FUNDING & GROWTH TRAJECTORY
Empirical Security raised $12M in its first funding round on July 18, 2025. Despite no prior capital history, the company secured this seed round likely led by Costanoa Ventures, according to public press coverage.
That single $12M infusion places Empirical Security in the top decile of seed rounds for cybersecurity startups, which averaged $6.4M in 2023, per Crunchbase. The size suggests high conviction from backers and mitigates capital constraints early on. Implication: capital headroom buys recruitment speed and enterprise readiness runway.
Pre-money valuation is unlisted, but interviews and leadership changes shortly after indicate strategic maturity beyond its age. Coupled with a CEO hire and developer job postings, the funding likely accelerated key initiatives in enterprise sales and AI model R&D. Implication: post-funding moves signal a shift from R&D-led to GTM-led execution.
- $12M raised July 2025
- Seed round size exceeds sector average by 87%
- No prior funding or convertible notes disclosed
- CEO hire followed funding close, indicating execution phase
PRODUCT EVOLUTION & ROADMAP HIGHLIGHTS
At its core, Empirical Security builds cybersecurity prediction engines grounded in real-time telemetry. The flagship EPSS model predicts exploitation probability for over 16,000 vulnerabilities—12x more than DHS CISA’s Known Exploited Vulnerabilities list.
The roadmap advanced from global prediction capabilities to local, enterprise-tuned AI models. These respond to an organization’s specific telemetry data and threat surface. A relevant use case: security teams at high-regulation firms replacing flat CVSS-based triage with action prioritization based on empirical conditions. Opportunity: delivering precision to industries weary of alert fatigue.
Future directions are becoming visible in product documentation and social posts—expect investment in explainability (model recency benchmarks just launched) and vulnerability-specific integrations. Roadmap friction points include UI/UX polish and system compatibility signals. Implication: high-tech, low-touch posture needs GTM tuning for broad enterprise appeal.
- EPSS model monitors 16,000+ vulnerabilities
- EPSS v4 launched with temporal learning pipeline
- Supports local model training using enterprise data
- API docs for EPSS and global models launched 2025
TECH-STACK DEEP DIVE
The front-end is built with Next.js and React, indicating modern DX capabilities and fast-rendering support, especially when hosted via Vercel. For performance and uptime, it uses Amazon EC2 and Route 53 alongside Cloudflare’s CDN overlay.
Plausible Analytics and Hubspot indicate privacy-conscious analytics combined with classic CRM lead capture. Sanity CMS and Cookiebot enhance collaboration and GDPR compliance. Combined, these tools support rapid iteration and meet the baseline of trust signals for enterprise buyers. Implication: Using developer-favored stacks accelerates content, lowers vendor risk posture.
HSTS and Let’s Encrypt certificates further harden the site, while use of correct email protections (SPF, DMARC) highlight commitment to technical compliance. Despite this, recent SEO scans flag gaps in schema detail and speed optimization opportunities. Risk: good architecture undermined by incomplete technical SEO breaks.
- Next.js + Vercel for SSR and edge-optimized load times
- Plausible for ethical analytics; no Google Analytics
- Sanity as CMS = scalable content velocity
- Cloudflare + AWS for multilayer DNS/cache resilience
DEVELOPER EXPERIENCE & COMMUNITY HEALTH
EPSS, maintained by Empirical Security, is the only public cybersecurity ML model used by over 120 vendors. That adoption powers its grassroots strength despite a tiny 8-person team.
However, GitHub insights like stars, forks, and contributor volume remain unavailable. No official Discord community exists, and documentation was only recently launched. Comparatively, Appwrite and Firebase operate robust dev communities and Slack/Discord presence. Risk: OSS momentum without structured dev community stalls indirect GTM.
The Launch-Week of EPSS v4 was announced quietly through company research blog—not through community webinars or email lists. Future DevRel leaders can unlock significant latent growth via tutorials, CLI wrappers, and explainer walkthroughs. Opportunity: 10x developer mindshare from underutilized OSS signals.
- No known GitHub metrics for EPSS (stars, forks)
- Zero developer community on Discord or Slack
- 120+ vendor usage suggests high passive adoption
- API and documentation launched 2025
MARKET POSITIONING & COMPETITIVE MOATS
Empirical Security's wedge? Hyperlocal AI. While Kenna Security (Cisco) uses generalized models for risk prediction, Empirical trains on each enterprise’s real exploitation signals. Users get stack-contextual recommendations—not academic scores.
EPSS also benefits from vendor lock-in through integration. Its outputs power downstream prioritization, potentially guiding SOAR rules or patch workflows. Coupling proprietary data on 16,000 vulnerabilities with live retraining gives it compounding advantage. Opportunity: ML defensibility scales with each deployment's entropy.
Its open-source commitment paradoxically tightens grip. EPSS as a public good fuels trust and integration, while local models sell enterprise precision. Compared to Cyentia Institute, whose strength lies in threat research, Empirical monetizes via live risk feeds. Moat: open-core adoption with paywalled hyper-tuning.
