Hexadite
Last updated: May 10, 2026
Hexadite developed an autonomous AI-powered security orchestration and incident response platform that investigated, triaged, and remediated security alerts without human intervention. The technology addressed critical SOC analyst capacity constraints by executing security investigations at machine speed, dramatically reducing mean time to respond and enabling defense operations to handle alert volumes at scale.
Visit WebsiteCompany Overview
Hexadite's core product was ARIS (Automated Response and Investigation System), an AI-driven platform for security orchestration and automated incident response. The system integrated with enterprise security infrastructure—SIEM platforms, endpoint detection and response (EDR) tools, network sensors, threat intelligence feeds, and incident management systems—to create a unified security automation layer. ARIS applied decision-tree and rule-based AI algorithms to automatically classify incoming security alerts by severity and threat type, execute investigation playbooks (enrichment, correlation, threat hunting), and take autonomous remediation actions such as isolating endpoints, blocking network connections, or quarantining files—all without human approval. This autonomous-first architecture reduced mean time to respond from hours to minutes, addressing the fundamental bottleneck in modern enterprise SOCs where human analysts cannot scale to alert volumes.
Hexadite was founded in 2014 by Barak Klinghofer (CEO) and Idan Levin (CTO), both with backgrounds in Israeli Defense Force cyber intelligence. The company competed in the emerging SOAR (Security Orchestration, Automation and Response) market against Phantom Cyber (acquired by Splunk in 2018), Demisto (acquired by Palo Alto Networks in 2019), and Swimlane. Hexadite raised approximately $10.5M in Series A funding from YL Ventures, HPE Pathfinder, and other Israeli venture firms. In May 2017, Microsoft acquired Hexadite for an estimated $100–130M, making it one of the highest-valued exits in Israeli cybersecurity at that time. Microsoft integrated Hexadite's autonomous response technology into Windows Defender Advanced Threat Protection (now Microsoft Defender XDR), where automated incident response remains a core differentiator. The acquisition validated both the SOAR category and the specific value of autonomous—rather than human-gated—response workflows.
From a defense and national-security perspective, Hexadite's autonomous incident response technology has direct relevance to military and government cyber operations. Modern military networks face persistent, high-volume cyberattacks from state-sponsored adversaries. The number of security alerts far exceeds human analyst capacity, making manual investigation and response impractical. Autonomous investigation and remediation—enabled by Hexadite's decision-tree AI and orchestration—allows defense networks to respond to threats in real time without human bottlenecks. The platform's ability to execute cross-tool investigations and remediation, detect false positives, and preserve forensic evidence is critical for military SOCs defending strategic networks. The founders' IDF background meant the technology was designed with understanding of defense operational constraints. This combination of fully autonomous response, integration depth, and defense-cognizant architecture establishes strong dual-use applicability and credible strategic value for military cyber defense.
Dual-Use Assessment
Hexadite's core technology—autonomous investigation and remediation of security alerts via AI-driven orchestration—has direct dual-use applicability. In commercial SOCs, the value is efficiency: reducing analyst workload and MTTR. In military networks, the value is operational: enabling continuous cyber defense at machine speed when human analyst capacity is orders of magnitude insufficient for alert volumes on strategic networks. The ability to autonomously investigate cross-tool signals, determine threat context, and execute remediation without human approval is foundational to modern military cyber defense doctrine. The integration with SIEM, EDR, network security, and threat intelligence platforms makes the technology a force multiplier for defense SOCs. Hexadite's IDF-trained founders and the platform's design emphasis on autonomous operation (rather than human-gated workflows) suggest the technology was engineered with awareness of defense operational requirements. Autonomous response without human bottlenecks is critical for military networks facing persistent state-sponsored campaigns.
Strategic Fit Assessment
Hexadite is not an active direct diligence target—the company was acquired by Microsoft in May 2017 for an estimated $100–130M, validating the autonomous incident response approach and delivering strong returns to early investors. The company raised $10.5M in Series A funding from YL Ventures, HPE Pathfinder, and Israeli VCs, demonstrating VC confidence in the founders and SOAR market thesis. At exit, the valuation represented exceptional return on early capital. The technology remains live in Microsoft Defender XDR, one of the world's most widely deployed endpoint security platforms, ensuring the innovation continues to reach millions of enterprise and government endpoints globally.
