Exaforce Brings in $125M for Real-Time Cyber Reasoning

Advanced SOC Operations / CSOC , Agentic AI , Artificial Intelligence & Machine Learning Exaforce Brings in $125M for Real-Time Cyber Reasoning Exaforce Says AI Agents Need Contextualized Telemetry to Avoid Bad Decisions Michael Novinson (MichaelNovinson) • May 13, 2026     Share Post Share Credit Eligible Get Permission Ankur Singla, CEO, Exaforce (Image: Exaforce) A startup founded by the leader of F5's security products business raised $125 million to produce near-instant responses to complex cyber investigations. See Also: AI Agents Introduce a New Insider Threat Model The Series B funding will help San Francisco-based Exaforce continuously contextualize and correlate incoming telemetry before users even ask questions, said founder and CEO Ankur Singla. He said the company's real-time reasoning platform begins with a semantic security knowledge graph, followed by modeling how identities, APIs, applications and systems interact across enterprise environments. "Customers want companies that are well capitalized, because they're making a big decision on who to partner with, and this is a long-term journey that they're going on with any particular vendor, so it's extremely important that they are well capitalized," Singla told ISMG. Exaforce, founded in 2023, employs 94 people and has raised $200 million in outside funding, having last closed a Series A round in April 2025. The company has been led since its inception by Singla, who founded application delivery platform Volterra in 2017 and sold it to F5 in 2021 for $500 million. After the sale, Singla led F5's security products group until 2022, when he transitioned into an advisory role (see: Startup Exaforce Nabs $75M to Grow AI-Powered SOC Automation). Why Traditional Approaches to Security Operations Fall Short Organizations must adopt systems capable of operating autonomously in real time while humans move into supervisory roles overseeing the broader process. He stressed that organizations deploying AI agents and automated security operations platforms must prioritize high-quality, contextualized data because poor data quality will inevitably lead to flawed decision-making by autonomous systems. "You have to defend at machine speed, and humans need to just supervise what's going on," Singla said. "They cannot be in the path of many decisions that we thought that we could actually be in the loop of anymore." Singla emphasized that traditional approaches to AI-assisted security operations struggle because enterprise security environments generate enormous volumes of streaming telemetry that cannot realistically fit into standard LLM context windows. Rather than querying raw data after the fact, Singla said Exaforce continuously processes incoming data in real time. "We are able to reason on all the incoming data irrespective of volume and size, and we're able to do it in real time," Singla said. "That is absolutely unique. It's groundbreaking. There is no other system on the planet today that can do that." Customer demand is rapidly expanding beyond traditional firewall, SaaS and cloud environments into operational technology, IoT systems and additional enterprise applications such as Salesforce and Workday, according to Singla. He said manufacturing environments in particular are introducing highly diverse endpoint and infrastructure ecosystems that require new semantic and behavioral models. "If you go to a manufacturing company, they not only have emails and firewalls and public cloud providers and SaaS tools, they also have endpoint tools where the endpoints are not just typical laptops and servers, but they also have OT devices and IoT devices," Singla said. "As we have gone wider into the enterprise, whether it's manufacturing, we are seeing more different data sources." How Exaforce Is Different Than Traditional SIEM Vendors Exaforce differentiates itself from both traditional SIEM vendors and newer AI SOC startups through its real-time data reasoning capabilities, according to Singla. While conventional SIEM providers and many AI-driven SOC products focus heavily on post-alert triage workflows, Singla said Exaforce continuously analyzes and reasons on data before alerts are generated. "The biggest problem for all the agentic systems is the data," Singla said. "If you don't have enough data, no matter how much processing power I give you, you will make bad decisions." Exaforce wants to create a limitless canvas that allows CISOs and security professionals to dynamically build their own workflows, dashboards and applications through natural language interactions, Singla said. Rather than forcing customers into rigid vendor-defined interfaces, Singla said the company wants users to define exactly what information they want surfaced and how they want to consume it. "The CISOs and the security professionals don't want to be boxed into the user experience that the vendor offers," Singla said. "They want to basically have what I think of as a limitless canvas. Can you paint your own with the data you have while the agents are working on their data the way you want it? That's the vision we are working on, and that's what we want to bring to the end customers." The most important operational priority for Exaforce now is expanding the sales, marketing and partner ecosystem teams and ensuring they become productive quickly, according to Singla. He said customer acquisition efficiency and landing the right enterprise accounts will serve as the primary metrics for evaluating the success of the Series B investment. "Agents depend on high quality data, and if you don't have that data, if you don't contextualize and enrich and correlate data, results will be poor," Singla said. "The data can be pretty complex to correlate and enrich, and it's going to cause a lot of problems when it comes to real-world deployments. And that's what I think the CISOs need to be cautious about as they go into future deployments."