Exaforce, an agentic SOC platform and MDR, led by Ankur Singla and the team, has raised $125M in Series B from Mayfield, Khosla Ventures, HarbourVest, Peak XV, Seligman Ventures, and AICONIC Ventures, taking the total funding to $200M.

A year ago, emergence from stealth followed a $75M Series A and a clear thesis: SOCs cannot scale by hiring more analysts or engineers, nor by continuously adding SIEM rules. Scale comes from combining human expertise with task-specific AI agents that operate with real context. The resulting model was termed an “Agentic SOC.”

The most important impact is what customers see every day: investigation time has fallen from hours to minutes, and detection coverage has expanded without additional detection engineering, with 800+ condition combinations identifying threats and anomalies. Many alerts are now resolved before reaching an analyst, while Vibe Hunting enables natural language threat searches that replace complex queries.

As the gap between attacker speed and SOC response widens, Exaforce is focused on closing it and shifting the advantage back to defenders.

The Threat Model has Already Shifted.

AI has reshaped offensive operations, making phishing, reconnaissance, and credential abuse faster and more automated than ever. Attackers now move across identity, code, and cloud systems in ways that closely resemble normal activity, compressing dwell time and blurring signal with noise.

A SOC built on static SIEM data and manual correlation rules can no longer keep up.

Why Semantic Context Beats LLM Wrappers.

Most solutions today are LLM wrappers that turn alerts into summaries, producing surface-level triage that breaks when deeper context is needed.

The issue is that post-hoc querying and correlation are slow, inconsistent, and token-heavy.

Exabots instead run on a semantic graph of the environment, linking identities, resources, configurations, code, and data flows. Every alert is grounded in this structure, giving the system full context at the moment of reasoning rather than reconstructing it after the fact.

What Customers Are Seeing.

Customers are reporting a 94% reduction in mean time to investigate in some cases, dropping from three hours to ten minutes, along with significant capacity gains and rapid time-to-value within weeks of onboarding.

The consistent shift is operational: teams no longer stitch together multiple tools and query languages to understand what happened. Instead, they work from a single, unified system that turns data into detection, response, and automation.

Across environments, from enterprise security teams to highly sensitive biotech organizations, analysts are moving toward natural language-driven investigation and consolidated workflows, reducing tool sprawl and improving coverage without additional headcount.

The outcome is simple: less time spent reconstructing context, more time spent responding.

Where the Funding Goes.

Capital is being deployed across three areas: the platform, geographic expansion, and the surrounding customer experience.

On the platform, investment is focused on multi-model AI and an expanded semantic knowledge graph, enabling deeper reasoning across unstructured data, richer identity and code context, and real-time updates so Exabots operate on live system state rather than stale snapshots.

Geographic expansion is accelerating, particularly across Japan and Europe, where demand has outpaced current capacity, with localized go-to-market and MDR coverage.

Finally, investment is going into the operational layer, customer success, threat research, MDR oversight, and support, ensuring the platform is backed by strong execution as adoption scales.

What Comes Next.

The security space already has the people who understand what is broken: practitioners buried in alert triage, engineers dealing with fragile rule systems, and threat researchers focused on adversary behavior rather than compliance artifacts.

What is emerging next is a shift toward teams that combine all three, systems thinkers who can build real-time, reliable security infrastructure that actually reduces work instead of generating it.