- Exaforce secures USD 75M Series A round to revolutionize SOC operations with AI-driven automation.
Exaforce’s Exabots automate alert triage and investigation, reducing false positives and response times dramatically - The platform addresses SOC talent shortages by enabling scalable, efficient human-AI collaboration
- With the new funding, Exaroce’s plans focus on R&D expansion and scaling go-to-market efforts across industries
This April, Exaforce—a cybersecurity company that develops AI agents for streamlining security operations—raised its USD 75M Series A round of investment. The round came from Mayfield Fund, Thomvest Ventures, Khosla Ventures, and Touring Capital.
Founding Team with In-Depth Domain Expertise
Exaforce was founded in 2023, by Ankur Singla (CEO), Ariful Huq (Head of Product), Devesh Mittal (Head of Engineering), Marco Rodrigues (Head of Customer Success & Solutions), and Jakub Pavlik (Head of Engineering) in California. The co-founders come from F5, Palo Alto Networks, and Google, bringing together expertise in cybersecurity, cloud operations and AI. They operated large scale security services at F5, protecting the world’s biggest banks and social networks, designed the complex models underlying Google’s AI services, spearheaded the industry-leading cloud security platform at Palo Alto Networks, and successfully founded and scaled a number of startups. Through these experiences, Exaforce’s founding team have gained a front-row seat to the problems faced in today’s SOC and a nuanced grasp of AI’s potential and pitfalls.
Overloaded and Understaffed SOCs
Today, enterprises demand SOC (Security Operations Center) solutions that deliver faster, more consistent threat response, improved detection, and scalable defenses—without requiring more personnel. SOC analysts face an overwhelming volume of alerts, most of which are false positives. This flood of noise leads to tedious, manual tasks like log stitching and ticket management that drain time and resources. Detection engineers struggle with limited threat coverage, particularly in cloud environments, where traditional SIEMs (Security information and event management solutions) fall short and maintaining custom detection logic in SQL or Python proves ineffective.
Umesh Padval, Managing Director at Thomvest Ventures
‘It’s like looking for a needle in a haystack,’ Thomvest Ventures’ managing partner Umesh Padval comments on seeking out threats among false positives.
Meanwhile, threat hunters are bogged down by inefficient workflows that hamper proactive detection efforts. These challenges are intensified by the well-known shortage of skilled security professionals, leaving SOC teams stretched thin. As a result, organizations face slower response times, greater analyst burnout, and increased vulnerability to emerging threats—highlighting the urgent need for smarter, more automated SOC tools to sustain effective cybersecurity operations.
It is a must for effective AI for SOCs to process vast volumes of logs, cloud telemetry, and threat intelligence to support fast, high-stakes decision-making. Traditional agentic AI systems that rely solely on LLMs struggle with this task—they can only process limited data at a time, leading to incomplete analysis and unreliable, hallucination-prone reasoning.
Addressing such challenges demands deep expertise in cybersecurity, AI, and cloud operations—apaprently, Exaforce’s founders bring all three, backed by experience managing increasingly complex SOCs.
Layered Multi-Model AI for Security Operations
Jakub Pavlik, Co-Founder and Head of Engineering at Exaforce
Exaforce offers a purpose-built, multi-model AI engine designed specifically for security operations. This layered approach begins with a semantic data model and incorporates statistical and behavioral models to extract key insights, behaviors, and relationships from raw data. These insights are then passed through knowledge models for deeper analysis. Finally, the system uses LLMs for contextual reasoning—only after the data has been structured and refined. Combining models in this way allows Exaforce to enhance the accuracy and completeness of analysis while avoiding the pitfalls of LLM-only systems.
‘LLMs are part of the knowledge model and depend on the semantic and behavioral models to provide a real-time view into the current state of the Cloud environment, so that it can reason about an event in context of that environment. In other words, the semantic and behavioral models provide the LLMs the business context they need to reason,’ Exaforce’s co-founder and head of engineering Jakub Pavlik specifies.
Exabots: AI Agents for Modern SOCs
The company’s Exabots are AI agents that automate manual, complex and repetitive tasks within security and operations. For example, they analyze vast amounts of data to enrich alerts, identify false positives and detect threats. They can also execute workflows like validating suspicious user actions, correlating events against change management tickets, following up on pending tickets etc., thus freeing up SOC teams to focus on strategic issues.
Pranay Anand, Vice President at NTT Data
Exabots can operate in fully autonomous mode or with humans in the loop, depending on the SOC team’s preference. Human employees remain the primary driver for handling incidents, while Exabots help them focus on true positives, expedited investigations and offloading repetitive work.