- Local threat intelligence trained on real customer telemetry
- EPSS is only public vulnerability ML model at scale
- 120+ vendor touchpoints = quiet network effects
- Competes against Kenna (Cisco), Cyentia, RiskSense
GO-TO-MARKET & PLG FUNNEL ANALYSIS
Despite strong technical assets, Empirical Security's GTM funnel lacks polish. Monthly visits hover around 1,000, a disappointing output for a recent $12M-backed firm. No gated assets or freemium tools exist yet.
The site leans on "Request Demo" CTAs, suggesting a high-friction PLG loop—unsuitable given the technical nature of its users. Comparatively, PlanetScale offers playgrounds and self-service onboarding from Day 1. Risk: founder-led engagement model doesn’t scale in enterprise cycle length.
Signals of pending pivot include LinkedIn traffic ramps and job posts for customer-facing roles. Savvier segmentation and value-focused landing pages—especially for CISOs vs. vulnerability analysts—will smooth CTA conversion. Opportunity: tightening TOFU conversion can 3x demo pipeline within 90 days.
- 1005 estimated monthly visits (SEMrush)
- Primary CTA: "Request Demo" — high-friction trigger
- No public sandbox, dataset downloads or expert comparison tools
- Website shows no chatbot, quiz, or interactive pathways
PRICING & MONETISATION STRATEGY
Enterprise pricing ranges from $50,000 to $200,000 per year, aligning with peers offering custom AI security insights (Kenna, Recorded Future). The lack of publicly listed tiers implies bespoke sales and variable model structure per org.
No evidence of usage-based variable pricing appears. Yet, models tuned to ingest real telemetry would justify pricing gradients based on platform size or data ingestion volume. Opportunity: audit-for-size price structure mirrors Snowflake's elasticity logic.
Revenue leakage risks exist in the unclear demo vs. pilot delineation. Without an obvious “starter” self-serve path, prospects may stall at procurement gates. A guided trial/benchmark program could accelerate conversion timelines. Implication: missing mid-funnel wedge suppresses MQL-to-paid velocity.
- $50K–$200K annual license range estimated
- No public usage-based controls or modular pricing
- Lacks freemium tools or visible time-limited trials
- Unclear overage fees or model scaling thresholds
SEO & WEB-PERFORMANCE STORY
Empirical Security's performance score is solid at 90, owing to Vercel hosting, minimal dependencies, and Next.js optimization. Let’s Encrypt and HSTS suggest strong HTTPS enforcement.
However, SEO authority is weak. The Authority Score from SEMrush is just 5, with 93 referring domains and 162 backlinks total—subpar for a company adopted across 120+ vendors. By contrast, Appwrite commands over 1,500 referring domains. Risk: content-light sites struggle to convert interest to rank.
Traffic remains stagnant—no organic visits tracked before August 2025, despite ranking growth. SEO insights suggest internal changes (likely technical fixes) starting Q2 2025 enabled initial indexation. Opportunity: surge imminent if keyword clustering is paired with topical pages and community mentions.
- Performance score: 90/100 (Lighthouse)
- Authority score: 5 (SEMrush benchmarking)
- 162 total backlinks from 93 referring domains
- Rank improved from $2.1M to $1.7M June–August 2025
CUSTOMER SENTIMENT & SUPPORT QUALITY
Public customer sentiment is sparse. No Trustpilot, G2, or Reddit discussions track usage experience. Testimonial and case study pages are absent. Glassdoor entries are undetected. Risk: social proof deficit undermines buyer confidence in high-friction enterprise contexts.
On LinkedIn, announcement reactions are muted (e.g., 17 reactions for a CEO appointment). Yet, the growth of 1,100+ company followers implies latent community interest, perhaps curbed by a non-narrative brand voice. Opportunity: shift from academic to narrative GTM could amplify outreach lift.
No structured support system is revealed—no chatbot, live help, or even real-time SLAs. For enterprise use cases in security-critical systems, this raises hesitation. Clear support tiers or onboarding pathways would uplift perceived maturity. Implication: absence of visible support frontier impairs enterprise trust.
- No reviews or ratings on Trustpilot, G2, or social media
- No customer testimonials or ROI case studies published
- LinkedIn: ~1,115 followers, low engagement rate
- No live support, self-service center or SLA documentation
SECURITY, COMPLIANCE & ENTERPRISE READINESS
The stack includes HSTS, SPF, DMARC and SSL-by-default, signaling modern baseline hygiene. But no certifications like SOC2, ISO 27001, or HIPAA are disclosed. For highly-regulated verticals, these gaps can become deal-blockers.
Privacy controls like Cookiebot and Global Privacy Control show an attempt at consent maturity. However, deeper GDPR or CCPA compliance documentation isn't shared. Risk: gaps in documented compliance posture suppress procurement cycles in Fintech or Healthcare ICPs.
Interestingly, their security features suggest they understand the attacker perspective well—but supporting documents proving secure SDLC, internal protocols, or pen-testing cycles are missing. Opportunity: preempt RFP rejections via downloadable compliance à la Vanta.
