As cybersecurity spending approaches $215B globally, enterprises face a critical gap: attacks now unfold in seconds while detection systems built for human-speed threats take weeks to write new rules. AI-powered adversaries execute thousands of reconnaissance attempts, adapt tactics in real time, and never repeat the same attack pattern twice, leaving security teams manually stitching together context across dozens of fragmented tools long after damage occurs. Artemis addresses this disparity with an AI-native protection platform that builds a dynamic data model from each customer’s own telemetry, fusing behavioral logs across users, machines, cloud workloads, and applications with business context to generate detections tuned specifically to each organization. Through federated queries that retrieve data on-demand rather than requiring upfront ingestion, Artemis processes billions of events per hour at a fifth of traditional SIEM costs while autonomously investigating every signal and surfacing coherent attack stories instead of disconnected alerts. Early customers have reduced mean time to detect and respond to critical security events by 94%, with one technology company discovering multimillion-dollar cloud spend savings and shadow activity invisible to existing tools during the first scan.
AlleyWatch sat down with Artemis Cofounder and CEO Shachar Hirshberg to learn more about the business, its future plans, emergence from steealth, recent funding round, and much, much more…
Who were your investors and how much did you raise?
We raised $70M in funding, led by Felicis with First Round Capital and Brightmind Partners doubling down, alongside top VCs including Theory Ventures, Lockstep, Two Sigma Ventures, Netz Capital, Squared Circle Ventures, Kedem Ventures, Sunflower Capital, and prominent cybersecurity industry leaders, including founders of Abnormal AI and Demisto, the former CEO and CTO of Splunk, and senior executives from CrowdStrike, Palo Alto Networks, Microsoft, and Okta.
Tell us about the product or service that Artemis offers.
Attacks are now unfolding in seconds, not days, and never happen in the same way. Traditional security stacks were built for a world of static rules, fragmented tools, and manual investigation. That world doesn’t scale to the new reality.
Artemis is an AI-native protection platform built in an AI-native way to understand relationships across your technical and business environment and provide continuous protection to your assets. It powers the full SecOps lifecycle across detection, correlation, enrichment, investigation, response, and remediation – and you can choose which actions should be performed by an analyst or the system.
All of your security data is now available for you to talk with and act on, transforming the analyst’s job from data assembly to decision-making. We generate full attack stories: correlated, contextualized narratives that span the full kill chain across every data source. Not a collection of related alerts. A coherent explanation of what’s happening and why it matters.
Instead of learning a proprietary query language to investigate an incident, analysts describe what they’re looking for in plain language and let the system handle the rest. We can connect to a single data source and immediately generate better detections, then expand to replace the entire SIEM when a customer is ready.
The results: we are working with some of the largest enterprises in the world. Customers using Artemis have reduced their mean time to detect and respond to important security events by 94%. We’re already in production across financial services, technology, insurance, and more, analyzing over 15,000TB daily and billions of events hourly.
What inspired the start of Artemis?
Dan and I spent the better part of a decade building detection and AI systems inside some of the most consequential security platforms in the industry – I was an early engineer at Demisto and later led Amazon GuardDuty at AWS; Dan led AI/ML at Abnormal Security and built large-scale ML systems at Twitter. From those seats, we both watched the same thing happen: attackers started leveraging AI to turbocharge their operations, executing in seconds what used to take days, adapting in real time, never repeating the same playbook twice. Meanwhile, the tools defenders rely on – static rules, manual investigation, fragmented dashboards – haven’t fundamentally changed in twenty years. The gap was widening fast, and patching AI onto the old architecture wasn’t going to close it. We started Artemis because we believed defenders needed a platform built from scratch for this era – one that fights AI with AI.
How is Artemis different?
Most security products give every organization the same defense – the same sensors, the same rules, the same alerts – regardless of whether you’re a 50,000-person bank or a 2,000-person software company. Think of it like a home alarm system: traditional vendors install the same setup in a villa with a backyard as they do in a tenth-floor apartment. They don’t know where your windows are vulnerable, which door gets used, who’s in the house, or what normal looks like for your family.
Artemis builds defense that’s tailored to the specific organization it’s protecting. We learn each customer’s environment deeply – mapping how users, machines, cloud workloads, identities, and applications interact with each other and with the business context around them – and generate detections tuned specifically to that organization. Not generic rules. That’s something no one else is building.
On the architecture side, three structural differences set us apart. First, we federate queries across wherever the data already lives – existing SIEMs, data lakes, cloud-native stores – so detection quality isn’t tied to how much data you can afford to ingest. Second, our detections are autonomous: multi-step reasoning agents that dynamically query data, reason about context, and confirm threats before surfacing an alert – and they get smarter with every incident. Third, we deliver complete attack stories, not isolated alerts – correlated narratives that give teams the full picture and clear next steps.
Anthropic recently documented the first AI-orchestrated cyber-espionage campaign, where autonomous agents executed much of the intrusion lifecycle. We’re one of a select few cybersecurity companies working in deep collaboration with Anthropic, integrating Claude’s reasoning capabilities directly into the platform to defend against exactly these kinds of threats.
What market does Artemis target and how big is it?
We’re going after the SIEM – the brain of security operations – which sits at the center of a $30+ billion market.
