Nebulock, a Boston-based AI-native agentic security platform, has raised $25 million in Series A funding led by FirstMark. The company builds autonomous threat hunting agents that continuously form hypotheses across endpoint, identity, cloud, network, and SaaS telemetry instead of waiting for alerts. The capital will expand cross-telemetry correlation, the behavioral Context Graph, and engineering and go-to-market teams.
Hunt-First Approach Targets Silent Breaches
The timing aligns with a shift away from alert-driven security operations. Traditional tools miss credentialed attacks that appear legitimate on the surface. Nebulock's agents run 24/7, cross-referencing threat intelligence with organizational context to surface hidden threats it calls green flags.
Credentialed Attacks Drive Detection Gaps
Credentialed attacks now account for 95% of breaches. The 2026 Verizon DBIR showed attackers using AI across 15 techniques, with advanced actors employing 40-50 AI attack vectors. Enterprise SIEMs miss roughly 79% of MITRE ATT&CK techniques, leaving teams reactive to noise while sophisticated activity blends into normal workflows.
Context Graph Enables Persistent Memory
Nebulock normalizes telemetry into a single behavioral system of record. Its Vespyr agent monitors global threat intelligence, scopes hunts autonomously, and delivers findings with full evidence chains. The platform has already run over 300 million agentic investigations and produced more than 4,000 high-confidence findings across customers including Cribl, HealthEdge, and Bain Capital.
As Damien Lewke, CEO, noted:
"Over time, our vision is much bigger than agentic threat hunting alone — we want to do for SIEM what EDR did for endpoint by collapsing complexity, delivering value out of the box, and up-leveling the defender."
FirstMark Leads Round on Founder Fit
FirstMark led the round, joined by Bain Capital Ventures, Decibel, Zetta Venture Partners, and Step Function. The syndicate reflects conviction in autonomous, self-service hunting that scales without proportional headcount growth. Lewke previously joined CrowdStrike at roughly 200 employees, helped build Falcon Complete, and holds a graduate degree from MIT CSAIL.
Threat Hunting Market Expands Rapidly
The threat hunting market stands at $5.7 billion in 2026 and is projected to reach $16.3 billion by 2033. Grand View Research reports a 16.3% CAGR. Rising agentic AI attacks and shadow AI insider threats are pushing capital toward platforms that move beyond signature and anomaly detection.
Ex-CrowdStrike Founder Brings Domain Depth
Lewke spent 12 years at Northrop Grumman, CrowdStrike, and Arctic Wolf before founding Nebulock in 2023. The team includes alumni from Palo Alto Networks, Splunk, and Sublime. The company open-sourced coreSigma, a macOS endpoint detection framework, and its Agentic Threat Hunting Framework on GitHub.