Founder Spotlight: Dan Lasker on Building AI-Native Threat Intelligence at Vigilance Security

What problem is Vigilance solving that legacy security tools can't?

The core issue is that legacy security vendors are trying to bolt AI onto architectures that were designed twenty years ago. They're adding machine learning layers on top of signature-based systems and calling it innovation. The threat landscape has evolved dramatically — adversaries are using generative AI, polymorphic malware, and coordinated multi-vector attacks — and you simply cannot address that by retrofitting old tools. Vigilance was built from day one as an AI-native platform, meaning every layer of our stack was designed around machine learning inference rather than static rules. That's a fundamentally different architecture, and it produces fundamentally different outcomes.

You're a veteran of an elite intelligence unit. What did you see there that convinced you to start Vigilance?

In the intelligence unit, I had a front-row seat to the most sophisticated adversaries on the planet — nation-state actors with essentially unlimited resources and patience. What I saw consistently was that our defensive tools were always a step behind. We would identify a new technique, write a signature or rule, push it out — and by then the adversary had already moved on. The realization that hit me was that defense needs to be predictive, not reactive, and that requires AI at the core of the architecture, not bolted on as an afterthought. That conviction is what led me to leave that world and build Vigilance with Naor.

What does 'AI-native' actually mean? It's become a buzzword.

Fair challenge. For us, AI-native means that machine learning models are the primary decision-making layer in every part of our pipeline — from ingestion to detection to response. It is not a feature you toggle on. Our models are trained on proprietary threat telemetry data that we've been collecting and curating since our founding, and they run inference continuously against every signal that enters the platform. The result is 94% autonomous detection accuracy compared to the industry average of roughly 67%. That gap exists precisely because we didn't try to add AI to an existing product — we built the product around the AI.

Naor Haziz is your CTO — also a Blackhat speaker and intelligence unit veteran. How does that partnership work?

Naor and I are deeply complementary. I bring the cybersecurity strategy perspective and the operational mindset — understanding what adversaries do and how to model their behavior at scale. Naor brings the AI and ML engineering discipline and the deep architectural vision for building security products that actually work in the real world. He's an exceptional AI/ML security architect who understands both the science and the engineering of building systems that security teams actually trust and adopt. We challenge each other constantly, and that tension produces better decisions. Having both of us come from elite intelligence backgrounds means we share a common language around threats, but we approach solutions from different angles.

You've reached $2.8M ARR with 380% year-over-year growth. What's driving adoption?

Enterprise security teams are drowning. The average SOC receives thousands of alerts per day, and the vast majority are false positives or low-priority noise. Analysts are burned out, and the talent shortage means you can't hire your way out of the problem. When we show a CISO that Vigilance can autonomously triage and resolve threats with sub-90-second mean time to response — replacing what used to take hours of manual investigation — the value proposition is immediately obvious. Our 145% net revenue retention tells you that once teams deploy us, they expand. The product sells itself once it's in the environment.

Getting 2 Fortune 500 design partners and a DoD pilot at seed stage is unusual. How?

Honestly, it starts with trust. When a Fortune 500 CISO is evaluating an early-stage vendor for something as critical as threat intelligence, they need to trust that the founders actually understand the problem space. Our elite intelligence unit backgrounds and Blackhat speaking credentials give us credibility that most seed-stage founders simply don't have. Beyond that, we led with technical proof points — we ran head-to-head evaluations against their existing tools and demonstrated measurably better detection rates. For the DoD pilot specifically, our clearance histories and deep understanding of government security requirements were essential. These aren't logos we bought with discounts — they're design partnerships built on demonstrated capability.

You raised $5M from Sequoia Scout. What did that process look like?

We were fortunate that our metrics and backgrounds attracted strong inbound interest, but we were deliberate about choosing Sequoia Scout. We wanted a partner who understood enterprise security deeply and had the patience to let us build the right product rather than pressuring us to chase revenue prematurely. The Sequoia team's conviction came from their own diligence — they spoke with CISOs, evaluated our technology, and concluded that the AI-native approach was categorically different from what incumbents were doing. Having Sequoia on our cap table has been a meaningful signal to enterprise buyers and to the talent we're recruiting.

You have 18 employees. How do you prioritize?

Ruthlessly. Fourteen of our eighteen people are in engineering or research. We made a conscious decision to stay engineering-heavy and resist the temptation to build out a large sales team before the product is where we want it. Our philosophy is that at this stage, the product is the strategy. If the detection accuracy is excellent and the time-to-value is fast, enterprise buyers will find us — and they have. We say no to more things than we say yes to. Every feature request gets evaluated against a single question: does this improve detection accuracy or reduce time to response? If not, it waits.

Who are your biggest competitors and why will Vigilance win?

The incumbents are CrowdStrike, SentinelOne, and Palo Alto Networks — all strong companies, but all built on architectures that predate the current AI wave. They're adding AI features, but the foundation is still signature-based or rule-based. Then you have category-specific players like Wiz in cloud security and Abnormal Security in email security — excellent companies in their lanes, but narrow by design. Vigilance is AI-native and architecturally broad. We can apply our models across endpoints, cloud, network, and identity because the AI layer is the product, not a feature within a product. That architectural advantage compounds over time as our models see more data and get smarter.

Critics say your market is too crowded to support another platform play. What's your response?

It's a fair criticism, and I don't dismiss it. The cybersecurity market is crowded, and history is littered with startups that had good technology but couldn't break through the noise. What I'd push back on is the framing — we're not trying to compete with CrowdStrike on their turf. We're making a bet that AI-native architecture is a fundamentally different category, not an incremental improvement. If we're wrong about that architectural thesis, then yes, we're just another vendor in a crowded market. If we're right, the incumbents have a structural disadvantage they can't easily overcome. We're betting on being right, but I understand why some people are skeptical.

With only 8 customers, how do you answer concerns about concentration risk?

I won't sugarcoat it — concentration risk is real at our stage. If we lost one of our larger accounts, it would hurt. The honest answer is that we manage this by ensuring we're deeply embedded in our customers' workflows, which is partly what the 145% NRR reflects. But the structural answer is that we need to grow the customer base, full stop. That's the number one operational priority for the next twelve months. We're building the pipeline to get from 8 to 25-plus enterprise accounts, and if we can't execute on that, the concentration risk remains a legitimate vulnerability.

What happens if Sequoia doesn't follow on in the Series A?

We'd survive it, but I won't pretend it wouldn't be a signal the market would notice. Our metrics should speak for themselves — if we continue on this growth trajectory, the Series A market will be there regardless of whether Sequoia specifically leads it. But to directly answer the question: we've been disciplined about maintaining investor relationships beyond Sequoia, and we have soft interest from several firms. We're not building a company that depends on any single investor relationship.

What would you tell a VC evaluating cybersecurity investments right now?

Look at architecture, not marketing. Every cybersecurity vendor in 2026 will tell you they use AI. The question you should be asking is: was the AI designed into the core of the product from day one, or was it added as a feature on top of a legacy system? That distinction matters for long-term performance ceiling. I'd also say — and I'm being honest here — don't just take our word for it. Talk to CISOs who've deployed both legacy and AI-native tools. The gap is real, and it shows up in the data. But I understand that investors need to validate that for themselves, not just hear it from a founder.