In a cybersecurity landscape where threats are evolving faster than defenses, AI startup Vega Security has secured $120 million in Series B funding to challenge legacy security tools. The funding round, led by Accel with participation from Cyberstarts, Redpoint, and CRV, nearly doubles Vega’s valuation to $700 million and brings its total funding to $185 million. But this investment comes at a critical moment when cybersecurity threats are undergoing a fundamental transformation – one that makes Vega’s approach both timely and potentially revolutionary.
The Legacy Problem Vega Aims to Solve
Modern enterprises generate enormous amounts of security data, but legacy tools like Splunk require companies to store all of it in one place before they can detect threats. This centralized approach creates what Shay Sandler, co-founder and CEO of Vega, calls a “crazy expensive” and increasingly ineffective system. “The current operating model of the SIEM (security information and event management) is not only expensive but is also increasingly causing AI-native security operations to fail,” Sandler told TechCrunch.
Vega’s solution flips this approach by running security where the data already lives – in cloud services, data lakes, and existing storage systems. This distributed model aims to eliminate the need for massive data migrations and centralized storage that have become bottlenecks in today’s cloud-heavy environments. Andrei Brasoveanu, a partner at Accel, explains the problem with legacy systems: “Splunk and every contender since has always centralized the data, but by doing that you essentially hold the customer hostage.”
A Changing Threat Landscape
Vega’s funding announcement coincides with a significant shift in cybersecurity threats that makes its approach particularly relevant. According to Picus Labs’ 2026 Red Report, ransomware encryption is declining while “sleeperware” – a patient, evasive malware that steals data for extortion – is surging. The report, based on analysis of over one million malicious files and 15 million adversarial actions in 2025, shows ransomware encryption dropped from 21.00% to 12.94% of samples, a 38% relative decrease.
Dr. S�leyman �zarslan, co-founder and VP of Picus Labs, notes this strategic shift: “Attackers have realized it is more profitable to inhabit the host than to destroy it. They are embedding themselves inside environments, using trusted identities and even physical hardware to feed on access while staying operationally invisible.” This evolution from destructive attacks to stealthy infiltration makes traditional detection methods increasingly obsolete.
The Scale of Modern Threats
The threat landscape isn’t just changing – it’s scaling to unprecedented levels. The Aisuru botnet (also known as Kimwolf) recently broke DDoS attack records with a peak of 31.4 Tbps and 200 million requests per second, targeting telecommunications providers and other critical infrastructure. Powered by 1-4 million infected consumer devices like routers, IoT devices, and Android TV systems, this botnet-for-hire can be rented for a few hundred to a few thousand dollars to launch massive attacks.
Cloudflare, which mitigated the attack on December 19, called it the “apex of botnets” and highlighted its multi-use functions including AI-driven web scraping, LLM training, credential stuffing, and phishing. With 47 million DDoS attacks recorded in 2025 – a 121% year-over-year increase – the need for more sophisticated security solutions has never been more urgent.
Why Enterprises Are Betting on Vega
Despite being just two years old, Vega has already signed multi-million-dollar contracts with banks, healthcare companies, and Fortune 500 firms, including cloud-heavy companies like Instacart. Sandler attributes this rapid adoption to the painful reality enterprises face: “The only reason they would do that with a two-year-old startup is because the problem is so painful and other solutions on the market require an unrealistic expectation that the enterprise change the way they operate or do two years of data migrations.”
Vega’s approach allows enterprises to “plug and play” and achieve immediate detection response value without massive infrastructure changes. This is particularly important as attackers increasingly use techniques like Process Injection (T1055) and Virtualization/Sandbox Evasion (T1497) to remain undetected for longer periods.
The Broader AI Security Ecosystem
Vega isn’t alone in recognizing the need for AI-powered security solutions. Resolve AI, another startup founded by former Splunk executives, recently confirmed a $125 million Series A funding round at a $1 billion valuation. The company specializes in AI SRE (system reliability engineering), automating troubleshooting of system failures. This parallel investment trend suggests investors see significant opportunity in AI-driven approaches to security and system management.
However, the AI security space isn’t without its challenges. The rapid evolution of AI agents like OpenClaw (formerly Clawdbot and Moltbot) has raised serious security concerns, including scammer interest, system control vulnerabilities, prompt injections, and hallucination risks. Recent security patches for OpenClaw addressed issues like remote code execution and command injection flaws, highlighting the ongoing cat-and-mouse game between security developers and attackers.
The Future of Enterprise Security
As enterprises grapple with these evolving threats, the fundamental question becomes: Can any single solution keep pace? Nigel Gibbons, Director at NCC Group, predicts: “Instead of just encrypting systems, ransomware will shift towards greater dynamics in stealing, manipulating, and threatening to leak or alter sensitive data, targeting backups, cloud services, and supply chains.”
This prediction aligns with Vega’s vision of distributed, AI-native security that can operate across diverse environments. But the challenge extends beyond technology to include human factors and organizational readiness. As Sandler puts it, Vega’s “North Star” was to build a solution that is not only more cost effective and better at threat detection, but “to make it no drama, as simple as possible for the biggest, most complex enterprises in the world to adopt it within minutes.”
The $120 million investment in Vega represents more than just confidence in a single startup – it signals a broader recognition that enterprise security needs fundamental rethinking. As threats evolve from loud, destructive attacks to quiet, persistent infiltration, and as attack scales reach unprecedented levels, the security solutions that succeed will be those that can operate where the data lives, adapt to changing tactics, and provide value without requiring enterprises to rebuild their entire infrastructure. The race to secure our digital future is on, and the stakes have never been higher.