The irony of modern cybersecurity is thick enough to cut with a knife. The same artificial intelligence tools that bad actors are using to exploit software vulnerabilities at breakneck speed are now becoming the primary defense against those very attacks. It’s less like a Cold War arms race and more like watching two AIs duke it out while humans nervously take notes on the sidelines.
This cat-and-mouse dynamic has created a market opportunity so compelling that investors are throwing serious capital at security startups. Exaforce, a three-year-old startup focused on real-time threat detection, just closed a $125 million Series B, valuing the company at $725 million. That’s a staggering 10x jump from its $75 million Series A just a year ago. Combine that with the earlier round, and Exaforce has now raised $200 million total.
The funding round included participation from HarbourVest, Peak XV, Mayfield, Khosla Ventures, and Seligman Ventures. For an enterprise technology company barely three years old, that kind of velocity signals something important: investors believe the problem is real, massive, and only getting worse.
The Needle in the Haystack Problem
Here’s the core issue that Exaforce and similar startups are trying to solve. Security operations centers (SOCs) are drowning in alerts. A typical security analyst gets hundreds of them daily. The vast majority are false positives, noise that obscures the actual threats hiding in plain sight.
Umesh Padval, a managing partner at Seligman Ventures, framed it perfectly: finding real threats is like searching for a needle in a haystack. Except the haystack is growing exponentially, and the needles are getting sharper.
Enter Exaforce’s AI agents, branded as “Exabots.” The company claims its platform can automate security operations and reduce manual, time-consuming tasks by as much as 90%. CEO Ankur Singla describes the mission as straightforward: apply AI to catch and stop threats as they happen. “It’s a very simple mandate, but it’s very complex to execute,” he told TechCrunch.
The startup officially brought its product to market in Q4 of last year after two years of testing with design partners. It’s already added 20 customers, including notable names like Replit and Guardant Health. Singla expects to hit 40 to 50 customers by year’s end, driven largely by the recent wave of high-profile cyberattacks.
When “Why Do I Need This?” Becomes “How Do I Operationalize It?”
The shift in customer conversations tells its own story. A year ago, Singla was fielding questions about whether his product was even necessary. Now, the question has changed entirely. Customers aren’t asking “why,” they’re asking “how.” That’s the kind of demand signal that keeps venture capitalists up at night in the best possible way.
Exaforce recently introduced a feature called “vibe hunting,” which lets security teams query the platform using natural language to investigate potential attacks based on hunches or emerging patterns. Think of it as conversational security threat hunting. Instead of wrestling with complex query languages, an analyst can simply ask: “Did we get any new attacks from Iran?” The AI handles the heavy lifting.
This kind of accessibility matters. It democratizes threat investigation for teams that might not have elite-level security engineers on staff.
The Crowded Field
Still, Exaforce isn’t operating in a vacuum. The startup faces competition from other AI-focused security vendors like 7ai, Dropzone AI, and Prophet Security, not to mention industry titans Palo Alto Networks and CrowdStrike, who are naturally investing in AI-powered SOC capabilities of their own.
The fact that established players are moving into this space alongside hungry startups suggests this isn’t a temporary trend. It’s the future of how security operations will work, whether organizations like it or not.
What remains to be seen is whether automating 90% of manual work actually translates to better security outcomes, or if we’re just creating a new set of problems while solving the old ones.
