The team that built Microsoft’s Security Copilot just raised $100M to stop attacks before they happen

For most of the past decade, the security industry quietly gave up on prevention. Breaches were treated as inevitable, and the money went into detecting and cleaning up the mess afterwards. A new startup from two veterans of that industry says AI has made stopping the attack in the first place possible again, and investors have handed it $100m to prove it.

Ent, founded by Elias ‘Lou’ Manousos and Brandon Dixon, came out of stealth on 16 June with a $100m seed round led by Decibel. Sequoia, Crosspoint Capital Partners, Craft Ventures, Shield Capital, Felicis, and In-Q-Tel, the CIA’s venture arm, also took part, in what SiliconANGLE called one of the largest seed rounds in cybersecurity history.

The founders know the territory. The pair built RiskIQ, sold it to Microsoft in 2021 in a deal SiliconANGLE puts at more than $500m, and then helped create Microsoft Security Copilot. Their new company is, in effect, a bet against the model the rest of the industry, Microsoft included, currently runs on.

The industry’s pivot to detection had a practical cause. To stop something before it happens, you have to understand it in real time, at the moment of decision, and the heavy processing lived in the cloud. The round trip from the device and back was too slow, so tools like endpoint detection and response (EDR) settled for spotting trouble after the fact.

A workspace designed for growth, collaboration, and endless networking opportunities in the heart of tech.

Ent’s pitch is that small AI models can now run locally on the endpoint, doing the reasoning at the edge without that round trip. The company says a decision can be made in under a second, before an action completes, which is the difference between blocking an incident and writing it up.

“We have entered a new era defined by AI-powered attacks, one that demands a return to prevention and resilience,” said Greg Clark, co-founder and managing partner at Crosspoint Capital Partners. “The level of inference required to stop threats before they materialise must now live directly on the endpoint.”

Ent’s other argument is about where to look. Modern work, it says, does not happen at the layers EDR and SIEM tools monitor. It is spread across the apps, browsers, chat tools, and AI assistants a person moves through in a day, alongside the AI agents now acting on their behalf.

That is where the company wants to sit: a “workspace security” control plane on the endpoint that builds what it calls a complete record of work, infers the intent behind an action, and intervenes at the moment of decision. The examples it