Nebulock, the AI-driven threat hunting platform transforming endpoint security, today announced it has raised $8.5 million in funding, including $6 million in seed funding led by Bain Capital Ventures. Additional participation came from Decibel, In-Q-Tel, Zetta Venture Partners, Step Function and Aviso Ventures, as well as angel investors. The new capital will fuel the expansion of Nebulock’s autonomous threat hunting capabilities, enhance its cross-telemetry correlation engine, and scale its engineering and go-to-market teams.
Nebulock was created to solve a glaring problem: organizations outside the Fortune 100 lack the resources and skills for proactive threat hunting. Threat hunting workflows take weeks to execute, and detection engineers today often spend more time triaging alerts or rewriting brittle detection logic than creating new threat hypotheses. Nebulock flips that model — giving threat hunters and detection engineers a proactive detection engine that writes and tests content automatically.
Nebulock is built for the era of AI-enabled attackers and provides multi-threaded threat hunting continuously to ensure there’s no single point of failure. This comes at a critical time when adversaries are equipped with AI to rapidly develop, adapt and deploy threats that evade traditional detections. Security teams, by contrast, are stuck with tools that react only after alerts fire, and 90% of companies say they're not ready for AI-powered threats. As attackers move faster and hide deeper, defenders need a system that can hunt without waiting for an alert.
Nebulock helps organizations proactively understand and act on their own data. By using behavior-based threat hunting, the platform surfaces the findings others miss. Key features include:
- Proactive Insider Threat Detection: Nebulock identifies lateral movement, policy violations and attacker pre-positioning—surfacing insider threats before they escalate.
- Actionable Signal, Not Just Alerts: Nebulock continuously hunts across raw telemetry and delivers high-fidelity findings with true positive rates over 90%, no alert regurgitation. Feedback loops using LLMs refine detection quality over time.
- Fast, Seamless Deployment: Nebulock integrates directly with existing tools like CrowdStrike, Okta and Splunk via API. No agents or workflow disruptions.
- Natural Language Hunting and Detection Engineering: Write, test and iterate detections in plain English. Ask questions like “who RDP’d into finance servers?” and get real answers—no SQL required.
- Continuously Learning Threat Engine: Every finding improves the next. Analyst feedback trains the system to reduce false positives and adapt to your environment in real time.
“Every organization deserves proactive detection, not just reactive alerts,” said Damien Lewke, founder and CEO of Nebulock. “As adversaries increasingly use AI to their advantage, we built Nebulock to help defenders turn that technology into a practical asset. Our platform works around the clock as an autonomous threat hunter, using agentic AI to deliver high-fidelity alerts in real time. It enhances human judgment and enables security teams to stay ahead of emerging threats.”
Enterprises across financial services, healthcare and technology are deploying Nebulock to bridge detection gaps and ensure that no threat goes unnoticed. With the new funding, Nebulock will double down on its AI capabilities, expand cross-telemetry coverage and scale the engineering team to meet demand. In addition, Nebulock will expand integrations with leading SIEM, EDR and IAM platforms.
Nebulock was founded by Damien Lewke, a former security leader at Arctic Wolf, with experience at CrowdStrike, Palo Alto Networks and Northrop Grumman. His team includes alumni from leading companies such as CrowdStrike, Expanse, Expel, Dragos and Mandiant.
“Nebulock’s AI agents don’t just scan for known IOCs—they execute autonomous, behavior-based threat hunts that learn your environment,” said Rak Garg, partner at Bain Capital Ventures. “In early deployments, that’s led to real-world malware discovery, including dormant persistent threats and credential misuse that had evaded existing EDRs and SIEM detection rules. These are verified, actionable outcomes that security teams can act on immediately, without rewriting workflows or sifting through noise. Autonomous Nebulock agents are the future of threat hunting: essential virtual teammates for every security organization focused on detection and response.”
For more information about Nebulock or to join the growing team, visit www.nebulock.io.
About Nebulock
Nebulock is an AI-powered threat hunting platform designed to eliminate false negatives and automate threat detection across organizations. Built to integrate seamlessly with existing security infrastructure, Nebulock’s platform leverages cross-telemetry correlation and AI to detect and respond to threats proactively. For more information, visit www.nebulock.io.
View source version on businesswire.com: https://www.businesswire.com/news/home/20250729870137/en/
Contacts
Media Contact:
Rachel Colson
press-bcv@baincapital.com