Empirical Security, a Chicago-based cybersecurity startup, has raised $12 million in seed funding to launch a next-generation platform that customizes AI-driven vulnerability intelligence to each organization’s specific infrastructure. The round was led by Costanoa Ventures, with participation from DNX Ventures, Sixty Degree Capital, HPA, and notable industry angels including Jonathan Cran, Wade Baker, and former Google CISO Gerhard Eschelbeck.

Empirical aims to solve one of the most critical pain points in enterprise cybersecurity today: turning vast vulnerability data into actionable, prioritized decisions for overstretched security teams. Instead of simply offering another dashboard or threat feed, the company’s platform combines a global threat model with a tailored local model that learns from the customer’s internal environment - applications, network topology, cloud stack, and device context.

A Unique Approach to Personalized Threat Intelligence

The dual-layer approach is what makes Empirical stand out. While most vulnerability management tools apply the same risk ranking to every organization, Empirical factors in each customer’s unique footprint. This means threat prioritization is not just faster - it’s significantly more relevant.

Their system continuously learns from exploitation trends seen across millions of systems globally but enriches this insight with local telemetry - what software is running, where assets are deployed, and what compensating controls are in place. This hybrid model enables security leaders to know exactly which vulnerabilities matter, which ones can wait, and which are irrelevant in their context.

And here’s the real insight founders should pay close attention to: success doesn’t come from just building a powerful product. It comes from making that product feel personalized at scale. Empirical’s genius isn’t in just leveraging AI - it’s in the way their AI aligns with how customers think, prioritize, and respond. That creates a perception of clarity and control, which is rare in the overwhelming world of cyber threat management. Founders building enterprise tools should internalize this lesson - when your product adapts to the user’s reality rather than asking the user to adapt to the product, adoption accelerates, retention compounds, and your roadmap becomes a partnership rather than a pitch.

Founding Team with Deep Cybersecurity Roots

Empirical Security’s founding team brings together three of the most respected minds in risk-based cybersecurity. CEO Ed Bellis, previously the founder of Kenna Security (acquired by Cisco), helped pioneer the use of machine learning to prioritize software vulnerabilities. He’s joined by Michael Roytman, Empirical’s CTO and a longtime collaborator from Kenna, whose expertise in data science and statistical modeling has shaped some of the industry's most widely used risk scoring frameworks.

Completing the trio is Jay Jacobs, Chief Data Scientist and co-creator of the Exploit Prediction Scoring System (EPSS), now an industry standard. Jacobs also co-founded the Cyentia Institute and is known for his data-driven approach to measuring and improving security outcomes. With this combined operational and academic expertise, Empirical is uniquely positioned to bring rigor, innovation, and immediate credibility to the future of adaptive vulnerability management.

A Fast-Growing Market Demands Contextual Precision

The cybersecurity landscape is rapidly evolving, with attackers increasingly using automated tooling and AI to exploit weaknesses at scale. For defenders, the old playbook of reactively patching everything is not only inefficient - it’s impossible.

CISOs and MSSPs alike are now demanding tools that go beyond alerting and prioritize what truly matters. Empirical’s ability to tell a customer “here’s what you need to care about, based on your environment” changes the game. The platform delivers daily intelligence in a way that mirrors how teams already work, closing the gap between insight and execution.

Backing from Top-Tier Investors

Costanoa Ventures, which led the round, has a strong track record in early-stage enterprise software, and partner John Cowgill called Empirical “the most exciting opportunity in AI security” right now. The additional involvement from DNX, Sixty Degree, and security-focused angels indicates strong conviction that this model has market fit and growth potential.

The funds will be used to accelerate product development, scale go-to-market efforts, and deepen integrations with ecosystem players across SIEM, SOAR, and EDR platforms.

Early Signals of Market Fit

Although still in its early stages, Empirical has begun deploying to design partners across financial services, healthcare, and managed service providers. These engagements are helping the team refine local model training, data ingestion pipelines, and customer-facing UX that balances sophistication with ease of use.

Their go-to-market strategy emphasizes tight loops with CISOs and security architects, enabling product iteration at the speed of threat evolution. Rather than positioning as a “platform” too early, Empirical is laser-focused on one core promise: reduce vulnerability noise and raise actionability.

Final Thoughts

Empirical Security is not just another cybersecurity startup. By fusing personalized AI models with proven leadership and validated demand, it’s creating a path that many future security companies will likely follow. For founders watching closely, the message is clear: intelligence without context is noise - and the companies that win will be the ones that remove friction, deliver clarity, and align deeply with the user’s operating reality.