Nebulock is the world’s first autonomous threat hunting platform that continuously hunts across your security stack to surface false negatives and translate hunts into hardened behavioral detections in minutes.
Threat hunting today is a manual, linear process, where even the most skilled teams spend weeks to surface findings in an increasingly complex threat landscape. Nebulock multi-threads and automates that process, working as a member of your security team building, testing and validating hypotheses automatically while simultaneously giving network defenders the ability to write, test, and validate detections in real-time.
We’ve been working closely with many enterprise security leaders, threat hunters and detection engineering teams over the past year, and are proud to announce our $8.5 million in total funding today, including our Seed Round led by Bain Capital ventures alongside Decibel VC, Zetta Venture Partners, In-Q-Tel and incredible angel investors including Andrew Peterson, Nick Galbreath, William Lehmann, Josh Kamdjou, and Andrew Morris.
We’ve never realized proactivity at scale in security. Organizations invest time, people and sweat into 'proactivity,' only for attackers to neatly side-step existing controls and achieve their objective.This isn’t a practitioner problem, it’s a systems problem. Threat hunts are manual, single-threaded and take weeks to complete. Attackers continuously innovate, leveraging sophisticated AI to move faster and evade traditional defenses. Meanwhile, defenders remain stuck in reactive loops, drowning in alerts and manual workflows, with ever-widening gaps in detection coverage. We've seen this firsthand, and it's clear we need a fundamentally different approach.
Over the past 12 years, across roles at Northrop Grumman, CrowdStrike, and Arctic Wolf, I've witnessed the evolution of cybersecurity from multiple vantage points. Transitioning from an operator in the DoD to CrowdStrike taught me how thoughtful architecture could revolutionize endpoint security through clean APIs, scalable detections, and cloud-native backends; lessons that helped shape one of the industry's most successful platforms. At Arctic Wolf, I worked alongside some of the most talented analysts in the business, people who could spot sophisticated attack patterns that would slip past most automated systems.
Yet across all these experiences, a fundamental challenge persisted: even with the best teams and most advanced tools, threat hunting remained largely reactive. We could detect known threats efficiently, but identifying novel attack patterns still required significant human intuition and manual investigation. This wasn't a failure of any particular company or team; it was an architectural limitation that defined the entire industry. The most skilled analysts, regardless of where they worked, found themselves spending considerable time on manual verification and rule refinement when they could have been focused on higher-value strategic analysis. Even if coverage was achieved, the next iteration in attacker TTPs left doors open to organization environments.
After 12 years watching teams run a never-ending marathon with moving finish lines, we realized it was time to change the race itself.
Nebulock is an autonomous threat hunting platform designed from scratch for behavior-based detection. By connecting directly to identity, endpoint, and cloud telemetry, Nebulock continuously hunts threats, surfaces hidden anomalies, and automatically increases your detection coverage.
Think of it as adding a new team member to your security organization: an AI threat hunter with rare, expensive skills who works 24/7, never needs coffee breaks, and makes everyone else's job easier. Unlike traditional security platforms that wait for alerts, Nebulock proactively forms hypotheses, tests them against your environment, and continuously validates findings. When something suspicious is detected, it builds and refines detections, adds context and accounts for environmental drift and evolving threat behaviors.
Our platform augments humans, freeing them from repetitive manual tasks and empowering them to focus on strategic decisions. Whether you've got two weeks or two decades of experience in threat hunting or detection engineering, you can now write, fine-tune, test and validate your threat hunts and codify them in your detections.
Credential-based attacks and account takeovers often look benign, using legitimate identities and applications. Traditional tools frequently overlook these subtle yet devastating threats. Nebulock uses our agents to interrogate data discarded by other tools, ensuring that credential misuse, insider threats, and stealthy behaviors are continuously identified and neutralized.
Our system is designed to continuously learn and adapt from real-time feedback, integrating seamlessly into existing workflows and providing clear, actionable insights with evidence citations and response guidance. Onboarding takes minutes, and each finding is tailored to not regurgitate existing signal, but provide clear, actionable insights into otherwise unnoticed patterns of behavior.
We’ve already seen impact, more coverage in less time boosting team efficacy and efficiency. Customers have used Nebulock to identify malicious insiders who successfully download and run malware, despite a best-of-breed security stack. The findings are surfaced instantly and remediated before damage is done. Others have streamlined their detection engineering lifecycle, saving time, reducing tooling costs, and shifting coverage toward behavioral threats that legacy systems miss.
Our mission is simple: we aim to make elite autonomous threat hunting accessible to every enterprise, regardless of size, skill set or budget.
This means continuous threat hunting across all telemetry sources, automated detection engineering that adapts to threats in real-time, and a behavioral approach that anticipates attacks before they materialize. API-driven integrations ensure quick onboarding, measured in minutes rather than months.
If you're a defender, detection engineer, or security leader, Nebulock was built specifically to answer your most pressing question: "What are we missing?"
We’ll be expanding our platform across new telemetry sources, supporting more integrations, and working hand-in-hand with customers to define the future of autonomous threat hunting.
We’re just getting started, and we’d love to hunt with you,
Stay secure, and stay curious my friends,
Damien
Thank you to our team, our early adopters, and our community. To our lead investor Bain Capital Ventures, and to our existing partners, Decibel, Zetta Venture Partners, In-Q-Tel, and thank you for believing in this mission.
We're also grateful to our angel investors, including Andrew Peterson and Nick Galbreath (co-founders of Signal Sciences & Aviso Ventures), William Lehmann (founder & GP-Step Function), Andrew Morris (Founder, GreyNoise), Josh Kamdjou (Founder, Sublime Security), Mario Götze (Professional Soccer Player and Investor), Kurtis Lin (Co-Founder, Pinwheel), Parker Gilbert (CEO, Numeric), and Jack Blyzinski (Socii Capital).
And finally, to my family, thank you. This wouldn’t be possible without your support.