
The Operating System for Agentic Cyber Defense
COMPANY OVERVIEW
Vega is an AI-native security analytics company founded in 2024 by Shay Sandler (CEO) and Eli Rozen (CTO), with offices in Tel Aviv and New York. The company was built to replace the rigid ingest-everything model of legacy SIEM with a federated analytics layer that meets security data wherever it already lives.
Vega has raised $185 million across three rounds in 2025, backed by Cyberstarts, Accel, Redpoint, and CRV. Its customer base includes UnitedHealth Group, a Fortune 50 financial services firm, a publicly traded communications company, and a global pharmaceutical with 75,000+ employees. The platform is SOC 2, GDPR, and ISO compliant.
CORE FOCUS
Vega's Security Analytics Mesh (SAM) is a federated analytics layer that queries every SIEM, data lake, cloud log source, and object store in place — no migration, no duplication, no ingest tax. Hunting, detection and triage run continuously across the entire distributed surface, so coverage gaps and blind spots become visible instead of hidden behind retention tiers. Everything is fully MCP ready so Cyber Defense Engineers can build instead of manually chase alerts.
What differentiates Vega is the agentic operating model: AI agents handle triage, MITRE ATT&CK coverage mapping, and investigation workflows transparently, with the analyst always able to inspect the reasoning. The result is SIEM, Detection Engineering and AI-Triage outcomes at a fraction of the data cost. Customers finally leverage the full potential of their data to achieve AI-Speed Detection and Response.
PRODUCTS & TOOLS
Security Analytics Mesh (SAM) – Federated analytics fabric that connects to SIEMs, cloud logs, data lakes, and object storage without ingesting or moving data.
AI-Powered Detection – Unified threat detection across every connected source with continuous MITRE ATT&CK coverage assessment.
Agentic Triage – Autonomous AI agents that correlate, investigate, and triage alerts with transparent, auditable reasoning.
Threat Briefings – Always-on hunt workflows that turn published threat intelligence into queries against your live data on arrival.
















