Claw & Talon

Above Security

Cybersecurity Dual-Use Technology Priority Signal Founded 2025

Last updated: May 27, 2026

Above Security is an Israeli AI-native cybersecurity startup focused on managed insider-risk management for enterprises and critical operations. The company uses fleets of specialized AI investigators to convert fragmented signals into behavioral risk narratives and actionable interventions in real time.

Visit Website

Company Overview

Above Security was founded in 2025 in Tel Aviv by Aviv Nahum and Amir Boldo, both long-time Israel security builders with Unit 81 and Unit 49 backgrounds. The company positions itself as an AI-native managed insider-threat platform, with a distinctive claim that traditional security tooling misses intent and context unless behavior is interpreted as an evolving timeline rather than isolated alerts. Its product framing describes this explicitly: instead of only surfacing anomalies, the system assembles a full evidentiary story across identity systems, SaaS activity, communication flows, and AI-agent behavior. That framing is strategically relevant because insider risk today mixes humans, contractors, and increasingly autonomous software actors that execute sensitive actions at machine speed.

The core platform is presented as a multi-agent architecture that continuously runs investigation tasks, not only detection. Public materials describe specialized agents that monitor for data exfiltration patterns, unusual job-switch signals, privileged misuse, and risky communication behavior while reducing false positives through contextual correlation. This matters for enterprise security operations, where the current gap is often not signal volume but signal triage under operational pressure. Above argues this gap is widening as AI assistants, copilots, and autonomous agents become part of the access graph. Its approach of combining prevention coaching, continuous behavioral reasoning, and investigation-ready output is designed to compress mean-time-to-understanding across security, legal, and HR teams.

Commercially, insider risk is a broad, high-frequency problem across sectors because breaches from authorized environments account for a large share of enterprise incidents. The company highlights this shift by framing risk as both malicious and unintentional, with accidental mis-configuration and shadow usage becoming as costly as targeted attacks in modern environments. If the platform can sustain production-grade quality and keep alert quality high, demand is durable in large multinational environments, infrastructure operators, and knowledge-intensive organizations where one behavioral failure can drive major operational, legal, and reputational harm. The PR release states the startup was generating revenue only six months after launch and has early enterprise adoption, indicating commercial pull, while specific customer names and deployment outcomes are still limited in public filings.

From a financing and momentum perspective, Above has executed an early major capital raise. Public reporting shows a March 2026 Series A led by Ballistic Ventures with participation from Merlin Ventures, Norwest, Jump Capital, and QPV Ventures, after an earlier seed round. The company was also selected for a major cybersecurity accelerator track, improving cross-border market access. Leadership depth is a core support point: both founders have prior startup and enterprise security execution, and investor and ecosystem signaling describe above-average momentum for a late 2025 launch. Still, this remains an early-stage venture in a category where trust, proof-of-performance, and sales-cycle conversion remain decisive.

Dual-use relevance is credible, though not direct hardware defense. The strategic question is operational continuity in high-consequence contexts: government systems, critical infrastructure operators, and defense-adjacent enterprises are exposed to insider and privilege abuse modes that can disrupt mission outcomes as much as direct breaches. Even when deployed in civilian settings, a high-fidelity insider-risk system that shortens investigation and intervention can be adapted into resilience workflows where consequences include public safety, command continuity, and critical infrastructure uptime. This makes Above strategically relevant to the dual-use thesis: its methods can be reoriented from security compliance toward mission assurance in constrained environments, provided governance and sovereign deployment requirements are met.

Market dynamics are increasingly competitive. Large vendors already cover prevention and monitoring at scale, but many still rely on rules and static policy engines that struggle with dynamic agentic contexts. Above’s potential edge lies in continuous behavioral correlation and explicit AI-investigator automation, if validated by independent performance metrics. Key diligence questions should focus on false-positive control, evidentiary chain quality, legal/compliance defensibility in regulated sectors, and whether the system can integrate safely into defense-grade workflows without over-reliance on broad permissions.

The diligence profile is therefore: strong thesis and compelling problem framing, with meaningful strategic upside through resilience-critical use cases, but still dependent on proving consistent precision and deployment depth across mature enterprise and critical infrastructure environments. For this reason, the company is better framed as a high-potential, early-stage strategic signal rather than a mature operator with broad public proof points.

Dual-Use Assessment

Military & Commercial Applications

Above Security is primarily focused on commercial insider-risk assurance, but its core AI workflow and continuous behavioral investigation model is directly adjacent to defense and critical-infrastructure resilience. The same classes of insider misuse, privilege abuse, and unmanaged autonomous-agent behavior can destabilize military-adjacent and critical systems, making a strong, auditable behavioral security layer valuable in security-conscious environments if integrated with sovereign controls.

