{"slug": "the-team-that-built-microsofts-security-copilot-just-raised-100m-to-stop-attacks", "title": "The team that built Microsoft’s Security Copilot just raised $100M to stop attacks before they happen", "summary": "Ent, a cybersecurity startup founded by former Microsoft Security Copilot builders Elias Manousos and Brandon Dixon, emerged from stealth with a $100 million seed round led by Decibel, marking one of the largest seed rounds in cybersecurity history. The company aims to revive attack prevention by running small AI models locally on endpoints to make real-time decisions in under a second, shifting focus from network monitoring to workspace security across apps, browsers, and AI tools. Investors including Sequoia, Crosspoint Capital Partners, and the CIA's In-Q-Tel participated, betting on Ent's approach to stop AI-powered attacks before they happen.", "body_md": "For most of the past decade, the security industry quietly gave up on prevention. Breaches were treated as inevitable, and the money went into detecting and cleaning up the mess afterwards. A new startup from two veterans of that industry says AI has made stopping the attack in the first place possible again, and investors have handed it $100m to prove it.\n\nEnt, founded by Elias ‘Lou’ Manousos and Brandon Dixon, came out of stealth on 16 June with a $100m seed round led by Decibel. Sequoia, Crosspoint Capital Partners, Craft Ventures, Shield Capital, Felicis, and In-Q-Tel, the CIA’s venture arm, also took part, in what SiliconANGLE called one of the largest seed rounds in cybersecurity history.\n\nThe founders know the territory. The pair built RiskIQ, sold it to Microsoft in 2021 in a deal SiliconANGLE puts at more than $500m, and then helped create Microsoft Security Copilot. Their new company is, in effect, a bet against the model the rest of the industry, Microsoft included, currently runs on.\n\n## Why prevention is possible again, according to Ent\n\nThe industry’s pivot to detection had a practical cause. To stop something before it happens, you have to understand it in real time, at the moment of decision, and the heavy processing lived in the cloud. The round trip from the device and back was too slow, so tools like endpoint detection and response (EDR) settled for spotting trouble after the fact.\n\nEnt’s pitch is that small AI models can now run locally on the endpoint, doing the reasoning at the edge without that round trip. The company says a decision can be made in under a second, before an action completes, which is the difference between blocking an incident and writing it up.\n\n“We have entered a new era defined by AI-powered attacks, one that demands a return to prevention and resilience,” said Greg Clark, co-founder and managing partner at Crosspoint Capital Partners. “The level of inference required to stop threats before they materialise must now live directly on the endpoint.”\n\n## Watching the workspace, not the network\n\nEnt’s other argument is about where to look. Modern work, it says, does not happen at the layers EDR and SIEM tools monitor. It is spread across the apps, browsers, chat tools, and AI assistants a person moves through in a day, alongside the AI agents now acting on their behalf.\n\nThat is where the company wants to sit: a “workspace security” control plane on the endpoint that builds what it calls a complete record of work, infers the intent behind an action, and intervenes at the moment of decision. The examples it gives are telling, such as a user handing remote control of their machine to someone outside the company, or pasting sensitive data into an unsanctioned AI tool.\n\nThe timing is not subtle. As Manousos put it, “offence is going to be all AI,” and the attack surface he is describing is the same one that keeps producing fresh incidents, from [AI agents tricked into leaking cloud keys](https://thenextweb.com/news/openclaw-ai-agent-phishing-varonis-pinchy) to [chatbots talked into resetting passwords](https://thenextweb.com/news/hackers-tricked-meta-ai-chatbot-instagram-account-hijack). It is also the gap a wave of startups is racing to fill, including [NewCore, which raised $66m to give AI agents a corporate identity](https://thenextweb.com/news/newcore-66-million-ai-agent-identity-security).\n\n## A big cheque, and a crowded bet\n\nEnt says it is already deployed with Global 2000 customers across hospitality, financial services, and defence, using the platform to flag insider risk, govern AI use, and stop data loss. One customer, an insider-threat lead at a public financial institution quoted anonymously in the announcement, said it was “the first tool where I felt like an expert on day one.” That production traction, rather than a demo, is what a seed round this size is paying for.\n\nThe caveats are worth keeping in view. “Prevention is back” is no longer a contrarian line; it is fast becoming the whole industry’s pitch, and a system that intervenes on inferred intent has to be right often enough not to block legitimate work and train staff to ignore it. The capability claims, including sub-second on-device inference, are the company’s own, without independent benchmarks yet.\n\nAnd $100m at the seed stage sets a punishing bar. Ent is wading into a market defended by CrowdStrike and Microsoft, the very company whose security tool its founders built, at a moment when the appetite for anything labelled AI security is feverish. The pedigree, the customers, and the In-Q-Tel stamp make the bet credible. Whether prevention can finally outrun the attack, rather than just promise to, is the thing the money is meant to settle.\n\n## Get the TNW newsletter\n\nGet the most important tech news in your inbox each week.", "url": "https://wpnews.pro/news/the-team-that-built-microsofts-security-copilot-just-raised-100m-to-stop-attacks", "canonical_source": "https://thenextweb.com/news/ent-security-100m-seed-intent-aware-workspace-prevention", "published_at": "2026-06-16 14:30:51+00:00", "updated_at": "2026-06-16 14:52:47.183265+00:00", "lang": "en", "topics": ["ai-safety", "ai-products", "ai-startups", "artificial-intelligence", "ai-infrastructure"], "entities": ["Ent", "Microsoft", "RiskIQ", "Decibel", "Sequoia", "Crosspoint Capital Partners", "Craft Ventures", "In-Q-Tel"], "alternates": {"html": "https://wpnews.pro/news/the-team-that-built-microsofts-security-copilot-just-raised-100m-to-stop-attacks", "markdown": "https://wpnews.pro/news/the-team-that-built-microsofts-security-copilot-just-raised-100m-to-stop-attacks.md", "text": "https://wpnews.pro/news/the-team-that-built-microsofts-security-copilot-just-raised-100m-to-stop-attacks.txt", "jsonld": "https://wpnews.pro/news/the-team-that-built-microsofts-security-copilot-just-raised-100m-to-stop-attacks.jsonld"}}