Gutsy
Last updated: May 10, 2026
Security process intelligence platform applying process mining techniques to analyze, measure, and optimize cybersecurity operations and workflows.
Visit WebsiteCompany Overview
Gutsy is an Israeli cybersecurity startup founded in 2022 and headquartered in Tel Aviv, building a security process intelligence platform that applies process mining methodology to cybersecurity operations. The company was founded by the original creators of Demisto, the security orchestration platform that was acquired by Palo Alto Networks and became Cortex XSOAR, bringing deep domain expertise in security operations center (SOC) workflows and automation. This founding team pedigree is strategically significant, as Demisto's successful exit to Palo Alto Networks (one of the largest cybersecurity acquisitions) demonstrates the founders' proven ability to build enterprise-grade security platforms and navigate market adoption challenges.
The platform ingests data from across the security technology stack—SIEMs, SOARs, ticketing systems, EDR tools, identity platforms, cloud security tools, and other operational systems—to reconstruct and visualize the actual end-to-end processes that security teams follow when handling incidents, vulnerabilities, compliance tasks, and threat investigations. The core technical innovation is the application of process mining algorithms (originally developed for business process management) to the security domain, creating a new category that combines quantitative workflow analysis with cybersecurity operational intelligence. Unlike traditional security analytics that focus on threat detection, volumetrics, or alert management, Gutsy focuses on the operational processes themselves, revealing bottlenecks, procedural deviations, redundant steps, process inefficiencies, and opportunities where automation would have the highest impact.
Gutsy addresses a critical blind spot in cybersecurity operations: organizations typically invest tens of millions in detection and response tools, but lack systematic visibility into whether their security processes are actually efficient, whether incidents are being handled consistently according to documented procedures, whether staffing is appropriately deployed, and where automation ROI would be highest. By providing quantitative measurements of security process effectiveness—metrics like mean time to detect (MTTD) by incident type, procedural variance rates, analyst productivity, tool utilization patterns, and bottleneck identification—Gutsy enables CISOs and security leaders to make evidence-based decisions about staffing allocation, tool consolidation, process redesign, and automation investments. This data-driven approach to SOC optimization is particularly valuable for large enterprises managing complex multi-tool security operations, where process visibility is often obscured by tool silos and manual documentation gaps.
The company has raised seed funding and is building its initial customer base among enterprise and mid-market security organizations. The early positioning as a process intelligence play (distinct from SOAR expansion, SIEM add-ons, or threat analytics) creates category differentiation and addresses a genuine market gap. Success depends on demonstrating clear ROI through process optimization, achieving design partner momentum among security leaders, and scaling across organizations with mature but inefficient security operations. The market tailwind is strong: as security operations face chronic resource constraints and CISOs increasingly seek data-driven justification for staffing and tool investments, process-level visibility becomes a strategic asset.
Dual-Use Assessment
Security process intelligence technology has credible dual-use applicability for defense and military cyber operations. Military, intelligence, and allied government SOCs operate under stringent compliance and operational effectiveness requirements and must continuously optimize incident response workflows across complex multi-classification environments. Gutsy's process mining approach enables these defense organizations to measure the effectiveness of their cyber defense procedures in real time, identify procedural gaps and inefficiencies, quantify the impact of staffing changes or tool changes on response times, and validate that security operations align with doctrine and policy. The technology is particularly valuable for defense cyber operations centers that operate 24/7 across multiple networks (classified, unclassified, coalition), where systematic visibility into process adherence, response bottlenecks, and incident handling variance is critical for operational readiness and compliance with military cybersecurity standards. However, dual-use applicability is secondary to the primary commercial value—the company's growth will be driven by enterprise security optimization, not defense applications.
Strategic Fit Assessment
Priority signal means this entry may be worth researching within the Claw & Talon thesis. It does not mean investable, suitable, endorsed, available, or likely to produce returns.
Gutsy is founded by proven founders with a major successful exit (Demisto/Cortex XSOAR), creating a credible technology and team thesis. The company is building a new category—security process intelligence—that addresses a concrete, underserved market gap: CISOs lack quantitative visibility into operational effectiveness and ROI of security investments. The security operations market is large (SOAR, SIEM, EDR, cloud security collectively represent a tens-of-billions market), growing, and increasingly competitive, making process-level optimization and efficiency gains strategically valuable for enterprise security buyers. Unlike broad platform plays, Gutsy's specialized focus on process intelligence creates category differentiation and defensibility. Customer acquisition is plausible among large enterprises running mature SOCs that have staffing and tool consolidation pressure, and the product directly enables data-driven decision-making that CISOs prioritize. The company is well-positioned for B2B SaaS adoption by enterprise security buyers seeking analytics on existing tool investments, and the founder pedigree reduces execution risk.
