What is Lyrie Research?

Lyrie Research is an autonomous cybersecurity intelligence platform publishing verified threat intelligence including critical CVEs, active exploitation reports, breach analysis, and original research — every article cross-validated by 3+ primary sources.

How does Lyrie.ai protect against rogue AI threats?

Lyrie.ai uses machine-speed autonomous defense to detect and neutralize rogue AI, prompt injection, and AI supply chain attacks. It responds before human analysts can react.

What cybersecurity topics does Lyrie Research cover?

Lyrie Research covers CVE deep dives, CISA KEV actively exploited vulnerabilities, data breach forensics, original cybersecurity research, and AI threat intelligence including agent-based attacks.

How often is Lyrie Research updated?

Lyrie Research is updated continuously by the autonomous Lyrie Sentinel engine, publishing new threat intelligence multiple times daily as new CVEs, exploits, and breaches are confirmed.

Is Lyrie Research free to access?

Yes, all articles on Lyrie Research are freely accessible. For active protection by the same intelligence engine, visit lyrie.ai.

← Lyrie Engagement

3 sources verified·9 min read

By Lyrie Threat Intelligence Team·5/14/2026

From Pre-Seed to $25M Seed A: How Lyrie Built a Cyber Unicorn in 18 Months

Author: Lyrie Threat Intelligence Team (by Guy Sheetrit, CEO)

Date: 2026-05-13

Reading time: 9 min

TL;DR

Lyrie was founded in late 2024 with a $2M pre-seed check from a single strategic investor in Asia. Eighteen months later we have:

~$100k monthly recurring revenue, organic, with zero outbound sales effort to date.
Acceptance into Anthropic's Cyber Program at the strategic tier.
Partnership arrangements with three national security agencies.
A production platform with 1,726 tests passing (the Agent Threat Protocol stack, covered across articles 13-17 of this series).
A Seed A round of $25M closing in Q3 2026 with strategic and financial participation including sovereign-wealth-fund interest.

This is the honest version of how we got here. It is not a victory lap; the trajectory is fragile in known ways and we are deliberate about what we are doing next. We are publishing this because customers and investors keep asking the same questions and a long-form answer is more useful than a hundred coffee conversations.

The Founding Hypothesis

The original product hypothesis, in late 2024: autonomous AI agents will become the dominant attack surface in enterprise environments within 36 months, the existing security stack is structurally unequipped to defend that surface, and the right defense is a runtime substrate with cryptographic provenance, capability boundedness, and behavior-grounded detection.

Three of those three predictions have held. The 36-month timeline turned out to be conservative — the surface has scaled faster than we expected, with the MCP protocol's emergence in 2024-2025 (article 4 of this series) compressing the timeline materially. The structural inadequacy of legacy EDR/SIEM/SOAR has been confirmed by, among other indicators, the average 2026 enterprise breach taking 11 days to detect even with full deployment of the major vendors. The runtime-substrate approach has been confirmed by every customer engagement.

The original product hypothesis is the foundation on which everything else was built. The hypothesis was, in late 2024, considered unusual by most early reviewers. It is now considered table stakes by the same reviewers. The window between "unusual" and "obvious" is the founding window and we caught it.

The First Twelve Months: Product, Not Sales

The $2M pre-seed was spent almost entirely on engineering. Seven full-time engineers (today eleven, plus a small operations team), zero outbound sales, no marketing, no events. The decision to skip sales was deliberate: the product hypothesis required a working runtime substrate to demonstrate, and we judged that pitching the hypothesis without the substrate would be premature.

The trade-off: slower revenue ramp, faster product depth. By month nine we had the validation engine described in article 14, the ATP transport in three languages, and the first customer pilot. By month twelve we had two production deployments. By month fifteen we had ~$60k MRR. By month eighteen (now): ~$100k MRR and a customer cohort whose retention has been 100%.

The retention number is the one we are most confident about. Every customer that has signed a multi-month contract has renewed. The reason — and we have asked, repeatedly, in renewal conversations — is that the runtime substrate is sticky in a way pure detection products are not. Once a customer has wired ATP into the action boundaries of their agentic systems, removing it is operationally expensive. The stickiness is a moat. We did not design for stickiness; we designed for utility, and the stickiness fell out.

Anthropic's Cyber Program

Membership in Anthropic's Cyber Program at the strategic tier matters for three reasons:

1. Access to pre-release model capabilities relevant to security workloads. Our intent-verification model (article 14) leverages capabilities that became available to us six months before they became public.

2. Direct relationship with the Model Context Protocol team, which is what enabled the contributions to MCP 1.4 (article 4 of this series).

3. Co-marketing surface and credibility transfer in conversations with conservative enterprise customers. The Anthropic relationship is, in practice, what shortened many of our 2025 sales cycles from "please send a security questionnaire and we will get back to you in six months" to "send the questionnaire and we will book a pilot."

