2025 Recap: Just Keep Shipping

"Real artists ship." —Steve Jobs

In 2025 at RunReveal, we shipped major new features weekly to mature the product from a very capable but bare bones security data pipeline, to a product that fits the needs of mature and fast-moving security teams.  We introduced AI in a way that’s intuitive and works, not forced and full of hallucinations. We went from a few hundred terabytes under management to thousands of terabytes under management. We added dozens of enterprise customers, many of whom you may know.

And we're just getting started.

MCP to native agent

In March, we were the first SIEM to release an MCP server, and we quickly realized that AI was going to revolutionize the way security teams work. We immediately saw customers adopt MCP to conduct faster threat hunts, tune alerts, and streamline investigations, and ultimately, revolutionize how they work.

Since then, we realized our own AI Agent and Native Chat in RunReveal in July. We built our agent tightly into the product to enable things like:

• Making our AI features available to customers who didn’t yet have a preferred AI client.
• Use AI on a schedule to query their logs (hello scheduled prompts!).
• Use AI models that our customer’s legal and security teams have approved.

With the release of our native AI agent and chat, customers are using AI models to create and manage detections, conduct investigations, and even create dashboards for reporting. We’re just uncovering the tip of the iceberg for how AI will revolutionize security engineering work, and we’re excited for what we’ll be working on in 2026 to continue to further this work.

The missing piece of the puzzle: Pipelines

One of the main reasons we created RunReveal back in 2023 was to address a major problem with security data management: tool sprawl. For many security teams using a traditional SIEM solution like Splunk, they had to buy a Cribl to filter, route, and transform logs in order for them to be used. At RunReveal, we believed the ability to manipulate your data directly in the same platform as your SIEM was a vital part of the product experience.

So in May, we released one of the most powerful functions of RunReveal: Pipelines. With Pipelines, our customers were now able to drop, filter, transform, and route their data directly within RunReveal. Customers like Temporal saw immediate wins by being able to vastly reduce the amount of data they keep to not be buried in terabytes of unnecessary data.

Dashboards & analytics

In September, we released Dashboarding functionality in the platform. We kept the dashboard functionality—much like the rest of the RunReveal UI—simple: Dashboards are essentially just queries that are run and then pass down the result to a graphing library.

We also integrated dashboards with our AI agent, so customers could use plain language and simple dropdowns with AI to quickly create and iterate on their reporting.

Not only are dashboards, reports, and analytics a core part of a security data platform, but our team worked hard to ensure this product experience was simple, fast, and actually helpful.

Platform engineering

We shipped support for two major new deployment modes: Bring Your Own Cloud (BYOC) and On premises.  BYOC deploys in under an hour, is fully managed, and scales to hundreds of terabytes per month.  On-premises customers have the option to deploy and manage RunReveal themselves in bare metal environments with white glove support. We designed the system from day one to deploy anywhere because security, compliance, and data sovereignty requirements demand it. Besides Splunk and Elastic, no other major SIEM vendor offers this.

At one point this year, a new company across the Pacific Ocean started onboarding themselves to our multi-tenant SaaS when we noticed slight delays due to increased latency. When we dug in, we discovered that we weren't prefetching S3 reads. So, we fixed it. Scaling requires a lot of work that doesn't always make it to our blog or social media: memory management, deployment operations, read pipelining. These are mostly invisible but essential for hyperscalers.

Product and integrations

One of the things we’re most proud of in this past year is the major facelift RunReveal’s UI and UX has received. We’ve taken customer feedback to improve our accessibility of the UI, modernize our design, and simply put, make RunReveal nicer to look at!

Some highlights from this effort include our new Log Explorer UI, improved AI chat interface, and Saved Queries UI. We focused on accessibility and modern design, and listening to customer feedback is what drives most of these changes.

A security data platform is only as good as the sources it supports. This year, we developed more than 70 new integrations across sources and AI model providers for our customers.

To check out all of our integrations, check out our documentation here.

The personal bit

These product updates required growing the team. We closed our seed round in July and doubled down on engineering, go-to-market, and marketing, growing the team 240% since the beginning of the year. This enabled faster product iteration and better customer support.

We spent meaningful time with the security community this year. We held three AI for Security Roundtable meetups across San Francisco and Austin, and attended conferences including fwd:cloudsec and BSides in Seattle, San Francisco, London, and Chicago. BSidesSF was really special to us—Evan and I got our start there at Cloudflare in 2015. Ten years later, we're sponsoring.

We had an incredible 2025. We shipped a lot, learned more, and we're not slowing down.

We build in public and share what we're working on as we go. If you want to follow along, subscribe to the blog here or give us a follow on LinkedIn. If you're dealing with security data at scale and want to see what we've built, reach out to our team here.

See you in 2026!