Surf AI Raises $57M to Automate Security Hygiene With Agentic Operations
Surf AI launched from stealth with $57 million in funding to address enterprise security teams’ struggle with fragmented tooling across cloud infrastructure, identity systems, applications, and internal platforms.
The agentic operations startup represents a shift from reactive security monitoring to autonomous hygiene management, where AI agents continuously identify exposures and execute remediation workflows at machine speed while maintaining human oversight and approval processes.
Security Operations Fragmentation Crisis
Enterprise security operations rely on multiple specialized tools that generate alerts and findings but leave remediation fragmented across different teams and systems. Organizations operating dozens of SaaS applications, identity providers, and cloud services face security responsibilities distributed across multiple internal teams, creating operational blind spots and delayed response times.
“AI is dramatically increasing the speed and sophistication of attackers, and security teams need fundamentally new operating models to keep up,” said Phillipe Botteri, partner at Accel, which led the funding round. Traditional quarterly or annual security configuration reviews can’t match the pace of AI-powered threats that identify and exploit vulnerabilities in real time.
Contextual Graph Architecture
Surf AI’s platform addresses fragmentation through a unified operational layer that ingests data from enterprise systems including identity providers, cloud services, security monitoring tools, HR platforms, and IT management systems. The platform builds a contextual graph connecting assets, users, roles, and infrastructure components to understand business ownership, permissions, and dependencies.
AI agents analyze the combined dataset to identify exposure conditions and correlate them with operational context, while the platform maintains records of relationships between systems, users, and resources to guide remediation activity. The system prioritizes issues according to factors such as asset criticality, permissions, and business ownership, then executes or recommends operational tasks such as disabling unused accounts, addressing certificate management issues, or adjusting access controls.
Founded in 2024 by CEO Yair Grindlinger, who previously founded FireLayers (acquired by Proofpoint for $45.6 million in 2016) and spent six years at Proofpoint overseeing information protection and cloud strategy, Surf AI coordinates security workflows by assigning tasks to specialized AI agents that trigger actions based on defined policies.
Enterprise Deployment Evidence
Early deployments demonstrate the platform’s capability to address complex security hygiene challenges across large-scale environments. Organizations have deployed Surf AI to reduce unused software licenses, enforce identity governance policies, and resolve configuration risks arising from dormant or orphaned accounts.
The platform functions as an execution layer connecting findings generated by existing security tools with operational workflows required to address them. Target customers include organizations operating large numbers of SaaS applications, identity systems, and cloud services where security responsibilities span multiple teams.
“We built Surf AI because we believe modern security teams deserve tools and systems that work as hard as they do,” said Grindlinger. “Our platform empowers teams to monitor continuously and act decisively, even as data environments grow more complex.”
Agentic Security Operations Emergence
The $57 million funding round, led by Accel with participation from Cyberstarts and Boldstart Ventures, signals investor recognition of agentic security operations as a critical infrastructure category. Organizations face an expanding attack surface as they deploy more AI systems and applications, requiring automated security hygiene management that can operate at machine speed.
Surf AI’s approach differs from traditional security orchestration platforms by focusing on proactive hygiene management rather than incident response. The platform maintains human oversight through approval workflows while enabling AI agents to execute routine security tasks autonomously. This human-in-the-loop model addresses enterprise concerns about autonomous systems making critical security decisions without appropriate governance.
Looking Forward
The emergence of agentic security operations platforms represents enterprise recognition that traditional security tooling can’t scale with AI-accelerated threats. As attackers increasingly use AI to identify vulnerabilities and execute attacks, organizations require autonomous defensive systems capable of continuous monitoring and real-time remediation.
Surf AI’s launch indicates a broader infrastructure shift toward specialized agent platforms that address specific enterprise operational challenges. Rather than general-purpose AI agents, organizations demand domain-specific solutions that understand business context and can integrate with existing enterprise systems while maintaining appropriate controls and auditability.
The rise of agentic security operations reflects a fundamental infrastructure evolution as enterprises seek AI-powered solutions that can operate at machine speed while maintaining human oversight. This parallels broader trends in AI agent orchestration where organizations deploy specialized agents for complex operational workflows while preserving governance and control mechanisms.