Hexadite

Cybersecurity Dual-Use Technology Founded 2014

Hexadite was an Israeli cybersecurity startup that developed an AI-powered security orchestration and automated incident response platform, enabling SOCs to autonomously investigate and remediate security alerts at machine speed.

Visit Website

Company Overview

Hexadite built an automated incident response and security orchestration platform (ARIS) that used artificial intelligence to autonomously investigate, triage, and remediate security alerts without human intervention. The platform integrated with existing security infrastructure (SIEM, endpoint, network tools) and applied decision-tree AI to determine the nature of each alert, execute investigation playbooks, and take remediation actions automatically—dramatically reducing mean time to respond from hours to minutes.

Commercially, Hexadite competed in the early SOAR market alongside Phantom (later acquired by Splunk), Demisto (acquired by Palo Alto Networks), and Swimlane. Founded in 2014 in Tel Aviv by former IDF cyber intelligence officers Barak Klinghofer (CEO) and Idan Levin (CTO), the company raised $10.5M from investors including YL Ventures and Hewlett Packard Enterprise Pathfinder. In May 2017, Microsoft acquired Hexadite for approximately $100M, integrating its autonomous response technology into Windows Defender Advanced Threat Protection (now Microsoft Defender).

From a defense and national security perspective, autonomous security incident response is directly relevant to military and government cyber operations where alert volumes far exceed human analyst capacity. The ability to investigate and remediate threats without human intervention enables continuous cyber defense at scale—critical for military networks facing persistent adversary campaigns. The founders' IDF intelligence background and the technology's autonomous decision-making capabilities underscore strong dual-use potential.

Dual-Use Assessment

Autonomous security incident investigation and remediation directly applies to military cyber defense operations where human analyst capacity is insufficient for alert volumes. AI-driven automated response enables continuous cyber defense at machine speed for defense networks.

Key Technologies

AI-driven autonomous security alert investigation
Automated incident response playbook execution
Machine-speed threat triage and remediation
Integration with SIEM, endpoint, and network security tools
Decision-tree AI for alert classification and action determination
Scalable multi-tenant security orchestration

Use Cases & Applications

Enterprise SOC automated alert investigation and triage
Autonomous incident remediation without human intervention
Security tool orchestration and response workflow automation
Reducing mean time to respond (MTTR) from hours to minutes
Military/government autonomous cyber defense operations (dual-use)
Defense network continuous automated threat remediation (dual-use)

Strategic Value to U.S.-Israel Alliance

Autonomous cyber defense is critical for military networks facing persistent adversary campaigns. AI-driven investigation and remediation without human intervention addresses the fundamental analyst capacity gap in defense SOC operations.

Investment Assessment

Hexadite was acquired by Microsoft in 2017 for ~$100M, validating the autonomous incident response approach. VC backing from YL Ventures and HPE Pathfinder ($10.5M raised). Technology now integrated into Microsoft Defender.

Last Updated

Feb 27, 2026

Interested in this startup?

Learn more about our investment approach or get in touch to discuss opportunities in dual-use technology.

Connect with us Our Investment Thesis