- Uses HSTS, SPF, DMARC email protections
- PCI/GDPR/SOC2 certifications not disclosed
- No trust center or compliance documentation visible
- Cookie and data signal controls implemented on homepage
HIRING SIGNALS & ORG DESIGN
Empirical Security has 8 employees, per LinkedIn. That’s lean compared to 20+ typical post-seed AI startups with similar capital. Functionally, focus remains on technical hires: Data Scientists, Software Engineers, and Security Modelers.
Recent $12M funding and CEO hire (Ed Bellis, ex-Risk I/O) suggest key assault on go-to-market infrastructure. Upcoming additions likely include sales engineers, product marketing, and developer experience focused roles. Opportunity: CEO-led scale wave introduces structure to founder-CTO core.
A notable org dynamic: both co-founders are deep tech (Jay Jacobs from Cyentia; Michael Roytman). This hints at a model-centric, R&D-first culture, ideal for building novel AI but requiring external GTM expertise. Implication: organizational leverage requires fractional ops and sales arms.
- Estimated 8 employees (LinkedIn verified)
- Hiring engineers/data scientists; no GTM leads yet
- New CEO hired July–August 2025 for scale-up phase
- Leadership includes Cyentia and Kenna-linked co-founders
PARTNERSHIPS, INTEGRATIONS & ECOSYSTEM PLAY
No public partnerships with SIEM/SOAR platforms are listed, yet EPSS powers workflows for 120 vendors—implying informal integrations or OEM uses. This quiet ubiquity indicates embedded value, not brand-promoted value. Opportunity: formalizing alliances could yield downstream revenue share.
No mention of API integrations with security toolchains like Splunk or ServiceNow. For customers to operationalize ML outputs inside triage flows, SDKs and plug-ins are essential. Comparatively, companies like Snyk and Auth0 prioritized integration as product, not accessory.
Also missing: structured partner programs, badges, integrations showcase, or co-marketing content. This deprives Empirical of ambient distribution effects. Implication: standalone AI magic is muted without ecosystem scaffolding.
- 120+ vendors touch EPSS; likely casual integrations
- No named SIEM/SOAR integrations (Splunk, QRadar)
- No partner program or integration hub deployed
- API is live; SDKs or wrappers unlisted
DATA-BACKED PREDICTIONS
- Empirical will cross 4K LinkedIn followers by Q1 2026. Why: 1115 followers growing with $12M PR lift (Linkedln Followers).
- New CMO-level marketing leadership hired by Q2 2026. Why: zero content SEO despite funding close (SEO Insights).
- First SOC2 attestation obtained by Q1 2026. Why: enterprise sales pressure + risk buyer archetype (Compliance Signals).
- Developer community channel (Discord/Slack) goes live Q4 2025. Why: EPSS needs feedback + outreach scale (Developer Experience).
- Organic traffic grows 3x by Dec 2025. Why: rapid increase in positioning from May–July (SEO Insights).
SERVICES TO OFFER
- Cybersecurity Content Engine; Urgency 5; ROI: increased MQLs; Why Now: Only 162 backlinks for 120+ vendor traction.
- Enterprise Sales Infrastructure; Urgency 5; ROI: improved conversion; Why Now: Founder-led sales model near ceiling post-$12M raise.
- DevRel Program; Urgency 5; ROI: community-led growth; Why Now: No Discord, SDKs, or contributor path despite OSS anchor (EPSS).
- Product Story Refresh; Urgency 4; ROI: CXO resonance; Why Now: Messaging sharp but hyperspecialized for analysts, misses buyer-style clarity.
- Security Integrations Hub; Urgency 3; ROI: stickier deployments; Why Now: 120 vendor edge needs SDKs to operationalize.
QUICK WINS
- Add public case study from one major vendor. Implication: earns trust and accelerates security team adoption.
- Publish benchmark comparing EPSS vs LLMs. Implication: converts model performance into defensible sales asset.
- Enable free read-only EPSS dashboard. Implication: generates inbound PLG-style lead magnet at low risk.
- Push EPSS model metadata to GitHub+README. Implication: aids credibility and community contribution.
- A/B test landing page CTA vs professional segment tags. Implication: reduces bounce rate and demo request friction.
WORK WITH SLAYGENT
Ready to scale Empirical Security's AI engine into a moated category leader? Slaygent's expert growth strategists bring deep cybersecurity, AI GTM and PLG expertise to help you compound traction. Let’s build your funnel edge, today.
QUICK FAQ
- What does EPSS stand for? – Exploit Prediction Scoring System, developed to measure vulnerability exploit risk.
- Is EPSS really open source? – Yes, it is public and used by 120+ cybersecurity vendors.
- Do they offer a free plan? – Not publicly. All signs point to enterprise pricing starting ~$50K/year.
- How big is the team? – Eight employees listed on LinkedIn; hiring for technical roles.
- Where is the company based? – Headquartered in Chicago, US.
- What sectors does it serve? – Regulated industries, cybersecurity vendors, complex IT organizations.
- Is SOC2 certification available? – Not yet listed but expected for 2026 pipeline safety.
AUTHOR & CONTACT
Written by Rohan Singh. Questions or collaborations? Feel free to connect with me on LinkedIn.
TAGS
Seed, Cybersecurity AI, OSS Signals, United StatesShare this post