Fire With Fire: Inside the $125M Cybersecurity Startup Fighting Hackers With Real-Time AI Reasoning

SAN FRANCISCO — May 2026 – The email landed in a corporate inbox at 9:42 a.m. on a Tuesday. It appeared to come from the CFO. It referenced a real vendor, a real invoice number, and a real project that had been discussed in a company-wide memo the previous week. The language was flawless. The tone was perfect. The attachment, disguised as a PDF, contained a zero-day exploit that had never been seen in the wild. The entire attack—from reconnaissance to payload delivery—was generated by an AI agent in under four minutes.

That email was not real. It was a red-team exercise. But it did not matter, because the attackers on the other side of the world are already using the same tools, at the same speed, against real companies, with real consequences. The AI-powered cyberattack is no longer a hypothetical. It is the operating reality of 2026, and the gap between the sophistication of the offense and the preparedness of the defense has become the most urgent unsolved problem in enterprise technology.

Into this widening chasm has stepped a startup called Exaforce. In March 2026, the company closed a 125millionSeriesBroundata125millionSeriesBroundata725 million valuation, less than a year after emerging from stealth. Its backers include some of the most selective names in enterprise venture capital, and its early customer list already features names like Replit and Guardant Health. What Exaforce is selling is not another layer of antivirus software or a marginally better firewall. It is selling an AI agent that can reason about cyber threats in real time—and answer investigative questions that would take a human analyst hours, in less than a minute.

7.1.png

The Acceleration Problem

The core challenge that Exaforce was built to solve is one of velocity. Cybersecurity has always been an asymmetric contest. An attacker needs to succeed only once; a defender must succeed every time. But until recently, that asymmetry was tempered by a human constraint: attack campaigns took time to research, plan, and execute. Spear-phishing emails had to be written. Malware had to be coded and tested. Reconnaissance required patience.

Generative AI has collapsed that timeline. Large language models can now produce flawless, context-aware phishing lures in seconds. They can generate novel malware variants faster than signature-based detection systems can catalog them. They can scrape a company's public filings, social media presence, and executive communications to build a targeting dossier that would have taken a state-sponsored intelligence team weeks to assemble. The result is an attack surface that is not just expanding—it is evolving in real time, under the direction of adversaries who can iterate at machine speed.

Microsoft's May 2026 Patch Tuesday release provided a stark illustration of the stakes. The company fixed 138 vulnerabilities, including two zero-days—dubbed YellowKey and GreenPlasma—that had been actively exploited in the wild before patches were available. The affected systems spanned Windows, Office, Edge, and Azure. The sheer volume of vulnerabilities, combined with evidence that AI-generated attack tools were being used to find and weaponize them faster than ever, underscored a brutal truth: the traditional model of monthly patch cycles, signature updates, and manual threat hunting is no longer fit for purpose.

Exaforce's founding thesis is that the only viable countermeasure is an equally fast, equally intelligent defense—one that does not wait for human analysts to triage alerts, but that reasons about threats autonomously, in the moment, with the same generative capabilities that attackers are already using.

Exabots and the Knowledge Graph

The technical architecture that Exaforce has built is distinct from both legacy security information and event management platforms and from the wave of simple AI copilots that have been grafted onto existing security tools. At its core is a knowledge graph—a structured, continuously updated model of an organization's entire digital environment, from user identities and device configurations to network topologies and cloud permissions.

On top of this knowledge graph, Exaforce deploys what it calls Exabots: specialized AI agents that can answer investigative questions in natural language. An analyst can ask, "Show me every device that communicated with this suspicious IP address in the last 72 hours, and tell me which ones have an unpatched vulnerability that could have been exploited." The Exabot returns an answer in under 60 seconds—a task that, in most enterprises, would require three different tools and a senior analyst burning half a morning.

The value proposition is not that AI replaces human security professionals. It is that AI does the triage, correlation, and initial reasoning, freeing humans to make the high-stakes decisions that machines cannot. The Exabots are not autonomous responders in the sense of automatically shutting down systems or blocking traffic—though that capability is on the roadmap. They are reasoning partners that collapse the time between detection and understanding, which is, in most breaches, the single most expensive gap.

