Nebulock, the AI-native contextual security platform, today announced it has raised $25 million in Series A financing led by FirstMark, with participation from existing investors Bain Capital Ventures, Decibel, Zetta Venture Partners, and Step Function.
The new financing comes less than a year after Nebulock emerged from stealth, underscoring both the company’s rapid momentum and a fast-evolving threat landscape. In that time, Nebulock has earned the trust of Fortune 500 enterprises, leading organizations in highly targeted sectors like financial services and healthcare, and fast-growing companies, including Cribl, HealthEdge, and Bain Capital. Its platform has already demonstrated significant real-world impact, performing more than 300 million agentic investigations and generating over 4,000 high-confidence findings to prevent incidents.
Nebulock’s approach is proving particularly effective in identifying subtle, high-risk behaviors that legacy systems miss. Examples of what Nebulock has uncovered in customer environments include:
- A malicious remote actor operating undetected for months at a digital retailer.
- An insider copying 748 source code files to USB at a Fortune 1000 retailer.
- Credentials exposed in CLI arguments at a healthcare technology company.
- A malicious browser extension downloaded at a Fortune 500 food and beverage company.
The company is also on the front lines of a new category of “agentic” insider threats driven by the rapid adoption of AI tools in the workplace. When OpenClaw went viral earlier this year, employees across multiple organizations began downloading and experimenting with it, often bypassing corporate controls. What began as benign usage quickly introduced security exposure, creating pathways for attackers to bypass authentication and take control of both the agent and the local host. Within a week, Nebulock observed more than 50,000 related events across 40% of its customer base and rapidly deployed detections across all environments, proactively preventing incidents tied to this emerging form of shadow AI risk.
“Security teams need to understand not just what looks suspicious, but what looks ordinary for the wrong reasons. Bringing on Nebulock changed the math on how quickly we can detect and act,” said Myke Lyons, CISO of Cribl. “When threat intel hits our feeds, the window between awareness and evidence used to be the hardest part to manage. Now that the hunt is run, we have a clear read on exposure and can remediate before our other tools send us an alert. That shift from assumption to evidence is what a proactive posture actually looks like.”
As attackers increasingly use AI to mimic legitimate users, blend into normal workflows, and operate with valid credentials, the challenge for defenders is no longer just finding red flags. It is about identifying the green flags that should look fine, but are not. According to the 2026 Verizon Data Breach Investigations Report, the typical threat actor researched or used AI assistance in 15 different documented techniques, while more advanced actors are already operationalizing AI across 40 to 50 different attack vectors. When bad actors use valid credentials, distinguishing malicious activity from normal behavior becomes far harder for traditional, alert-driven tools. Nebulock addresses that challenge by correlating telemetry across endpoint, identity, cloud, network, and SaaS silos to surface subtle behavioral patterns that legacy alerting and black-box anomaly scoring often miss.
Founded by former security and product leaders from CrowdStrike, Palo Alto Networks, and Arctic Wolf, Nebulock initially focused on autonomous threat hunting across identity, endpoint, and cloud environments. Since its seed round, the company has expanded its platform to include proactive detection engineering and behavioral security analytics, helping teams understand when seemingly normal activity is actually a signal of compromise.
“AI is changing both sides of the security equation,” said Damien Lewke, founder and CEO of Nebulock. “The attacker has become more agentic faster than defenders have become proactive. Breaches used to take months; now they take tokens. That’s why Nebulock was built to help security teams move beyond reactive-by-default workflows and toward context-rich, always-on protection that shows them what their stack can’t see. Over time, our vision is much bigger than agentic threat hunting alone—we want to do for SIEM what EDR did for endpoint by collapsing complexity, delivering value out of the box, and up-leveling the defender.”
“The entire security market is at an inflection point,” said David Waltcher, Partner at FirstMark. “From our earliest conversations, it was clear that Damien is the definition of founder market fit, combining deep domain expertise with a rare ability to translate that insight into product, all alongside a world-class team of threat hunters and deeply experienced security experts. As attacks become faster, more credentialed, and more autonomous, enterprises need a new security layer built around context, behavior, and continuous reasoning. Nebulock is building a new foundation for proactive security operations, with the potential to reshape how organizations approach threat hunting, detection engineering, and security decision-making.”
The new capital will be used to expand Nebulock’s platform capabilities, deepen its cross-telemetry correlation and behavioral context graph, and scale engineering and go-to-market teams to meet growing enterprise demand.
About Nebulock
Nebulock is an AI-native contextual security platform that helps security teams proactively find, convict, and attribute threats across your security stack. Backed by top venture capital firms including Bain Capital Ventures, FirstMark, and Decibel, Nebulock combines contextual security analytics, a behavioral graph, and agentic hunting workflows across endpoint, identity, cloud, network, and SaaS environments to help enterprises uncover threats others miss entirely.
View source version on businesswire.com: https://www.businesswire.com/news/home/20260625381441/en/
Media gallery