Strategic Value to U.S.-Israel Alliance
Autonomous cyber defense at machine speed is strategically critical for military and intelligence networks defending against persistent state-sponsored campaigns. Hexadite's technology addresses the fundamental bottleneck in defense SOC operations: the mismatch between alert volume and human analyst capacity. The ability to autonomously investigate and remediate threats across heterogeneous security infrastructure (SIEM, EDR, network, threat intelligence) without human approval is a force multiplier for defense networks. The founders' IDF cyber intelligence background means the technology was developed with understanding of military operational constraints and threat models. For any defense-focused strategic investor, Hexadite's autonomous response approach (now integrated into Microsoft's platform) represents a validated, market-proven architecture for addressing critical defense cyber gaps. The technology's integration into Microsoft Defender XDR also means it reaches defense customers through commercial channels, increasing strategic adoption leverage.
Key Technologies
- AI-driven autonomous security alert investigation
- Automated incident response playbook execution
- Machine-speed threat triage and remediation
- Integration with SIEM, endpoint, and network security tools
- Decision-tree AI for alert classification and action determination
- Scalable multi-tenant security orchestration
Use Cases & Applications
- Enterprise SOC automated alert investigation and triage
- Autonomous incident remediation without human intervention
- Security tool orchestration and response workflow automation
- Reducing mean time to respond (MTTR) from hours to minutes
- Military/government autonomous cyber defense operations (dual-use)
- Defense network continuous automated threat remediation (dual-use)
Sources and verification
This profile is based on public-source research, Claw & Talon curation, and editorial judgment. Inclusion does not imply endorsement, partnership, investment, or a recommendation to transact. Readers should still confirm current status, customers, funding, and product claims before relying on this profile.
Public sources
The links below are visible public references used for source discipline around company identity, status, funding, customer, acquisition, public-company, or other material claims where available.
- Official website Primary public reference for company identity, positioning, and current web presence.
- Profile update timestamp Last updated in the Claw & Talon database on May 10, 2026.
Investor Lens
What this entry is
Acquired asset
Why it may matter
Hexadite may matter as a Cybersecurity entry with not currently an investable standalone company for Israeli technology research.
How an independent investor should read this
Not currently an investable standalone company. Read this profile as a starting point for independent verification, not as a recommendation or suitability assessment.
Evidence to verify
- Verify current status
- Verify technical claims
- Verify regulatory/export-control issues
Main investor questions
- Is this entry a benchmark, buyer, ecosystem node, acquired asset, or strategic reference rather than a live startup opportunity?
- What does this reference clarify about buyers, sector structure, public-market context, or strategic demand?
- Does the dual-use claim map to actual commercial and government/defense/resilience buyer evidence?
- What evidence would change the thesis or show that the profile is stale?
What not to infer
- Inclusion does not imply endorsement.
- Inclusion does not imply allocation availability or current fundraising.
- Scores do not indicate investment suitability or expected returns.
- Strategic importance does not automatically imply venture return potential.
Diligence questions
- What evidence verifies Hexadite's current customer traction, deployment status, and revenue concentration?
- Which technical claims are independently demonstrable today, and which remain roadmap or pilot-stage assertions?
- Where does the product create real defense, intelligence, critical-infrastructure, or emergency-response value beyond ordinary commercial adoption?
- How does the platform integrate into existing SOC, cloud, identity, or compliance workflows without adding operational burden?
- Is the company a live venture opportunity, a mature strategic reference, an acquired asset, or primarily a market-mapping entry?
Related sector
See the Cybersecurity sector page for market context, related subcategories, and other Israeli companies in this part of the database.
Related companies
Need a diligence readout?
Use the profile and related checklists as a starting point. If the decision needs more context, request a company screen, founder-call prep, diligence memo, or sector readout.