Agentic AI
,
Security Operations
,
Security Operations Center (SOC)
Startup Targets Next-Gen Security Opportunities Beyond Autonomous SOC Agents
A Seattle-based startup led by a former ExtraHop scientist raised $37 million to develop additional AI personas tailored to specific cybersecurity roles.
Dropzone AI plans to use the Series B funding to build new AI agents for areas such as threat hunting, vulnerability management and governance, risk and compliance, according to founder and CEO Edward Wu. The company has built out reasoning engines and security integrations needed to simulate expert human analysts for its foundational AI SOC analyst tool, and many of those components are reusable.
“We are seeing a hockey stick growth-like uptake, in terms of demand for our technology, and in order to continue to mature it, develop it, as well as fully materialize its commercial potential, we need the additional funding right now to accelerate,” Wu told Information Security Media Group.
Dropzone AI, founded in 2023, employs 33 people and has raised $57.35 million, having previously completed a $16.85 million Series A funding round in April 2024 led by Theory Ventures. The company has been led since its inception by Wu, who previously spent eight years at NDR firm ExtraHop, culminating in a role leading the end-to-end development of all AI/ML product capabilities and infrastructure (see: Can Generative AI Help With Quicker Threat Detection?).
Expanding the Use of AI Agents Beyond the SOC
Wu said the adoption curve for Dropzone’s AI SOC analyst will be similar to AI coding assistant tools such as Cursor, with early adopters taking risks, but after a certain point, he said it becomes risky not to adopt. Wu sees cybersecurity heading in a similar direction, and he believes the next 12 months are critical for Dropzone AI to scale infrastructure, engineering and sales to meet that coming demand.
“We’re not at the point of inflection yet, but it’s pretty clear within the next 12 months, we will be at the point of inflection,” Wu said. “So, fundraising right now allows us to prepare ourselves to be ready for the tsunami of demand and interest as we hit the point of inflection.”
Dropzone’s AI SOC analyst mimics the decision-making logic of expert human analysts using custom-built reasoning engines and is capable of interacting with an organization’s existing security infrastructure and tools. This means teams can maintain 24/7 SOC coverage without hiring additional staff, and allows organizations to investigate 80 to 90% of alerts, compared to 30% previously, leading to earlier detection.
“In order to build an AI SOC analyst, it required us to build many fundamental pieces, like the reasoning engines that can replicate the thought process of an expert human analyst, and a large number of cybersecurity integrations so our AI SOC analyst can actually utilize existing cybersecurity tools with the same finesse and techniques as a human analyst,” Wu said.
Future AI agents such as AI threat hunters, vulnerability managers and GRC specialists will share common components already developed for the SOC analyst such as reasoning logic, tool integrations and threat modeling, Wu said. When prioritizing which new agents to build, Wu said Dropzone will prioritize tasks that are performed frequently, have a high consistency, maintain structure and are impactful.
“An AI threat hunting agent also needs cyber reasoning so that it can replicate the thought process of an expert human threat hunter,” Wu said. “The threat hunting agent also needs to know how to actually utilize different security tools, how to search for logs within SIEM, how to search for logs within firewall. The underlying components that made up AI SOC analyst will be reusable for other AI specialists.”
What Sets Dropzone AI Apart From Competitors
Wu said he envisions a future where security teams operate with a fleet of AI-powered digital workers that specialize in different cybersecurity functions. To do this, Dropzone is scaling up its engineering organization, with a focus on hiring software engineers who understand the nuances of threats, toolkits, workflows and detection logic, which he said is vital for building AI agents that mimic expert behavior.
“There are a lot of software developers on the planet. There are a lot of security practitioners on the planet, but the intersection of the two generally has been unicorn status,” Wu said. “We’re looking for software developers who can not only code but also understand the nuances of cybersecurity, those will be our favorite new hires or candidates to track down.”
Dropzone AI serves two primary customer types: MSSPs and mid-sized enterprises. MSSPs with 100 to 200 employees use Dropzone’s AI to streamline their alert handling processes across many clients, enabling consistency and efficiency in their managed services. And for mid-sized enterprises with limited internal resources, Dropzone allows a two-or-three-person SOC team to perform like a five-to-ten-person team.
“It could be a managed security service provider will have around 100 to 200 employees who are servicing sometimes up to 100 clients, and they are leveraging our technology to improve the efficiency of their service offering, as well as the quality of quality and consistency of the alert investigations,” Wu said.
Wu said most startups in Dropzone’s space are still pre-product, while the larger vendors such as Microsoft, CrowdStrike and Palo Alto Networks are offering early-stage, platform-bound AI features rather than full-fledged autonomous agents. Unlike platform vendors who work best with their own tool ecosystems, Dropzone is built to work across any combination of security tools the client already has.
“I think the vendor neutralness is very important, because as an AI agent or digital worker, you don’t want to go in there and say, ‘Hey, I’m an AI SOC analyst, but I only work with CrowdStrike and nothing else,'” Wu said. “That’s not going to be very effective at the end of the day.”