The candid framing: Anthropic does not give us preferential treatment in any operational sense. The Cyber Program is a structured relationship that several security vendors participate in, and acceptance into it required us to demonstrate technical depth and commitment to safety practices. We did the work and were accepted on the merits. The relationship is valuable; it is not magic.

Government Partnerships

We have partnership arrangements with three national security agencies. We have not disclosed which agencies and we are not going to in this article. The shape of these arrangements, to the extent we can discuss:

Threat-intelligence sharing, bidirectional.
Deployment of ATP-based safeguards in specific sovereign-AI contexts, covered in article 15.
Co-development of policy recommendations for sovereign AI deployment.

These partnerships are not commercial in the conventional sense. They generate small amounts of revenue (covering deployment cost), but the strategic value is in the relationship density, the validation, and the threat-intel access. Government partnerships are also the reason for several of our policy positions — including our commitment to open-sourcing the ATP specification (article 13) — because sovereign customers will not commit to proprietary protocols, and government interest pushed the standards work onto our roadmap faster than commercial interest alone would have.

The Organic Revenue Surprise

The ~$100k MRR with zero outbound sales is the metric that surprised the people we have shown the numbers to during our Seed A fundraising. The explanation, from the customer's side: enterprise security buyers are inundated with outbound vendor pitches. Inbound from a technical signal — a customer's CISO reading our research blog, attending a talk we gave, or being introduced by a peer who already deploys us — converts at materially higher rates than any outbound sequence we have run.

The research output (this article series, plus the spec work, plus the open-source releases) is the top of our funnel. We do not have a sales team, we have a research team that publishes, and the customers come to the published work.

This is not a scalable acquisition channel in the conventional definition. We are aware. The Seed A capital is partially earmarked for building a proper enterprise sales motion alongside the research output, not as a replacement for it.

What Did Not Work

Three things we tried and stopped.

1. SMB self-serve. We attempted, in mid-2025, to package ATP as a self-serve SaaS for the long tail of small-business customers. The packaging was technically possible. The customer-acquisition economics did not work — the product complexity was high enough that customers needed material onboarding, and the self-serve price point would not cover onboarding cost. We stopped after four months. SMB may be addressable later with a packaged-via-MSP model; the direct path was not viable.

2. Conference-circuit marketing. We spoke at three industry conferences in 2025. The talks were well-received. The pipeline they generated was modest, with average sales-cycle length from conference-talk-introduction to closed-pilot of 7.4 months. Compared against the inbound from our research output (average cycle 2.1 months), conferences were a worse use of time. We are not abandoning conferences but we are deprioritizing them.

3. Generic competitive positioning. Our early collateral compared Lyrie against legacy EDR and SIEM vendors. The comparison was technically accurate and rhetorically unproductive — enterprise buyers don't reward you for being better than CrowdStrike, they punish you for not being CrowdStrike. We rewrote the positioning to focus on the agentic-security problem as a distinct category. The category framing is what works.

The Seed A and What Comes Next

The Seed A round is $25M, closing in Q3 2026. Investor mix: a lead from a tier-1 US fund, strategic participation from two existing investors, and sovereign-wealth participation that is associated with one of our government-partnership countries. We are not yet at liberty to name the lead.

The deployment of the Seed A capital:

Engineering scale. From 11 engineers to ~25 by end of 2026. The hires are weighted toward security research (threat-intel analysts), distributed systems engineers (the cluster architecture from article 14), and ML researchers (the intent-verification model from article 14).
Geographic expansion. R&D centers in Singapore, Vietnam, China, and the US, in addition to the current Dubai headquarters. The geographic spread is deliberate — sovereign customers require local-presence options for some deployments, and the cost-arbitrage on engineering hiring is meaningful.
Enterprise sales motion. A small enterprise sales team (initially three account executives, growing to six) targeted at the Fortune 500 cohort. The research-driven inbound remains the top of the funnel; the sales team is for converting and expanding.
B2B2C exploration. We have an early-stage product hypothesis around consumer-facing agentic security, leveraging OTT's existing marketing infrastructure. The exploration is early; we are not committed to shipping a B2C product in 2026.

The Honest Risk Assessment

Three risks we worry about.

1. The agentic-security category becomes a price war before it becomes a feature war. If multiple well-funded competitors converge on similar offerings, the competition could move to price faster than the category can mature. We are mitigating with the standards work (article 13, 17) — a standards-grounded approach with conformance certification is less commoditizable than a closed proprietary stack.

2. We fail to scale the sales motion. Research-driven inbound has worked at our current size. It is unclear whether it scales to ten times current revenue without us also building conventional outbound. The Seed A is partially insurance against the answer being "it does not."

3. Government partnerships create commercial constraints we cannot anticipate. The partnerships are valuable now. They might constrain future commercial choices in ways we cannot predict. We are managing this by being deliberate about which government engagements we accept and by maintaining the standards work as a vendor-neutral foundation.