Cybersecurity startup Legion Security, founded in 2024 by security veterans Ely Abramovitch (CEO), Michael Gladishev (VP of R&D), and AI specialist Eyal Fisher (CTO), has emerged from stealth with a combined $38 million in seed and Series A funding. Led by Coatue Management and joined by Accel, Picture Capital, and angel investors from Google, CrowdStrike, and Wiz, this financing will accelerate its first-to-market browser-native AI SOC (Security Operations Center) platform.

Reinventing Security Operations with a Tab-Based AI Companion

Legion’s core innovation is a lightweight browser extension - no APIs, no integrations - that observes SOC analyst workflows, learns investigation patterns, and gradually automates repetitive tasks. It uses vision AI to capture clicks, filters, and inputs across SIEM tools, email systems, and internal dashboards, scaling insights without replacing human judgment.

Early customers - Fortune 500 firms in finance, healthcare, and energy - report up to 50% reductions in time-to-investigation and significant relief from alert fatigue. The product allows security teams to reclaim hours without reshaping internal tools.

Deep Domain Adoption: Why Legion’s Model Scales Naturally

Most cybersecurity startups focus on dashboards or centralized correlation platforms. Legion did something smarter: it embedded at the workflow layer, not the infrastructure layer. By capturing how analysts already work, it created a low-friction path to automation that integrates with any tool they use. That means adoption doesn’t require retraining or architecture changes - it happens naturally because analysts can keep using their familiar environment.

This reveals a high-leverage insight: pipeline-level automation in security doesn’t win by promising new capabilities - it wins by respecting how the work is already done. Founders should notice - veteran teams, high-regret workflows, and repetitive decision cycles are ripe for this kind of embedded automation.

Scaling Without Disruption: Client Impact and Product Design

Legion has processed millions of alerts, cutting false positives and accelerating case resolution. It learns common analyst decisions and can run standardized workflows autonomously when the team is ready. Yet it retains transparency - every automated action is auditable, traceable, and reversible.

This behavior-based training model minimized integration risk, and made deployments matter-of-fact. It also enabled Legion to scale quickly within client environments - there’s no middleware, no infra shift, no migration effort.

Investors See a Platform, Not a Feature

Coatue Management led the round because Legion isn’t just a chatbot. It’s a behavioral infrastructure layer for SOC operations. As alert volumes soar and analyst burnout grows, investors see this as a category-defining automation layer in cybersecurity.

Salient details: the company processes upwards of half a billion incidents a year, emphasizes retention-driven value, and is planning to expand into adjacent risk workflows like incident triage, case classification, and high-stakes investigations without human latency.

Leadership Anchored in Technical Security Experience

Ely Abramovitch, hailed for strategic insight in cybersecurity growth, leads the business vision. Gladishev brings deep R&D expertise from Microsoft Sentinel work, and Fisher’s AI systems experience shapes the cognitive side of agent training. Together, the founders have built a platform that is both precise and enterprise resilient.

The team is actively expanding across engineering, research, and customer success - prioritizing hires with security operations experience and deep signal processing skills. Legion now handles both scale and risk maturity natively.

What Comes Next: Roadmap for Deepening Workflow Coverage

With fresh capital, Legion plans to roll out more autonomous workflows, support executive dashboards for compliance and audit, and introduce predictive tagging of high-risk alerts. Their AI models are also evolving to proactively suggest triage next steps, reducing decision latency even further.

Down the line, they plan to license the workflow logic layer across verticals - incident response in insurance, operational audits in manufacturing, and service desk turnover in enterprise support. Anywhere repetitive decision logic exists, there's potential for their browser-native SOC agent.