More than 60 CISOs our investors spoke with, and over 100 that we interviewed ourselves in the past 12 months, listed SIEM as a top three priority category to leverage AI and displace incumbent technology.
Our customers are CISOs and security leaders at large enterprises – companies in highly regulated industries like financial services, technology, and healthcare.
These organizations are spending millions a year on legacy products, getting thousands of daily alerts in return, and watching their security teams spend more time maintaining broken tooling than investigating actual threats. Data volumes grow 30-40% annually, vendors charge by the gigabyte, and teams are forced to drop data to control costs – creating blind spots that attackers exploit. That’s the problem we solve. We’re doing it all differently.
What’s your business model?
Enterprise SaaS with annual subscription contracts.
Legacy SIEMs price by data volume – which means bigger companies pay millions a year and are penalized for wanting better visibility.
We broke that model. Artemis prices on value delivered, not gigabytes ingested.
At one customer, we uncovered multi-million dollar savings in cloud spend within the first integration.
Our architecture also means we can start delivering value from a single data source and expand to replace the entire SIEM when the customer is ready.
How are you preparing for a potential economic slowdown?
Cybersecurity is one of the last budget lines to get cut in a downturn, and AI-driven attacks don’t slow down when the economy does. That said, we’re building Artemis with capital efficiency as a core principle.
Our AI-native architecture means a small, exceptional engineering team can deliver what would traditionally require 200+ engineers. We went from founding to production deployment with over dozens of enterprise customers in roughly six months with a lean team.
The companies we sell to are also actively looking to consolidate their security stack and reduce SIEM costs – which actually makes our value proposition stronger during a slowdown, not weaker.
What was the funding process like?
The raise reflected two things: the speed at which we reached production results, and the size of the opportunity.
In less than six months from founding, we onboarded more than ten of the world’s largest enterprises into full production. Not POCs, not pilots — production. Companies that have worked with traditional vendors for years telling us, “what you did in two weeks takes us a year with our current provider.” The demand came organically – customers reached out before we were even out of stealth, purely through word of mouth.
That speed comes from being AI-native not just in the product, but in how we build software. 99% of our code is written with AI. Every engineer ships 4-5 features per week – work that would have taken a strong engineer two to three months just a year ago. A new integration in Artemis takes a day or two, versus three to six months at competitors. With 30 people, we’re producing the output of a 200-person company.
The SIEM category is going through a tectonic shift. Cisco’s acquisition of Splunk, aggressive price hikes across the board – CISOs are actively looking for an alternative. The funding will go toward scaling our engineering and research teams, expanding the platform, and building out our go-to-market operation.
What are the biggest challenges that you faced while raising capital?
Honestly, we were fortunate. The combination of deep domain experience in security operations, early enterprise traction, and a market going through a generational shift meant we had strong investor interest from the start. We were in the rare position of being oversubscribed and having to turn down capital.
Honestly, we were fortunate. The combination of deep domain experience in security operations, early enterprise traction, and a market going through a generational shift meant we had strong investor interest from the start. We were in the rare position of being oversubscribed and having to turn down capital.
What factors about your business led your investors to write the check?
A few things. First, the team. I was an early engineer at Demisto, the company that defined the SOAR category and was acquired by Palo Alto Networks, and I later led product for Amazon GuardDuty, scaling it to over 80,000 customers. Dan led the 60-person AI/ML team at Abnormal Security and built large-scale ML systems at Twitter.
We’ve independently built the detection engines behind two of the most successful security products of the last decade – this is the third iteration of that architecture, built from scratch.
Second, the speed of execution. What we’ve built in seven months since founding is ahead of our original product roadmap by eight months. Nearly 100% of our code is AI-generated. The platform processes billions of events per hour, and we’ve already closed big enterprise logos.
Third, the market pull. First Round, BrightMind, and Lockstep invested when it was just the two of us and a very early idea. By the time we had Series A, we had more than dozens of production enterprise customers with no website, no marketing, and no outbound. When customers find you through word of mouth alone at that stage, investors pay attention.
What are the milestones you plan to achieve in the next six months?
Scale the customer base aggressively – we have strong enterprise demand and need to convert that into production deployments.
Grow the engineering and go-to-market teams to meet that demand.
Deepen the platform’s response capabilities; we’re moving toward fully autonomous response guided by business context.
We’re building toward a future where AI defends against AI.
What advice can you offer companies in New York that do not have a fresh injection of capital in the bank?
We were in stealth with no website and no public presence, and enterprise customers found us through word of mouth alone. That only happens when you’re solving a real, urgent problem and your product actually works.
If you can get to that point – where the market is pulling you forward rather than you pushing into it – the capital will follow. New York is an incredible city for building enterprise companies because your customers are right here.
Use that proximity. Talk to buyers early and often. Don’t build in isolation.
Where do you see the company going now over the near term?
The launch is behind us, and enterprise demand is accelerating.
Near-term, we’re converting pipeline into revenue, expanding within our existing customer base, and building the go-to-market engine.
We’re also advancing toward autonomous response – the next major capability shift. The SIEM category has been the brain of security operations for twenty years, but it’s been operating more like an overpriced filing cabinet. We’re building the replacement. The shift from static, rule-based security to AI-native defense is inevitable. We intend to define what that looks like.
What’s your favorite spring destination in and around the city?
Central Park – nothing beats a fun Saturday at Sheep’s Meadow, spending time with friends.
