Fig Security emerges from stealth with $38M to fix the silent failures breaking enterprise SecOps

Security teams rarely fear the alarms that go off. The real worry is the alert that never comes. That blind spot is what Fig Security wants to fix. The New York and Tel Aviv–based security startup has emerged from stealth with $38 million across Seed and Series A funding to help enterprises detect when their security operations quietly stop working.

The round was led by Team8 and Ten Eleven Ventures, with backing from a group of well-known security operators including former Splunk CEO Doug Merritt, former Palo Alto Networks CMO Rene Bonvanie, and the founders of Demisto and Siemplify.

Fig is entering a crowded cybersecurity market with a focused pitch: most enterprises already spend heavily on SecOps tooling, yet few teams can confidently say their detection and response pipelines are still functioning as intended after months of system changes.

“The most dangerous failures in security are the ones you do not know about,” said Gal Shafir, Co-Founder and CEO of Fig Security. “If a detection has not been triggered in months, teams often cannot tell whether that reflects true safety or a breakdown somewhere in the plumbing. We built Fig to give security teams their confidence back, so they can modernize their SOC, adopt AI, and move fast without shipping blind spots to production”.

The concern is grounded in real operational drift. Large organizations continuously modify data pipelines, SIEM rules, cloud configurations, and automation flows. Over time, small changes stack up. A log source drops. A parser fails. A detection rule stops firing. The dashboard stays green, yet coverage quietly erodes.

Fig’s platform is built to surface that decay early. After integrating with a customer’s environment, the system maps detection and response flows end to end, tracing data from its source through pipelines, SIEMs, data lakes, SOAR platforms, and SOC AI agents. The goal is simple: show security teams where their visibility or response chain is weakening before it turns into an incident.

When the platform spots a risk, it flags the issue, explains the likely root cause, and lets teams simulate fixes before pushing changes live. The company positions this as a new layer of operational resilience for security teams that are already under pressure to move faster without increasing risk.

The founding team brings deep SecOps credentials. Fig was launched in 2025 by Gal Shafir (CEO), Nir Loya Dahan (CPO), and Roy Haimof (CTO), all veterans of Israel’s Unit 8200 and Mamram programs. Shafir later held leadership roles at Siemplify through its growth and $500 million acquisition by Google, then led global security architecture work tied to Google SecOps. Loya Dahan previously served as VP of Product at Cymulate and held product leadership roles at Siemplify. Haimof began his cybersecurity career at age 16 and later became Director of Engineering at Cymulate.

Investors say the team is tackling a real operational gap that many enterprises have learned about the hard way.

“Security teams are under increasing pressure to move faster while managing growing operational complexity,” said Ori Barzilay, Partner at Team8. “The Fig Security team brings firsthand experience building and operating SecOps platforms at scale and is addressing a real gap in how organizations approach resilience in security operations.”

Grace Cassy, Partner at Ten Eleven Ventures, pointed to the cumulative effect of constant system changes. “Security teams are constantly making changes to their environments, often without a clear understanding of how they interact,” she said. “Over time, those changes begin to undermine detection and response, even as teams assume their defenses remain intact. This dynamic is what’s fueling the need for a new category focused on security operations resilience.”

Fig says it already has deployments with several large enterprises, including Fortune 100 companies. The startup plans to triple headcount this year, with a strong focus on expanding its go-to-market presence across North America.

The company will appear at RSAC 2026 in March as a Top 10 finalist in the RSAC Innovation Sandbox Contest, a program that has historically served as a launchpad for breakout security vendors. According to RSAC, past finalists have collectively driven more than 100 acquisitions and over $17.8 billion in investment activity.

For now, Fig is betting that the next major security failure many enterprises face will not come from a missed patch or a zero-day exploit, but from something quieter: a detection pipeline that stopped working months ago without anyone noticing.

If that thesis holds, the company is stepping into a problem most security teams already feel but struggle to measure.