Scanner, a cloud-native security data lake platform for threat hunting and autonomous response, has raised $22M in Series A funding led by Sequoia Capital.
Scanner, a startup building cloud-native security data lakes for threat hunting and detection, has raised $22 million in Series A funding led by Sequoia Capital. The company's platform connects AI agents to security data lakes for interactive investigations, detection engineering, and autonomous response.
The funding comes as organizations increasingly struggle with the volume and complexity of security data generated across modern cloud environments. Scanner's approach aims to solve this by creating unified data lakes that can be queried by AI agents rather than relying on traditional SIEM (Security Information and Event Management) architectures.
What Scanner Actually Does
Unlike traditional security tools that require manual query writing and correlation, Scanner's platform allows security teams to interact with their data through natural language and AI agents. The system can automatically correlate events across different data sources, identify patterns, and even take autonomous response actions when threats are detected.
The platform targets three main use cases:
- Threat hunting: Security analysts can ask questions in natural language and get immediate answers from across their entire security dataset
- Detection engineering: Teams can build and test new detection rules using historical data without disrupting production systems
- Autonomous response: When threats are identified, the system can automatically take predefined actions to contain or mitigate them
The Security Data Lake Market
Scanner enters a crowded market of security data platforms, but its focus on AI-native architecture and autonomous capabilities sets it apart. Traditional SIEM vendors like Splunk and Elastic have dominated the market for years, but many organizations are looking for alternatives that can handle the scale and complexity of modern cloud environments.
Cloud-native security data lakes have emerged as a key trend, with companies like Panther, Cribl, and Hunters all competing in this space. What makes Scanner different is its emphasis on AI agents that can actively investigate and respond to threats rather than just providing visibility.
Sequoia's Investment Thesis
Sequoia's lead investment suggests confidence in Scanner's approach to AI-powered security operations. The firm has been actively investing in AI infrastructure companies, and Scanner fits into their broader thesis about the future of enterprise software being AI-native rather than AI-enhanced.
"The security operations center of the future won't be staffed by humans manually correlating alerts," said a Sequoia partner who led the investment. "It will be powered by AI agents that can think and act autonomously across massive datasets."
Technical Architecture
Scanner's platform is built on top of cloud object storage (primarily AWS S3 and Google Cloud Storage) and uses a combination of vectorized search, machine learning models, and custom query engines to process security data. The system can handle petabytes of security logs, network traffic, and endpoint data while maintaining sub-second query response times.
The AI agents are built using large language models fine-tuned for security tasks, allowing them to understand security terminology, recognize attack patterns, and generate appropriate response actions. The agents can also learn from past investigations to improve their accuracy over time.
Market Timing and Competition
Scanner's funding comes at a time when cybersecurity budgets are under pressure but organizations are simultaneously facing more sophisticated threats. The company's autonomous response capabilities could appeal to organizations that lack the staffing to handle 24/7 security operations.
However, Scanner faces significant competition from both established vendors and newer startups. Major cloud providers like AWS and Azure offer their own security analytics platforms, while specialized vendors like CrowdStrike and Palo Alto Networks continue to expand their data lake capabilities.
The key differentiator will be whether Scanner's AI agents can actually deliver on the promise of autonomous threat detection and response without generating false positives or missing sophisticated attacks.
What's Next
With the new funding, Scanner plans to expand its engineering team and accelerate development of its autonomous response capabilities. The company also plans to add support for additional data sources and cloud platforms beyond its current AWS and GCP support.
Scanner's success will likely depend on whether organizations are ready to trust AI agents with security decisions and whether the technology can deliver consistent results across different types of environments and threats.
Scanner.dev - Company website Sequoia Capital - Lead investor
Featured image: 
Comments
Please log in or register to join the discussion