Strategic Fit Assessment

Research priority signal

Priority signal means this entry may be worth researching within the Claw & Talon thesis. It does not mean investable, suitable, endorsed, available, or likely to produce returns.

Above Security is strategically aligned with deep-security resilience priorities because it targets a measurable and expanding risk class: insider and behavior-based compromise, including risks introduced by rapid AI adoption. Its approach appears productized and backed by a meaningful early funding round from known institutional investors, with explicit progress signals since inception in 2025. The upside is significant if the company demonstrates consistent precision, strong deployment velocity, and evidence of enterprise-grade reliability. Key caveats remain around claim substantiation, explainability of agent outputs, and the depth of trust required for regulated or mission-critical procurement cycles.

Strategic Value to U.S.-Israel Alliance

The strategic value is twofold: (1) commercial viability in a high-intensity cyber market where risk reduction and triage speed are directly monetizable, and (2) secondary strategic relevance for defense-like and critical infrastructure users that require stronger internal risk assurance and continuity under insider and privilege abuse scenarios. If integration quality and governance controls are strong, the platform could become a dual-use resilience asset rather than a generic security add-on.

Key Technologies

  • Agentic investigation workflows
  • Behavioral anomaly detection across identity and SaaS telemetry
  • Context graph construction for insider-risk narratives
  • Automated playbook-driven intervention and escalation
  • Human-in-the-loop governance interfaces for regulated environments
  • Detection and prevention controls for AI-assisted and autonomous workflows
  • Cross-tenant data fusion for large enterprise security operations

Use Cases & Applications

  • Insider threat monitoring in enterprises with privileged access models
  • Detection of anomalous data transfer and exfiltration patterns
  • Risk reduction in AI-assisted workforces and agentic tooling environments
  • Automated investigation and triage for security operations centers
  • Prevention of accidental high-risk actions by non-malicious users
  • Resilience governance for critical infrastructure and high-trust environments
  • Reduction in mean-time-to-triage for high-severity internal security events
  • SOP-driven remediation workflows for compliance-heavy sectors

Sources and verification

This profile is based on public-source research, Claw & Talon curation, and editorial judgment. Inclusion does not imply endorsement, partnership, investment, or a recommendation to transact. Readers should still confirm current status, customers, funding, and product claims before relying on this profile.

Public sources

The links below are visible public references used for source discipline around company identity, status, funding, customer, acquisition, public-company, or other material claims where available.

Investor Lens

What this entry is

Private startup

Why it may matter

Above Security may matter as a Cybersecurity entry with not currently an investable standalone company for Israeli technology research.

How an independent investor should read this

Not currently an investable standalone company. Read this profile as a starting point for independent verification, not as a recommendation or suitability assessment.

Evidence to verify

  • Verify current status
  • Verify traction
  • Verify cap table/funding
  • Verify technical claims
  • Verify regulatory/export-control issues
  • Verify customer concentration

Main investor questions

  • Is the company currently active, independently financeable, and raising or not raising on terms you can verify?
  • What customer, revenue, product, and technical evidence supports the company story?
  • What valuation, cap table, rights, and follow-on assumptions would govern any private exposure?
  • Does the dual-use claim map to actual commercial and government/defense/resilience buyer evidence?
  • What evidence would change the thesis or show that the profile is stale?

What not to infer

  • Inclusion does not imply endorsement.
  • Inclusion does not imply allocation availability or current fundraising.
  • Scores do not indicate investment suitability or expected returns.
  • Strategic importance does not automatically imply venture return potential.
Related checklist: Cybersecurity company diligence Related sector page: Cybersecurity sector page Related Dependency Atlas theme: Sovereign cloud and software resilience

Diligence questions

  • What evidence verifies Above Security's current customer traction, deployment status, and revenue concentration?
  • Which technical claims are independently demonstrable today, and which remain roadmap or pilot-stage assertions?
  • Where does the product create real defense, intelligence, critical-infrastructure, or emergency-response value beyond ordinary commercial adoption?
  • How does the platform integrate into existing SOC, cloud, identity, or compliance workflows without adding operational burden?
  • What would disconfirm the priority signal: weak customer references, thin technical differentiation, poor capital efficiency, or limited allied-market access?

Related sector

See the Cybersecurity sector page for market context, related subcategories, and other Israeli companies in this part of the database.

Related companies

Wiz Cybersecurity Irregular Cybersecurity Linx Security Cybersecurity Astelia Cybersecurity Dream Security Cybersecurity

Need a diligence readout?

Use the profile and related checklists as a starting point. If the decision needs more context, request a company screen, founder-call prep, diligence memo, or sector readout.

Contact Claw & Talon Read database guide