Ent Security raises $100M to bring AI-driven cybersecurity prevention back to the workplace

Ent Security raises $100M to bring prevention back to cyber

Ent, founded by the duo behind RiskIQ and Microsoft Security Copilot, has emerged from stealth with a $100M seed and a contrarian bet: that small AI models running on the device can finally make breach prevention work, in the era of AI-driven attacks and autonomous agents. For most of the past decade, the security industry quietly gave up on prevention. Breaches were treated as inevitable, and the money went into detecting and cleaning up the mess afterwards. A new startup from two veterans of that industry says AI has made stopping the attack in the first place possible again, and investors have handed it $100m to prove it. Ent, founded by Elias 'Lou' Manousos and Brandon Dixon, came out of stealth on 16 June with a $100m seed round led by Decibel. Sequoia, Crosspoint Capital Partners, Craft Ventures, Shield Capital, Felicis, and In-Q-Tel, the CIA's venture arm, also took part, in what SiliconANGLE called one of the largest seed rounds in cybersecurity history. The founders know the territory. The pair built RiskIQ, sold it to Microsoft in 2021 in a deal SiliconANGLE puts at more than $500m, and then helped create Microsoft Security Copilot. Their new company is, in effect, a bet against the model the rest of the industry, Microsoft included, currently runs on. Why prevention is possible again, according to Ent The industry's pivot to detection had a practical cause. To stop something before it happens, you have to understand it in real time, at the moment of decision, and the heavy processing lived in the cloud. The round trip from the device and back was too slow, so tools like endpoint detection and response (EDR) settled for spotting trouble after the fact. Ent's pitch is that small AI models can now run locally on the endpoint, doing the reasoning at the edge without that round trip. The company says a decision can be made in under a second, before an action completes, which is the difference between blocking an incident and writing it up. "We have entered a new era defined by AI-powered attacks, one that demands a return to prevention and resilience," said Greg Clark, co-founder and managing partner at Crosspoint Capital Partners. "The level of inference required to stop threats before they materialise must now live directly on the endpoint." Watching the workspace, not the network Ent's other argument is about where to look. Modern work, it says, does not happen at the layers EDR and SIEM tools monitor. It is spread across the apps, browsers, chat tools, and AI assistants a person moves through in a day, alongside the AI agents now acting on their behalf. That is where the company wants to sit: a "workspace security" control plane on the endpoint that builds what it calls a complete record of work, infers the intent behind an action, and intervenes at the moment of decision. The examples it gives are telling, such as a user handing remote control of their machine to someone outside the company, or pasting sensitive data into an unsanctioned AI tool. The timing is not subtle. As Manousos put it, "offence is going to be all AI," and the attack surface he is describing is the same one that keeps producing fresh incidents, from AI agents tricked into leaking cloud keys to chatbots talked into resetting passwords. It is also the gap a wave of startups is racing to fill, including NewCore, which raised $66m to give AI agents a corporate identity. A big cheque, and a crowded bet Ent says it is already deployed with Global 2000 customers across hospitality, financial services, and defence, using the platform to flag insider risk, govern AI use, and stop data loss. One customer, an insider-threat lead at a public financial institution quoted anonymously in the announcement, said it was "the first tool where I felt like an expert on day one." That production traction, rather than a demo, is what a seed round this size is paying for. The caveats are worth keeping in view. "Prevention is back" is no longer a contrarian line; it is fast becoming the whole industry's pitch, and a system that intervenes on inferred intent has to be right often enough not to block legitimate work and train staff to ignore it. The capability claims, including sub-second on-device inference, are the company's own, without independent benchmarks yet. And $100m at the seed stage sets a punishing bar. Ent is wading into a market defended by CrowdStrike and Microsoft, the very company whose security tool its founders built, at a moment when the appetite for anything labelled AI security is feverish. The pedigree, the customers, and the In-Q-Tel stamp make the bet credible. Whether prevention can finally outrun the attack, rather than just promise to, is the thing the money is meant to settle.

