Empirical Security is a technology company.
Empirical Security has raised $12.0M across 1 funding round.
Empirical Security has raised $12.0M in total across 1 funding round.
Empirical Security is a Chicago-based cybersecurity startup founded in 2024 that builds AI-driven vulnerability management platforms using dual-model architecture: global models trained on massive exploitation telemetry and local models customized to each enterprise's unique data, infrastructure, and threats.[2][3][5] It serves security teams and CISOs overwhelmed by generic alerts, solving the core problem of prioritization—"What should I fix today?"—by delivering precise, evidence-based recommendations without manual tuning or one-size-fits-all scores.[1][2][4] The company emerged from stealth in July 2025 with a $12 million seed round led by Costanoa Ventures, signaling strong early momentum from its ex-Kenna Security founders and EPSS creators.[3][4][5]
Empirical Security was founded in 2024 by Michael Roytman (CTO), Jay Jacobs (Chief Data Scientist), and Ed Bellis (CEO), all veterans of Kenna Security, which they co-founded and which Cisco acquired in 2021.[3][4][5] Jacobs and Roytman co-created the Exploit Prediction Scoring System (EPSS), the world's first public machine learning model for cybersecurity that predicts vulnerability exploitation probability using real-world data.[2][5] The idea emerged from frustrations with generic security tools: security teams drown in alerts from static scores like CVSS, despite mountains of telemetry, as attacks grow custom and AI-driven.[1][3] Early traction built on EPSS's success, with Costanoa Ventures—previous Kenna backers—leading the seed round, reuniting the team to pioneer "local AI models" for enterprise-specific risk prioritization.[1][4]
Empirical stands out in cybersecurity through its dual-model AI architecture and rejection of generic tools:
Empirical rides the AI-localization wave in cybersecurity, where generic tools fail amid custom AI attacks and resource-strapped teams facing exploding telemetry.[1][3] Timing aligns with 2025 pressures: CISOs demand resilience with fewer tools/people, while attackers exploit unique infrastructures—local models bridge this by adapting global intel to enterprise realities.[1][5] Market forces favor it: vulnerability management is maturing beyond Kenna-era risk scores toward predictive AI, with Empirical expanding to app security posture, SOC workflows, and agentic remediation—a "10x bigger opportunity."[1][4] It influences the ecosystem by open-sourcing EPSS, pushing data-centric defenses and challenging static vendors.[2]
Empirical's seed funding and all-star team position it to dominate AI-driven vulnerability prioritization, scaling local models into full security intelligence platforms.[1][3] Next: Product expansion to AI-enhanced SOC automation and broader posture management, fueled by $12M for dual-model advancement amid rising custom threats.[1][4] Trends like edge AI and real-time telemetry will amplify its edge, potentially reshaping how enterprises justify security spends with precise predictions. As pioneers replacing generic scores, Empirical could redefine prioritization like Kenna did—delivering the daily answer every CISO craves.[1][5]
Empirical Security has raised $12.0M in total across 1 funding round.
Empirical Security's investors include Congruent Ventures, Costanoa Ventures, Element Partners, Radical Ventures, Space Capital.
Empirical Security has raised $12.0M across 1 funding round. Most recently, it raised $12.0M Seed in July 2025.
| Date | Round | Lead Investors | Other Investors |
|---|---|---|---|
| Jul 1, 2025 | $12.0M Seed | Congruent Ventures, Costanoa Ventures, Element Partners, Radical Ventures, Space Capital |