TENEX secures $27M Series A to scale AI-native MDR after $10M in six months

TENEX Raises $27M Series A: A Practical Brief for Security Operations Leaders

TENEX.AI secured $27 million in Series A funding led by Crosspoint Capital Partners, with continued backing from Andreessen Horowitz (a16z) and Shield Capital. In six months, the company passed $10 million in revenue, signed multiple Fortune 500 and Global 2000 customers, and deployed into high-threat environments.

The hook for ops: an AI-native Managed Detection and Response (MDR) platform that blends agentic AI, automation, and human expertise. It integrates with Google Cloud and Microsoft-based security stacks, promising faster detection, high-fidelity triage, and autonomous response with human guardrails.

Why this matters for SecOps

• Speed and signal quality: AI agents triage alerts, correlate signals, and trigger responses, escalating to analysts when needed. Expect less noise and tighter MTTD/MTTR.
• Cost control: Software-native workflows can reduce manual toil and vendor overlap. TENEX reports measurable ROI in weeks.
• Stack fit: Built to plug into Google Cloud and Microsoft ecosystems, easing data flows, rules, and playbooks across SIEM, EDR, and identity.
• Human-in-the-loop: Guardrails keep autonomy bounded. Ops keeps control of thresholds, approvals, and rollback.

Key facts from the round

• Funding: $27M Series A led by Crosspoint Capital Partners; participation from a16z and Shield Capital.
• Traction: $10M+ revenue in six months; multiple Fortune 500 and Global 2000 customers; global operations.
• Platform: AI-native MDR with agentic automation, human oversight, and deep Google/Microsoft integrations.
• Leadership: CEO Eric Foster (co-founded Cyderes); CTO Venkata Koppaka (founding engineer for Google's core SecOps stack); CRO Edwin Solis (former Google Cloud VP); COO Ryan Shreve (Garmin, Firemon, Cyderes); CISO Jan Grzymala-Busse (BMO, Cboe, federal). Founding team with extensive Google Chronicle experience.
• New hire: Paul Edmonds joins as Chief Customer Officer.

Voices from investors and advisors

Greg Clark, Crosspoint Capital: "We back teams that can reshape industries. TENEX is doing exactly that in security services and has raised the standard for MDR… its AI-native approach positions TENEX to become the defining MDR platform of the next decade."

Zach Sivertson, Crosspoint Capital: "Combining AI innovation with proven human expertise will deliver meaningful improvements in how enterprises detect, investigate, and respond."

Elias "Lou" Manousos, Chairman: "The market is no longer asking if MDR will be transformed by AI-TENEX is proving the model others will follow."

Zane Lackey, a16z: "TENEX is fusing automation and AI into a model that actually works for modern enterprises."

Brandon Dixon, Advisor: "In six months, they've hit milestones that take most startups years."

Eric Foster, CEO: "We're here to reinvent the service layer of cybersecurity: agentic, autonomous, and scaled globally."

What to measure (before and after a pilot)

• MTTD/MTTR: Target a 30-60% reduction in the first 90 days; set baselines now.
• False positive rate: Track alert-to-incident conversion and validated true-positive yield.
• SOC efficiency: Analyst hours per incident, cases per analyst per shift, and on-call interrupts.
• Coverage: Data sources onboarded (EDR, identity, SaaS, cloud logs), playbooks automated, and control gaps closed.
• Cost per incident: Blend license, services, and infra to show total cost vs. resolved incidents.

Integration plan for ops

• Data and tooling: Confirm ingestion paths from SIEM/SOAR, EDR, identity, and cloud telemetry. Validate API quotas and data residency.
• Controls and guardrails: Define which responses are auto-approved vs. human-reviewed. Document rollback and fail-safe states.
• Access and identity: Use least-privilege roles; rotate keys; enable just-in-time access for escalations.
• Change management: RACI for tuning, weekly rules reviews, and a CAB path for high-impact actions.
• Compliance mapping: Map detections and actions to SOC 2, ISO 27001, PCI DSS, HIPAA, and sector mandates.

Due diligence checklist for AI-native MDR

• Agent autonomy: What actions can agents take? How are thresholds set and audited?
• Model lineage and updates: Update cadence, eval process, and regression testing for drift.
• Evidence and explainability: Case notes, correlations, and rationale for each automated action.
• Integration depth: Prebuilt connectors for Google Chronicle and Microsoft Sentinel; support for EDR, IAM, and SaaS logs.
• SLA/SLOs: Detection, triage, and response time guarantees; escalation paths and penalties.
• Data handling: Residency, encryption, retention, and customer data isolation.
• References: Fortune 500/Global 2000 case studies, especially high-threat or regulated environments.

30-60-90 day rollout template

• Days 0-30: Baseline MTTD/MTTR; connect primary log sources; enable read-only visibility; define auto-action guardrails.
• Days 31-60: Turn on autonomous response for low-risk playbooks (e.g., token revocation, isolate endpoint); weekly tuning; begin KPI reporting.
• Days 61-90: Expand data sources; enable medium-impact actions with approvals; measure ROI; prep procurement for scale-out.

Budget and procurement notes

• Model: Expect a mix of platform + service. Tie spend to outcomes: incidents resolved, playbooks automated, coverage added.
• Offsets: Consolidate overlapping tools and reduce after-hours response burn. Quantify soft savings from fewer escalations.
• Contract guardrails: Data ownership, portability on exit, breach notification timelines, and change notice for model updates.

Leadership and credibility

Crosspoint's involvement brings deep security operating experience. The team's track record-Google's SecOps stack, Chronicle, and enterprise-scale security programs-signals credibility for large, complex environments.

Bottom line for operations

• If you run a SOC on Google Cloud or Microsoft, this is worth a pilot focused on measurable outcomes in 90 days.
• Keep autonomy bounded with clear guardrails and audit trails. Make ROI visible with a tight KPI set.
• Use this as leverage to simplify your stack and reduce manual toil without losing control.

Want your team to level up on AI-driven SecOps workflows and automation? Explore role-based programs here: Complete AI Training - Courses by Job.