Investing in Empirical Security: Building the Intelligence Layer for Security

Security teams are flooded with alerts, dashboards, and even dashboards about dashboards. Yet, even with all this data and tooling, they are still stuck asking the same question every day: “What should I fix today?”

Not anymore.

Enter Empirical Security. It’s not just another triage tool or a prettier interface for the same old alerts. Instead, it was built on a radically different vision: making security data actually useful — automatically.

For years, vendors promised that AI would separate signal from noise in security. But almost all of them rely on global models that are trained on data pooled from thousands of customers. Yet we all know that no two enterprises are the same. They’ve got different stacks, different threat surfaces, different crown jewels.

As they say, if you’ve seen one security environment, you’ve seen one security environment. One size does NOT fit all, especially when the stakes are this high.

So Empirical has built their product not on the traditional “one model fits all” model, but on an individual model that’s tailored to any given enterprise. Their platform continuously trains a local model that learns the customer’s unique environment, without requiring an army of PhDs to deploy or maintain it. So, instead of providing generic recommendations, it delivers precise prioritization tailored to each business. That’s a radical and, we think, significant departure.

Having evaluated countless AI-based security pitches over the past few years, we’re excited to back Empirical’s team, the first we’ve seen that’s actually pulling off local models with real technical rigor and an elegant product. It’s a rare combination—and one that instantly grabbed our attention.

Ed Bellis and Michael Roytman practically wrote the book on applying AI to cybersecurity. They pioneered risk-based vulnerability management at Kenna Security and built a company that was worth $500M+ to Cisco when they sold in 2021. As early investors in Kenna, we had a front-row seat to the highs and lows of that journey, and we know firsthand how deeply they understand both the technical and business sides of this space. And we know the kind of people and founders they are. That’s another reason we’re so excited.

Joining them is Jay Jacobs, co-creator of EPSS and world-class thinker in predictive modeling for security data. We think there’s no better team on the planet to take local models into the enterprise security stack.

And their timing couldn’t be better. Security teams are under intense pressure to do more with less: fewer people, fewer tools, and higher expectations for resilience. Yet, every CISO we talk to admits the same frustration: they’re sitting on mountains of telemetry—vulnerability data, config data, detection data—and still can’t get clear answers to the question, “What should I fix today?”

Empirical’s local model architecture gives them that answer out of the box. No six-month SI engagement. No endless manual tuning. Just actionable intelligence that helps teams focus on what truly matters.

While Empirical is starting with vulnerability prioritization, we believe the opportunity ahead is much bigger: application security posture management, AI-enhanced SOC workflows, and agentic automation for triage and remediation.

This investment is a bet on a new architecture, a new motion, and a team that’s done it before. They’re not just selling a tool — they’re building the layer that makes the rest of the security stack smarter, which the security industry has been waiting for.

We couldn’t be more excited to lead their $12M seed round and partner with this impressive team again as they take on the massive opportunity ahead.