Beacon Security has raised $13 million in seed funding to expand its agentic cybersecurity platform and provide enterprises with a trusted data foundation for human analysts and autonomous security agents. Notable Capital led the round, with participation from Holly Ventures, AlphaDrive Ventures, SVCI, Jefferies Family Office and more than 60 cybersecurity founders and chief information security officers. The investor group includes founders associated with Talon, Descope, Gem Security, Dig Security and Cider Security.
Beacon plans to use the funding to accelerate product development, expand its library of specialized security agents and help more enterprises deploy AI-driven security workflows across detection, investigation, posture management and incident response.
The company is developing an intelligent data layer designed to organize, normalize and enrich security information before it is used by analysts, applications or AI agents.
Beacon believes this foundation is increasingly important as enterprises adopt autonomous software agents for cybersecurity tasks. These systems require accurate, contextualized and current data to investigate threats, identify suspicious behavior and recommend or execute defensive actions.
Incomplete, inconsistent or poorly organized security data can cause an AI agent to misinterpret activity, overlook important signals or generate unreliable conclusions. Beacon’s platform is intended to reduce those risks by giving security teams and agents a cleaner and more comprehensive view of the organization’s technology environment.
The company’s annual recurring revenue increased by more than 300% during the first half of 2026. Beacon said it has gained customers across financial services, insurance, healthcare, hospitality and technology, including organizations operating in highly regulated environments.
Beacon is positioning its technology as an alternative to legacy security architectures that were designed primarily for human analysts and conventional automation rather than autonomous AI systems.
Traditional enterprise security operations often depend on dozens of products generating large volumes of alerts, logs and telemetry. Information from these tools may be stored in different formats, use inconsistent naming conventions or lack the historical and organizational context needed to evaluate an event properly.
Security teams must frequently spend significant time collecting, transforming and connecting this information before they can determine whether activity represents a genuine threat.
The problem can become more serious when organizations introduce AI agents. An autonomous system may be capable of analyzing information more quickly than a human, but the quality of its conclusions remains dependent on the quality of the data it receives.
Beacon’s platform sits between security telemetry sources and downstream systems. It automates the process of collecting, normalizing, enriching and routing security data so that human defenders and AI agents can work from a consistent foundation.
The platform also pre-resolves entities, helping determine whether different pieces of telemetry refer to the same user, device, application, cloud resource or other asset.
This capability can be important when investigating attacks that move across multiple systems. Activity that appears harmless within one security product may become suspicious when connected with events from identity, endpoint, network and cloud platforms.
By linking those events, Beacon seeks to give defenders a fuller picture of an attack and reduce the amount of manual correlation required from security analysts.
The company’s data layer also includes coverage and posture monitoring. These capabilities continuously compare an organization’s data sources with known threats and compliance requirements to identify gaps before attackers exploit them.
A security team may believe it has complete visibility into a critical environment even though certain systems are not sending usable telemetry or important controls are not operating as expected.
Beacon’s platform is designed to surface those weaknesses and help organizations determine whether their existing tools provide adequate coverage for their most important assets and risks.
The company also offers an agentic cybersecurity work platform that allows defenders to use AI agents across a broad range of operational tasks.
Potential use cases include detection engineering, investigation support, security posture analysis, operational reporting and the identification of unauthorized or ungoverned AI usage.
Detection engineering involves creating and improving the rules, analytics and logic used to identify malicious behavior. Security teams must continually update detections as attackers develop new techniques and enterprise environments change.
Beacon’s agents can assist with that work by reviewing telemetry, analyzing threat patterns and helping teams create or refine detections based on the organization’s actual environment.
The platform can also support investigations by gathering relevant data, reconstructing timelines and identifying connections across alerts and systems.
Instead of manually searching several security products, an analyst can use Beacon’s context layer and agents to assemble the information required to evaluate an incident.
Beacon describes its platform as an open harness, enabling customers to execute existing agentic workflows or build their own security agents and automations.
This approach is intended to give organizations greater flexibility than closed security platforms that limit customers to a vendor’s predefined agents or workflows.
Beacon also provides a growing library of production-ready security agents. These agents are purpose-built for cybersecurity work and are connected directly to the company’s contextual data layer.
The agents are tuned with input from professionals experienced in offensive security and nation-state cyber defense. Beacon said they are designed to identify threats that may be missed by conventional security stacks.
