Loading organizations...
§ Private Profile · Chicago, IL, USA
AI-driven vulnerability management platform for enterprises, offering precise vulnerability scoring and prioritization.
Based in Chicago, Illinois, Empirical Security develops an artificial intelligence vulnerability management platform that utilizes a dual-model architecture to help enterprise security teams prioritize complex cyber threats. The B2B software platform combines global models trained on extensive exploitation telemetry with local models customized specifically to each individual organization's internal infrastructure, data, and threat landscape. This analytical approach provides precise, evidence-based recommendations designed to address alert fatigue caused by generic scoring systems. The enterprise software provider emerged from stealth operations in July 2025 after securing $12 million in seed funding led by Costanoa Ventures, with additional participation from DNX Ventures and Sixty Degree Capital. The executive team previously built Kenna Security, a risk-based vulnerability management firm that was ultimately acquired by Cisco. Empirical Security was founded in 2024 by Michael Roytman, Jay Jacobs, and Ed Bellis.
Empirical Security has raised $12.0M across 1 funding round.
Empirical Security has raised $12.0M in total across 1 funding round.
Empirical Security has raised $12.0M across 1 funding round. Most recently, it raised $12.0M Seed in July 2025.
| Date | Round | Lead Investors | Other Investors | Status |
|---|---|---|---|---|
| Jul 1, 2025 | $12M Seed | Costanoa Ventures | Congruent Ventures, Element Partners, Radical Ventures, Space Capital, Gerhard Eschelbeck, Jonathan Cran, Wade Baker, DNX Ventures, Hyde Park Angels, Sixty Degree Capital | Announced |
Empirical Security has raised $12.0M in total across 1 funding round.
Empirical Security's investors include Costanoa Ventures, Congruent Ventures, Element Partners, Radical Ventures, Space Capital, Gerhard Eschelbeck, Jonathan Cran, Wade Baker, DNX Ventures, Hyde Park Angels, Sixty Degree Capital.
Empirical Security is a Chicago-based cybersecurity startup founded in 2024 that builds AI-driven vulnerability management platforms using dual-model architecture: global models trained on massive exploitation telemetry and local models customized to each enterprise's unique data, infrastructure, and threats.[2][3][5] It serves security teams and CISOs overwhelmed by generic alerts, solving the core problem of prioritization—"What should I fix today?"—by delivering precise, evidence-based recommendations without manual tuning or one-size-fits-all scores.[1][2][4] The company emerged from stealth in July 2025 with a $12 million seed round led by Costanoa Ventures, signaling strong early momentum from its ex-Kenna Security founders and EPSS creators.[3][4][5]
Empirical Security was founded in 2024 by Michael Roytman (CTO), Jay Jacobs (Chief Data Scientist), and Ed Bellis (CEO), all veterans of Kenna Security, which they co-founded and which Cisco acquired in 2021.[3][4][5] Jacobs and Roytman co-created the Exploit Prediction Scoring System (EPSS), the world's first public machine learning model for cybersecurity that predicts vulnerability exploitation probability using real-world data.[2][5] The idea emerged from frustrations with generic security tools: security teams drown in alerts from static scores like CVSS, despite mountains of telemetry, as attacks grow custom and AI-driven.[1][3] Early traction built on EPSS's success, with Costanoa Ventures—previous Kenna backers—leading the seed round, reuniting the team to pioneer "local AI models" for enterprise-specific risk prioritization.[1][4]
Empirical stands out in cybersecurity through its dual-model AI architecture and rejection of generic tools:
Empirical rides the AI-localization wave in cybersecurity, where generic tools fail amid custom AI attacks and resource-strapped teams facing exploding telemetry.[1][3] Timing aligns with 2025 pressures: CISOs demand resilience with fewer tools/people, while attackers exploit unique infrastructures—local models bridge this by adapting global intel to enterprise realities.[1][5] Market forces favor it: vulnerability management is maturing beyond Kenna-era risk scores toward predictive AI, with Empirical expanding to app security posture, SOC workflows, and agentic remediation—a "10x bigger opportunity."[1][4] It influences the ecosystem by open-sourcing EPSS, pushing data-centric defenses and challenging static vendors.[2]
Empirical's seed funding and all-star team position it to dominate AI-driven vulnerability prioritization, scaling local models into full security intelligence platforms.[1][3] Next: Product expansion to AI-enhanced SOC automation and broader posture management, fueled by $12M for dual-model advancement amid rising custom threats.[1][4] Trends like edge AI and real-time telemetry will amplify its edge, potentially reshaping how enterprises justify security spends with precise predictions. As pioneers replacing generic scores, Empirical could redefine prioritization like Kenna did—delivering the daily answer every CISO craves.[1][5]