Vega Raises $120M Series B To Reinvent Threat Detection

Vega has closed a $120 million Series B to overhaul how large organizations spot and stop cyber threats, doubling down on an AI-native security operations model that avoids the costly, brittle practice of centralizing all logs before analysis. The company says the new capital will accelerate product development, go-to-market expansion, and international growth as it positions its platform as a modern alternative to traditional SIEM deployments.

Why Decentralized Detection Matters for Modern Security

Enterprises today scatter telemetry across clouds, data lakes, endpoint tools, SaaS apps, and legacy on‑prem systems. Centralizing it all first—long the norm for platforms like Splunk, now part of Cisco—adds storage, egress, and indexing overhead while slowing investigations. Gartner and other analysts have warned that logging volumes are compounding far faster than security budgets, making per‑ingest pricing and heavyweight data pipelines increasingly untenable.

Vega’s pitch is to “analyze in place” and detect threats where the data already lives—across cloud object stores, message streams, and existing security tools—while applying AI for correlation, enrichment, and response. The promise: faster time to signal, lower total cost of ownership, and fewer blind spots as teams span multi‑cloud and hybrid estates. It’s a timely proposition; IBM’s latest Cost of a Data Breach report pegs the global average at just under $5 million, and Mandiant has noted that attackers’ dwell times are still measured in days to weeks, making earlier, distributed detection a tangible ROI lever.

Round Led By Accel Signals a Market Shift in SecOps

The Series B was led by Accel with participation from Cyberstarts, Redpoint, and CRV. The deal nearly doubles Vega’s valuation to about $700 million and brings total funding to $185 million, according to the company. Beyond fueling product and AI research, the capital will expand sales, channel, and customer success teams to support complex, regulated enterprises—a cohort that has historically defaulted to centralized SIEM architectures.

Accel’s interest tracks a broader investor thesis: security buyers want detection and response outcomes without wholesale data migrations or multi‑year tuning projects. If a platform can plug into existing data lakes and EDR telemetry, light up detections in minutes, and cut ingest volume costs, the switching barrier shrinks dramatically.

Inside Vega’s AI-Native Architecture for Threat Detection

Rather than forcing customers to ship everything into a central index, Vega federates queries across sources like cloud object storage and streaming systems, augmenting them with lightweight collectors where needed. Its analytics engine correlates signals across identity, network, endpoint, and application layers, mapping activity to frameworks such as MITRE ATT&CK to prioritize likely attacker paths.

AI components power a few key workflows. Embedding-based similarity helps cluster related events into incidents; language models assist analysts by summarizing alerts, proposing hypotheses, and generating response playbooks; and adaptive models learn per‑environment baselines to reduce false positives. Critically, the company emphasizes guardrails for explainability and auditability—must-haves in finance and healthcare where detection logic has to be defensible.

Early Traction With Regulated Enterprises

Vega says it has signed multimillion‑dollar contracts with banks, healthcare providers, and Fortune 500 firms, including cloud‑intensive customers like Instacart. The 100‑person startup highlights rapid time to value as a differentiator: customers can integrate across cloud accounts and data lakes without re‑architecting pipelines or pausing existing SIEM workflows, then phase in automated response as confidence builds.

For organizations under stringent compliance regimes—think PCI DSS, HIPAA, and SOC 2—Vega positions its approach as complementary: keep mandated logs wherever they already reside, enforce retention policies, and still achieve real‑time detection and case management through federated analytics and a single investigation console.

Competition And The Splunk Question for Enterprises

The elephant in the room is Splunk’s entrenched footprint across large enterprises. Even with Cisco’s backing, customers increasingly question centralized ingestion economics as cloud bills and data gravity spike. Vega’s bet is that federated detection will coexist with or displace legacy SIEM in high‑volume environments—security data lakes in Snowflake or BigQuery for cost‑efficient storage, with real‑time analytics layered on top to surface threats without copying terabytes around.

Incumbents aren’t standing still. XDR vendors continue to expand coverage beyond endpoints; cloud providers are deepening native security analytics; and data platforms are courting SecOps with governance and threat‑hunting features. Vega’s edge will hinge on breadth of integrations, detection quality at scale, and measurable savings in ingest and storage fees.

What To Watch Next as Vega Scales Its Platform

With fresh funding, expect Vega to add out‑of‑the‑box content for common attack patterns, extend coverage for Kubernetes and serverless telemetry, and tighten workflow automation with ticketing and SOAR tools. Partnerships with managed security providers could accelerate enterprise adoption, particularly in sectors facing talent shortages on security analyst teams.

The stakes are straightforward: if federated, AI‑assisted detection can consistently surface high‑fidelity threats faster and cheaper than centralized pipelines, security leaders will reallocate budget accordingly. Vega now has the war chest to test that thesis at enterprise scale.