RiskIQ founders launch Ent Security with $100M to rethink endpoint defense

RiskIQ founders launch Ent Security with $100M to rethink endpoint defense Intent-aware endpoint security startup Ent Security launched today with $100 million in funding to build what it calls a new layer of workspace security that reads the intent behind what users and artificial intelligence agents do before risky actions are completed. Founded by Elias Manousos and Brandon Dixon and incorporated as Athena Formation Inc., the company is positioning itself between the traditional endpoint detection and response or EDR market and the broader push to govern how employees and AI agents use enterprise systems. Manousos and Dixon previously founded RiskIQ Inc., which Microsoft Corp. acquired in 2021 and both went on to help build Microsoft Security Copilot. Ent argues that endpoint security is expanding into workspace security and that existing tools are built for the wrong moment. EDR and extended detection and response or XDR products are good at catching malicious code and process behavior, but they typically act after an action is complete. Much of today's risk looks like normal work, the company says, particularly as AI agents take on tasks across applications, data and local runtimes. The platform runs as a lightweight agent that brings AI reasoning to the device. It evaluates human and AI agent behavior at the moment of use, applies customer-defined policy and acts through configurable, just-in-time interventions before an incident occurs. Ent describes the approach as moving from reactive detection to preventive control across users, agents, applications, data and AI-driven workflows.. Ent says the product is already running inside Global 2000 companies in hospitality, financial services and defense. Those customers use it to flag insider risk and data loss, to keep tabs on how staff are using AI tools and to piece together what happened after an incident. The company has also lined up a roster of advisers that includes former security chiefs at Google LLC, Aetna Inc. and Massachusetts Mutual Life Insurance Company, a former director of the National Security Agency and a former Microsoft executive who ran Azure cloud security. "Security has been stuck in a reactive loop for over a decade," Manousos, who is also chief executive, said in the announcement. "Work now happens across people, agents, applications, data and local runtimes and risk often begins while everything still looks legitimate. The critical questions no existing product can answer are, 'Is the user or agent intent aligned with the objectives of the business? And if not, how fast can it be stopped?'" Ent works on Windows, macOS and Linux, with a browser extension for good measure. Customers can let Ent host it or keep it inside their own cloud. Decibel Partners led the seed round. Sequoia Capital Operations, Crosspoint Capital Partners LP, Craft Ventures, Shield Capital, Felicis and In-Q-Tel Inc., the investment arm backed by the U.S. intelligence community, also took part. Ent said it will spend the money on engineering and sales hires and on building out its product, with work planned on AI governance and tighter integration with other security tools. "AI has been a killer app for hackers and offensive researchers, but the industry is waiting for a novel defensive solution that can keep up with the modern era of LLMs," said Jon Sakoda, founding partner at Decibel.

Ent Gets $100 Million in Seed Funding for Workplace Security Company | PYMNTS.com

In announcing the financing Tuesday (June 16), Ent said its approach to cybersecurity is based on the belief that artificial intelligence (AI) "compresses the time between compromise and impact," which means "prevention must once again become the primary objective of security." The company says its platform helps businesses understand and intervene in risky actions by both humans and AI agents "before they become incidents." Ent Co-Founder and CEO Elias Manousos argued that security has been "in a reactive loop" for more than a decade, with AI-powered attacks requiring a new approach. "AI is changing both how people work and how quickly attackers can act. What once took days now happens in seconds," he said. "By the time traditional security systems detect a problem, it is too late. We believe the future of security lies in understanding intent in real time across people and AI agents and stopping risk before it becomes an incident." Ent says its team includes engineers and security operators with "deep enterprise experience," advised by former cybersecurity executives from the likes of Google, Aetna, MassMutual and Microsoft, as well as a former NSA director. The release added that the new funding will help Ent with its engineering and go-to-market hiring, while also funding its AI governance, threat prevention, security integrations and multimodal endpoint intelligence efforts. In other cybersecurity news, PYMNTS wrote recently about the way artificial intelligence has made it easier for criminals to commit identity fraud and build phony credit profiles. "A synthetic borrower in 2026 may arrive with a convincing driver's license generated by image models, employment verification supported by AI-written HR correspondence, and a live onboarding video featuring a deepfake face synchronized with cloned speech patterns," that report said. "Some fraud operations are reportedly generating entire digital footprints." For example, PYMNTS Intelligence research found that fraud targeting credit unions now occurs across the full member life cycle. That means credit unions now need to defend every interaction point rather than a single stage, with 77% saying they've experienced unauthorized network access in the past year. And while bank tellers are trained to look for suspicious behavior, AI systems trained on large datasets can now generate borrowers designed specifically to avoid those signals. "If a human can do it, we are now at a stage where the machines can do it in plausible ways," Adam Hiatt, vice president of fraud strategy at Spreedly, said. "It's an arms race."