Artemis Security

Primary category: ai-soc-analysts.

One-liner — An AI-native security-operations platform: AI agents that autonomously hunt threats, investigate every signal, and assemble “attack stories” across an enterprise’s identity, cloud, endpoint, network, and SaaS telemetry — a next-generation SIEM / SOC replacement.

Categoriesai-soc-analysts

Scope note (soft): Artemis is “AI for security,” not “security for AI.” It defends conventional enterprise infrastructure with AI agents; it does not govern LLM usage, discover shadow AI, or guard model prompts/egress. It sits in the wiki’s adjacent ai-soc-analysts category (agentic SecOps), not the core LLM-app governance stack. Included because it’s a notable, well-funded AI-security entrant a CTO will encounter.

What it does

Artemis is an AI-native threat detection, investigation, and response (TDIR) platform positioned to replace or augment the traditional SIEM. The job-to-be-done is to cut mean-time-to-detect/respond by having AI agents do the work a SOC team does at scale: generate detections tuned to each customer, autonomously investigate every alert (rather than sampling), and correlate signals across identity, cloud, endpoint, network, and SaaS to surface multi-stage attacks that single-source detections miss — then present them as coherent incidents instead of a flood of disconnected alerts.

Its pitch is framed around an era where “AI battles AI” and attacks unfold in seconds, so human-speed triage no longer keeps up. (Vendor metrics — e.g. a claimed “96% reduction in MTTR” to under five minutes, “2B+ events/hour” — are marketing and unverified.)

Where it sits in the stack

Home is ai-soc-analysts — the agentic-SOC / AI-SecOps layer that sits on top of the siem-soc backbone. Unlike the independent AI-SOC startups that ride on top of an existing SIEM, Artemis pitches itself as the SIEM-replacement data layer and the AI analyst in one.

Artemis is not an inline prompt/egress control. It is green-zone defensive operational tooling — it monitors enterprise telemetry rather than sitting in the path of an LLM application’s prompts, retrieval, or model egress. Its only tangential relevance is detecting post-compromise behavior (anomalous exfiltration, identity misuse) at the infrastructure level — not LLM-specific egress control.

Deployment & architecture

SaaS platform that overlays the existing stack — no rip-and-replace. The core is a proprietary per-customer “dynamic data model” built from that customer’s own behavioral telemetry (users, machines, cloud workloads, apps, plus business context). Architecturally its differentiator is federated query: it retrieves data on-demand from the customer’s existing cloud storage, data lakes, and SIEMs rather than ingesting and storing everything, which it claims decouples cost from coverage (pitched at roughly a fifth of the cost of ingest-priced architectures — marketing).

Integrations (vendor site): Okta, ping-identity, Entra (microsoft-entra) for identity; AWS, Google Cloud, Azure for cloud; Snowflake, Databricks, S3, Cribl for data; splunk and elastic for SIEM; ServiceNow, Jira for case management. Automated response includes actions like identity isolation.

Positioning & differentiators

Differentiators it stresses: a per-customer behavioral data model; detections tuned per customer “within minutes”; autonomous investigation of every signal (not sampling); and the federated/on-demand data architecture that decouples spend from telemetry volume.

Against nearest neighbors:

  • vs the independent AI-SOC startups prophet-security, dropzone-ai, radiant-security, simbian, 7ai — those layer an AI analyst on top of your existing SIEM; Artemis bundles the data layer (SIEM-replacement) with the AI analyst, competing on owning both.
  • vs next-gen SIEM players (Anvilogic, Hunters, Panther — not yet in this wiki) — similar “modern SIEM” ambition, with Artemis leaning harder on autonomous agentic investigation.
  • vs platform-embedded analysts (crowdstrike Charlotte AI, palo-alto-networks Cortex AgentiX) — incumbents building agentic SOC into their stacks; Artemis competes as a platform-neutral, AI-native challenger.

Notable credibility signal: a founding team with deep SecOps pedigree — see below.

Ownership, funding & M&A

Independent, VC-backed. Emerged from stealth on 2026-04-15 with $70M total, raised as a $15M seed + $55M Series A, the Series A led by Felicis. Other backers named in coverage: First Round Capital and Brightmind Partners; Calcalist additionally lists Theory VC, Two Sigma, and Lockstep, plus angels from Demisto, Abnormal, Splunk, CrowdStrike, Palo Alto, Microsoft, and Okta. Valuation not disclosed.

Founded ~late 2025 (described as “six-month-old” at the April 2026 launch). HQ: New York City; Israeli-founded team. Founders: Shachar Hirshberg (CEO) — ex–Demisto (acquired by Palo Alto, ~$600M) and former lead of AWS GuardDuty, Harvard MBA; Dan Shiebler (CTO) — previously led AI/ML at Abnormal AI, ML PhD, Oxford. Headcount ~30, reportedly scaling toward ~65 by end of 2026. No M&A — far too early. Ownership confidence: high (multiple independent outlets corroborate the raise); granular funding split and the extended investor list lean on a single source (Calcalist).

CTO / hedge-fund lens

This is a Day-2 control, and for most hedge funds an indirect one. A SOC platform / SIEM replacement only matters once you have meaningful security telemetry and an alert pipeline to tame — which a large fund with an in-house SOC has, but a typical ~50-person fund usually outsources to an MDR/MSSP rather than buying a SIEM-replacement directly. Where it’s relevant, the appeal is the same as the AI-SOC category generally: force-multiply a thin security team. Two cautions specific to Artemis: it is brand-new (stealth-exit 2026) with unproven production references, and its headline metrics are vendor marketing. No SR 11-7 / model-risk relevance — this is infrastructure defense, not AI model governance. Fit: medium, and mostly via your MDR/MSSP rather than a direct buy.

Competitors / alternatives

prophet-security, dropzone-ai, radiant-security, simbian, 7ai, torq, crowdstrike (Charlotte AI), palo-alto-networks (Cortex AgentiX)

Open questions / to verify

  • Exact incorporation date and whether there’s an Israel R&D center (couldn’t confirm).
  • Valuation (not disclosed).
  • Whether named “customers” (Mercury, Wix, Lemonade, Upwork, Amazon Security, Sony) are paying customers or design partners — logos are unverified vendor claims.
  • Independent validation of the 96% MTTR and events/hour metrics.
  • Pricing / packaging — not public.

Sources

History

  • [2026-06-30] Created and researched from vendor request. Established AI-native SecOps / agentic-SOC category fit (ai-soc-analysts); $70M stealth exit 2026-04-15 (Felicis-led Series A), NYC HQ, founders Hirshberg (ex-Demisto/AWS GuardDuty) & Shiebler (ex-Abnormal); federated-query SIEM-replacement architecture; noted it is AI-for-security, not security-for-AI (not an inline prompt/egress control), flagged as soft scope note. Cached 1 source file.