The Arms Race Intensifies

Exaforce's emergence is part of a broader rearmament in the cybersecurity industry, driven by the convergence of three powerful trends.

First, the attack tools are improving faster than the defense tools. Open-source AI models, many of them uncensored and unregulated, are being fine-tuned specifically for offensive cyber operations. Dark-web forums now offer AI-powered phishing kits, automated vulnerability scanners, and malware generators as subscription services. The barrier to entry for sophisticated cybercrime has dropped to a credit card and a basic understanding of English.

Second, the economic incentives for attackers are growing. Ransomware payments exceeded 1.5billionin2025,accordingtoblockchainanalysis,andtheaveragecostofadatabreachhascrossed1.5billionin2025,accordingtoblockchainanalysis,andtheaveragecostofadatabreachhascrossed5 million. As more critical infrastructure—hospitals, water systems, power grids—comes online, the attack surface expands, and the leverage that attackers hold over their victims intensifies.

Third, and most consequentially, the defensive side is beginning to reorganize around the reality of AI-speed threats. The Biden administration's 2025 executive order on AI security mandated that federal agencies adopt real-time threat detection and automated response capabilities. The Cybersecurity and Infrastructure Security Agency has begun funding AI-native security startups through its innovation pipeline. Enterprise CISOs, once skeptical of AI hype, are now demanding tools that can keep pace with the attacks they are already seeing.

Exaforce sits at the intersection of all three trends. Its 25 million Series B,led by Light speed Venture Partners with participation from existing investors, is not a be to na speculative future. It is a bet that the companies which solve the velocity problem will capture ad is proportionate share of the 125 million Series B, led by Light speed Venture Partners with participation from existing investors, is not a be ton a speculative future. Itisabetthatthecompanieswhichsolvethevelocityproblemwillcaptureadisproportionateshareofthe200 billion global cybersecurity market as it undergoes its most significant architectural shift in a generation.

7.2.png

What Every Entrepreneur Can Learn

The AI cybersecurity arms race offers lessons that extend well beyond the security industry.

First, asymmetry is a market signal. When the offense has a structural advantage over the defense, there is money to be made in restoring balance. This principle applies to fraud detection, regulatory compliance, supply chain integrity, and any other domain where the bad actors have adopted new tools faster than the good actors. The entrepreneur who can close that gap fastest wins the right to name their price.

Second, speed of reasoning is a moat. Exaforce is not competing on detection signatures, which are a commodity. It is competing on the speed and quality of automated reasoning—the ability to take a flood of signals and extract the signal that matters, in time for a human to act. In an era when every enterprise is drowning in data, the company that can reduce time-to-insight by an order of magnitude will be impossible to displace.

Third, sell to the pain that is already burning. Exaforce did not have to convince its early customers that AI-powered attacks were coming. Those customers were already living the reality. The startup's pitch was not a prediction; it was a solution to a present-tense crisis. The fastest enterprise sales cycles are not built on visionary storytelling. They are built on solving a problem that the buyer is already losing sleep over.

The Road Ahead

Exaforce is not the only company racing to arm the defense. Microsoft itself is embedding AI-driven security copilots across its ecosystem, leveraging its unparalleled visibility into enterprise networks. CrowdStrike, SentinelOne, and Palo Alto Networks are all investing heavily in autonomous threat response. The startup's long-term defensibility will depend on whether its knowledge-graph architecture and Exabot reasoning engine can stay ahead of the platform giants—and whether it can continue to attract the engineering talent required to maintain an edge in a field where the adversary never stops improving.

But the window of opportunity is real. The AI cybersecurity market is expected to grow at a compound annual rate north of 20 percent through the end of the decade. The attackers are not waiting. The defenders cannot afford to. Exaforce's $125 million bet is that the future of cybersecurity will belong not to the company with the most data, but to the company with the fastest reasoning. If that bet pays off, the consequences will extend well beyond a single startup's valuation. They will reshape the economics of trust in a world where the machines are writing the attacks—and only the smartest machines can stop them.