Nebulock announced that it raised $25 million in Series A financing to expand its AI-native contextual security platform. The round was led by FirstMark, with participation from existing investors Bain Capital Ventures, Decibel, Zetta Venture Partners, and Step Function.
The financing comes less than a year after Nebulock emerged from stealth. The company said the round reflects its rapid growth and the increasing need for security operations platforms that can address a new era of AI-enabled and agentic attacks.
Nebulock has gained traction with Fortune 500 enterprises, organizations in targeted sectors such as financial services and healthcare, and fast-growing companies including Cribl, HealthEdge, and Bain Capital. The company said its platform has performed more than 300 million agentic investigations and generated more than 4,000 high-confidence findings to help prevent incidents.
Nebulock is designed to help security teams identify subtle, high-risk behaviors that legacy systems may miss. The company said examples uncovered in customer environments include a malicious remote actor operating undetected for months at a digital retailer, an insider copying 748 source code files to USB at a Fortune 1000 retailer, credentials exposed in command-line interface arguments at a healthcare technology company, and a malicious browser extension downloaded at a Fortune 500 food and beverage company.
The company said it is also addressing a new category of agentic insider threats caused by the rapid adoption of AI tools in the workplace. After OpenClaw went viral earlier this year, Nebulock observed more than 50,000 related events across 40% of its customer base within a week and deployed detections across customer environments to prevent incidents tied to emerging shadow AI risks.
Nebulock’s platform correlates telemetry across endpoint, identity, cloud, network, and SaaS environments to surface behavioral patterns that traditional alerting tools and black-box anomaly scoring may overlook. The company said this is becoming more important as attackers use AI to mimic legitimate users, blend into normal workflows, and operate with valid credentials.
Founded by former security and product leaders from CrowdStrike, Palo Alto Networks, and Arctic Wolf, Nebulock initially focused on autonomous threat hunting across identity, endpoint, and cloud environments. Since its seed round, the company has expanded into proactive detection engineering and behavioral security analytics.
The new capital will be used to expand Nebulock’s platform capabilities, deepen its cross-telemetry correlation and behavioral context graph, and scale engineering and go-to-market teams to meet enterprise demand.
KEY QUOTES:
“Security teams need to understand not just what looks suspicious, but what looks ordinary for the wrong reasons. Bringing on Nebulock changed the math on how quickly we can detect and act. When threat intel hits our feeds, the window between awareness and evidence used to be the hardest part to manage. Now that the hunt is run, we have a clear read on exposure and can remediate before our other tools send us an alert. That shift from assumption to evidence is what a proactive posture actually looks like.”
Myke Lyons, CISO of Cribl
“AI is changing both sides of the security equation. The attacker has become more agentic faster than defenders have become proactive. Breaches used to take months; now they take tokens. That’s why Nebulock was built to help security teams move beyond reactive-by-default workflows and toward context-rich, always-on protection that shows them what their stack can’t see. Over time, our vision is much bigger than agentic threat hunting alone—we want to do for SIEM what EDR did for endpoint by collapsing complexity, delivering value out of the box, and up-leveling the defender.”
Damien Lewke, Founder and CEO of Nebulock
“The entire security market is at an inflection point. From our earliest conversations, it was clear that Damien is the definition of founder market fit, combining deep domain expertise with a rare ability to translate that insight into product, all alongside a world-class team of threat hunters and deeply experienced security experts. As attacks become faster, more credentialed, and more autonomous, enterprises need a new security layer built around context, behavior, and continuous reasoning. Nebulock is building a new foundation for proactive security operations, with the potential to reshape how organizations approach threat hunting, detection engineering, and security decision-making.”
David Waltcher, Partner at FirstMark
