Nebulock, an AI-native contextual security platform, announced a $25 million Series A round led by FirstMark, with participation from Bain Capital Ventures, Decibel, Zetta Venture Partners, and Step Function. The company has built its product around a new threat category it calls “agentic insider threats,” security events that arise when employees install and operate autonomous AI agents inside corporate environments without authorization.
The Trigger: 50,000 Events in a Week
The numbers behind the raise tell a specific story. Within one week of OpenClaw’s viral adoption wave, Nebulock observed more than 50,000 security events related to unauthorized agent activity across 40% of its customer base, according to the company’s BusinessWire announcement. Employees were downloading OpenClaw, connecting it to internal systems, and giving agents access to credentials, file systems, and APIs that fell outside the security perimeter IT teams had established.
The pattern is distinct from traditional insider threats. An employee using an unauthorized SaaS app is one risk. An employee deploying an autonomous agent that can read files, execute code, and call external services on its own is a qualitatively different one. Nebulock’s pitch to investors centered on that distinction: agents act continuously and independently, which means a single misconfigured skill or compromised agent session can generate cascading access violations before any human notices.
What Nebulock Does
The company describes its approach as “hunt-first context,” meaning its platform actively searches for agentic activity patterns rather than waiting for alerts from traditional endpoint detection tools. Standard security information and event management (SIEM) systems were not designed to flag an agent making 200 API calls in three minutes or quietly exfiltrating data through DNS queries. Nebulock’s product is purpose-built for that behavioral pattern.
The $25 million round brings the company’s total funding to an undisclosed amount and will fund engineering expansion and go-to-market operations focused on enterprises dealing with unsanctioned agent deployments.
The Venture Signal
This round is notable less for its size than for what it represents about investor conviction. Agent security has attracted attention from existing cybersecurity vendors adding features, but Nebulock is the first startup to close a significant venture round explicitly positioned around the category. FirstMark, the lead investor, has backed companies like Airbnb, Discord, and Shopify. Bain Capital Ventures and Decibel bring deep enterprise security expertise.
The timing tracks with a broader pattern. In the past week alone, Palo Alto Networks’ Unit 42 published analysis identifying novel financial attack classes in ClawHub, and Runlayer raised $30 million for agent governance infrastructure. Venture capital is moving from “agents are interesting” to “agent security is a market.”
The Enterprise Dilemma
For CISOs, the challenge Nebulock addresses is immediate. Banning OpenClaw outright risks pushing adoption underground, where it becomes even harder to monitor. Allowing it without governance tools means accepting that autonomous agents will operate inside the corporate perimeter with access levels no one explicitly approved. Nebulock is betting that most enterprises will land somewhere in the middle, and that the tooling for that middle ground is the business opportunity.
The 50,000-event figure across 40% of customers suggests the adoption curve is already well ahead of the security tooling curve, which is exactly the gap venture investors tend to fund.