesn’t build barriers, but it still stops attacks effectively. It watches. It learns. It recognizes what belongs and what doesn’t. It adapts and stops attacks in real time, and it gets better at its job every time it encounters something new.
Artemis does the same across your IT estate. It models each customer’s environment continuously: users, AI agents, machines, cloud workloads, applications, business context, behavioral patterns across every integrated log source. Adaptive detections are generated specifically for your environment. Agentic threat hunting proactively looks for suspicious activities. Every security signal triggers an autonomous investigation that understands your baseline. You get a full story: here’s what happened, here’s the context, here’s the evidence, here’s what can be contained, here’s what needs your judgment. The analyst’s job transforms from data assembly to decision-making.
Customers using Artemis have reduced their mean time to detect and respond to important security events by 94%. We’re already in production with some of the world’s largest and fastest-growing companies across financial services, technology, insurance, and more, analyzing over 15,000TB daily and billions of events hourly.
This System Has Been a Long Time in the Making
Artemis did not start from scratch.
I spent the last decade building and scaling enterprise security operations platforms as a product and engineering leader at Demisto, Palo Alto Networks, and AWS GuardDuty – the world’s largest cloud attack detection product, observing millions of AWS accounts. Over the years, I helped hundreds of security operations centers, in companies ranging from Fortune 500 to 200 people startups, elevate their operations and worked with them to navigate sensitive security incidents.
Dan’s work has always focused on architecting complex AI systems to extract meaningful patterns from large volumes of data. At Twitter, Dan worked on behavioral modeling systems that represented how hundreds of millions of users interacted with the platform. At Abnormal AI, where Dan led everything AI/ML, similar concepts powered one of the fastest growing email security company in history companies in the industry by modeling how organizations communicate and identifying behavior that didn’t belong.
Those experiences led to a simple realization: AI reasoning becomes dramatically more reliable when it has a structured model of the environment it’s analyzing. At Artemis, that principle is applied to enterprise infrastructure. The platform fuses telemetry and business context across identity systems, cloud environments, endpoints, networks, and applications into a single model that captures how an organization actually operates.
Once that model exists, AI can reason about activity in a way traditional tooling simply cannot.
Instead of scanning logs for anomalies, the system can evaluate whether a sequence of actions makes sense for the environment it is observing. That difference is what makes agentic detection and response operations possible.
What comes next
Security has always been a race between attackers and defenders. For a long time, defenders relied on tools that could only observe systems.
The next generation of security platforms will need to understand and protect them.
If you want to see how Artemis can elevate your detection and response program, see the product with one of our experts. And if you’re excited by the idea of building agentic defense in one of the world’s fastest growing cybersecurity companies and making the world safer in the era of AI, we’re hiring across R&D, GTM, Product, and Marketing.