Examples include lateral movement across different data sources, attacks conducted at machine speed and newly emerging tactics, techniques and procedures.
Lateral movement occurs when an attacker gains access to one part of an organization and then attempts to move into other systems, accounts or networks. Detecting this activity can be difficult when the evidence is distributed across identity, endpoint, cloud and application logs.
Beacon’s architecture is intended to help agents connect those signals and identify suspicious patterns across the broader environment.
The company plans to introduce additional agents for shadow AI analysis, alert triage and security investigations.
Shadow AI refers to artificial intelligence applications or models used by employees without formal approval or oversight. These tools can create security, privacy and compliance risks if employees upload sensitive information or connect unauthorized AI services to company systems.
Beacon’s planned shadow AI capabilities will help security teams identify and evaluate those activities.
Alert triage agents could help organizations prioritize the large number of security notifications generated each day. Rather than treating every alert equally, the agents can examine context, historical behavior and related events to determine which incidents deserve immediate attention.
This can help reduce the workload placed on analysts while shortening the time required to respond to potentially serious threats.
Beacon believes AI is changing both sides of cybersecurity. Defenders are using agents to automate investigations and improve response times, while attackers are using AI to accelerate reconnaissance, phishing, malware development and other operations.
Enterprises are therefore under pressure to introduce AI capabilities without allowing autonomous systems to operate on unreliable or poorly governed information.
Beacon’s platform is designed to give security leaders control over how agents access data, what actions they perform and how their conclusions can be reviewed.
The company said customers are adopting Beacon because existing infrastructure was not built for a world in which AI represents both a defensive capability and a new attack surface.
Beacon has already gained adoption across dozens of enterprises, including high-growth technology companies and private equity-backed organizations.
Cerebras uses Beacon to help its security data and operations scale alongside the company’s growth. The platform has become part of the organization’s daily security processes, with agents increasingly handling data-related work autonomously.
Beacon was founded in 2024 by CEO Gal Tal-Hochberg, Or Mattatia and Iddo Israely.
Tal-Hochberg previously founded HiredScore, an AI-powered talent technology company acquired by Workday for approximately $520 million.
Mattatia and Israely bring experience in nation-state cyber defense, offensive security and enterprise-scale data infrastructure.
The founding team’s background reflects Beacon’s effort to combine security expertise with the data architecture required to support AI agents in production environments.
Beacon recently launched its agentic data layer, representing an important milestone in the development of its platform.
The technology automates data normalization and enrichment while reducing the engineering effort organizations typically need to prepare security information for analysis.
Beacon said the platform is already being used by Fortune 500 security teams in critical and highly regulated industries.
These organizations use the technology to identify coverage gaps, detect threats that other tools miss and operate security programs with greater speed and efficiency.
The seed financing will allow Beacon to continue expanding the platform as enterprises move from experimenting with security agents to deploying them in daily operations.
The company believes the central challenge will not simply be developing more capable AI models. Organizations will also need reliable infrastructure that gives those models the information, context and governance needed to make trustworthy decisions.
By combining a security data layer, an open agentic work platform and specialized production-ready agents, Beacon aims to become the foundation on which enterprises build and operate AI-native cyber defense programs.
KEY QUOTES:
“The acceleration of AI agents in the enterprise is creating a distinct need for a legible context layer for cyber defenders, which is fueling a fundamentally new security architecture. We built Beacon to solve these challenges by providing the trusted data layer that allows organizations to deploy security agents compliantly and effectively. With this investment, we are transforming security for native AI usage to drive real-time posture, detection and response, deep hunting, and operational analysis of security estates at unprecedented efficiency, scale and complexity.”
Gal Tal-Hochberg, Co-Founder and CEO of Beacon Security
“We are growing fast, and Beacon lets our security data keep pace. It gives us the agility to evolve on our own terms, and it has become part of how we run security day to day, increasingly with our agents doing that data work autonomously. Beacon is a core part of how we are building security for what comes next.”
Olindo Verillo, Director of Detection and Response at Cerebras
“Every CISO knows the real bottleneck isn’t detection; it’s trust in your own data. That problem doesn’t go away when you add agents; it gets less forgiving. The data-trust gap is exactly what Beacon is bridging in the AI era, bringing context to the security teams and their agentic workforce.”
Oren Yunger, Managing Partner at Notable Capital and Beacon Board Member

