Artificial IntelligencePress Release

Exaforce Raises USD $125M Series B to Combat AI-Powered Attacks with Real-Time Security Reasoning

Giving Security Teams the Speed, Context, and Reasoning Needed to Detect, Triage, Investigate, and Respond to AI-Era Threats

Exaforce, the pioneer in agentic security operations, has announced a USD $125 million Series B financing round, one of the largest ever in the emerging AI SOC space. The round includes participation from HarbourVest, Peak XV, Mayfield, Khosla Ventures, Seligman Ventures, and AICONIC. The new capital will help Exaforce scale its AI-native security operations platform, deepen its real-time reasoning capabilities, and expand globally. Coming just one year after its $75 million Series A, the round brings Exaforce’s total funding to $200 million.

AI Is Reshaping the Threat Landscape

As AI-driven attack methods accelerate and zero-day threats proliferate, security teams need systems that can detect and respond faster than humans can keep up. Exaforce is designed for that reality, where speed, context, and consistent reasoning are non-negotiable. Its real-time knowledge graph goes beyond alert triage, helping security teams detect attacks as they unfold.

“We built Exaforce to be the platform defenders actually work in, not just an AI layer on top of existing tools,” said Ankur Singla, CEO of Exaforce. “It starts with a real-time knowledge graph that gives agents complete context from the start, and extends into rich investigation and visualisation experiences that put security engineers and AI agents on the same page. This funding lets us deepen that platform and bring it to security teams on a global scale.”

A Differentiated Approach to AI-Native Security Operations

In a market where many AI SOC products focus on triaging alerts after they trigger, Exaforce takes a fundamentally different approach. It treats security operations as a real-time data architecture problem, not just an agent orchestration problem.

Most AI-enabled SIEMs and AI SOC triage tools ask agents to reconstruct context during an investigation, querying logs, calling APIs, correlating signals, and reasoning after the fact. On a typical investigation, these systems may require hundreds of queries and many minutes to reach a conclusion, spending tokens and time at every step. Exaforce instead builds and maintains a real-time security knowledge graph at ingest, connecting security events, identities, permissions, configurations, code, files, and cloud activity as they arrive. Its agents answer the same investigative questions in under a minute—a 10x reduction in time and a significant reduction in tokens per investigation. This is because the relevant context is retrieved, not reconstructed.

Correlating at ingest is what makes both real-time triage and detection possible. Correlating at query time, by definition, cannot.

This architecture also improves reasoning quality. Because every event is chained to its identity, every resource is linked to its readers, writers, and permissions, agents follow real relationships rather than inferring them on demand from fragmented logs and APIs. That means fewer false positives, higher-fidelity detections, and response recommendations that security teams can act on with confidence.

“After actively evaluating several options, we went with Exaforce as our AI-native security platform and modern SIEM, backed by their MDR service for 24/7 expert coverage,” said Patrick McKinney, Vice President of Security at Invisible. “What set them apart was the ability to unlock the full value of our data, from enriched event ingestion to detection, response, and automation, all within a single platform. The combination of AI-driven efficiency and the added expertise of their MDR team has helped us scale more effectively without overextending resources. Exaforce feels less like a vendor and more like a true security partner, and we’re on a clear path to expanding use cases together.”

Exaforce

Customer Momentum and Investor Conviction

“The biggest opportunity in enterprise security is flipping the economics, so that defenders, not attackers, hold the leverage,” said Vinod Khosla, founder of Khosla Ventures and an investor in Exaforce. “When the cost of defence drops by an order of magnitude, the entire calculus of security changes. Exaforce is the architecture that makes that possible.”

In the past year, the company grew to over 130 employees and processed millions of investigations across its growing customer base. With recent product announcements like Vibe Hunting and measurable customer outcomes across detection, investigation, and response, the approach is resonating with organisations looking to stay ahead of increasingly fast and adaptive adversaries.

“As a biotech company, safeguarding highly sensitive data is a constant priority, especially in a landscape shaped by faster, AI-driven attacks,” said Steve Mancini, CISO at Guardant Health. “With Exaforce’s Exabots, we’ve accelerated detection, threat hunting, response, and investigations while expanding coverage without adding headcount. Our team uses Exabot’s natural language search to get actionable answers about security events and security posture in a single tool instead of juggling disparate interfaces and query languages. Exaforce has become a high-trust partner, and the platform has transformed how we run security operations.”

What Comes Next for Exaforce

The funding comes as security operations shift from human-led triage toward AI-native systems that reason over live security context and respond in real time. Exaforce will use the Series B funding to advance its core platform, including multi-model AI and its real-time knowledge graph, while expanding the capabilities security teams need to investigate, detect, and respond at machine speed.

The company will also expand its global footprint, with go-to-market investment across key regions including Japan and Europe. In parallel, Exaforce will continue investing in customer success, research, MDR oversight, and support to help customers operationalise the platform and improve response speed, resilience, and confidence across critical environments.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *