Ent Raises $100M to Reinvent Endpoint Security for AI Era
Data Breach TodayArchived Jun 17, 2026✓ Full text saved
Startup Analyzes Endpoint Behavior to Stop Incidents Before Security Teams Respond Endpoint security startup Ent emerged from stealth with a $100 million seed round led by Decibel, betting that intent-aware AI running on endpoints can prevent increasingly automated AI-driven attacks before traditional detection and response tools have time to react.
Full text archived locally
✦ AI Summary· Claude Sonnet
Artificial Intelligence & Machine Learning , Endpoint Security , Next-Generation Technologies & Secure Development
Ent Raises $100M to Reinvent Endpoint Security for AI Era
Startup Analyzes Endpoint Behavior to Stop Incidents Before Security Teams Respond
Michael Novinson (MichaelNovinson) • June 16, 2026
Credit Eligible
Get Permission
Elias Manousos, co-founder and CEO, Ent (Image: Ent)
An endpoint security startup founded by the longtime leader of RiskIQ emerged from stealth with $100 million to help organizations prepare for artificial intelligence-driven attacks.
See Also: Uncertainty, Undone: A 2026 OT/IoT Cybersecurity Strategy for Converged Environments
The Decibel-led seed round funding will allow San Francisco-based Ent to stop incidents from occurring in the first place rather than simply investigating them more efficiently, said co-founder and CEO Elias Manousos. Even an effective SOC becomes reactive in a future where attackers can complete intrusion chains in seconds because damage has already occurred by the time an alert is generated.
"We feel like we can make a huge difference, and now's the actual time to get this done," Manousos told ISMG. "I think by the end of this year, the attacks are going to be pretty fast and furious - automated AI attacks - so we just want our customers to be ready."
Ent, founded in May 2025, employs 12 people and has been led since its inception by Manousos, who previously ran attack surface management firm RiskIQ for nearly 14 years before selling it to Microsoft in July 2021. Manousos then spent two-and-a-half years at Microsoft overseeing product development (see: Microsoft to Acquire RiskIQ).
Why AI Advances Render Detection-First Approaches Impotent
Employees interact with applications, collaborate with colleagues, access sensitive data and increasingly engage with AI systems through the endpoint, which enables Ent to capture a detailed picture of user behavior, he said. Actions such as switching between applications, copying and pasting information, uploading files and interacting with AI assistants are signals that reveal user intent, Manousos said.
"If you're at the endpoint, you can collect that level of telemetry, and then once you understand intent, now when you see something deviate from that intent, you're in a position to prevent an unwanted behavior, whether that's human or agent." Manousos said.
By understanding what users and AI agents are trying to accomplish, security systems can distinguish malicious behavior from legitimate activity and make more intelligent decisions about risk, Manousos said. Rather than relying on rigid rules or broad restrictions, Manousos said Ent seeks to understand behavior in context and act accordingly.
"Running those models at the edge on the device at the endpoint allows us to build that dataset and then apply it to pretty much any cybersecurity problem," Manousos said. "Because once you understand the user's intent and what the agent intent is, you're in a really good position to prevent risk."
AI dramatically expands the amount of information that can be analyzed and correlated, and what may appear harmless at the individual level can create significant governance concerns when performed by powerful AI systems. As organizations deploy more AI tools, security teams will need mechanisms to govern not only human actions but also the behavior of AI agents acting on behalf of users, he said.
"How do we solve those problems?" Manousos said. "The truth is only now. Any company that would have tried to do this, even two years ago, didn't have the right architecture. So you have to re-architect your entire security platform from the ground up."
Why Understanding Intent Helps Thwart False Positives
Traditional prevention controls often generated excessive false positives, interrupted workflows and frustrated employees, leading users to circumvent these systems or view security as an obstacle to productivity, Manousos said. Rather than simply blocking actions, he said Ent's platform incorporates AI to explain why a particular behavior violates policy and guides users toward safer alternatives.
"When we see a deviation and we know that behavior of the user, the likelihood of us being incorrect about our intervention is way lower," Manousos said. "And even if we are incorrect, using an AI engine, we can converse with the end user and actually correct it. We introduce some friction, but there is an escape valve there based on how we built the system, so it's a very different approach to prevention."
Organizations historically purchased separate solutions for DLP, insider risk management, application control and AI governance, but AI changes this dynamic because a sufficiently capable platform can address multiple use cases simultaneously. Once an organization understands user intent and has visibility into behavior, the same underlying technology can support a wide range of security controls.
"You need to understand what your users are doing. You need to have this new intent-aware layer," Manousos said. "Once you have that, and you have the observability across your entire user base, then you pick the use cases that are most important to you."
Large enterprises often spend significant time tuning DLP and insider risk policies and investigating alerts, while smaller organizations frequently avoid deployment altogether because of the complexity involved, Manousos said. By incorporating behavioral understanding and AI-driven decision-making, Ent hopes to reduce false positives while making controls easier to deploy and maintain, Manousos said.
"In the past, we didn't have AI-based attacks, so as long as your security operations team could move pretty quickly, you could reduce the damage," Manousos said. "But now, you just can't do that. The damage gets done, and that's it."