‘Exaforce’s multi-model approach is unique in the industry and will dramatically reduce the false positives and investigation times we experience in our cloud and SaaS environments. The platform augments our SOC teams by delivering streamlined security operations and faster incident response for every client, freeing up more time to focus on proactive threat hunting,’ NTT Data’s Vice President Pranay Anand states.
Human-AI Collaboration for Top Efficiency of Both
According to Exaforce’s co-founder and CEO Ankur Singla, the team’s vision is to empower SOC teams with an intelligent platform that allows humans to collaborate seamlessly with AI agents—integrating precise human oversight with advanced automation.
‘Our goal is to automate and augment human effort, providing complete human supervision and control at the same time. But automation evolves to beyond just answering questions in a co-pilot mode. Exabots can operate fully autonomously, with humans triggering certain actions, or interactively to resolve a problem. This will look like less stressed analysts, who are now upskilled to be more focused on true threats with a newfound security knowledge. With time spent on real incidents, and expert knowledge of both the industry and their environment at their fingertips the analysts can be the security crimefighters they were intended to be. With this knowledge, their responsibilities may also shift to agentic supervision – review agent work to ensure reasoning and thoroughness are valid,’ Mr Pavlik explains.
A Customizable Real-Time Security Brain
Returning to Exabots, each data source adds additional information to the semantic model to help the AI engine understand the underlying Cloud environment and the activities within. LIkewise, each data source brings with it a varied definition and set of data, resources, and relationships. In the semantic model, Exaforce breaks this down into Events, Sessions, Resources, and Identities and graphs the relationships between them. All of this must happen in real time, and kept continuously up to date.
The team spent more than a year building the architecture that helps integrate data sources quickly, ingest data and process it in real-time and manage large amounts of data and complexity without incurring high COGS (cost of goods sold).
The platform architecture allows customers to deploy the technology in their own cloud accounts or in a cloud region of their choice to meet their data residency requirements. Exaforce is working with design partners in various industries to ensure that its models are trained to address specific needs.
Measurable ROI and Real-World Results
According to Mr Pavlik, metrics for organizations to measure the ROI when implementing Exaforce may vary based on the use cases. For investigative use cases, MTTR (mean time to resolve) is a key metric. Customers have seen investigation times speed up by 60x in certain scenarios, going down from hours to a few minutes.
Other key metrics include:
- MTTC (mean time to conclusion), the time to triage the incident and form a confident conclusion about whether it is a true positive or false positive.
- Time Saved – the total time Exaforce has saved your team both by autotriaging false positives, and by preconfiguring the investigation canvas for issues that need investigation
- Exaforce False Positive rate – The high fidelity alerts generated by Exaforce that increase your security coverage on IaaS and SaaS platforms.
‘What is measurable is improvements in time to investigate alerts so SOC teams are able to spend more time investigating the real incidents. Our customers tell us they see more than 90% reduction in investigation times; alerts that would usually take 1-2 hours to investigate now take <10 mins,’ the Exaforce team shares.
Beyond reducing false positives, Exabots help with triage, assessments and alert resolution including automation of actions that analysts must perform repeatedly, thus remedying alert fatigue among SOC analysts and improving overall response efficiency.
Toward Smarter, More Resilient Cyber Defense
Navin Chaddha, Managing Partner at Mayfield
‘What excites us is how Exaforce is reimagining the massive opportunity of developing AI teammates to offload complex tasks that help humans increase productivity and efficacy, and they are starting with the SOC market where the problems of skills and talent are acute. The team’s progress since those initial whiteboard sessions—securing a dozen enterprise design partners, and delivering 10x improvements in SOC efficiency—validates our early conviction that Exaforce is building something revolutionary in the collaborative intelligence era,’ Mayfield Fund’s managing partner Navin Chaddha sums up.
The USD 75M of fresh funding will be directed toward expanding Exaforce’s R&D and Go-to-market.
By tackling the overload of false positives, manual workflows, and talent shortages in modern SOCs, Exaforce is addressing one of cybersecurity’s most urgent operational challenges. Blending automation with human expertise through intelligent AI agents marks a shift toward more resilient, scalable, and proactive security operations and a future where defenders can focus on real threats instead of repetitive tasks.
Kostiantyn is a freelance writer from Crimea but based in Lviv. He loves writing about IT and high tech because those topics are always upbeat and he’s an inherent optimist!