Strategic Value to U.S.-Israel Alliance
From a strategic perspective, Gutsy offers value across three dimensions. First, at the commercial level, the company is building infrastructure for a category (security process intelligence) that could become embedded in enterprise security operations, creating a new wedge for process analytics in the security operations workflow. Second, the technology has credible applications for defense and military cyber operations, enabling optimization of critical national defense SOCs. Third, the company's process mining expertise could extend beyond security operations into other critical operational domains (cloud operations, IT operations, network operations) where process visibility and optimization become increasingly important as enterprises modernize their infrastructure. The Israeli technology pedigree and Tel Aviv headquarters position the company well for North American enterprise adoption while potentially serving as a strategic asset for allied defense relationships.
Key Technologies
- Process mining and process discovery algorithms adapted for security operations
- Cross-platform security data ingestion and unified correlation (SIEM, SOAR, EDR, ticketing, identity)
- Security workflow visualization and process bottleneck detection with anomaly flagging
- Quantitative security process effectiveness metrics and KPI measurement
- AI-driven process optimization and automation recommendations for SOC operations
- Process variance and compliance deviation detection and reporting
Use Cases & Applications
- Enterprise SOC workflow analysis and optimization for multinational security teams
- Security process compliance measurement and audit readiness for regulated industries
- Incident response effectiveness measurement and process bottleneck identification
- Military and allied government cyber operations center process optimization and staffing analysis
- Security tool ROI analysis based on actual operational usage patterns and process contribution
- SOAR and automation program effectiveness measurement and expansion prioritization
- Security operations restructuring and consolidation planning for multi-site organizations
Sources and verification
This profile is based on public-source research, Claw & Talon curation, and editorial judgment. Inclusion does not imply endorsement, partnership, investment, or a recommendation to transact. Readers should still confirm current status, customers, funding, and product claims before relying on this profile.
Public sources
The links below are visible public references used for source discipline around company identity, status, funding, customer, acquisition, public-company, or other material claims where available.
- Official website Primary public reference for company identity, positioning, and current web presence.
- Profile update timestamp Last updated in the Claw & Talon database on May 10, 2026.
Investor Lens
What this entry is
Private startup
Why it may matter
Gutsy may matter as a Cybersecurity entry with not currently an investable standalone company for Israeli technology research.
How an independent investor should read this
Not currently an investable standalone company. Read this profile as a starting point for independent verification, not as a recommendation or suitability assessment.
Evidence to verify
- Verify current status
- Verify traction
- Verify cap table/funding
- Verify technical claims
- Verify regulatory/export-control issues
- Verify customer concentration
Main investor questions
- Is the company currently active, independently financeable, and raising or not raising on terms you can verify?
- What customer, revenue, product, and technical evidence supports the company story?
- What valuation, cap table, rights, and follow-on assumptions would govern any private exposure?
- Does the dual-use claim map to actual commercial and government/defense/resilience buyer evidence?
- What evidence would change the thesis or show that the profile is stale?
What not to infer
- Inclusion does not imply endorsement.
- Inclusion does not imply allocation availability or current fundraising.
- Scores do not indicate investment suitability or expected returns.
- Strategic importance does not automatically imply venture return potential.
Diligence questions
- What evidence verifies Gutsy's current customer traction, deployment status, and revenue concentration?
- Which technical claims are independently demonstrable today, and which remain roadmap or pilot-stage assertions?
- Where does the product create real defense, intelligence, critical-infrastructure, or emergency-response value beyond ordinary commercial adoption?
- How does the platform integrate into existing SOC, cloud, identity, or compliance workflows without adding operational burden?
- What would disconfirm the priority signal: weak customer references, thin technical differentiation, poor capital efficiency, or limited allied-market access?
Related sector
See the Cybersecurity sector page for market context, related subcategories, and other Israeli companies in this part of the database.
Related companies
Need a diligence readout?
Use the profile and related checklists as a starting point. If the decision needs more context, request a company screen, founder-call prep, diligence memo, or sector readout.