RunReveal Raises $7M Seed to Build the AI-Native Security Data Platform

Today we're announcing that RunReveal has raised $7 million in seed funding led by existing investor Costanoa Ventures, with new participation from Runtime Ventures, Modern Technical Fund, Okta Ventures, and several angel investors. We're using this investment to scale our team and accelerate development of our unified security data platform—replacing the tool sprawl of legacy SIEM with AI-native detection and response workflows.

Simplifying security data with a single platform

Every security team is dealing with more log volume, log sources, and noise than ever before. When people think about security logs they think about "SIEM", but that's just a small fraction of the detection and response stack. Large organizations deploy multiple SIEMs, dedicated data pipeline tools, analytics platforms, and specialized detection providers. These tools rarely integrate smoothly and create alert fatigue, exploding budgets, and operational complexity.

Security teams recognize these problems but don’t see other options. RunReveal is built specifically to solve this by consolidating the entire security stack into a single, AI-powered platform:

• Data Infrastructure: Ingestion, normalization, transformations, routing, and long-term data retention that fits into any environment.
• AI-Powered Workflows: Autonomous investigations and detection improvements with native AI chat, supported by alert triage and continuous monitoring.
• Detection and Investigation: Managed out-of-the-box detections, detections as code, fast and easy Search—everything you need from day one to query and use your security logs.
• Deep Integrations: Not just checkbox features, but 40+ integrations that understand how your tools actually work.

This simple approach has resonated with many of the leading security teams including those at Cloudflare, Harvey, ClickHouse, Flexport and many more.

AI as a force multiplier

When we first developed our Model Context Protocol server this spring, we immediately knew this was going to be the future of detection and response.

Since releasing our MCP server, we’ve created an agent of our own that helps with investigations, creating detections, and analyzing your infrastructure for anomalies. The vast majority of our customers now rely on these features daily; log analysis that previously took hours now takes minutes.

We understand the challenges of bringing various models into enterprise environments, which is why we also support a bring-your-own-LLM approach. Customers can use their approved models from any major provider—flexibility that aligns with our principle of meeting customers wherever they are in their security journey, from small startups to large enterprises.

Our team has thoughtfully built every feature to convert security data from a sinking cost center into tools that deliver tremendous value. Getting the data infrastructure right is essential when preparing data for use by AI. With our knowledge and experience RunReveal has been built from day one to make searching logs fast, which puts us in the best position to provide context to LLMs better than any security tool available today.

Looking forward

With this funding, we're scaling our team to build the security data platform that handles every layer—ingestion through analysis—while providing tools teams actually need.

RunReveal’s mission remains clear: Get the fundamentals of managing security data right, thoughtfully integrate AI agents that augment your security team, and detect threats more effectively than any other tools.

We'll be at Black Hat and DEF CON next week; if you'd like to connect and learn more about what we're building or how we're building it, reach out and let’s talk.