Context is all you need: Our Cyber Investment in Surf AI

Cloud intrusions increased 136% in the first half of 2025 compared to all of 2024. Voice phishing (vishing) attacks increased by 442% from the first to the second half of 2024^[1]. Boosted by AI, cyber attacks are becoming more automated, faster, and larger in scale. Recent incidents-from massive identity breaches like MGM to operationally disruptive events such as the ransomware attack on UnitedHealth Group-highlight how small gaps can cascade quickly at enterprise scale.

The limiting factor for cybersecurity teams is execution, not detection. Teams know what's wrong, but they need help fixing it. Security posture platforms generate a persistent backlog of security tasks-unused identities, over-privileged accounts, expiring certificates, stale access, half-finished cleanups, and more. Everyone agrees these issues should be addressed, but there just aren't enough resources to do it consistently. This is where AI comes to the rescue. Automating these menial tasks seems a perfect fit for AI agents but, unfortunately, most of these efforts fail. This failure isn't due to the tasks' complexity, but because they lack the right context: who owns the asset, whether it is still in use, what dependencies exist, and which policies apply. Without precise context, the agents can't execute tasks successfully. For this reason, we're leading the $40 million Series A in Surf AI, alongside our longtime partners Gili Raanan at Cyberstarts and Ed Sim at Boldstart.

Security posture is built one action at a time

Security posture isn't defined by policies or tools. It's defined by what actually gets done in production environments. A certificate that expires quietly. A guest account that's never removed. A cloud resource left behind after a POC. Individually, these issues seem minor, but collectively they become material risks.

Most security platforms stop at detection, surfacing any issues and moving on. Surf AI is built on the idea that security only improves when the work is executed reliably and continuously. The Surf AI team are building an agentic operations platform for modern security teams that doesn't just surface issues-it takes action. They're developing their own family of specialized AI agents that automate security hygiene and posture management tasks, from understanding the issue to executing the fix. But automation in security can only work if the agents are reliable. And for that, they need to have access to the right context.

Why agents need context to work

AI agents are increasingly capable, but when it comes to enterprise security, capability without context is insufficient. Actions like disabling accounts, rotating certificates, or remediating access require an understanding of ownership, dependencies, organizational structure, and policy constraints. Surf AI's core belief is that this context must exist before automation is possible.

At the heart of the platform is a context graph: a continuously updated model of the organization built from identity systems, cloud infrastructure, SaaS applications, HR platforms, ITSM tools, and security products. This fabric maps people to accounts, assets to owners, systems to workflows, and policies to real-world behavior. Surf AI uses this context to pre-compute high-confidence opinions-who owns what, what is safe to change, and what requires approval-so agents don't have to infer these decisions at runtime. Agents are constrained to narrow, well-defined actions and operate with explicit guardrails and confidence levels, so humans remain very much in control. The result is automation that security teams can trust.

Built by a cyber team for cyber teams

Context is hard. Building it requires deep domain knowledge and firsthand experience of how large organizations actually operate.

Surf AI's founding team has spent years building and scaling security and identity systems inside enterprises. CEO Yair Grindlinger previously founded Firelayers, which was acquired by Proofpoint, where he later led cloud strategy. He and his co-founders Elad Horn, Avner Gideoni, Brenton Gumucio, and Roie Cohen Duwek have worked together across multiple companies, building products used by thousands of customers and tens of millions of users.

That experience is reflected throughout Surf AI's platform: in the emphasis on constrained execution, focus on explainability, and the clear understanding of where automation adds value and where it should remain bounded.

We're excited to partner with Yair and his co-founders to build what we think will become a core platform for enterprise security. In a world where attackers now heavily leverage AI, intelligent context-based AI automation will offer the best protection.

‍

^[1] Crowdstrike 2025 Threat Hunting Report

‍