Nebulock Closes $25M Series A to Scale Agentic Threat Hunting
Nebulock, a Boston-based AI security startup founded by veterans of CrowdStrike, Palo Alto Networks, and Arctic Wolf, has raised $25 million in Series A funding led by FirstMark. Existing backers — Bain Capital Ventures, Decibel, Step Function, and Zetta Venture Partners — participated in the round, bringing the company's total raised to more than $33 million.
The company emerged from stealth approximately one year ago and has been building what it calls an "AI-native contextual security" platform: an autonomous, vendor-agnostic threat hunting system that turns enterprise activity into a behavioral system of record.
What Nebulock Does
Traditional security operations centers are reactive — analysts respond to alerts generated by static detection rules. Nebulock's platform inverts that model, performing continuous proactive hunting across all telemetry sources rather than waiting for a threshold to be crossed.
Core Capabilities
| Capability | Description |
|---|---|
| Cross-telemetry correlation | Unified hunting across endpoint, cloud, identity, network, and SaaS |
| Behavioral graph | Tracks enterprise activity patterns to surface anomalous behavior |
| Agentic hunting workflows | AI agents autonomously investigate suspicious signals without analyst prompting |
| Contextual enrichment | Links seemingly unremarkable actions into chains that indicate compromise |
The platform is vendor-agnostic — it plugs into existing security stacks rather than replacing them, and surfaces "what your stack can't see."
Platform Metrics
- 300 million+ agentic investigations performed to date
- 4,000+ high-confidence findings generated for customers
- Enterprise customers include Fortune 500 companies in financial services and healthcare; named customers include Cribl, HealthEdge, and Bain Capital
Real-World Findings
Nebulock published a set of real findings from customer environments to illustrate the platform's value:
- A remote attacker operating undetected for months at a digital retailer, discovered through behavioral graph analysis
- An insider copying 748 source code files to USB at a Fortune 1000 retailer — caught via cross-telemetry correlation
- Credentials exposed in CLI arguments at a healthcare technology company — a misconfiguration invisible to traditional SAST
- A malicious browser extension at a Fortune 500 food and beverage company, installed by an employee and exfiltrating data silently
Each finding illustrates the platform's core thesis: that breaches are often visible in the data — they just require the right behavioral context to surface.
The Agentic Insider Threat Problem
Nebulock specifically called out agentic insider threats as a growing problem distinct from traditional insider risk. The company referenced "OpenClaw" — an AI tool that went viral earlier in 2026 — as an example: employees downloaded it and began bypassing corporate controls, inadvertently creating authentication bypass pathways that security teams had no visibility into.
As AI agents increasingly operate with elevated privileges inside enterprise environments, the attack surface they represent grows. Nebulock positions its platform as purpose-built for this new reality.
Founder Perspective
Damien Lewke, founder and CEO, described the funding rationale:
"The attacker has become more agentic faster than defenders have become proactive. Breaches used to take months; now they take tokens. That's why Nebulock was built to help security teams move beyond reactive-by-default workflows and toward context-rich, always-on protection that shows them what their stack can't see."
Use of Funds
Nebulock plans to use the Series A capital to:
- Deepen cross-telemetry correlation and expand the behavioral context graph
- Expand platform capabilities across endpoint, identity, cloud, network, and SaaS
- Hire across engineering and go-to-market functions
Investor Commentary
FirstMark led the round, with participation from Bain Capital Ventures, Decibel, Step Function, and Zetta Venture Partners. The round reflects continued investor confidence in proactive, AI-driven security approaches as enterprises face increasingly sophisticated and fast-moving threats.
Market Context
Nebulock's raise comes amid a broader shift in enterprise security spending toward AI-native platforms that can operate at machine speed. Traditional SIEM and SOAR vendors face pressure from AI-native competitors that can perform autonomous investigation workflows at a fraction of the cost and time. The company's 300M+ investigation count suggests the platform is being deployed at meaningful scale, not just as a proof of concept.
References
- SecurityWeek — Nebulock Raises $25 Million for AI-Native Contextual Security
- Business Wire — Nebulock $25M Series A Announcement
- Axios Pro — Nebulock Threat Hunting Deal