Empirical Security, a cybersecurity firm specialising in AI-powered threat detection through bespoke models, has raised $12m in a seed funding round.
The round was led by Costanoa Ventures, with participation from DNX Ventures, Sixty Degree Capital, HPA, and several strategic backers. Notable investors include Jonathan Cran, founder of Intrigue; Wade Baker, founder of The Cyentia Institute; and Gerhard Eschelbeck, former CTO of Qualys and CISO at Google.
Empirical Security develops custom AI models that help organisations prioritise and respond to cyber threats based on their unique infrastructure. Unlike generic global models, Empirical’s approach uses localised data to deliver more accurate and actionable predictions about which threats pose the most immediate risk.
The newly raised capital will be used to enhance product development and expand the company’s AI capabilities, allowing more security teams to build models tailored to their specific environments.
In a strategic leadership update, Kenna Security co-founder Ed Bellis has joined Empirical Security as CEO. He reunites with co-founder and CTO Michael Roytman and co-founder and chief data scientist Jay Jacobs. The trio previously collaborated at Kenna Security, where they played a key role in establishing risk-based vulnerability management practices.
Empirical’s dual-model architecture allows teams to combine global insights—drawn from nearly 2 million daily exploitation events—with local intelligence. This structure enables Chief Information Security Officers (CISOs) to make informed decisions, with measurable, evidence-based support.
Empirical Security CTO Michael Roytman said, “Today’s cyber attacks are custom-built using AI and your own infrastructure against you. Defending with generic, one-size-fits-all models is a start, but only custom, localised models – trained on your data and environment – can close that gap.”
Costanoa Ventures general partner John Cowgill said, “We backed Ed, Michael, and Jay at Kenna, where they pioneered the risk-based vulnerability management movement. With Empirical, they’re doing it again—but replacing generic risk scores with local AI models that tailor scores to each enterprise. We’re thrilled to partner with them on what we believe is a 10x bigger opportunity to transform how security teams prioritise and act on risk.”
Read the daily RegTech news here
Copyright © 2025 RegTech Analyst
Copyright © 2018 RegTech Analyst
